Traffic Policing vs Traffic Shaping


The concepts of Traffic Policing and Traffic Shaping can get very detailed, this article intends to be a very high level explanation, I’ve provided some links below that go into more detail. But, first let’s set the scene.

When transmitting traffic across a network connection, there are limits, the most notable is the limit in the bandwidth available, this will always have a physical limit (hard limit), but there may also be a logical limit (soft limit) that is applied by your service provider (ISP).

Let’s say we have a 1Gbit link between two switches that is provided by an external provider, we are however only paying for 100Mbit bandwidth, which means physically its 1Gbit, but logically its only 100Mbit available.

The provided 100Mbit bandwidth is called the CIR (Committed Information Rate), additionally a concept of the Burst Rate is also provided, but this is not measured in bits, its measured in bytes, or in this case kilobytes, 1024KB in this example, what this is and how it matters is covered later on.

So, what is the difference between Policing and Shaping?

Traffic Policing and Traffic Shaping Compared

Put in the most simple terms Policing is a blunt instrument, if say we attempted to sent at a rate of 200Mbit on our example link, and the ISP used Policing, the switch on say the ISP side of the link (if that is where the Policing is applied), would just drop 50% of the traffic, i.e. the traffic that is over the 100Mbit/s, from a client point of view, this is seen as packets dropping and being retransmitted.

Traffic Shaping is a more soft instrument, instead of just throwing the packets away it buffers them (to a point), which means you have packets that make up the excess traffic being held in a buffer to be sent later, rather than just being thrown away. So on our scenario of 200Mbit on a 100Mbit link the excess would be buffered….or would it.

When we are talking about a sustained traffic of 200Mbit on a 100Mbit link, we’d have a bit of buffering, but then the buffers would fill, and then traffic would be dropped, in theory the sending client would then throttle back, but this may not always be the case.

Where the Shaping provides a nicer response to excess traffic is on more spikey traffic flows. Let’s say we have our same 100Mbit link, but we try and send 120Mbit on that link for about 3 seconds, then it drops to 80Mbit, then 60Mbit, then up to 110Mbit for 2 more seconds.

When using Policing, anything that goes over is “chopped off” and dropped, so the client would see traffic ramp up, then suddenly a load of retransmits and packet loss, then fine again, then some more traffic dropped when it went up to 110Mbit.

With Shaping, because the “spikes” are not that large and of short duration, the excess is buffered (rather than drops) and transmitted a bit later when the “spike” has passed and traffic is below the CIR limit of 100Mbit. The end result is a much smoother and nicer experience in terms of packet loss, but there can then be increases in “latency” (the delay of packets going from A to B) and/or “jitter” (the consistency of the latency – response times).

Burst Rate

The Burst Rate is a way of allowing a temporary overuse of the link’s CIR limit for a period of time, or typically measured in the amount of traffic, it means the link (switch) temporarily allows use of over the CIR limit, rather than Policing (dropping traffic) or Shaping (buffering), both of which have their own side effects.

So let’s say we have our 100 Mbit/s link, with a burst rate of 2 MB (Megabytes) of data, notice bits for the CIR limit (bandwidth) and bytes for the burst rate. How long before the burst rate resets is down to what the ISP has set.

So, our client sends some data, its spikey transfers of lots small files. The spike goes up over the CIR limit, which means the burst rate is allowing an excess of 10Mbit of bandwidth use for the period of time it takes to transmit 2 MB of data after which Policing or Shaping could then be applied.

Quick Example (Extreme Networks – XOS/SwitchEngine)

First create a meter with the required limits.

create meter Limit2G
configure meter Limit2G committed-rate 2 Gbps max-burst-size 250 Mb out-actions drop

Create the Bandwidth Limit policy file. You don’t need one per tenant, you can coexist many in a single file.

vi LimitBandwidth.pol

Create the entry with the matching criteria, the contents of the file: LimitBandwidth.pol.

entry Limit2G {
  if match all {
    vlan-id 4077;
 then {
    meter Limit2G;

Apply the policy to the port to start the bandwidth throttling.

configure access-list LimitBandwidth ports 40 ingress
configure access-list LimitBandwidth ports 40 egress

To see it in action:

show access-list meter "Limit2G" port 40 ingress
# show access-list meter "Limit2G" port 40 ingress
Policy Name      Vlan Name        Port
                       Committed   Max Burst  Out-of-Profile  Out-of-Profile
    Meter              Rate (Kbps) Size (K)   Action    DSCP  Packet Count
LimitBandwidth   *                40
    Limit2G         2000000     250000     Drop            675022569

Additional Information

QOS Traffic Shaping Explained

Leave a Reply

Your email address will not be published. Required fields are marked *