shape peak、shape average和police
 
以下是相关配置:
    环境:Dynamips、FlashFXP、IOS 12.4T
!
ftp-server enable
ftp-server topdir disk0:
!
........
!
class-map match-all shape
 match access-group 100
!
!
policy-map shape
 class shape
   police cir 80000 bc 15000 be 30000
    conform-action transmit 
    exceed-action drop 
!
.....
access-list 100 permit tcp any host 192.168.1.200
access-list 100 deny   tcp any any
 
R1#sh run int f0/0
Building configuration...
Current configuration : 166 bytes
!
interface FastEthernet0/0
 ip address 192.168.1.221 255.255.255.0
 duplex full
 rmon native
 rmon collection stats 1 owner config
 service-policy output shape
end
R1#

 
R1#sh policy-map int f0/0
 FastEthernet0/0
  Service-policy output: shape
    Class-map: shape (match-all)
      7593 packets, 10691055 bytes
      5 minute offered rate 36000 bps, drop rate 3000 bps
      Match: access-group 100
      police:
          cir 80000 bps, bc 15000 bytes
        conformed 2683 packets, 3636183 bytes; actions:
          transmit 
        exceeded 232 packets, 349392 bytes; actions:
          drop 
        conformed 34000 bps, exceed 3000 bps
    Class-map: class-default (match-any)
      3388 packets, 4241610 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any 
      
      
R1#

由于police是采用即时丢包机制,所以流量图呈锯齿状。
police bps [burst-normal] [burst-max] conform-action action exceed-action action
[violate-action action]
CISCO建议 burst-normal=configured rate/8*1.5, burst-max=burst-normal*2,这样限速的效果基本跟configured rate 持平
如下面的例子,在police命令中不使用这两个参数,而由系统自动生产,结果速度才4K左右,没有达到预期(8K)的目的
R1(config-pmap-c)#police 80000 con tr ex drop
R1(config-pmap-c-police)#      
R1(config-pmap-c-police)#do sh policy-map int f0/0
 FastEthernet0/0
  Service-policy output: shape
    Class-map: shape (match-all)
      8779 packets, 12044939 bytes
      5 minute offered rate 54000 bps, drop rate 10000 bps
      Match: access-group 100
      police:
           cir 80000 bps, bc 2500 bytes
        conformed 3789 packets, 4873835 bytes; actions:
          transmit 
        exceeded 312 packets, 465624 bytes; actions:
          drop 
        conformed 49000 bps, exceed 10000 bps
    Class-map: class-default (match-any)
      3420 packets, 4244403 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any 
R1(config-pmap-c-police)#


  shape average 命令跟接口模式下的shape命令效果一样。
 shape 采用队列缓存机制,除非队列排满否则不会出现丢包现象,从图中可知经过shape的流量图平缓了许多
 
R1(config-pmap-c)#shape  average 80000
R1(config-pmap-c)#do sh policy-map int f0/0
 FastEthernet0/0
  Service-policy output: shape
    Class-map: shape (match-all)
      12047 packets, 16315383 bytes
      5 minute offered rate 76000 bps, drop rate 0 bps
      Match: access-group 100
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes)  
             80000/80000     2000   8000      8000      100       1000    
        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      8         49        62683     41        54625     yes
    Class-map: class-default (match-any)
      3542 packets, 4254941 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any 
R1(config-pmap-c)#         


shape peak 80000 命令比shape average 80000 命令又不一样,流量大了一倍,因为默认情况下be =bc
R1(config-pmap-c)#shape  peak 80000
R1(config-pmap-c)#do sh policy-map int f0/0
 FastEthernet0/0
  Service-policy output: shape
    Class-map: shape (match-all)
      13665 packets, 18675267 bytes
      5 minute offered rate 82000 bps, drop rate 0 bps
      Match: access-group 100
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes)  
            160000/80000     2000   8000      8000      100       2000    
        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      14        1661      2413531   1653      2405473   yes
    Class-map: class-default (match-any)
      3583 packets, 4258565 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any 
R1(config-pmap-c)#




对于shape来说,Tc 越小,流量图越平缓,Be越大,当拥塞发生时第一个Tc能传送的流量就越大。
一些笔记:
When policing traffic with CAR, Cisco
recommends the following values for the normal and extended burst parameters:
normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds
extended burst = 2 * normal burst
If the burst values are too low, then the achieved rate is often much lower than the configured rate.
在连接到ISP的接口上要使用Traffic Shape,比如使用100M接口以10M的速度接入城域网,否则流量将在ISP端被限制,不利于本端qos策略的实施。
虽然rate-limit 可以使用input、output关键字,而traffic shape 不使用,但这不能说shape就不能shape input流量,可通过扩展acl来实施,如以下例子:
Listing 3-21 Shaping Traffic to 128 Kbps Using GTS
interface serial 0
traffic-shape group 101 128000
interface ethernet 0
traffic-shape group 102 128000
access-list 101 permit ip host 200.200.200.1 any
access-list 102 permit ip any host 200.200.200.1

traffic shape rate 跟 traffic shape group 是不能同时使用的