Traffic policing, Traffic evaluation and token buckets – H3C Technologies H3C SecPath F1000-E User Manual

281

A class is identified by a class name and contains match criteria for traffic identification. The

relationship between the criteria is AND or OR.

{

AND—A packet is considered belonging to a class only when the packet matches all the criteria
in the class.

{

OR—A packet is considered belonging to a class if it matches any of the criteria in the class.

A match criterion in a class can be any of the following:

{

Access control list (ACL)

{

Protocol group

{

Source MAC address

{

Destination MAC address

{

Customer network 802.1p priority

2.

Traffic behavior
A traffic behavior defines a set of QoS actions to take on packets. You can configure the following
actions in a traffic behavior:

{

Traffic policing—Regulates the specifications of matched traffic. For more information, see
"

Traffic policing

."

{

Priority marking—Modifies the priority parameters (including IP precedence, DSCP, local
precedence, and 802.1p priority) of the matched traffic.

{

Queuing (for congestion management)—Schedules the matched traffic in order to avoid
congestion. For more information, see "

Congestion management

."

{

Packet filtering—Filters matched traffic. For example, you can configure a packet filter to permit
or deny traffic from a suspicious source IP address.

3.

Policy
A policy associates a class with a traffic behavior to define what actions to take on which class of
traffic.
You can configure multiple class-behavior associations in a policy.

Traffic policing

Without limits on user traffic, a network can be overwhelmed very easily. To help assign network
resources such as bandwidth efficiently to improve network performance and user satisfaction, network

traffic must be controlled. Traffic policing is a traffic control policy that limits the traffic rate and resource

usage according to traffic specifications.

Traffic evaluation and token buckets

To perform traffic policing, a device must evaluate traffic to determine whether it has exceeded the

specifications. This is usually done with token buckets.
A token bucket is analogous to a container holding a certain number of tokens. The system puts tokens

into the bucket at a set rate. When the token bucket is full, the extra tokens overflows.
The evaluation of traffic specifications is based on whether the number of tokens in the bucket can meet
the need of packet forwarding. Usually, one token is associated with a 1-bit forwarding authority. If the

number of tokens in the bucket is enough for forwarding the packets, the traffic conforms to the

specification and is called "conforming traffic"; otherwise, the traffic does not conform to the

specification and is called "excess traffic".