Which two statements about traffic shaping capability on the Cisco ASA appliance are true? (Choose two.)
A.
Traffic shaping can be applied to all outgoing traffic on a physical interface or, in the case of the Cisco ASA 5505 appliance, on a VLAN.
B.
Traffic shaping can be applied in the input or output direction.
C.
Traffic shaping can cause jitter and delay.
D.
You can configure traffic shaping and priority queuing on the same interface.
E.
With traffic shaping, when traffic exceeds the maximum rate, the security appliance drops the excess traffic.
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/qos.html#wp1083655
Information About Traffic Shaping Traffic shaping is used to match device and link speeds, thereby controlling packet loss, variable delay, and link saturation, which
can cause jitter and delay.
Traffic shaping must be applied to all outgoing traffic on a physical interface or in the case of the ASA 5505, on a VLAN. You cannot configure traffic shaping for
specific types of traffic. Traffic shaping is implemented when packets are ready to be transmitted on an interface, so the rate calculation is performed based on
the actual size of a packet to be transmitted, including all the possible overhead such as the IPsec header and L2 header.The shaped traffic includes both through-the-box and from-the-box traffic.
The shape rate calculation is based on the standard token bucket algorithm. The token bucket size is twice the Burst Size value. See the “What is a Token
Bucket?” section.
When burst traffic exceeds the specified shape rate, packets are queued and transmitted later.
Following are some characteristics regarding the shape queue (for information about hierarchical priority queuing, see the “Information About Priority Queuing”
section):
The queue size is calculated based on the shape rate. The queue can hold the equivalent of 200- milliseconds worth of shape rate traffic, assuming a 1500-byte
packet. The minimum queue size is 64.
When the queue limit is reached, packets are tail-dropped. Certain critical keep-alive packets such as OSPF Hello packets are never dropped. The time interval is
derived by time_interval = burst_size / average_rate. The larger the time interval is, the
bustier the shaped traffic might be, and the longer the link might be idle. The effect can be best understood using the following exaggerated example:
Average Rate = 1000000
Burst Size = 1000000
In the above example, the time interval is 1 second, which means, 1 Mbps of traffic can be bursted out within the first 10 milliseconds of the 1-second interval on a
100 Mbps FE link and leave the remaining 990 milliseconds idle without being able to send any packets until the next time interval. So if there is delay sensitive
traffic such as voice traffic, the Burst Size should be reduced compared to the average rate so the time interval is reduced.