TRAFFIC SHAPPING & TRAFFIC POLICING

By /

1. What is it and why we need it?

We have a lot of services run in the same network infrastucture : http, ftp, voice ip, … Each service demand a level of quality (packet loss, delay, jitter) to operation properly. Traffic shaping provides to each services a level of quality which they need and assure the minimum resource for each. There are many levels and we can configure them to map with corresponding services.

Mainly we can define 2 QoS processes:

  • Classification and marking
  • Traffic shaping (queuing)/Traffic policing

2. How we classify services?

We can classify services in many ways

  • source, destination IP
  • source, destiation MAC
  • TCP, UDP
  • Source, destiation port
  • Interface
  • Layer 2 VLAN tag
  • IP precedence: we can use the first 3 bits in ToS field in IP header. If IP precedence = 0. it means that packet will be transmit with best effort, 7 other value will be used to assign to 7 types of data with priority increasing

  • DSCP field: if we need more than 8 types of traffic, the first 6 bits of ToS field will be used, it means that we have 63 values to assign
DSCP
DSCP

3. Traffic shaping in Linux

Some theory about token buckets: http://tldp.org/HOWTO/Traffic-Control-HOWTO/overview.html#o-buckets

  • What is class? – Class it’s a policy about what we should do with a packets.
  • What is a queue? – We should put packets going to/through Router into queue and dequeue to send back to the network by some algorithm. There are 2 types of queues:

Classless

FIFO, First-In First-Out

pfifo_fast, the default Linux qdisc

SFQ, Stochastic Fair Queuing

ESFQ, Extended Stochastic Fair Queuing

GRED, Generic Random Early Drop

TBF, Token Bucket Filter

Classfull

HTB, Hierarchical Token Bucket

More detailed read here: http://tldp.org/HOWTO/Traffic-Control-HOWTO/classful-qdiscs.html

We can link many class together as a tree, with a root, and many leaves. Each class will have different priority or each class can borrow bandwidth from other class.

  • priority : class which has lower priority will b served 1st
  • borrow bandwidth : 1 class can borrow bandwidth from other classes if these class don’t use all of them bandwidth

Simplest example step by step
1.create netfilter rule to mark the packets that we want to limit
Ex : iptables -t mangle -A OUTPUT -o eth0 -p tcp –sport 80 -j MARK –set-mark 80

2.create traffic Control policy
Ex : tc qdisc add dev eth0 root handle 1: htb default 20
tc class add dev eth0 parent 1:0 classid 1:10 htb rate 200kbit ceil 200kbit prio

3.Create filter to bind the packets to the policy
Ex : tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 80 fw flowid 1:10

Ex :
tc qdisc add dev eth0 root handle 1:1 htb
tc class add dev eth0 parent 1:1 classid 1:1 htb rate 1000kbit ceil 1000kbit prio 1 mtu 1500
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 200kbit ceil 200kbit prio 1 mtu 1500
tc class add dev eth0 parent 1:0 classid 1:11 htb rate 200kbit ceil 1000kbit prio 2 mtu 1500
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip protocol 6 sport 22 0xffff flowid 1:10

Line 2 define 1 root class which uses SFQ queue Line 3,4 defines 2 leaves class
+ class 10 has priority 1 and class 11 has priority 2, so class 10 will be process 1st
+ class 10 has rate 200 kbit and ceil is 200 kbit, it means that it can not borrow any more bandwidth
+ class 11 has rate 200 kbit and ceil is 1000 kbit, it means that it can borrow more 800 kbit from root class.
Line 5 define filter which will limit all the ssh connection to this server will use max bandwidth is 200 kbit

HFSC, Hierarchical Fair Service Curve

HFSC (Hierarchical fair-service curve)

4. QoS in Cisco device

Step by step

  1. Classify traffic into class
  2. Make policies
  3. Apply policies to each class on appropriate interface

There are 2 types of QoS on Cisco device

  • Traffic policy : When the traffic rate reaches the configured maximum rate, excess traffic is dropped (or remarked)

  • Traffic shaping : excess packets are retained in a queue and then schedules the excess for later transmission over increments of time. The result of traffic shaping is a smoothed packet output rate.

Types of queue

  • FIFO
  • WFQ : divides bandwidth across queues of traffic based on weights.
    • Flow-based WFQ (WFQ)
    • Distributed WFQ (DWFQ)
    • Class-based WFQ (CBWFQ)
    • Distributed class-based WFQ (DCBWFQ)
  • CQ : bandwidth is allocated proportionally for each different class of traffic
  • PQ : packets belonging to one priority class of traffic are sent before all lower priority traffic to ensure timely delivery of those packets.

5. Comparison of QoS in Linux and Cisco

The same : Both are rather similar with ability to mark packet based on special field on IP header, IP src-dst, port src-dst, mac src-dst,… create classless and classfull queue The differences:

  • Linux :
    • More options to parameterize, better customize
    • In Linux we can combine most mechanism together. For ex : we can use SFQ in a HTB queue
    • In Linux, because we can upgrade the CPU and Memory so we can use complex mechanism, we can also increase the the size of queue and subqueue.
  • Cisco
    • More simple to configuration with less options
    • We can not combine mechanisms together
    • The CPU and Memory is fixed so we can’t change to much

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top