Solved: WAN shaping

Bob Greer · ‎05-24-2019

Hi there,

Thanks for reading.

We have a router which is running into the standard license 85Mbps Tx/Rx threshold. I proposed a simple shaping policy to keep flows below 85Mbps. In my mind, a FIFO shaping policy makes high-level sense just to stop the site from losing packets. Is there any benefit to applying this kind of shaping without an extensive QoS strategy applied throughout the LAN? I have a coworker who thinks shaping without QoS is a waste.

Thanks again!

Bob

Seth Beauchamp · ‎05-24-2019

Are you trying to shape outbound toward the LAN to conrtol traffic between subnets or just shape outbound on the WAN?

You could do just a shaper, but I would do even a simple QoS policy to protect important traffic. Especially if you have voice or other real time traffic you would want to put that in a priority queue to keep latency low.

Something like

class-map a
match dscp ef

policy-map QoS
class a
priority percent 70
class class-default
bandwidth remaining percent 100

policy-map shaper
class class-default
shape average 85000000
service-policy QoS

Its more of a "why not" kinda thing. You can stop packets from getting policed, but you may as well pick the traffic it should drop/queue first when it does have to drop or queue traffic.

View solution in original post

Seth Beauchamp · ‎05-24-2019

Are you trying to shape outbound toward the LAN to conrtol traffic between subnets or just shape outbound on the WAN?

You could do just a shaper, but I would do even a simple QoS policy to protect important traffic. Especially if you have voice or other real time traffic you would want to put that in a priority queue to keep latency low.

Something like

class-map a
match dscp ef

policy-map QoS
class a
priority percent 70
class class-default
bandwidth remaining percent 100

policy-map shaper
class class-default
shape average 85000000
service-policy QoS

Its more of a "why not" kinda thing. You can stop packets from getting policed, but you may as well pick the traffic it should drop/queue first when it does have to drop or queue traffic.

paul driver · ‎05-25-2019

Hello
FIFO scheduler will service whichever packets reaches the the interface queue first without any regard for the importance or size of the packet, thus you could in incur delay to more sensitive traffic , So applying some fairness to the interface queue (WFO) would at least allow packets importance to be serviced first and share the remaining BW flows fairly.

If you wan circuit exceeds your allocated CIR from the isp it is suggested that you do shape your egress traffic to that of your allocated CIR so in times of high utilization you don't exceed this limit.

Another possible reason to shape I can think of is egress blocking - if you have site-2-site connection and one side has a lesser CIR then you do you could again overtime send to much traffic towards that other site which could overwhelm its link.

Example:

policy-map WAN_child
class class-default
fair-queue

policy-map WAN_parent
class class-default
shape average 87040000
service-policy WAN_child

int x/x
description WAN link
service policy output WAN_parent

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Joseph W. Doherty · ‎05-25-2019

Could you expand on the topology?

The 85 Mbps limit you're referring to is IPSec capacity sourced on the router? If so having an egress shaper on the same router might not work as you desire for two reasons. First, I believe the bandwidth cap is the aggregate of both ingress and egress, so you would need to insure that traffic received plus traffic generated doesn't exceed 85 Mbps. Second, I don't know "when" the bandwidth cap is actually counted. If bandwidth is counted before it's shaped, you could still exceed the cap. Only if traffic was counted after it's shaped (i.e. interface egress rate), then a shaper might help.