Peak Traffic Shaping on Cisco IOS

Cisco IOS routers support two types of shaping:

  • shape average
  • shape peak

In my first lesson I explained the basics of shaping and I demonstrated how to configure shape average. This time we will take a look at peak shaping which is often misunderstood and confusing for many networking students.


Shape Average

Here’s a quick recap of how shape average works:

shape token bucket bc be

We have a bucket and it can contain Bc and Be tokens. At the beginning of the Tc we will only fill the token bucket with the Bc but because it’s larger we can “save” tokens up to the Be level. The advantage of having a bigger bucket is that we can save tokens when we have periods of time where we send less bits than the configured shaping rate.

After a period of inactivity, we can send our Bc and Be tokens which allows us to burst for a short time. When we use a bucket that has Bc and Be, this is what our traffic pattern will look like:

shaping bc be explained

Above you can see that we start with a period where we are able to spend Bc and Be tokens, the next interval only the Bc tokens are renewed so we are only able to spend those. After awhile a period of inactivity allows us to fill our bucket again.

Shape Peak

Peak shaping uses the Be in a completely different way. We still have a token bucket that stores Bc + Be but will fill our token bucket with Bc and Be tokens each Tc and unused tokens will be discarded.

Here’s what our traffic pattern will look like:

Shaping Peak Visualized

Each Tc our Bc and Be tokens are renewed so we are able to spend them. A period of inactivity doesn’t mean anything.

Now you might be wondering why do we use this and what’s the point of it?

Depending on your traffic contract, an ISP might give you a CIR and PIR (Peak Information Rate). The rate is the guaranteed bandwidth that they offer you, the PIR is the maximum non-guaranteed rate that you could get when there is no congestion on the network. When there is congestion, this traffic might be dropped. ISPs typically use policing to enforce these traffic contracts.

The idea behind peak shaping is that we can configure shaping and take the CIR and PIR of the ISP into account.

When we send a lot of traffic, we will be spending the Bc and Be tokens each Tc and we are shaping up to the PIR. When there isn’t as much traffic to shape, we only spend Bc tokens and that’s when we are shaping up to the CIR.

Let’s look at an configuration example which will help to clarify things.


I will use the following topology to demonstrate peak shaping:

shape peak topology iperf

Above we have two computers and two routers. The computers will be used to generate traffic with iPerf, I’ll configure peak shaping on R1. Let’s do a quick test with iPerf, time to start the server:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 739 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

542 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. In the paragraph at the end, just wondering where you got the 1024 from for the sustained bits per interval?

    The following commands however should give you the exact same result:

    shape peak 128000
    shape average 256000 1024 0

  2. Hello Rene/Laz,
    I have a few questions and I am going to use the below topology as the reference.


    In this topology, there are two internet connections as you see in the picture and HSRP is configured between them. One router is active for one VLAN and another router is active for another VLAN is HSRP. There are two different firewalls for two different purposes. In this scenario, a lot of packet discards are being observed in the Trust zone and Untrust zon

    ... Continue reading in our forum

  3. Hello AZM

    Now when you say that you are seeing packet discards in the trust and untrust zone, I assume these drops are occurring on interfaces found on the firewalls? Where specifically is the bandwidth saturation taking place, on the interfaces of the firewalls?

    Assuming that is indeed the case, since there is no marking anywhere in this network, then using source and destination IP addresses for applying a QoS policy sounds like a good idea. If your applications are such that source and destination addresses can sufficiently identify traffic that requires Q

    ... Continue reading in our forum

  4. Hello Azm

    First of all…

    This depends on the IOS version being used, and what capabilities both it and the platform have. To verify this, you can always use Cisco’s feature navigator.

    ... Continue reading in our forum

  5. Hello Azm

    It all depends on the practical application. If the following criteria are met:

    • If you are only using only two markings and nothing else will be marked on your network
    • if no additional marked traffic will be entering your network
    • if your marked packets are not entering other networks

    If all of the above is true, then it doesn’t matter what markings you place on your packets. If there are two markings, you will prioritize each type in a specific way. You can have it AF11 and AF21 if you like. As long as you are reacting to each type of priority i

    ... Continue reading in our forum

7 more replies! Ask a question or join the discussion by visiting our Community Forum