1-4
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Configuring QoS
  Information About QoS
Information About Traffic Shaping
Traffic shaping is used to match device and link speeds, thereby controlling packet loss, variable delay, 
and link saturation, which can cause jitter and delay.
Note Traffic shaping is not supported on the ASA 5580.
• Traffic shaping must be applied to all outgoing traffic on a physical interface or in the case of the 
ASA 5505, on a VLAN. You cannot configure traffic shaping for specific types of traffic.
• Traffic shaping is implemented when packets are ready to be transmitted on an interface, so the rate 
calculation is performed based on the actual size of a packet to be transmitted, including all the 
possible overhead such as the IPsec header and L2 header. 
• The shaped traffic includes both through-the-box and from-the-box traffic.
• The shape rate calculation is based on the standard token bucket algorithm. The token bucket size is 
twice the Burst Size value. See the “What is a Token Bucket?” section on page 1-2.
• When bursty traffic exceeds the specified shape rate, packets are queued and transmitted later. 
Following are some characteristics regarding the shape queue (for information about hierarchical 
priority queuing, see the “Information About Priority Queuing” section on page 1-3):
–
The queue size is calculated based on the shape rate. The queue can hold the equivalent of 
200-milliseconds worth of shape rate traffic, assuming a 1500-byte packet. The minimum queue 
size is 64.
–
When the queue limit is reached, packets are tail-dropped.
–
Certain critical keep-alive packets such as OSPF Hello packets are never dropped.
–
The time interval is derived by time_interval = burst_size / average_rate. The larger the time 
interval is, the burstier the shaped traffic might be, and the longer the link might be idle. The 
effect can be best understood using the following exaggerated example:
Average Rate = 1000000
Burst Size = 1000000
In the above example, the time interval is 1 second, which means, 1 Mbps of traffic can be 
bursted out within the first 10 milliseconds of the 1-second interval on a 100 Mbps FE link and 
leave the remaining 990 milliseconds idle without being able to send any packets until the next 
time interval. So if there is delay-sensitive traffic such as voice traffic, the Burst Size should be 
reduced compared to the average rate so the time interval is reduced.
How QoS Features Interact
You can configure each of the QoS features alone if desired for the ASA. Often, though, you configure 
multiple QoS features on the ASA so you can prioritize some traffic, for example, and prevent other 
traffic from causing bandwidth problems.
See the following supported feature combinations per interface:
• Standard priority queuing (for specific traffic) + Policing (for the rest of the traffic).
You cannot configure priority queuing and policing for the same set of traffic. 
• Traffic shaping (for all traffic on an interface) + Hierarchical priority queuing (for a subset of 
traffic).