Today, one ISP customer required a dynamic allocation of their 100Mbps bandwidth into two customer groups; a 10Mbps priority CIR/PIR corporate block, and a 90Mbps/100Mbps CIR/PIR DSL block.
For simulation, we'll use a 10Mbps egress interface. Class one will be 1Mbps CIR/PIR, while class two will be 9Mbps/10Mbps CIR/PIR. See figure below for the setup used to simulate the solution.
Class one traffic going to 10.0.0.1 will be capped to 10Mbps. While class two traffic going to 10.0.0.2 will be able to burst above 9Mbps (up to 10Mbps in case class one is underutilized).
Here are relevant steps and configurations made on R1:
Create ACL's and class maps to match traffic flow for class one and class two.
ip access-list extended one
permit ip any host 10.0.0.1
!
ip access-list extended two
permit ip any host 10.0.0.2
!
class-map match-all one
match access-group name one
!
class-map match-all two
match access-group name two
Create shape policy-map to set the class limits and share policy-map to set the shared limit.
policy-map shape
class one
priority 1000
police cir 1000000 pir 1000000
class two
bandwidth 8900
!
policy-map shared
class class-default
shape average 10000000
service-policy shape2
Apply shared policy-map outbound on egress interface.
interface Ethernet1/0
ip address 10.0.0.3 255.255.255.0
load-interval 30
duplex full
service-policy output shared
To verify our configuration, let's first generate around 900kbps traffic through class one and ch:
R1#sh policy-map interface eth1/0
Ethernet1/0
Service-policy output: shared
Class-map: class-default (match-any)
48350 packets, 73057177 bytes
30 second offered rate 895000 bps, drop rate 0 bps
Match: any
48350 packets, 73057177 bytes
30 second rate 895000 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 48580/9765
shape (average) cir 10000000, bc 40000, be 40000
target shape rate 10000000
Service-policy : shape
queue stats for all priority classes:
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 48477/73394178
Class-map: one (match-all)
48248 packets, 73047472 bytes
30 second offered rate 895000 bps, drop rate 0 bps
Match: access-group name one
Priority: 1000 kbps, burst bytes 25000, b/w exceed drops: 0
police:
cir 1000000 bps, bc 31250 bytes
pir 1000000 bps, be 31250 bytes
conformed 48477 packets, 73394178 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
violated 0 packets, 0 bytes; actions:
drop
conformed 895000 bps, exceed 0 bps, violate 0 bps
Class-map: two (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: access-group name two
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth 8900 kbps
Class-map: class-default (match-any)
102 packets, 9705 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
102 packets, 9705 bytes
30 second rate 0 bps
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 103/9765
Generating more than 1Mbps for class one results in packets being dropped above 1Mbps.
R1#sh policy-map interface eth1/0
Ethernet1/0
Service-policy output: shared
Class-map: class-default (match-any)
103587 packets, 156586808 bytes
30 second offered rate 2864000 bps, drop rate 0 bps
Match: any
103587 packets, 156586808 bytes
30 second rate 2864000 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 82795/16558
shape (average) cir 10000000, bc 40000, be 40000
target shape rate 10000000
Service-policy : shape
queue stats for all priority classes:
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 82622/125089708
Class-map: one (match-all)
103415 packets, 156570310 bytes
30 second offered rate 2864000 bps, drop rate 1866000 bps
Match: access-group name one
Priority: 1000 kbps, burst bytes 25000, b/w exceed drops: 0
police:
cir 1000000 bps, bc 31250 bytes
pir 1000000 bps, be 31250 bytes
conformed 82622 packets, 125089708 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
violated 21765 packets, 32952210 bytes; actions:
drop
conformed 1000000 bps, exceed 0 bps, violate 1866000 bps
Class-map: two (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: access-group name two
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth 8900 kbps
Class-map: class-default (match-any)
172 packets, 16498 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
172 packets, 16498 bytes
30 second rate 0 bps
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 173/16558
Combining a 10Mbps traffic for class two and 500kbps traffic for class one results into a 9.5Mbps flow for class two and priority flow of 500kbps traffic for class one. (An additional test is to run a ping through class one, which must show no packet loss).
R1#sh policy-map interface eth1/0
Ethernet1/0
Service-policy output: shared
Class-map: class-default (match-any)
187700 packets, 284126452 bytes
30 second offered rate 10269000 bps, drop rate 449000 bps
Match: any
187700 packets, 284126452 bytes
30 second rate 10269000 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 64/8569/0
(pkts output/bytes output) 184575/265496742
shape (average) cir 10000000, bc 40000, be 40000
target shape rate 10000000
Service-policy : shape
queue stats for all priority classes:
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 9179/13897006
Class-map: one (match-all)
8911 packets, 13491254 bytes
30 second offered rate 501000 bps, drop rate 0 bps
Match: access-group name one
Priority: 1000 kbps, burst bytes 25000, b/w exceed drops: 0
police:
cir 1000000 bps, bc 31250 bytes
pir 1000000 bps, be 31250 bytes
conformed 9179 packets, 13897006 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
violated 0 packets, 0 bytes; actions:
drop
conformed 501000 bps, exceed 0 bps, violate 0 bps
Class-map: two (match-all)
178753 packets, 270632042 bytes
30 second offered rate 9768000 bps, drop rate 449000 bps
Match: access-group name two
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 63/8569/0
(pkts output/bytes output) 175360/265495040
bandwidth 8900 kbps
Class-map: class-default (match-any)
36 packets, 3156 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
36 packets, 3156 bytes
30 second rate 0 bps
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 37/3216
Ping output:
$ ping -c 100 10.0.0.1
<....output truncated....>
--- 10.0.0.1 ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 99154ms
rtt min/avg/max/mdev = 3.635/4.528/13.680/0.961 ms
From the results above, we've verified that although class two can burst into the class one zone, priority is still given to class one traffic as evident with low-latency response and minimum deviation.