本文转自:http://kanghestef.blog.51cto.com/77886/191164
shape peak、shape average和police
以下是相关配置:
环境:Dynamips、FlashFXP、IOS 12.4T
!
ftp-server enable
ftp-server topdir disk0:
!
……..
!
class-map match-all shape
match access-group 100
!
!
policy-map shape
class shape
police cir 80000 bc 15000 be 30000
conform-action transmit
exceed-action drop
!
…..
ftp-server enable
ftp-server topdir disk0:
!
……..
!
class-map match-all shape
match access-group 100
!
!
policy-map shape
class shape
police cir 80000 bc 15000 be 30000
conform-action transmit
exceed-action drop
!
…..
access-list 100 permit tcp any host 192.168.1.200
access-list 100 deny tcp any any
access-list 100 deny tcp any any
R1#sh run int f0/0
Building configuration…
Building configuration…
Current configuration : 166 bytes
!
interface FastEthernet0/0
ip address 192.168.1.221 255.255.255.0
duplex full
rmon native
rmon collection stats 1 owner config
service-policy output shape
end
!
interface FastEthernet0/0
ip address 192.168.1.221 255.255.255.0
duplex full
rmon native
rmon collection stats 1 owner config
service-policy output shape
end
R1#
R1#sh policy-map int f0/0
FastEthernet0/0
FastEthernet0/0
Service-policy output: shape
Class-map: shape (match-all)
7593 packets, 10691055 bytes
5 minute offered rate 36000 bps, drop rate 3000 bps
Match: access-group 100
police:
cir 80000 bps, bc 15000 bytes
conformed 2683 packets, 3636183 bytes; actions:
transmit
exceeded 232 packets, 349392 bytes; actions:
drop
conformed 34000 bps, exceed 3000 bps
7593 packets, 10691055 bytes
5 minute offered rate 36000 bps, drop rate 3000 bps
Match: access-group 100
police:
cir 80000 bps, bc 15000 bytes
conformed 2683 packets, 3636183 bytes; actions:
transmit
exceeded 232 packets, 349392 bytes; actions:
drop
conformed 34000 bps, exceed 3000 bps
Class-map: class-default (match-any)
3388 packets, 4241610 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
3388 packets, 4241610 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R1#
由于police是采用即时丢包机制,所以流量图呈锯齿状。
police bps [burst-normal] [burst-max] conform-action action exceed-action action
[violate-action action]
[violate-action action]
CISCO建议 burst-normal=configured rate/8*1.5, burst-max=burst-normal*2,这样限速的效果基本跟configured rate 持平
如下面的例子,在police命令中不使用这两个参数,而由系统自动生产,结果速度才4K左右,没有达到预期(8K)的目的
R1(config-pmap-c)#police 80000 con tr ex drop
R1(config-pmap-c-police)#
R1(config-pmap-c-police)#do sh policy-map int f0/0
FastEthernet0/0
R1(config-pmap-c-police)#
R1(config-pmap-c-police)#do sh policy-map int f0/0
FastEthernet0/0
Service-policy output: shape
Class-map: shape (match-all)
8779 packets, 12044939 bytes
5 minute offered rate 54000 bps, drop rate 10000 bps
Match: access-group 100
police:
cir 80000 bps, bc 2500 bytes
conformed 3789 packets, 4873835 bytes; actions:
transmit
exceeded 312 packets, 465624 bytes; actions:
drop
conformed 49000 bps, exceed 10000 bps
8779 packets, 12044939 bytes
5 minute offered rate 54000 bps, drop rate 10000 bps
Match: access-group 100
police:
cir 80000 bps, bc 2500 bytes
conformed 3789 packets, 4873835 bytes; actions:
transmit
exceeded 312 packets, 465624 bytes; actions:
drop
conformed 49000 bps, exceed 10000 bps
Class-map: class-default (match-any)
3420 packets, 4244403 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R1(config-pmap-c-police)#
3420 packets, 4244403 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R1(config-pmap-c-police)#
shape average 命令跟接口模式下的shape命令效果一样。
shape 采用队列缓存机制,除非队列排满否则不会出现丢包现象,从图中可知经过shape的流量图平缓了许多
R1(config-pmap-c)#shape average 80000
R1(config-pmap-c)#do sh policy-map int f0/0
FastEthernet0/0
R1(config-pmap-c)#do sh policy-map int f0/0
FastEthernet0/0
Service-policy output: shape
Class-map: shape (match-all)
12047 packets, 16315383 bytes
5 minute offered rate 76000 bps, drop rate 0 bps
Match: access-group 100
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
80000/80000 2000 8000 8000 100 1000
12047 packets, 16315383 bytes
5 minute offered rate 76000 bps, drop rate 0 bps
Match: access-group 100
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
80000/80000 2000 8000 8000 100 1000
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
– 8 49 62683 41 54625 yes
Active Depth Delayed Delayed Active
– 8 49 62683 41 54625 yes
Class-map: class-default (match-any)
3542 packets, 4254941 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R1(config-pmap-c)#
3542 packets, 4254941 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R1(config-pmap-c)#
shape peak 80000 命令比shape average 80000 命令又不一样,流量大了一倍,因为默认情况下be =bc
R1(config-pmap-c)#shape peak 80000
R1(config-pmap-c)#do sh policy-map int f0/0
FastEthernet0/0
R1(config-pmap-c)#do sh policy-map int f0/0
FastEthernet0/0
Service-policy output: shape
Class-map: shape (match-all)
13665 packets, 18675267 bytes
5 minute offered rate 82000 bps, drop rate 0 bps
Match: access-group 100
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
160000/80000 2000 8000 8000 100 2000
13665 packets, 18675267 bytes
5 minute offered rate 82000 bps, drop rate 0 bps
Match: access-group 100
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
160000/80000 2000 8000 8000 100 2000
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
– 14 1661 2413531 1653 2405473 yes
Active Depth Delayed Delayed Active
– 14 1661 2413531 1653 2405473 yes
Class-map: class-default (match-any)
3583 packets, 4258565 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R1(config-pmap-c)#
3583 packets, 4258565 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
R1(config-pmap-c)#
对于shape来说,Tc 越小,流量图越平缓,Be越大,当拥塞发生时第一个Tc能传送的流量就越大。
一些笔记:
When policing traffic with CAR, Cisco
recommends the following values for the normal and extended burst parameters:
recommends the following values for the normal and extended burst parameters:
normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds
extended burst = 2 * normal burst
extended burst = 2 * normal burst
If the burst values are too low, then the achieved rate is often much lower than the configured rate.
在连接到ISP的接口上要使用Traffic Shape,比如使用100M接口以10M的速度接入城域网,否则流量将在ISP端被限制,不利于本端qos策略的实施。
虽然rate-limit 可以使用input、output关键字,而traffic shape 不使用,但这不能说shape就不能shape input流量,可通过扩展acl来实施,如以下例子:
Listing 3-21 Shaping Traffic to 128 Kbps Using GTS
interface serial 0
traffic-shape group 101 128000
interface ethernet 0
traffic-shape group 102 128000
access-list 101 permit ip host 200.200.200.1 any
access-list 102 permit ip any host 200.200.200.1
interface serial 0
traffic-shape group 101 128000
interface ethernet 0
traffic-shape group 102 128000
access-list 101 permit ip host 200.200.200.1 any
access-list 102 permit ip any host 200.200.200.1
traffic shape rate 跟 traffic shape group 是不能同时使用的
评论