Shaping and policing

• April 26, 2009
• Technology  
• CCIE  

As the topic implies, I will be writing about a few things regarding shaping and policing. Now these are two really hard-to-understand topics for me, but they are also very usefull. To understand what they do, and the difference between them, lets define them as such:

• Shaping delays packets to achive the target bitrate.
• Policing either drops packets, or remarks them as lower priority.

When speaking of these two technologies, we need to define some terms which are used very often:

• Tc = Interval during which either shaping or policing takes place.
• Bc = When speaking of shaping, committed burst rate each Tc interval.
• Be = Exceeded burst rate, above the Bc.
• CIR = Committed Information Rate, the target bitrate.

Shaping:

When talking about shaping, we use the visual representation of a bucket. This bucket consists of a number of tokens. With shaping, for each token in the bucket, we can send 1 bit. Each Tc interval, the bucket is filled with Bc bits. So how this works is when a packet arrives which wants to be send, we check the bucket to see if there are enough tokens in there to send the packet. If there is, we send the packet, and subtract the tokens from the bucket. If there are not enough tokens in the bucket to send the packet, we must wait until the next Tc interval where the bucket will get some more tokens. If we over-fill the bucket with tokens during a Tc refill, it “overflows”, wasting bandwidth.

The above explanation is without the use of the Be. When using Be, what happens is that the bucket “grows” if more tokens are filled into the bucket than there can be in it. It can be over-filled with Be bytes, after the Bc+Be, it again overflows. This will allow us to send more than Bc each time interval, because we have “saved” up for it during times of idle periods.

Now some formulas:

Tc = Bc/CIR

What this means is that if you know two of the parameters, you can calculate the third. Normally we would know the CIR, because thats what we want to shape to, but we can also set the Bc, lets try:

Tc =8000/64000

Tc = 0,125, which is 125 ms.

So what we know from this is, each 125 ms, the bucket will be filled with 8000 bits, which will result in a bitrate of 64000. With no further modifications, the Be will be set to Bc.

All this comes out to make a smooth bandwidth usage of 64kbps, but it also delays some packets, which might not be what we want to do.

Policing:

Policing is a more drastic option to impose on our packets. It also uses the bucket analogy even more. When we speak of Bc and Be here, it is actually the bucket sizes. With policing we dont use time intervals in the same way as in shaping, instead we use time intervals to calculate the current refill rate, also note that Bc and Be are mentioned as bytes when talking about policing (dont blame me). Refill rate is based upon:

((Current-arrival-time-of-packet – Last-arrival-time-of-packet) * packetization-rate) / 8.

This is done each time a packet arrives. So lets take our example with reaching a rate of 64 kbps, and its been 1 second since the last packet arrived:

((2 – 1) * 64000) / 8 = 8000 bytes.

8000 bytes are then put into the Bc bucket. That makes sense as 64 kbps = 8000 bytes. Now here’s where it gets tricky, as there are three ways of policing:

• Single rate, two color policing.
• Single rate, three color policing.
• Dual rate, three color policing.

Basically, single rate, two color policing, uses the concept of one bucket (Bc) and no Be bucket. If there’s enough tokens (bytes) in the bucket after the calculation, we can send the data, and is said to be “conforming”, if not, we are exceeding.

Single rate, three color policing, uses the Bc bucket. If we have an overflow of the Bc bucket, it goes into our savings-account, Be bucket. We can then send more at a later time. We have three outcomes of a packet in this case, we are either conforming meaning that we can send the packet with our Bc bucket alone, or we can be exceeding, which means we have to dig into our Be bucket, or finally we can be violating, where we can take a third action.

Dual rate, three color, is basically policing to the max rate constantly, as we are filling both the Bc and Be buckets at the same time, allowing us to exceed all the time. When we subtract tokens, we are also subtracting them from both buckets except when we only exceed, where we only subtract them from the Be bucket. In effect this gives us the difference between the two buckets, and we can max out the PIR (Peak Information Rate) rate all the time.

Where the difference really comes into play, is that we with policing can take a certain action depending on whether we are conforming, exceeding or violating, for example:

police 64000 Bc 8000 Be 8000 conform-action transmit exceed-action drop violate-action drop

This would be an example of a single rate, three color scheme. We have what happens to packets when they are conforming, what happens when they are exceeding, and what happens above exceeding.

A two color scheme:

police 64000 Bc 8000

We allow an 8000 byte bucket, everything else exceeds.

Its really hard to explain these technologies in a consise manner, but I hope the above gives some insight into how they work.