Aug
26

Note: The following post is an excerpt from the full QoS section of IEWB-RS VOL1 version 5.

Peak shaping may look confusing at first sight; however, its function becomes clear once you think of oversubscription. As we discussed before, oversubscription means selling customers more bandwidth than a network can supply, hoping that not all connections would use their maximum sending rate at the same time. With oversubscription, traffic contract usually specifies three parameters: PIR, CIR and Tc – peak rate, committed rate and averaging time interval for rate measurements. The SP allows customers to send traffic at rates up to PIR, but only guarantees CIR rate in case of network congestion. Inside the network SP uses any of the max-min scheduling procedures to implement bandwidth sharing in such manner that oversubscribed traffic has lower preference than conforming traffic. Additionally, the SP generally assumes that customers respond to notifications of traffic congestion in the network (either explicit, such as FECN/BECN/TCP ECN or implicit such as packet drops in TCP) by slowing down sending rate.

Commonly, customers implement traffic shaping to conform to traffic contract, and provider uses traffic policing to enforce the contract. If a contract specifies PIR, then it makes sense for customer to shape traffic at PIR rate. However, this makes difficult to deduce CIR value just by looking at the router configuration. In some circumstances, like with Frame-Relay networks, a secondary parameter, known as minCIR, may help to understand the configuration quickly. In general, it would benefit to see CIR and PIR in the shaping configuration at the same time. This is exactly the idea behind shape peak. When you configure

shape peak <CIR> <Bc> <Be>

the actual maximum sending rate is limited to:

PIR = CIR*(1+Be/Bc).

That is, each time interval Tc=Bc/CIR the shaper allows sending up to Bc+Be bits of data. By default, if you omit the value for Be, it equals to Bc and thus PIR=2*CIR by default. However, due to some IOS show output discrepancy, this is NOT reflected in “show” command output, unless you explicitly specify the Be value in command line. With shape peak configured this way, you can see both CIR as the “average rate” and PIR as the “target rate” when issuing “show policy-map” command.

Rack1R6#show policy-map interface fastEthernet 0/0.146
 FastEthernet0/0.146 

  Service-policy output: POLICY_VLAN146_OUT

    Class-map: HTTP (match-all)
      6846 packets, 4065413 bytes
      5 minute offered rate 63000 bps, drop rate 0 bps
      Match: access-group 180
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes)
           128000/64000     1600   6400      6400      100       1600
...

All other shaping functions remain the same as with the classic GTS – shape peak is just more suited for use with oversubscription scenarios. Also, in Frame-Relay networks you may want to use configuration similar to the following to respond to congestion notifications:

shape peak <CIR> <Bc> <Be>
shape adaptive <CIR>

To illustrate the use of shape peak, let’s look at the following scenario. Here, R4 serves two customers (R1 and R6) sending their traffic across one serial link of 128Kbps between R4 and R5. The fictive ISP sells 128Kbps (PIR) to each of the customers, guaranteeing only 64Kbps (CIR). Let’s assume the measurement interval of 100ms for this configuration. The serial link, which is the oversubscribed resource, uses WFQ for fair bandwidth sharing between two flows.

Oversubscription scenario

R1:
access-list 180 permit tcp any eq 80 any
!
class-map HTTP
 match access-group 180
!
policy-map POLICY_VLAN146_OUT
  class HTTP
    shape peak 64000 6400 6400
!
interface FastEthernet 0/0
  service-policy output POLICY_VLAN146_OUT

R6:
access-list 180 permit tcp any eq 80 any
!
class-map HTTP
 match access-group 180
!
policy-map POLICY_VLAN146_OUT
  class HTTP
    shape peak 64000 6400 6400
!
interface FastEthernet 0/0.146
  service-policy output POLICY_VLAN146_OUT

R4:
!
! All HTTP traffic
!
ip access-list extended HTTP
 permit tcp any eq 80 any
!
class-map HTTP
 match access-group name HTTP

!
! Traffic from R1 and R6 respectively
!
ip access-list extended FROM_R1
 permit ip host 155.1.146.1 any
!
ip access-list extended FROM_R6
 permit ip host 155.1.146.6 any
!
!
!
class-map FROM_R1
 match access-group name FROM_R1
!
class-map FROM_R6
 match access-group name FROM_R6

!
! Subrate policers
!
policy-map SUBRATE_POLICER
 class FROM_R1
  police cir 64000 bc 3200 pir 128000 be 6400
   conform-action set-prec-transmit 1
   exceed-action set-prec-transmit 0
   violate-action drop
 class FROM_R6
  police cir 64000 bc 3200 pir 128000 be 6400
   conform-action set-prec-transmit 1
   exceed-action set-prec-transmit 0
   violate-action drop

!
! Policer configuration using MQC syntax.
!
policy-map POLICE_VLAN146
 class HTTP
   service-policy SUBRATE_POLICER
!
interface FastEthernet 0/1
  service-policy input POLICE_VLAN146

The idea is to allow R1 and R6 send up to 128Kbps if there is enough bandwidth on the serial link. However, if both of the sources start streaming at the same time, the SP may only guarantee up to 64Kbps to each of sending routers. The implementation meters each flow against 64Kbps and 128Kbps meters, and marks all conforming traffic with IP precedence of 1. All exceeding traffic is marked with IP precedence of 0. Since the serial link uses WFQ, we conclude that traffic marked with IP precedence of zero has lower scheduling weight. Thus, if IP precedence 1 traffic exist on the link, it is given preference over low-priority traffic (precedence 0).

To verify our configuration in action, start downloading a large file from R1 across R4 and see the statistics on R1 and R4:

Rack1R4#show policy-map interface fastEthernet 0/1
 FastEthernet0/1 

  Service-policy input: POLICE_VLAN146

    Class-map: HTTP (match-all)
      20451 packets, 12066090 bytes
      30 second offered rate 126000 bps, drop rate 0 bps
      Match: access-group name HTTP

      Service-policy : SUBRATE_POLICER

        Class-map: FROM_R1 (match-all)
          20451 packets, 12066090 bytes
          30 second offered rate 126000 bps, drop rate 0 bps
          Match: access-group name FROM_R1
          police:
              cir 64000 bps, bc 3200 bytes
              pir 128000 bps, be 6400 bytes
            conformed 11113 packets, 6556670 bytes; actions:
              set-prec-transmit 1
            exceeded 9338 packets, 5509420 bytes; actions:
              set-prec-transmit 0
            violated 0 packets, 0 bytes; actions:
              drop
            conformed 64000 bps, exceed 62000 bps, violate 0 bps

        Class-map: FROM_R6 (match-all)
          0 packets, 0 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: access-group name FROM_R6
          police:
              cir 64000 bps, bc 3200 bytes
              pir 128000 bps, be 6400 bytes
            conformed 0 packets, 0 bytes; actions:
              set-prec-transmit 1
            exceeded 0 packets, 0 bytes; actions:
              set-prec-transmit 0
            violated 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps, violate 0 bps

        Class-map: class-default (match-any)
          0 packets, 0 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: any

!
! The above statistics demonstrate that R1 uses almost all available bandwidth
! From the output below we can see that R1 is set to CIR 64Kbps and PIR 128Kbs.
! We may also notice that shaper was active for some time, delaying hundreds of
! exceeding packets. This usually happens in the beginning of TCP session when
! sendger aggressively increases sending rate.
!

Rack1R1#show policy-map interface fastEthernet 0/0
 FastEthernet0/0 

  Service-policy output: POLICY_VLAN146_OUT

    Class-map: HTTP (match-all)
      3225 packets, 1897929 bytes
      30 second offered rate 124000 bps, drop rate 0 bps
      Match: access-group 180
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes)
           128000/64000     1600   6400      6400      100       1600     

        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      0         3225      1897929   348       205320    no

    Class-map: class-default (match-any)
      29 packets, 4378 bytes
      30 second offered rate 0 bps, drop rate 0 bps
      Match: any

Now start another file transfer, this time from R6 down to a host behind, R5 across the serial link. This will make both flows compete for the link bandwidth, and result in fair sharing of the link bandwidth. Now verify the policer statistics once again:

Rack1R4#show policy-map interface fastEthernet 0/1
 FastEthernet0/1 

  Service-policy input: POLICE_VLAN146

    Class-map: HTTP (match-all)
      35113 packets, 20715559 bytes
      30 second offered rate 126000 bps, drop rate 0 bps
      Match: access-group name HTTP

      Service-policy : SUBRATE_POLICER

        Class-map: FROM_R1 (match-all)
          29986 packets, 17691740 bytes
          30 second offered rate 63000 bps, drop rate 0 bps
          Match: access-group name FROM_R1
          police:
              cir 64000 bps, bc 3200 bytes
              pir 128000 bps, be 6400 bytes
            conformed 18466 packets, 10894940 bytes; actions:
              set-prec-transmit 1
            exceeded 11520 packets, 6796800 bytes; actions:
              set-prec-transmit 0
            violated 0 packets, 0 bytes; actions:
              drop
            conformed 63000 bps, exceed 0 bps, violate 0 bps

        Class-map: FROM_R6 (match-all)
          5127 packets, 3023819 bytes
          30 second offered rate 63000 bps, drop rate 0 bps
          Match: access-group name FROM_R6
          police:
              cir 64000 bps, bc 3200 bytes
              pir 128000 bps, be 6400 bytes
            conformed 5124 packets, 3022049 bytes; actions:
              set-prec-transmit 1
            exceeded 3 packets, 1770 bytes; actions:
              set-prec-transmit 0
            violated 0 packets, 0 bytes; actions:
              drop
            conformed 63000 bps, exceed 0 bps, violate 0 bps

        Class-map: class-default (match-any)
          0 packets, 0 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: any

!
! Verify statistics for both traffic shapers on R1 and R6. Both are set for PIR=128Kbps.
! However, metered rate is close to CIR, and the shaping is inactive. The sending rate
! went down thanks to TCP implicit congestion management procedure, that makes protocol
! sending rate adaptive to congestion in networks.
!

Rack1R6#show policy-map interface fastEthernet 0/0.146
 FastEthernet0/0.146 

  Service-policy output: POLICY_VLAN146_OUT

    Class-map: HTTP (match-all)
      6846 packets, 4065413 bytes
      5 minute offered rate 63000 bps, drop rate 0 bps
      Match: access-group 180
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes)
           128000/64000     1600   6400      6400      100       1600     

        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      0         6846      4065413   3         1782      no

    Class-map: class-default (match-any)
      191 packets, 43930 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

Rack1R1#show policy-map interface fastEthernet 0/0
 FastEthernet0/0 

 Service-policy output: POLICY_VLAN146_OUT

    Class-map: HTTP (match-all)
      33062 packets, 19505469 bytes
      30 second offered rate 63000 bps, drop rate 0 bps
      Match: access-group 180
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes)
           128000/64000     1600   6400      6400      100       1600     

        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      0         33062     19505469  2632      1552858   no

    Class-map: class-default (match-any)
      7641 packets, 7385752 bytes
      30 second offered rate 0 bps, drop rate 0 bps
      Match: any

Now let’s confirm that WFQ is actually working on the serial interface between R4 and R5 and provides truly fair division of the bandwidth:

Rack1R4#show queueing interface serial 0/1
Interface Serial0/1 queueing strategy: fair
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 12/1000/64/0 (size/max total/threshold/drops)
     Conversations  2/3/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 96 kilobits/sec

(depth/weight/total drops/no-buffer drops/interleaves) 6/16192/0/0/0
Conversation 134, linktype: ip, length: 580
source: 155.1.146.1, destination: 155.1.58.8, id: 0xEB41, ttl: 254,
TOS: 32 prot: 6, source port 80, destination port 11001

(depth/weight/total drops/no-buffer drops/interleaves) 6/16192/0/0/0
Conversation 192, linktype: ip, length: 580
source: 155.1.146.6, destination: 155.1.108.10, id: 0x70CA, ttl: 254,
TOS: 32 prot: 6, source port 80, destination port 11002

To summarize, shape peak is a special form of shaping specifically adapted to configure oversubscription scenarios. All other properties of GTS remains the same.

About Petr Lapukhov, 4xCCIE/CCDE:

Petr Lapukhov's career in IT begain in 1988 with a focus on computer programming, and progressed into networking with his first exposure to Novell NetWare in 1991. Initially involved with Kazan State University's campus network support and UNIX system administration, he went through the path of becoming a networking consultant, taking part in many network deployment projects. Petr currently has over 12 years of experience working in the Cisco networking field, and is the only person in the world to have obtained four CCIEs in under two years, passing each on his first attempt. Petr is an exceptional case in that he has been working with all of the technologies covered in his four CCIE tracks (R&S, Security, SP, and Voice) on a daily basis for many years. When not actively teaching classes, developing self-paced products, studying for the CCDE Practical & the CCIE Storage Lab Exam, and completing his PhD in Applied Mathematics.

Find all posts by Petr Lapukhov, 4xCCIE/CCDE | Visit Website


You can leave a response, or trackback from your own site.

25 Responses to “Understanding the “shape peak” command”

 
  1. Rick Mur says:

    Again an amazing article on QoS (have you ever considered professional help? ;) I’m really looking forward to your QoS section in de Volume 1 V5!

  2. Karthik says:

    Clear Explanation! Thanks karthik

  3. Raheel says:

    best explaination of shape-peak on the internet(doc cd is useless in some cases)

  4. knin says:

    Good explanation… anyway, I cannot get the following point… So, what is the difference between configuring shape peak with a certain PIR and shape average with = PIR. Don’t both send traffic at PIR rate? Or, are there differences in the ways in which the router works if the target and avereage rate are the same (in the case I use shape average) or not (in the case I use shape peak)?

  5. ricky says:

    yeap.. i dun see the difference also. let say SP sell me a CIR of 64kbps and PIR of 128kbps.. what is the real difference as a customer point of view if i configured the following:

    1. shape average 128000
    2. shape peak 64000

    The only differnt i can tell is that.. in a shape average 128000 case, my boss will be mislead to think that the CIR is 128000, but in the actual fact the PIR is 128000. So the command shape peak is only here to clarify the consusion to the customer when they see the configuration?

  6. Abu Fareed says:

    Very good explanation.

    I have a quick question,

    PIR=CIR(1+Be/Bc),

    If Be=Bc it means Be=0 isn’t it
    so PIR=CIR(1+0/Bc), then PIR=CIR instead of PIR=2*CIR

    Correct me If Iam wrong.

  7. Abu Fareed says:

    Sorry, in my original posting I meant when you want to omit Be, Be=0 instead of Be=Bc then PIR=CIR but PIR=2*CIR when excess burst is same as
    commited burst

  8. mohamed el henawy says:

    so what is the difference bet using shape peak and use cir and mincir ?
    or do i have to use both with map class and service policy inside

  9. David Cruz says:

    Great explanation! Thank you!

  10. David Cruz says:

    mohamed el henawy,

    mincir is only used for Frame Relay. This example uses Ethernet so the mincir command would not apply. The “shape peak” command is used to make it clear what the CIR is and what the burst rate is. “Shape peak” and “shape average” (when be=bc, which is the default if be is not defined) accomplish the same thing technically. “Shape peak” makes it clear, at a glance, what the CIR is.

    HTH,

    David

  11. Peter, i’ve read the doc cd and the cisco press books for QoS, what’s your source to have this level of knowledge?

    Thanks

  12. Andrey Lebedev says:

    1) police cir 64000 bc 3200 pir 128000 be 6400
    2) PIR = CIR*(1+Be/Bc)

    Result:

    6400 = 2*3200 => Be = 2*Bc ????

    PIR = CIR * (1+2) = CIR *3

    :( ?!

  13. Andrey Lebedev says:

    Sorry! I’m wrong! It’s NOT shaping – It’s policing :) In policing (police cir 64000 bc 3200 pir 128000 be 6400) use “Two-rate, three-color policing”. Sorry!

  14. Alex says:

    Petr i really don`t see the difference between
    1. shape average 128000
    2. shape peak 64000
    do you?
    Can you comment this?

    • Like i mentioned in the post, there is no real different in the maximum sending rate achieve with either of the commands. The only real benefit of “shape peak” command is to allow you better see you CIR/PIR value relation and effectively visualize traffic contract in the “show” commands output.

  15. Alex says:

    Thank you for your answer.

    And last question about QoS :)

    Do you have some links concerning
    the way all QoS mechanism works together?
    The order and inercation between different mechanism?

    I mean if we turn on:
    1. Classification
    2. Marking
    3. LLQ(queuing)
    4. Policing
    5. Shaping
    6. WRED
    7. LFI

    What would be the order of these mechansim?
    I know relationships between some pairs, e.g.
    shaping works before queuing.

    Also there is a cisco article concerning this:

    QoS Order of Operations

    Inbound
    1. QoS Policy Propagation through Border Gateway Protocol (BGP) (QPPB)
    2. Input common classification
    3. Input ACLs
    4. Input marking (class-based marking or Committed Access Rate (CAR))
    5. Input policing (through a class-based policer or CAR)
    6. IP Security (IPSec)
    7. Cisco Express Forwarding (CEF) or Fast Switching

    Outbound
    1. CEF or Fast Switching
    2. Output common classification
    3. Output ACLs
    4. Output marking
    5. Output policing (through a class-based policer or CAR)
    6. Queueing (Class-Based Weighted Fair Queueing (CBWFQ) and Low Latency Queueing (LLQ)), and Weighted Random Early Detection (WRED)
    http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080160fc1.shtml

    But maybe there is some other links,picture that will clarify my question?

    BTW i`ve already find your article`s during searching some answers i can`t find at books.
    And they are really good couse they connect the “clear theory” with the real world life.

  16. Daniel says:

    wow!
    I’ve been reading my book for 15 minutes to understand this and you managed to explain the same this in about 2 sentences !!

    thanks a lot and continue the righteous posting !

  17. nereah cigar says:

    Just a quick one

    1.when is it recommended to use shape peak?

    2.when configuring CB-shaping and using shape adaptive command, how should the min rate be configured.should the min-rate be equal to or greater than minimum bandwidth guaranteed for the traffic class?

    please advice

  18. Mark says:

    I was doing some testing with this command and it works just fine until I hit a certain value and above. Then the numbers for the target rate get all screwed up. Does anyone else have this issue. I am using Dynamip with this platform/IOS. See example below.

    R6(config-pmap-c)#do sh ver
    Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(16a), RELEASE SOFTWARE (fc2)

    R6(config-pmap-c)#shape peak 5000000 250000 500000
    R6(config-pmap-c)#do show policy-map int s2/0

    Serial2/0

    Service-policy output: frts_policy_shape_peak

    Class-map: class-default (match-any)
    78 packets, 2182 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any
    Traffic Shaping
    Target/Average Byte Sustain Excess Interval Increment
    Rate Limit bits/int bits/int (ms) (bytes)
    15000000/5000000 93750 250000 500000 50 93750

    Adapt Queue Packets Bytes Packets Bytes Shaping
    Active Depth Delayed Delayed Active
    – 0 14 1029 0 0 no
    R6(config-pmap-c)#shape peak 6000000 300000 600000
    R6(config-pmap-c)#do show policy-map int s2/0

    Serial2/0

    Service-policy output: frts_policy_shape_peak

    Class-map: class-default (match-any)
    80 packets, 2210 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any
    Traffic Shaping
    Target/Average Byte Sustain Excess Interval Increment
    Rate Limit bits/int bits/int (ms) (bytes)
    18000000/6000000 112500 300000 600000 50 112500

    Adapt Queue Packets Bytes Packets Bytes Shaping
    Active Depth Delayed Delayed Active
    – 0 14 1029 0 0 no
    R6(config-pmap-c)#shape peak 7000000 350000 700000
    R6(config-pmap-c)#do show policy-map int s2/0

    Serial2/0

    Service-policy output: frts_policy_shape_peak

    Class-map: class-default (match-any)
    81 packets, 2224 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any
    Traffic Shaping
    Target/Average Byte Sustain Excess Interval Increment
    Rate Limit bits/int bits/int (ms) (bytes)
    8728000/7000000 131250 350000 700000 50 131250

    Adapt Queue Packets Bytes Packets Bytes Shaping
    Active Depth Delayed Delayed Active
    – 0 14 1029 0 0 no
    R6(config-pmap-c)#

  19. Ismael says:

    Great explanation!
    To further understand this topic, do you know where could I find information regarding the token bucket algorithm used in shape peak?

  20. Juan Carlos G says:

    Very Good Explanation.
    We wanted apply this functionality on GSR 12K IOS, but apparently the “violate-action” for L3VPN is not supported on this platform.

    Some recommendation to deploy oversubscription on GSR 12K IOS.

  21. Eyal says:

    hi

    when we are asked to assume RTP packets use range 16384 32767
    i can see at the workbook that the class-map uses ip rtp 16384 16383 ??? why is that??
    if i create a ACL that uses the exact port range isn’t that what we are asked? or i am wrong??

    please explain
    thanks

    • @Eyal,

      Because in that command, you are not asked for low port and high port, but rather low port and then the ‘range’ of ports. So “ip rtp 16384 16383′ means start at port 16384 and go for 16383 more ports. So you add those two together and you get 32767.

      When in doubt, always type a ? to see what next argument is expected.
      Hope that helps.

 

Leave a Reply

Categories

CCIE Bloggers