RIP, EIGRP, OSPF, IS-IS, BGP, MPLS, VTP, STP.
killabee
Post Whore
Posts:
1361
Joined:
Sat Dec 19, 2009 11:52 pm
Certs:
CCNP, JNCIA, MCSA

Why police rather than shape?

Wed Aug 01, 2012 7:54 am

If my goal is to limit bandwidth for a traffic class, why should I police the traffic to drop excess traffic when I can instead shape it to that bandwidth limit and achieve the same results?

Policing will drop excess traffic, whereas shaping will delay the excess traffic temporarily for later transmission, but at least shaping sends the traffic later whereas policing will just drop it without regard. It seems like they can both accomplish the same function of limiting bandwidth, except that shaping is a lot gentler on the traffic. So why should I police when shaping can also do the trick and is a lot gentler on the traffic? This is excluding the fact that policing can be applied on the ingress/egress and can remark packets, while shaping can only be applied on the egress.

I was thinking that shaping will use up the buffer, but does that really matter?

Thanks

User avatar
dlots
Post Whore
Posts:
3421
Joined:
Mon Jun 15, 2009 9:48 am
Certs:
CC\NP\DP\IP\NA-Security\NA-Voice

Re: Why police rather than shape?

Wed Aug 01, 2012 7:58 am

Because you can only do shapping going out

Shaping effects the outgoing buffer... which you don't always have access to

Policing you can do coming in
Freedom to all the people. Brave, true and strong.
Freedom to all the people. Unless I think you're wrong

dhimes.com

User avatar
dlots
Post Whore
Posts:
3421
Joined:
Mon Jun 15, 2009 9:48 am
Certs:
CC\NP\DP\IP\NA-Security\NA-Voice

Re: Why police rather than shape?

Wed Aug 01, 2012 8:04 am

sorry didn't see your "other than the incoming/outgoing" line
that's really the best reason to do it... there might be some strange reason but I can't think of any off hand
Freedom to all the people. Brave, true and strong.
Freedom to all the people. Unless I think you're wrong

dhimes.com

User avatar
jdsilva
Post Whore
Posts:
5347
Joined:
Mon Jan 17, 2005 11:01 pm
Certs:
CCNP

Re: Why police rather than shape?

Wed Aug 01, 2012 8:08 am

If you're a service provider and you want to enforce a CIR you police. It's up to your customer to shape if they don't want traffic dropped (why waste your resources on traffic that you're not being paid to pass on?). Also policing allows you to remark traffic instead of dropping it. Again, more useful for a SP than an enterprise, but still an option.

killabee
Post Whore
Posts:
1361
Joined:
Sat Dec 19, 2009 11:52 pm
Certs:
CCNP, JNCIA, MCSA

Re: Why police rather than shape?

Wed Aug 01, 2012 8:19 am

dlots wrote:Shaping effects the outgoing buffer... which you don't always have access to


Thanks. That's what i was thinking too. You may not want to fill up the output buffer with traffic that's exceeded its CIR because you're then using up buffer space that the other class-maps could be using.

chrismarget
Senior Member
Posts:
387
Joined:
Wed Jan 26, 2011 3:38 pm

Re: Why police rather than shape?

Wed Aug 01, 2012 8:50 am

There's also the impact on TCP to think of.

If you police, TCP gets the message: slow down.

If you shape, TCP thinks it's operating over a very long link and will continue to run faster* until you ultimately drop the data anyway. In this case, mission not accomplished, in terms of throttling the source without dropping data. Making matters worse, you've wrecked TCP's responsiveness to lost data because loss detection is delayed when the required data is languishing in buffers somewhere.

Search "bufferbloat" for lots of discussion on this topic. It's not a perfect analog, because bufferbloat usually refers to all traffic, where you'll only be impacting certain traffic classes with the shaping. Within the class, the effect is the same.

Think about this: RED (dropping data randomly even when buffer space is still available) is a feature.

If we're not talking about TCP, but rather data which must get delivered, then nevermind. Shape away.

* up to the limit of the lesser of the sender's transmit buffer and the receiver's advertised receive window. Keep in mind however, that we're comparing server RAM against network device interface buffer. The network will always lose this battle :)

User avatar
mellowd
CCIE #38070
Posts:
13814
Joined:
Wed Jun 18, 2008 7:49 am
Certs:
CCIE (RS,SP), JNCIE-SP, BC-/SPNE/NP

Re: Why police rather than shape?

Wed Aug 01, 2012 8:53 am

Shaping adds delay. Policing adds no delay.

User avatar
mellowd
CCIE #38070
Posts:
13814
Joined:
Wed Jun 18, 2008 7:49 am
Certs:
CCIE (RS,SP), JNCIE-SP, BC-/SPNE/NP

Re: Why police rather than shape?

Wed Aug 01, 2012 8:57 am

dlots wrote:Because you can only do shapping going out


Not exactly. High-end routers can also shape inbound



As previously mentioned, us as an SP will police inbound to ensure Mr. Customer only gets what he pays for. It's up to Mr Customer to shape to that rate when sending traffic to us, but we will police anything going over that. Traffic goes over the trust boundry and hence we need to enforce

User avatar
dlots
Post Whore
Posts:
3421
Joined:
Mon Jun 15, 2009 9:48 am
Certs:
CC\NP\DP\IP\NA-Security\NA-Voice

Re: Why police rather than shape?

Wed Aug 01, 2012 8:59 am

mellowd wrote:
dlots wrote:Because you can only do shapping going out


Not exactly. High-end routers can also shape inbound


Nifty
Didn't know that :thankyou:

Do you know off hand if a 6509 can?
Freedom to all the people. Brave, true and strong.
Freedom to all the people. Unless I think you're wrong

dhimes.com

javentre
Post Whore
Posts:
1872
Joined:
Fri Jul 09, 2010 7:38 pm

Re: Why police rather than shape?

Wed Aug 01, 2012 9:47 am

dlots wrote:Do you know off hand if a 6509 can?
Yes, with some of the ES cards, like ES+ and ES+T
http://networking.ventrefamily.com

User avatar
burnyd
Post Whore
Posts:
2965
Joined:
Fri Nov 13, 2009 5:15 pm
Certs:
CCIE R&S/SP,CCNP-SP,JNCIA,VCP510,VCA-DCV

Re: Why police rather than shape?

Wed Aug 01, 2012 9:31 pm

mellowd wrote:
dlots wrote:Because you can only do shapping going out


Not exactly. High-end routers can also shape inbound


o rly?
"I will prepare and some day my chance will come." - Abraham Lincoln
http://danielhertzberg.wordpress.com - I blog about networks!

javentre
Post Whore
Posts:
1872
Joined:
Fri Jul 09, 2010 7:38 pm

Re: Why police rather than shape?

Thu Aug 02, 2012 7:14 am

burnyd wrote:o rly?
The 7600 with an ES+ card, and/or FlexWAN cards, does ingress shaping. I'm sure there are others, you can probably find them with the feature navigator.
http://networking.ventrefamily.com

User avatar
kannies
Post Whore
Posts:
1207
Joined:
Thu Jan 10, 2008 7:43 am

Re: Why police rather than shape?

Thu Aug 02, 2012 7:43 am

When I first learnt about shaping & policing, the ideal "Text Book" scenario is the a CE - PE link. The CE shapes outgoing traffic & the PE polices & drops inbound traffic.

Often times however, the PE & CE are both owned by the same ISP. In this case we do add a policer to the outbound CE interface but to Re-Mark, not drop traffic, Giving each critical class that recognises it's respective marking's the bandwidth it needs to function but then applying WRED to control traffic that exceeds the quota, ie; if the policer re-marks it.

To answer the original question, Shaping add delay, policing doesn't.

Modar
New Member
Posts:
42
Joined:
Thu Apr 21, 2011 7:12 am

Re: Why police rather than shape?

Sun Aug 05, 2012 7:01 am

Shaping queues traffic, policing marks down / drops traffic.

javentre
Post Whore
Posts:
1872
Joined:
Fri Jul 09, 2010 7:38 pm

Re: Why police rather than shape?

Sun Aug 05, 2012 9:35 am

Modar wrote:Shaping queues traffic
Shaping can/does drop traffic too.
http://networking.ventrefamily.com

User avatar
mellowd
CCIE #38070
Posts:
13814
Joined:
Wed Jun 18, 2008 7:49 am
Certs:
CCIE (RS,SP), JNCIE-SP, BC-/SPNE/NP

Re: Why police rather than shape?

Mon Aug 06, 2012 3:15 am

Indeed. Buffers have a fixed limit

Modar
New Member
Posts:
42
Joined:
Thu Apr 21, 2011 7:12 am

Re: Why police rather than shape?

Wed Aug 08, 2012 10:17 pm

javentre wrote:
Modar wrote:Shaping queues traffic
Shaping can/does drop traffic too.


I wasn't implying shaping cannot result in dropped traffic, more just differentiating between the main purpose of both :wink:

'

Return to Cisco Routing and Switching

Who is online

Users browsing this forum: Majestic-12 [Bot] and 36 guests