27
Configuring traffic policing
Overview
Traffic policing helps assign network resources (including bandwidth) and increase network
performance. For example, you can configure a flow to use only the resources committed to it in a
certain time range. This avoids network congestion caused by burst traffic.
Traffic policing controls the traffic rate and resource usage according to traffic specifications. You can
use token buckets for evaluating traffic specifications.
Traffic evaluation and token buckets
Token bucket features
A token bucket is analogous to a c ontainer that holds a c ertain number of tokens. Each token
represents a certain forwarding capacity. The system puts tokens into the bucket at a constant rate.
When the token bucket is full, the extra tokens cause the token bucket to overflow.
Evaluating traffic with the token bucket mechanism
The token bucket mechanism evaluates each packet by looking at the number of tokens in the
bucket. If the number of tokens in the bucket is enough for forwarding a packet:
• The packet conforms to the specification (called conforming traffic) and is colored green.
• The corresponding tokens are taken away from the bucket.
Otherwise, the packet does not conform to the specification (called excess traffic) and is colored red.
Traffic policing uses the single rate two color mechanism. This mechanism uses one token bucket
(bucket C) and the following parameters:
• Committed information rate (CIR)—Mean rate at which tokens are put into bucket C. It sets
the average packet transmission or forwarding rate allowed by bucket C.
• Committed burst size (CBS)—Size of bucket C, which specifies the transient burst of traffic
that bucket C can forward in each burst. The CBS must be greater than the maximum packet
size.
Traffic policing
Traffic policing supports policing the inbound traffic and the outbound traffic.
A typical application of traffic policing is to supervise the specification of traffic entering a network and
limit it within a reasonable range. Another application is to "discipline" the extra traffic to prevent
aggressive use of network resources by an application. For example, you can limit bandwidth for
HTTP packets to less than 50% of the total. If the traffic of a session exceeds the limit, traffic policing
can drop the packets or reset the IP precedence of the packets. Figure 6 shows an example of
policing outbound traffic on an interface.
To Next Page
Loading...
