{"id":722,"date":"2018-07-08T00:41:36","date_gmt":"2018-07-07T17:41:36","guid":{"rendered":"https:\/\/lagonet.vn\/?p=722"},"modified":"2018-07-08T00:41:36","modified_gmt":"2018-07-07T17:41:36","slug":"traffic-shapping-traffic-policing","status":"publish","type":"post","link":"https:\/\/kb.lagonet.vn\/?p=722","title":{"rendered":"TRAFFIC SHAPPING &amp; TRAFFIC POLICING"},"content":{"rendered":"<h2 id=\"a1.Whatisitandwhyweneedit\"><strong>1. What is it and why we need it?<\/strong><a id=\"section_1\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=1\"><\/a><\/h2>\n<p>We have a lot of services run in the same network infrastucture : http, ftp, voice ip, \u2026 Each service demand a level of quality (packet loss, delay, jitter) to operation properly. Traffic shaping provides to each services a level of quality which they need and assure the minimum resource for each. There are many levels and we can configure them to map with corresponding services.<\/p>\n<p>Mainly we can define 2 QoS processes:<\/p>\n<ul>\n<li>Classification and marking<\/li>\n<li>Traffic shaping (queuing)\/Traffic policing<\/li>\n<\/ul>\n<h2 id=\"a2.Howweclassifyservices\"><strong>2. How we classify services?<\/strong><a id=\"section_2\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=2\"><\/a><\/h2>\n<p>We can classify services in many ways<\/p>\n<ul>\n<li>source, destination IP<\/li>\n<li>source, destiation MAC<\/li>\n<li>TCP, UDP<\/li>\n<li>Source, destiation port<\/li>\n<li>Interface<\/li>\n<li>Layer 2 VLAN tag <img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-724\" src=\"https:\/\/lagonet.vn\/wp-content\/uploads\/2018\/07\/tag.jpg\" alt=\"\" width=\"497\" height=\"173\" \/><\/li>\n<\/ul>\n<ul>\n<li>IP precedence: we can use the first 3 bits in ToS field in IP header. If IP precedence = 0. it means that packet will be transmit with best effort, 7 other value will be used to assign to 7 types of data with priority increasing<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-727\" src=\"https:\/\/lagonet.vn\/wp-content\/uploads\/2018\/07\/Ipheader-639x400.jpg\" alt=\"\" width=\"466\" height=\"292\" \/><\/p>\n<ul>\n<li>DSCP field: if we need more than 8 types of traffic, the first 6 bits of ToS field will be used, it means that we have 63 values to assign<\/li>\n<\/ul>\n<figure id=\"attachment_726\" aria-describedby=\"caption-attachment-726\" style=\"width: 428px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-726\" src=\"https:\/\/lagonet.vn\/wp-content\/uploads\/2018\/07\/DSCP.jpg\" alt=\"DSCP\" width=\"428\" height=\"235\" \/><figcaption id=\"caption-attachment-726\" class=\"wp-caption-text\">DSCP<\/figcaption><\/figure>\n<h2 id=\"a3.TrafficshapinginLinux\"><strong>3. Traffic shaping in Linux<\/strong><a id=\"section_3\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=3\"><\/a><\/h2>\n<p>Some theory about token buckets:\u00a0<a class=\"ext-link\" href=\"http:\/\/tldp.org\/HOWTO\/Traffic-Control-HOWTO\/overview.html#o-buckets\"><span class=\"icon\">\u200b<\/span>http:\/\/tldp.org\/HOWTO\/Traffic-Control-HOWTO\/overview.html#o-buckets<\/a><\/p>\n<ul>\n<li>What is class? &#8211; Class it&#8217;s a policy about what we should do with a packets.<\/li>\n<li>What is a queue? &#8211; We should put packets going to\/through Router into queue and dequeue to send back to the network by some algorithm. There are 2 types of queues:<\/li>\n<\/ul>\n<h3 id=\"Classless\">Classless<a id=\"section_4\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=4\"><\/a><\/h3>\n<h4 id=\"FIFOFirst-InFirst-Out\">FIFO, First-In First-Out<a id=\"section_5\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=5\"><\/a><\/h4>\n<p><a href=\"https:\/\/trac.coccoc.com\/coccoc\/attachment\/wiki\/NCC\/noc-knowledge-base\/Traffic\/fifo-qdisc.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-728\" src=\"https:\/\/lagonet.vn\/wp-content\/uploads\/2018\/07\/fifo-qdisc.png\" alt=\"\" width=\"285\" height=\"301\" \/><\/a><\/p>\n<h4 id=\"pfifo_fastthedefaultLinuxqdisc\">pfifo_fast, the default Linux qdisc<a id=\"section_6\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=6\"><\/a><\/h4>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-729\" src=\"https:\/\/lagonet.vn\/wp-content\/uploads\/2018\/07\/pfifo_fast-qdisc.png\" alt=\"\" width=\"336\" height=\"395\" \/><\/p>\n<h4 id=\"SFQStochasticFairQueuing\">SFQ, Stochastic Fair Queuing<a id=\"section_7\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=7\"><\/a><\/h4>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-730\" src=\"https:\/\/lagonet.vn\/wp-content\/uploads\/2018\/07\/sfq-qdisc.png\" alt=\"\" width=\"392\" height=\"399\" \/><\/p>\n<h4 id=\"ESFQExtendedStochasticFairQueuing\">ESFQ, Extended Stochastic Fair Queuing<a id=\"section_8\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=8\"><\/a><\/h4>\n<h4 id=\"GREDGenericRandomEarlyDrop\">GRED, Generic Random Early Drop<a id=\"section_9\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=9\"><\/a><\/h4>\n<h4 id=\"TBFTokenBucketFilter\">TBF, Token Bucket Filter<a id=\"section_10\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=10\"><\/a><\/h4>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-731\" src=\"https:\/\/lagonet.vn\/wp-content\/uploads\/2018\/07\/tbf-qdisc-337x400.png\" alt=\"\" width=\"337\" height=\"400\" \/><\/p>\n<h3 id=\"Classfull\">Classfull<a id=\"section_11\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=11\"><\/a><\/h3>\n<h4 id=\"HTBHierarchicalTokenBucket\">HTB, Hierarchical Token Bucket<a id=\"section_12\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=12\"><\/a><\/h4>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-732\" src=\"https:\/\/lagonet.vn\/wp-content\/uploads\/2018\/07\/htb-borrow-472x400.png\" alt=\"\" width=\"472\" height=\"400\" \/><\/p>\n<p>More detailed read here:\u00a0<a class=\"ext-link\" href=\"http:\/\/tldp.org\/HOWTO\/Traffic-Control-HOWTO\/classful-qdiscs.html\"><span class=\"icon\">\u200b<\/span>http:\/\/tldp.org\/HOWTO\/Traffic-Control-HOWTO\/classful-qdiscs.html<\/a><\/p>\n<p>We can link many class together as a tree, with a root, and many leaves. Each class will have different priority or each class can borrow bandwidth from other class.<\/p>\n<ul>\n<li>priority : class which has lower priority will b served 1st<\/li>\n<li>borrow bandwidth : 1 class can borrow bandwidth from other classes if these class don&#8217;t use all of them bandwidth<\/li>\n<\/ul>\n<p>Simplest example step by step<br \/>\n1.create netfilter rule to mark the packets that we want to limit<br \/>\n<em>Ex : iptables -t mangle -A OUTPUT -o eth0 -p tcp &#8211;sport 80 -j MARK &#8211;set-mark 80<\/em><\/p>\n<p>2.create traffic Control policy<br \/>\nEx :\u00a0<em>tc qdisc add dev eth0 root handle 1: htb default 20<\/em><br \/>\n<em>tc class add dev eth0 parent 1:0 classid 1:10 htb rate 200kbit ceil 200kbit prio<\/em><\/p>\n<p>3.Create filter to bind the packets to the policy<br \/>\nEx :\u00a0<em>tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 80 fw flowid 1:10<\/em><\/p>\n<p>Ex :<br \/>\n<em>tc qdisc add dev eth0 root handle 1:1 htb<\/em><br \/>\n<em>tc class add dev eth0 parent 1:1 classid 1:1 htb rate 1000kbit ceil 1000kbit prio 1 mtu 1500<\/em><br \/>\n<em>tc class add dev eth0 parent 1:1 classid 1:10 htb rate 200kbit ceil 200kbit prio 1 mtu 1500<\/em><br \/>\n<em>tc class add dev eth0 parent 1:0 classid 1:11 htb rate 200kbit ceil 1000kbit prio 2 mtu 1500<\/em><br \/>\n<em>tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip protocol 6 sport 22 0xffff flowid 1:10<\/em><\/p>\n<p>Line 2 define 1 root class which uses SFQ queue Line 3,4 defines 2 leaves class<br \/>\n+ class 10 has priority 1 and class 11 has priority 2, so class 10 will be process 1st<br \/>\n+ class 10 has rate 200 kbit and ceil is 200 kbit, it means that it can not borrow any more bandwidth<br \/>\n+ class 11 has rate 200 kbit and ceil is 1000 kbit, it means that it can borrow more 800 kbit from root class.<br \/>\nLine 5 define filter which will limit all the ssh connection to this server will use max bandwidth is 200 kbit<\/p>\n<h4 id=\"HFSCHierarchicalFairServiceCurve\">HFSC, Hierarchical Fair Service Curve<a id=\"section_13\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=13\"><\/a><\/h4>\n<p><a class=\"ext-link\" href=\"http:\/\/linux-ip.net\/articles\/hfsc.en\/\"><span class=\"icon\">\u200b<\/span>HFSC (Hierarchical fair-service curve)<\/a><\/p>\n<h2 id=\"a4.QoSinCiscodevice\"><strong>4. QoS in Cisco device<\/strong><a id=\"section_14\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=14\"><\/a><\/h2>\n<p>Step by step<\/p>\n<ol>\n<li>Classify traffic into class<\/li>\n<li>Make policies<\/li>\n<li>Apply policies to each class on appropriate interface<\/li>\n<\/ol>\n<p>There are 2 types of QoS on Cisco device<\/p>\n<ul>\n<li>Traffic policy : When the traffic rate reaches the configured maximum rate, excess traffic is dropped (or remarked)<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-734\" src=\"https:\/\/lagonet.vn\/wp-content\/uploads\/2018\/07\/traffic_policy.jpg\" alt=\"\" width=\"602\" height=\"238\" \/><\/p>\n<ul>\n<li>Traffic shaping : excess packets are retained in a queue and then schedules the excess for later transmission over increments of time. The result of traffic shaping is a smoothed packet output rate.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-733\" src=\"https:\/\/lagonet.vn\/wp-content\/uploads\/2018\/07\/traffic_shaping.jpg\" alt=\"\" width=\"600\" height=\"251\" \/><\/p>\n<p>Types of queue<\/p>\n<ul>\n<li>FIFO<\/li>\n<li>WFQ : divides bandwidth across queues of traffic based on weights.\n<ul>\n<li>Flow-based WFQ (WFQ)<\/li>\n<li>Distributed WFQ (DWFQ)<\/li>\n<li>Class-based WFQ (CBWFQ)<\/li>\n<li>Distributed class-based WFQ (DCBWFQ)<\/li>\n<\/ul>\n<\/li>\n<li>CQ : bandwidth is allocated proportionally for each different class of traffic<\/li>\n<li>PQ : packets belonging to one priority class of traffic are sent before all lower priority traffic to ensure timely delivery of those packets.<\/li>\n<\/ul>\n<h2 id=\"a5.ComparisonofQoSinLinuxandCisco\"><strong>5. Comparison of QoS in Linux and Cisco<\/strong><a id=\"section_15\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/noc-knowledge-base\/Traffic?action=edit&amp;section=15\"><\/a><\/h2>\n<p>The same : Both are rather similar with ability to mark packet based on special field on IP header, IP src-dst, port src-dst, mac src-dst,\u2026 create classless and classfull queue The differences:<\/p>\n<ul>\n<li>Linux :\n<ul>\n<li>More options to parameterize, better customize<\/li>\n<li>In Linux we can combine most mechanism together. For ex : we can use SFQ in a HTB queue<\/li>\n<li>In Linux, because we can upgrade the CPU and Memory so we can use complex mechanism, we can also increase the the size of queue and subqueue.<\/li>\n<\/ul>\n<\/li>\n<li>Cisco\n<ul>\n<li>More simple to configuration with less options<\/li>\n<li>We can not combine mechanisms together<\/li>\n<li>The CPU and Memory is fixed so we can\u2019t change to much<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>1. What is it and why we need it? We have a lot of services run in the same network [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[6],"tags":[],"class_list":["post-722","post","type-post","status-publish","format-standard","hentry","category-networking"],"_links":{"self":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/722","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=722"}],"version-history":[{"count":0,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/722\/revisions"}],"wp:attachment":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}