Traffic policing – H3C Technologies H3C SecPath F1000-E User Manual

282

A token bucket has the following configurable parameters:

•

Mean rate—Rate at which tokens are put into the bucket, or the permitted average rate of traffic. It
is usually set to the committed information rate (CIR).

•

Burst size—The capacity of the token bucket, or the maximum traffic size permitted in each burst. It

is usually set to the committed burst size (CBS). The set burst size must be greater than the maximum
packet size.

Evaluation is performed for each arriving packet. In each evaluation, if the number of tokens in the bucket

is enough, the traffic conforms to the specification and the tokens for forwarding the packet are taken

away; if the number of tokens in the bucket is not enough, the traffic is excessive.

Traffic policing

A typical application of traffic policing is to supervise the specification of certain traffic entering a

network and limit it within a reasonable range, or to “discipline” the extra traffic to prevent aggressive

use of network resources by a certain application. For example, you can limit bandwidth for HTTP

packets to less than 50% of the total. If the traffic of a certain session exceeds the limit, traffic policing can
drop the packets or reset the IP precedence of the packets.

Figure 174

shows an example of policing

outbound traffic on an interface.

NOTE:

Traffic policing supports policing the inbound traffic and outbound traffic. The outbound traffic is taken for
example.

Figure 174 Schematic diagram for traffic policing

Traffic policing is widely used in policing traffic entering the networks of internet service providers (ISPs).

It can classify the policed traffic and perform pre-defined policing actions specific to evaluation results.

These actions include:

•

Forwarding the packets if the evaluation result is "conforming."

•

Dropping the packets if the evaluation result is "excess."