Solved: Policing and Shaping

saiiven07 · ‎12-10-2007

Hi, all.

I'd like to ask you some question about policing and shaping. I decided to test these two traffic conditioners, and wrote these two simple policy-maps:

class POLICE

match any

policy-map POLICE

class POLICE

police 256000

policy-map SHAPE

class POLICE

shape average 256000

than I applied them one after another to fa0/2 interface in the outbound direction, while downloading a big file from the Internet:

(Internet)===fa0/1(ROUTER)fa0/2====TEST_PC

interface Fa0/2

service-policy output POLICE/SHAPE

and I've got to tell you I was surprised. With service-policy POLICE configured, the download speed was only 15,2KB, while with service-policy SHAPE configured it was 31,2KB.

Could somebody please explain these results?

Is that because the policer drops packets instead of just queuing them thus causing the sender slow its transmission rate?

Thanks.

dgahm · ‎12-11-2007

Generally, end customers should use traffic shaping and service providers policing. Best performance with most applications will be achieved with shaping, but you need a router or more expensive switch to do it, and it can only be done on egress ports. Policing can be done easily on all SP edge devices ingress ports. If the customer shapes, the service provider's policing should never kick in.

At least this is my theory.

Please rate helpful posts.

Dave

View solution in original post

Edison Ortiz · ‎12-10-2007

When the packet is dropped, if it's TCP,it will be resent again thus doubling the bandwidth utilization.

dgahm · ‎12-10-2007

You are correct, when packets are dropped congestion avoidance and slow start will kick in dramatically slowing the transmit rate. If you test with multiple senders you would be able to utilize more of the full policed bandwidth.

http://rfc.dotsrc.org/rfc/rfc2001.html

Please rate helpful posts.

bvsnarayana03 · ‎12-10-2007

TCP uses a "congestion window" to react to packet drops. like the "advertised window" is used by the reciever to tell sender about its window size, similarly "congestion window" is used by the sender to slow down the sending rate eachtime a pkt is dropped.

When the sender doesnt recv an ack from reciever, it reduce the size of congestion window & slowdown the rate at which sends. This happens everytime a packet is dropped or ack is not recvd. This term is also referred to as "slow-start". Thats why the download speed was less with policing.

Whereas with shaping, the sender maintains the rate configured.

hope that clarifies.

pls rate all helpful posts.

saiiven07 · ‎12-11-2007

Thank you all for your help and time.

So, I guess the best practice recomendations for rate-limiting users/customers are to use shaping for single user or small amount of users and use policing in all other cases.

dgahm · ‎12-11-2007

Generally, end customers should use traffic shaping and service providers policing. Best performance with most applications will be achieved with shaping, but you need a router or more expensive switch to do it, and it can only be done on egress ports. Policing can be done easily on all SP edge devices ingress ports. If the customer shapes, the service provider's policing should never kick in.

At least this is my theory.

Please rate helpful posts.

Dave

saiiven07 · ‎12-11-2007

Thanks again guys for sharing your experience. I'll take all that into account.

Edison Ortiz · ‎12-11-2007

I usually go with policing on incoming traffic and shaping on outgoing traffic.