Traffic Policing and Shaping

This chapter describes the support of per subscriber Traffic Policing and Shaping feature on Cisco's Chassis and explains the commands and RADIUS attributes that are used to implement this feature. The product Administration Guides provide examples and procedures for configuration of basic services on the system. It is recommended that you select the configuration example that best meets your service model, and configure the required elements for that model, as described in the respective product Administration Guide, before using the procedures in this chapter.


Important

Traffic Policing and Shaping is a licensed Cisco feature. A separate feature license may be required. Contact your Cisco account representative for detailed information on specific licensing requirements. For information on installing and verifying licenses, refer to the Managing License Keys section of the Software Management Operations chapter in the System Administration Guide.

The following topics are included:

Overview

This section describes the traffic policing and shaping feature for individual subscriber. This feature is comprises of two functions:

  • Traffic Policing
  • Traffic Shaping

Traffic Policing

Traffic policing enables the configuring and enforcing of bandwidth limitations on individual subscribers and/or APN of a particular traffic class in 3GPP/3GPP2 service.

Bandwidth enforcement is configured and enforced independently on the downlink and the uplink directions.

A Token Bucket Algorithm (a modified trTCM) [RFC2698] is used to implement the Traffic-Policing feature. The algorithm used measures the following criteria when determining how to mark a packet:
  • Committed Data Rate (CDR): The guaranteed rate (in bits per second) at which packets can be transmitted/received for the subscriber during the sampling interval.
  • Peak Data Rate (PDR): The maximum rate (in bits per second) that subscriber packets can be transmitted/received for the subscriber during the sampling interval.
  • Burst-size: The maximum number of bytes that can be transmitted/received for the subscriber during the sampling interval for both committed (CBS) and peak (PBS) rate conditions. This represents the maximum number of tokens that can be placed in the subscriber's "bucket". Note that the committed burst size (CBS) equals the peak burst size (PBS) for each subscriber.
The system can be configured to take any of the following actions on packets that are determined to be in excess or in violation:
  • Drop: The offending packet is discarded.
  • Transmit: The offending packet is passed.
  • Lower the IP Precedence: The packet's ToS bit is set to "0", thus downgrading it to Best Effort, prior to passing the packet. Note that if the packet's ToS bit was already set to "0", this action is equivalent to "Transmit".

Traffic Shaping

Traffic Shaping is a rate limiting method similar to the Traffic Policing, but provides a buffer facility for packets exceeded the configured limit. Once the packet exceeds the data-rate, the packet queued inside the buffer to be delivered at a later time.

The bandwidth enforcement can be done in the downlink and the uplink direction independently. If there is no more buffer space available for subscriber data system can be configured to either drop the packets or kept for the next scheduled traffic session.


Important

Traffic Shaping is not supported on the GGSN, P-GW, or SAEGW.

Traffic Policing Configuration

Traffic Policing is configured on a per-subscriber basis. The subscribers can either be locally configured subscribers on the system or subscriber profiles configured on a remote RADIUS server.

In 3GPP service Traffic policing can be configured for subscribers through APN configuration as well.


Important

In 3GPP service attributes received from the RADIUS server supersede the settings in the APN.


Important

Commands used in the configuration samples in this section provide base functionality to the extent that the most common or likely commands and/or keyword options are presented. In many cases, other optional commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands.

Configuring Subscribers for Traffic Policing


Important

Instructions for configuring RADIUS-based subscriber profiles are not provided in this document. Please refer to the documentation supplied with your server for further information.

Procedure

Step 1

Configure local subscriber profiles on the system to support Traffic Policing by applying the following example configurations:

  1. To apply the specified limits and actions to the downlink (data to the subscriber): 

    configure 
     context <context_name> 
          subscriber name <user_name> 
               qos traffic-police direction downlink 
               end

  2. To apply the specified limits and actions to the uplink (data from the subscriber): 

    configure 
     context <context_name> 
          subscriber name <user_name> 
               qos traffic-police direction uplink 
               end
    Notes:
    • There are numerous keyword options associated with the qos traffic-police direction { downlink | uplink } command.
    • Repeat for each additional subscriber to be configured.
    Note 

    If the exceed/violate action is set to "lower-ip-precedence", the TOS value for the outer packet becomes "best effort" for packets that exceed/violate the traffic limits regardless of what the ip user-datagram-tos-copy command in the Subscriber Configuration mode is configured to. In addition, the "lower-ip-precedence" option may also override the configuration of the ip qos-dscp command (also in the Subscriber Configuration mode). Therefore, it is recommended that command not be used when specifying this option.

Step 2

Verify the subscriber profile configuration by applying the following example configuration: 

context <context_name> 
     show subscriber configuration username <user_name>
Step 3

Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode command save configuration . For additional information on how to verify and save configuration files, refer to the System Administration Guide and the Command Line Interface Reference.

Configuring APN for Traffic Policing in 3GPP Networks

This section provides information and instructions for configuring APN template's QoS profile in support of Traffic Policing.

The profile information is sent to the SGSN(s) in response to GTP Create/Update PDP Context Request messages. If the QoS profile requested by the SGSN is lower than the configured QoS profile configured, the profile requested by the SGSN is used. If the QoS profile requested by the SGSN is higher, the configured rates are used.

Note that values for the committed-data-rate and peak-data-rate parameters are exchanged in the GTP messages between the GGSN and the SGSN. Therefore, the values used may be lower than the configured values. When negotiating the rate with the SGSN(s), the system convert this to a value that is permitted by GTP as shown in the table below.

Table 1. Permitted Values for Committed and Peak Data Rates in GTP Messages
Value (bps) Increment Granularity (bps)

From 1000 to 63,000

1,000 (e.g 1000, 2000, 3000, ... 63000)

From 64,000 to 568,000

8,000 (e.g. 64000, 72000, 80000, ... 568000)

From 576,000 to 8,640,000

64,000 (e.g. 576000, 640000, 704000, ... 86400000)

From 8,700,000 to 16,000,000

100,000 bps (e.g. 8700000, 8800000, 8900000, ... 16000000)

Procedure

Step 1

Set parameters by applying the following example configurations:

  1. To apply the specified limits and actions to the downlink (the Gn direction): 

    configure 
     context <context_name> 
          apn <apn_name> 
               qos rate-limit downlink 
               end

  2. To apply the specified limits and actions to the uplink (the Gi direction): 

    configure 
     context <context_name> 
          apn <apn_name> 
               qos rate-limit uplink 
               end
    Notes:
    • There are numerous keyword options associated with qos rate-limit { downlink | uplink } command.
    • Optionally, configure the maximum number of PDP contexts that can be facilitated by the APN to limit the APN's bandwidth consumption by entering the following command in the configuration: 
      max-contents primary <number> total <total_number>
    • Repeat as needed to configure additional Qos Traffic Policing profiles.
    Important 

    If a "subscribed" traffic class is received, the system changes the class to background and sets the following: The uplink and downlink guaranteed data rates are set to 0. If the received uplink or downlink data rates are 0 and traffic policing is disabled, the default of 64 kbps is used. When enabled, the APN configured values are used. If the configured value for downlink max data rate is larger than can fit in an R4 QoS profile, the default of 64 kbps is used. If either the received uplink or downlink max data rates is non-zero, traffic policing is employed if enabled for the background class. The received values are used for responses when traffic policing is disabled.

Step 2

Verify that your APNs were configured properly by entering the following command: 

show apn { all | name <apn_name> }
The output is a concise listing of configured APN parameter settings.
Step 3

Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode command save configuration . For additional information on how to verify and save configuration files, refer to the System Administration Guide and the Command Line Interface Reference.

Traffic Shaping Configuration

Traffic Shaping is configured on a per-subscriber basis. The subscribers can either be locally configured subscribers on the system or subscriber profiles configured on a remote RADIUS server.

In 3GPP service Traffic policing can be configured for subscribers through APN configuration as well.


Important

In 3GPP, service attributes received from the RADIUS server supersede the settings in the APN.


Important

Commands used in the configuration samples in this section provide base functionality to the extent that the most common or likely commands and/or keyword options are presented. In many cases, other optional commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands.


Important

Traffic Shaping is not supported on the GGSN, P-GW, or SAEGW.

Configuring Subscribers for Traffic Shaping

This section provides information and instructions for configuring local subscriber profiles on the system to support Traffic Shaping.


Important

Instructions for configuring RADIUS-based subscriber profiles are not provided in this document. Please refer to the documentation supplied with your server for further information.

Procedure

Step 1

Set parameters by applying the following example configurations:

  1. To apply the specified limits and actions to the downlink (data to the subscriber): 

    configure 
     context <context_name> 
          subscriber name <user_name> 
               qos traffic-shape direction downlink 
               end

  2. To apply the specified limits and actions to the uplink (data to the subscriber): 

    configure 
     context <context_name> 
          subscriber name <user_name> 
               qos traffic-shape direction uplink 
               end
Notes:
  • There are numerous keyword options associated with qos traffic-shape direction { downlink | uplink } command.
  • Repeat for each additional subscriber to be configured.
Important 

If the exceed/violate action is set to "lower-ip-precedence", the TOS value for the outer packet becomes "best effort" for packets that exceed/violate the traffic limits regardless of what the ip user-datagram-tos-copy command in the Subscriber Configuration mode is configured to. In addition, the "lower-ip-precedence" option may also override the configuration of the ip qos-dscp command (also in the Subscriber Configuration mode). Therefore, it is recommended that command not be used when specifying this option.

Step 2

Verify the subscriber profile configuration by applying the following example configuration: 

context <context_name> 
     show subscriber configuration username <user_name>
Step 3

Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode command save configuration . For additional information on how to verify and save configuration files, refer to the System Administration Guide and the Command Line Interface Reference.

Configuring APN for Traffic Shaping in 3GPP Networks

This section provides information and instructions for configuring APN template's QoS profile in support of Traffic Shaping.

The profile information is sent to the SGSN(s) in response to GTP Create/Update PDP Context Request messages. If the QoS profile requested by the SGSN is lower than the configured QoS profile configured, the profile requested by the SGSN is used. If the QoS profile requested by the SGSN is higher, the configured rates are used.

Note that values for the committed-data-rate and peak-data-rate parameters are exchanged in the GTP messages between the GGSN and the SGSN. Therefore, the values used may be lower than the configured values. When negotiating the rate with the SGSN(s), the system convert this to a value that is permitted by GTP as shown in the following table.

Table 2. Permitted Values for Committed and Peak Data Rates in GTP Messages 0
Value (bps) Increment Granularity (bps)

From 1000 to 63,000

1,000 (e.g 1000, 2000, 3000, ... 63000)

From 64,000 to 568,000

8,000 (e.g. 64000, 72000, 80000, ... 568000)

From 576,000 to 8,640,000

64,000 (e.g. 576000, 640000, 704000, ... 86400000)

From 8,700,000 to 16,000,000

100,000 bps (e.g. 8700000, 8800000, 8900000, ... 16000000)

Procedure

Step 1

Set parameters by applying the following example configurations.

  1. To apply the specified limits and actions to the downlink (data to the subscriber): 

    configure 
     context <context_name> 
          subscriber name <user_name> 
               qos rate-limit downlink 
               end

  2. To apply the specified limits and actions to the uplink (data to the subscriber): 

    configure 
     context <context_name> 
          apn <apn_name> 
               qos rate-limit uplink 
               end
Step 2

Verify that your APNs were configured properly by entering the following command: 

show apn { all | name <apn_name> }
The output is a concise listing of configured APN parameter settings.
Step 3

Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode command save configuration . For additional information on how to verify and save configuration files, refer to the System Administration Guide and the Command Line Interface Reference.

RADIUS Attributes

Traffic Policing for CDMA Subscribers

The RADIUS attributes listed in the following table are used to configure Traffic Policing for CDMA subscribers (PDSN, HA) configured on remote RADIUS servers. More information on these attributes can be found in the AAA Interface Administration and Reference.
Table 3. RADIUS Attributes Required for Traffic Policing Support for CDMA Subscribers
Attribute Description

SN-QoS-Tp-Dnlk

(or SN1-QoS-Tp-Dnlk)

Enable/disable traffic policing in the downlink direction.

SN-Tp-Dnlk-Committed-Data-Rate

(or SN1-Tp-Dnlk-Committed-Data-Rate)

Specifies the downlink committed-data-rate in bps.

SN-Tp-Dnlk-Peak-Data-Rate

(or SN1-Tp-Dnlk-Committed-Data-Rate)

Specifies the downlink peak-data-rate in bps.

SN-Tp-Dnlk-Burst-Size

(or SN1-Tp-Dnlk-Burst-Size)

Specifies the downlink-burst-size in bytes.

NOTE: It is recommended that this parameter be configured to at least the greater of the following two values: 1) 3 times greater than packet MTU for the subscriber connection, OR 2) 3 seconds worth of token accumulation within the "bucket" for the configured peak-data-rate.

SN-Tp-Dnlk-Exceed-Action

(or SN1-Tp-Dnlk-Exceed-Action)

Specifies the downlink exceed action to perform.

SN-Tp-Dnlk-Violate-Action

(or SN1-Tp-Dnlk-Violate-Action)

Specifies the downlink violate action to perform.

SN-QoS-Tp-Uplk

(or SN1-QoS-Tp-Uplk)

Enable/disable traffic policing in the downlink direction.

SN-Tp-Uplk-Committed-Data-Rate

(or SN1-Tp-Uplk-Committed-Data-Rate)

Specifies the uplink committed-data-rate in bps.

SN-Tp-Uplk-Peak-Data-Rate

(or SN1-Tp-Uplk-Committed-Data-Rate)

Specifies the uplink peak-data-rate in bps.

SN-Tp-Uplk-Burst-Size

(or SN1-Tp-Uplk-Burst-Size)

Specifies the uplink-burst-size in bytes.

Note 

It is recommended that this parameter be configured to at least the greater of the following two values: 1) 3 times greater than packet MTU for the subscriber connection, OR 2) 3 seconds worth of token accumulation within the "bucket" for the configured peak-data-rate.

SN-Tp-Uplk-Exceed-Action

(or SN1-Tp-Uplk-Exceed-Action)

Specifies the uplink exceed action to perform.

SN-Tp-Uplk-Violate-Action

(or SN1-Tp-Uplk-Violate-Action)

Specifies the uplink violate action to perform.

Traffic Policing for UMTS Subscribers

The RADIUS attributes listed in the following table are used to configure Traffic Policing for UMTS subscribers configured on remote RADIUS servers. More information on these attributes can be found in the AAA Interface Administration and Reference.

Table 4. RADIUS Attributes Required for Traffic Policing Support for UMTS Subscribers
Attribute Description

SN-QoS-Conversation-Class

(or SN1-QoS-Conversation-Class)

Specifies the QOS Conversation Traffic Class.

SN-QoS-Streaming-Class

(or SN1-QoS-Streaming-Class)

Specifies the QOS Streaming Traffic Class.

SN-QoS-Interactive1-Class

(or SN1-QoS-Interactive1-Class)

Specifies the QOS Interactive Traffic Class.

SN-QoS-Interactive2-Class

(or SN1-QoS-Interactive2-Class)

Specifies the QOS Interactive2 Traffic Class.

SN-QoS-Interactive3-Class

(or SN1-QoS-Interactive3-Class)

Specifies the QOS Interactive3 Traffic Class.

SN-QoS-Background-Class

(or SN1-QoS-Background-Class)

Specifies the QOS Background Traffic Class.

SN-QoS-Traffic-Policy

(or SN1-QoS-Traffic-Policy)

This compound attribute simplifies sending QoS values for Traffic Class (the above attributes), Direction, Burst-Size, Committed-Data-Rate, Peak-Data-Rate, Exceed-Action, and Violate-Action from the RADIUS server.

This attribute can be sent multiple times for different traffic classes. If Class is set to 0, it applies across all traffic classes.