Traffic Shaping on Cisco IOS

Hello Swapnil

Shaping will cause the traffic to adhere to the specific rate at which we have configured it even if there is available bandwidth to go faster. So in your example, the traffic would be limited to approximately 100 Mbps. Even if the queue limit is increased, the excess traffic still gets buffered even if there is no congestion on the same interface.

It is possible to configure shaping such that it can burst up to the speed of the physical interface. This is described in the following lesson:

With policing however, you are able to specify what happens if traffic exceeds the preconfigured settings where you can specify if it will be dropped or allowed. More about policing can be found here.

I hope this has been helpful!

Laz

Okay…So lets say I am bursting it to full capacity of the interface for default class and there are already priority queues available to be served on the same physical interface so does those priority queues get affected if the bc and be for default class is configured equal to the cir??

Hi Swapnil,

It depends on how you configure this. For example:

policy-map PRIORITY
 class class-default
  priority 64
policy-map SHAPING
 class class-default
  shape average 48000   
   service-policy PRIORITY

Don’t mind the values, I just picked something. The shaper is the “outside” policy and the priority queue is the “inside” policy. Your priority queue is affected by the shaper. Depending on the values you set, the shaper might shape the traffic of your priority queue or not.

Rene

Hello Guys,
I was trying out the Shaping labs and I noticed that as you mentioned Rene, my output for
#show policy-map interface s0/1 was different to yours as my IOS is in fact an older version.
However, I am concerned even though after using iperf, I got results that were sometimes close to my CIR, the output says, “Shaping Active No.” Does this mean that even though I applied the service policy to the interface it is not shaping?
Thanks in advance, Regards

Screenshot%20(13)_LI1234×688 185 KB

Oh and another question is. On this old output is “Sustain bits/int” = Bc and “Excess bits/int”= Be.

Thanks
Regards

Hello Martha

Take a look at this Cisco command reference. It states here that the indication under Shaping Active is the following:

Indicates whether the traffic shaper is active. For example, if a traffic shaper is active, and the traffic being sent exceeds the traffic shaping rate, a “yes” appears in this field.

So it looks like traffic must exceed the traffic shaping rate in order for a “yes” to appear here.

Also, you are correct that “Sustain bits/int” = Bc and “Excess bits/int”= Be.

I hope this has been helpful!

Laz

Thank you!!! I really liked this command reference.

Hi Rene

What is the queue-limit command and its usage?

Regards
Payal

Hello Payal

The queue-limit command is used in conjunction with a Weighted Round Robin (WRR) implementation of a queue. Specifically, it is applied like so:

wrr-queue queue-limit queue1-weight [queue2-weight] queue3-weight

where:

• queue1-weight = Ratio of the low-priority queue weight; valid values are from 1 and 100 percent.
• queue2-weight = (Optional) Ratio of the medium-priority queue weight; valid values are from 1 and 100 percent.
• queue3-weight = Ratio of the high-priority queue weight; see the “Usage Guidelines” section for valid values.

You can find out more information about this command at the following Cisco Command Reference.

Now if your question was what is the meaning of the queue limit value found in the output of the show policy-map interface command, then the answer to that is that this value shows the maximum number of packets that a queue can hold for the specific class policy configured in the policy map.

I hope this has been helpful!

Laz

Hi,

I tested ipref on my home/lab and I’ve discovered that the interface on my laptop (newer pc) is going to 100Mb/s.

On my cisco 3560CG I can see:

SW#show interfaces status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/1     				     connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi0/2         				 connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi0/3     mycomputer         connected    10         a-full  a-100 10/100/1000BaseTX
Gi0/4        			     connected    30         a-full a-1000 10/100/1000BaseTX
Gi0/5         			    notconnect   20           auto   auto 10/100/1000BaseTX
Gi0/6     raspberry       	 connected    30         a-full a-1000 10/100/1000BaseTX
Gi0/7               		notconnect   30           auto   auto 10/100/1000BaseTX
Gi0/8          				connected    10         a-full a-1000 10/100/1000BaseTX

where my computer is connected to g0/3 and also I have a raspberry on g0/6.
I’ve tried to change interface / cable and also operating system ( I have dual boot )

Can you help me to understand this behavor?

1. why my nic is going a-100 ( i’m not able to forze the speed ), mabye is
2. why my raspberry is going on 1Gb? ( I have Pi3 I know that it have only 100Mb )

Thanks

Hello Giovanni

The first thing that comes to mind, and the most probable answer from what I see, is that you have the raspberry connected to Gi0/3 and the laptop connected to G0/6. Although it is possible for your laptop to be functioning at 100Mbps, a slower speed than the NIC is rated, it is not possible to have the raspberry functioning at 1000Mbps, a higher speed than its NIC.

Now if this is not the case, then the next thing you should check out is what speed your laptop says it is connecting at. If you’re using Windows, you can check this from the Ethernet Adaptor settings:

image357×274 3.57 KB

If that is indeed at 100 Mbps, go to Properties → Configure… and go to the Advanced tab as shown below. Search for Speed & Duplex and check to see at what speed you are set at:

image398×470 12.7 KB

Take a look at these steps and let us know your results, and if we can help you out further, let us know!

I hope this has been helpful!

Laz

I really not understand what is happaning…

SW#show interfaces status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/1     TRUNK_OPNSENSE     connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi0/2     TRUNK_OPNSENSE     connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi0/3     -                  notconnect   10           auto   auto 10/100/1000BaseTX
Gi0/4     -                 connected    30         a-full a-1000 10/100/1000BaseTX
Gi0/5     -mycomputer       connected    20         a-full a-1000 10/100/1000BaseTX
Gi0/6     raspberry         connected    30         a-full a-1000 10/100/1000BaseTX
Gi0/7     -                  notconnect   30           auto   auto 10/100/1000BaseTX
Gi0/8                       connected    10         a-full a-1000 10/100/1000BaseTX
Gi0/9                        notconnect   1            auto   auto Not Present
Gi0/10                       notconnect   1            auto   auto Not Present
Po1                          connected    trunk      a-full a-1000

I only changed with another cable, now ipref is ‘working’ ( I can go over 100Mb with my pc ) but even my raspberry is labled to 1gb but is going only 100Mb…

Hardware        : BCM2835
Revision        : a020d3
Serial          : 000000008e2938ed
Model           : Raspberry Pi 3 Model B Plus Rev 1.3
pi@GoldenPiAre:~ $ sudo iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.30.51, port 49938
[  5] local 192.168.30.10 port 5201 connected to 192.168.30.51 port 49939
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  6.76 MBytes  56.7 Mbits/sec
[  5]   1.00-2.00   sec  8.47 MBytes  71.0 Mbits/sec
[  5]   2.00-3.00   sec  7.91 MBytes  66.4 Mbits/sec
[  5]   3.00-4.00   sec  8.16 MBytes  68.5 Mbits/sec
[  5]   4.00-5.00   sec  8.97 MBytes  75.2 Mbits/sec
[  5]   5.00-6.00   sec  8.06 MBytes  67.6 Mbits/sec
[  5]   6.00-7.00   sec  7.94 MBytes  66.6 Mbits/sec
[  5]   7.00-8.00   sec  8.73 MBytes  73.2 Mbits/sec
[  5]   8.00-9.00   sec  8.32 MBytes  69.8 Mbits/sec
[  5]   9.00-10.00  sec  8.47 MBytes  71.1 Mbits/sec
[  5]  10.00-10.04  sec   391 KBytes  80.4 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.04  sec  82.2 MBytes  68.7 Mbits/sec                  receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------

Now I changed the port of my notebook but it not work for previous port-security configuration (but it is out of topic )

Here there is a ROS configuration, so inter-vlan routing is configured on my opnsense FW…but it not explain why the Pi is labeled as 1Gb

Hello Giovanni

Hmm, I’m not sure what to say here, that is such a strange behaviour. Getting speeds of up to 100 Mbps for your raspberry looks like it is conforming to the correct speed, but it is still auto-negotiating to 1000Mbps, and that is strange. Are you connecting your raspberry directly to the switch or is there some other device in between? You mention an open sense firewall. Can you give us a little more information about your topology and how the FW fits in? It may also be helpful to hardwire the speed configuration on that particular interface to 100Mbps and experiment with 1000Mbps as well, just to see what happens… Looking forward to hearing your results.

I hope this has been helpful!

Laz

Something very strange is happening here

This is the topology of my home network.

TOPOLOGY1222×819 129 KB

To simplify the tshoot, I’ve configured my notebook in the same vlan of the raspberry ( so I’ve excluded the ether-channel to the firewall )

This is the result.

first… simply test…

SW#show interfaces status

Port      Name               Status       Vlan       Duplex  Speed Type
   ....
Gi0/6     30_GOLDENPI        connected    30         a-full a-1000 10/100/1000BaseTX
Gi0/7     -  My_computer                connected    30         a-full a-1000 10/100/1000BaseTX
  .....

My Pi…

Hardware        : BCM2835
Revision        : a020d3
Serial          : 000000008e2938ed
Model           : Raspberry Pi 3 Model B Plus Rev 1.3
pi@server:~ $ sudo iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.30.56, port 50080
[  5] local 192.168.30.10 port 5201 connected to 192.168.30.56 port 50081
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  1.22 MBytes  10.3 Mbits/sec
[  5]   1.00-2.00   sec  12.4 MBytes   104 Mbits/sec
[  5]   2.00-3.00   sec  34.6 MBytes   290 Mbits/sec
[  5]   3.00-4.00   sec  34.3 MBytes   287 Mbits/sec
[  5]   4.00-5.00   sec  34.6 MBytes   290 Mbits/sec
[  5]   5.00-6.00   sec  34.9 MBytes   293 Mbits/sec
[  5]   6.00-7.00   sec  35.6 MBytes   299 Mbits/sec
[  5]   7.00-8.00   sec  35.6 MBytes   299 Mbits/sec
[  5]   8.00-9.00   sec  35.7 MBytes   299 Mbits/sec
[  5]   9.00-10.00  sec  35.3 MBytes   296 Mbits/sec
[  5]  10.00-10.04  sec  1.51 MBytes   286 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.04  sec   296 MBytes   247 Mbits/sec                  receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------

My notebook…

PS C:\...\iperf-3.1.3-win32> .\iperf3.exe -c 192.168.30.10
Connecting to host 192.168.30.10, port 5201
[  4] local 192.168.30.56 port 50081 connected to 192.168.30.10 port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec  2.34 MBytes  19.6 Mbits/sec
[  4]   1.00-2.00   sec  12.9 MBytes   108 Mbits/sec
[  4]   2.00-3.00   sec  34.6 MBytes   290 Mbits/sec
[  4]   3.00-4.00   sec  34.3 MBytes   288 Mbits/sec
[  4]   4.00-5.00   sec  34.1 MBytes   286 Mbits/sec
[  4]   5.00-6.00   sec  35.3 MBytes   296 Mbits/sec
[  4]   6.00-7.00   sec  35.6 MBytes   299 Mbits/sec
[  4]   7.00-8.00   sec  35.6 MBytes   299 Mbits/sec
[  4]   8.00-9.00   sec  35.6 MBytes   298 Mbits/sec
[  4]   9.00-10.00  sec  35.3 MBytes   296 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec   296 MBytes   248 Mbits/sec                  sender
[  4]   0.00-10.00  sec   296 MBytes   248 Mbits/sec                  receiver

iperf Done.

The bit rate is more tha 100Mbps.

Now if I configured the auto negotiation to 100Mb on G0/6…

SW#show interfaces status | in Gi0/6
Gi0/6     30_GOLDENPI        connected    30         a-full  a-100 10/100/1000BaseTX

Let’s try again…

 Hardware        : BCM2835
Revision        : a020d3
Serial          : 000000008e2938ed
Model           : Raspberry Pi 3 Model B Plus Rev 1.3
pi@GoldenPiAre:~ $ sudo iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.30.56, port 50090
[  5] local 192.168.30.10 port 5201 connected to 192.168.30.56 port 50091
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  10.9 MBytes  91.5 Mbits/sec
[  5]   1.00-2.00   sec  11.3 MBytes  94.5 Mbits/sec
[  5]   2.00-3.00   sec  11.3 MBytes  94.8 Mbits/sec
[  5]   3.00-4.00   sec  11.3 MBytes  94.8 Mbits/sec
[  5]   4.00-5.00   sec  11.3 MBytes  94.8 Mbits/sec
[  5]   5.00-6.00   sec  11.3 MBytes  94.8 Mbits/sec
[  5]   6.00-7.00   sec  11.3 MBytes  94.8 Mbits/sec
[  5]   7.00-8.00   sec  11.3 MBytes  94.8 Mbits/sec
[  5]   8.00-9.00   sec  11.3 MBytes  94.8 Mbits/sec
[  5]   9.00-10.00  sec  11.3 MBytes  94.7 Mbits/sec
[  5]  10.00-10.04  sec   481 KBytes  94.5 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.04  sec   113 MBytes  94.4 Mbits/sec                  receiver

Conclusions:

• I think that the last time the bit rate was under 100Mbps because the packet should be routed by the firewall for inter-vlan routing configuration. (If so, maybe my FW has a 100Mbps ports…I will check this… )

• Maybe USB-ethernet (like the raspberry interface ) adapters have different behavior during congestion than a traditional nic??

What do you think about that?

Thanks

Hello Giovanni

I think I cracked it… It seems that this version of Raspberry Pi provides what they call “faster Ethernet” as opposed to FastEthernet or GigabitEthernet. Apparently, based on this online review,

The Raspberry Pi 3 Model B+'s Gigabit Ethernet over USB 2.0 offers a maximum throughput of 300Mbps.

Which seems to jive with your results. But because the switch cannot connect at speeds of 300Mbps, it must either choose 100 or 1000Mbps. The electronics of the Ethernet port make the switch “think” that it is negotiating with a GigabitEthernet port, but the actual capabilities are limited to 300 Mbps. Keeping in mind that the theoretical maximum speed of a USB 2.0 port is at 480 Mbps, this speed seems reasonable.

I hope this has been helpful!

Laz

Wanted to confirm I calculated a shaping policy I configured. The contracted rate is 200MB. The config is looking for bits per second. I scrubbed the names of the policy but you can the bits per second I entered. Is this the correct conversion?

policy-map xxx
 class class-default
  shape average 200000000
  service-policy aaa

Hello Network23

In your class map, you are indeed applying 200Mbps to the class-default class. This means that, without any additional classes defined, this will be the limitation on the interface the policy map is applied to.

Now the service-policy command seems to be out of place. This should be under the interface where you want to apply the policy map.

I hope this has been helpful!

Laz

Hi Rene , I Have one question please :
if I implement the Sharping Policy for the default class Map as I need to match all traffic go through the Router. , is there any need for classifying the packets using access-list any more .

Hello Ammar

If you are planning to apply the shaping policy to all traffic, then no, you don’t need to classify packets using an ACL. This is because the shaping policy is applied to ALL TRAFFIC.

However, if you want to, at some point in the future, apply different policies for specific types of traffic, then you will need to create and use access lists to classify those packets accordingly.

So for futureproofing your configuration, it may be worth creating an access list that can later be modified or added to in order to achieve the kind of shaping you may want to achieve…

I hope this has been helpful!

Laz

Hello, everyone!

When we’re configuring shaping with CBWFQ, do we need to specify a shaping rate for each class or how exactly would this work? As it seems a little complicated to me to even think about it

Thank you!

David