Traffic Shaping on Cisco IOS

Hello David

CBWFQ and shaping are often used together for effective bandwidth management. CBWFQ ensures fair bandwidth distribution among different traffic classes while shaping controls the traffic rate to prevent congestion. Shaping can be applied to traffic classes defined by CBWFQ. This means you can classify traffic using CBWFQ and then apply shaping to each class as needed.

Here is an example of a CBWFQ with applied shaping policies. In this example, we’ll assume you have three types of traffic: high-priority (like VoIP), medium-priority (like business-critical applications), and default traffic (everything else). We’ll shape the total outbound traffic and allocate guaranteed bandwidth to each class.

  1. Define Class Maps:

    • For High-Priority Traffic (e.g., VoIP):
      class-map match-any HIGH_PRIORITY
        match protocol ip rtp 16384 32767
      
    • For Medium-Priority Traffic (e.g., business applications):
      class-map match-any MEDIUM_PRIORITY
        match access-group 100
      
    • Access control list for medium-priority:
      ip access-list extended 100
        permit ip any any
      
  2. Create a Policy Map:

    • This policy map applies CBWFQ:
      policy-map CBWFQ_WITH_SHAPING
        class HIGH_PRIORITY
          priority percent 30
        class MEDIUM_PRIORITY
          bandwidth percent 50
        class class-default
          fair-queue
      
  3. Apply Traffic Shaping:

    • Assume we want to shape traffic to 10 Mbps. Note we are shaping the traffic that matches the class-default class:
      policy-map SHAPING_POLICY
        class class-default
          shape average 10000000
          service-policy CBWFQ_WITH_SHAPING
      
  4. Apply the Policy Map to an Interface:

    • For example, applying it to GigabitEthernet0/0:
      interface GigabitEthernet0/0
        service-policy output SHAPING_POLICY
      
  • Class Maps: Define the types of traffic. HIGH_PRIORITY for VoIP (using RTP ports) and MEDIUM_PRIORITY based on an ACL.
  • Policy Map for CBWFQ: CBWFQ_WITH_SHAPING allocates 30% of bandwidth to high-priority traffic, 50% to medium-priority, and the rest is handled by the default class using fair queuing.
  • Traffic Shaping: SHAPING_POLICY shapes the traffic that does not match the high or medium priority classes to a rate of 10 Mbps. It references CBWFQ_WITH_SHAPING to apply CBWFQ within this shaped traffic.
  • Interface Application: The final policy SHAPING_POLICY is applied to the outbound direction of the interface GigabitEthernet0/0.

This configuration is a basic example and might need adjustments based on the specific network setup, traffic patterns, and requirements. You can also apply shaping only to the high- and/or medium-priority traffic, or to all the traffic. This is just a basic example that I hope will help you understand how CBWFQ and shaping can be applied together.

I hope this has been helpful!

Laz

Hi Rene and Laz,
First of all thank you so much for such a great lesson.
I follow your guide to build a topology for shaping configuration. I use EVE NG with vIOS router, vIOS switch and vPC images, but my vPC does not support iperf. Can you please give me the information of the image you used for hosts?

Thanks in advanced.

Hello Tran,

The virtual PC (VPC) in eve-ng is kinda limited.

I would try a Ubuntu docker container or VM instead:

This way, you can run whatever packages that are available in the Ubuntu repositories, including iperf.

Rene

1 Like


So I connected my computer to port 31, and port 2/1 is uplink. The device is a 4500X. Now what happens when I don’t write the 2nd sequence in ACL and I don’t apply policy-map to port 1\31… So I make the speed of traffic from 10.70.0.0/16 to any 10 MB with shape. Then I write it as output to port 2/1. So far so good. However, when I do a speed test, I only see a change in my upload traffic. So, my upload traffic has decreased from 150 MB to 10 MB. But my download traffic remains like a bonfire. Now I insert the 2nd sequence into the ACL. That is “10.70.0.0 0.0.255.255”… Then I apply it to port 31. I wanted to do something like this to figure out why it didn’t work in the previous process. My goal is to shape traffic from the internet to my host. This time, I saw that my download traffic was 10 MB after measuring it with a speed test. Can you explain to me why this is so?

Hello Murad

The behavior you are seeing is expected. Take a look at this diagram of your topology:

image

The initial access list you mentioned (without the second statement) is:

ip access-list extended ShapeTest
 permit ip 10.70.0.0 0.0.255.255 any

And this is applied outbound as a service-policy on both TE1/31 and TE2/1, correct?

When traffic is sent from our host to the Internet, the outbound service policy on TE2/1 will kick in, because the traffic has a source of 10.70.X.Y which is the IP address of your PC, and it is within the address space specified by the ACL. So outbound or upload traffic will be shaped to 10 Mbps.

When traffic goes from the Internet to our host, it is the outbound servie policy on TE1/31 that kicks in. No traffic matches this ACL! So no shaping takes place.

When you add the second line to the ACL, then the service policy on TE1/31 does match traffic using that second entry, and thus you see the correct shaping. Does that make sense?

I hope this has been helpful!

Laz