Traffic Access Control Hamid R. Rabiee Mostafa Salehi, Fatemeh Dabiran, Hoda Ayatollahi Spring 2011
Outlines Traffic Access Control Definition Traffic Shaping Traffic Policing The Leaky Bucket The Token Bucket 2
What is Traffic Access Control? a collection of specification techniques and mechanisms to: specify the expected traffic characteristics and service requirements (e.g. peak rate, required delay bound, loss tolerance) of a data stream shape data streams (e.g. reducing their rates and/or burstiness) at the edges and selected points within the network police data streams and take corrective actions (e.g. discard, delay, or mark packets) when traffic deviates from its specification The components of traffic access control are directly related to the mechanisms of admission control and scheduling that implement QoS controlled services Most real-time queuing and scheduling mechanisms require some control of the rate and burstiness of data moving through the system. 3
Traffic Access Control Functions flow specification function provides the common language by which applications and network elements communicate service requirements Shaping function Policing function Monitors traffic flows and takes corrective actions when the observed characteristics deviate from those specified The location of policing functions (e.g. at the network edge and at stream merge points) are usually determined by the network providers 4
Traffic Shaping Goal: limit traffic to not exceed declared parameters Traffic shaping is usually done in the egress line card to shape and smooth the outgoing traffic Retains excess packets in a queue and then schedules the excess for later transmission over increments of time The result of traffic shaping is a smoothed packet output rate 5
Traffic Shapers-Schemes Leaky Bucket Token Bucket Window shapers Jumping window Moving window Composite Shapers Composite Leaky Bucket Dual LB Triple LB Composite windows 6 6
Traffic Policing Traffic policing propagates bursts When the traffic rate reaches the configured maximum rate, excess traffic is dropped (or remarked) The result is an output rate that appears as a saw-tooth with crests and troughs 7
Policing vs. Shaping 8
Objective Token Refresh Rate Shaping Buffer and queue excess packets above the committed rates. Incremented at the start of a time interval. (Minimum number of intervals is required.) Token Values Configured in bits per second. Configured in bytes. Policing Drop (or remark) excess packets above the committed rates. Does not buffer.* Continuous based on formula: 1 / committed information rate Configuration Options shape command in the modular quality of service command-line interface (MQC) to implement class-based shaping. frame-relay traffic-shape command to implement Frame Relay Traffic Shaping (FRTS). traffic-shape command to implement Generic Traffic Shaping (GTS). police command in the MQC to implement class-based policing. rate-limit command to implement committed access rate (CAR). Applicable on Inbound No Yes Applicable on Outbound Yes Yes Bursts Controls bursts by smoothing the output rate over at least eight time intervals. Uses a leaky bucket to delay traffic, which achieves a smoothing effect. Propagates bursts. Does no smoothing. Advantages Less likely to drop excess packets since excess packets are buffered. (Buffers packets up to the length of the queue. Drops may occur if excess traffic is sustained at high rates.) Typically avoids retransmissions due to dropped packets. Controls the output rate through packet drops. Avoids delays due to queuing. Disadvantages Can introduce delay due to queuing, particularly deep queues. Drops excess packets (when configured), throttling TCP window sizes and reducing the overall output rate of affected traffic streams. Overly aggressive burst sizes may lead to excess packet drops and throttle the overall output rate, particularly with TCP-based flows. Optional Packet Remarking No Yes (with legacy CAR feature). 9
Two Main Shaping Methods Leaky Bucket Algorithm Regulate output flow Packets lost if buffer is full Token Bucket Algorithm Buffer filled with tokens transmit ONLY if tokens available 10
The Leaky Bucket Main Idea: Keep a single server queuing system with constant service time Allow one packet per clock tick onto the network Old packets are discarded Selected packets are discarded when bucket is full 11
Leaky Bucket To understand the leaky bucket model, consider a bucket with a small hole at the bottom. Three parameters define the bucket: The capacity (B) The rate at which water flows out of the bucket (R) The initial fullness of the bucket (F) 12
Leaky Bucket If water is poured into the bucket at exactly rate R, the bucket will remain at F, because the input rate equals the output rate. If the input rate increases while R remains constant, the bucket accumulates water. If the input rate is larger than R for a sustained period, eventually the bucket overflows. However, the input rate can vary around R without overflowing the bucket, as long as the average input rate does not exceed the capacity of the bucket. The larger the capacity, the more the input rate can vary within a given window of time. 13
The Leaky Bucket Algorithm Queue full, packet discarded. What if packets are different size and fixed bytes/ unit time. 14
Leaky Bucket Example A source generates data in terms of bursts: 3 MB bursts lasting 2 msec once every 100 msec. The network offers a bandwidth of 60 MB/sec. The leaky bucket has a capacity of 4 MB. How does the output look like? Input:0-2 msec: 1500 MB/sec; 100-102 msec: 1500 MB/sec; 200-202 msec: 1500 MB/sec; Output: 0-50 msec: 60 MB/sec; 100-150 msec: 60 MB/sec;. 15
Leaky Bucket Example What should be the capacity of the leaky bucket to avoid loss? During the burst, data inflow is at the rate of 1.5 MB/msec and the outflow is at the rate of 0.06 MB/msec. So accumulation is at the rate of 1.44 MB/msec. So at the end of 2 msec, there will be an accumulation of 2.88 MB. This is the minimum leaky bucket capacity to avoid buffer overflow and hence data loss. 16
Leaky Bucket Issues After 500 ms, the bucket is discharged! Drops packets Does not allow host to save permission to transmit large burst later 17
The Token Bucket In contrast to the LB, the Token Bucket (TB) algorithm, allows the output rate to vary, depending on the size of the burst. Packet gets tokens and only then transmitted In the TB algorithm, the bucket holds tokens. To transmit a packet, the host must capture and destroy one token A variant packets sent only if enough token available -token -fixed byte size Token bucket holds up n tokens Host captures tokens Each token can hold some bytes Token generated every T seconds Allows bursts of packets to be sent -max n Responds fast to sudden bursts If bucket full thrown token packets not lost 18
Token Bucket Algorithm 19
Token Bucket Example Bucket capacity: 1 MB Token arrival rate: 2 MB/sec Network capacity: 10 MB/sec Application produces 0.5 MB burst every 250 msec For 3 seconds The bucket is full of tokens 20
Token Bucket Example Initially, output can be at the rate of 10 MB/s. But how long can the bucket sustain this? First, 1MB can be sent From then on, for X seconds, the token input rate is 2MB/s, the output traffic rate is 10MB/s 1 + 2X = 10X Ł 8X = 1 Ł X = 1/8 sec =125 ms The bucket can transmit 1.25 MB in this time > 0.5MB the application produces Output: 0-50 ms: 10 MB/s 50-250 ms: None 21
Token Bucket Example At the end of this period, the amount of tokens in the bucket is: 1MB+250ms*2MB/s-0.5MB=1MB So the bucket is full again! Repeat for 3 seconds How will the traffic look with Bucket Size = 200K? 0.2+2X=10X Ł X=0.2/8=0.025s=25ms 0-25ms : 10 MB/s = 0.25MB. 0.25MB left 0.25MB/(2MB/s) = 125ms 25-150ms: 2MB/s 150-250ms: None 22
Dual Buckets Mechanism Consists of a two token buckets Allows for policing on average rate, peak rate, and burst size Parameters of buckets are set based on flow requirements 23
Summary Leaky and Token bucket, both are designed for controlling average rate. Token bucket used by IETF Leaky bucket used by ATM On bursty arrivals after a long idle: Token bucket results in bursty departure Leaky bucket results in smooth departure 24