Policy, Traffic policing, Traffic evaluation and token buckets – H3C Technologies H3C SecPath F1000-E User Manual
Page 510
2
•
Priority marking: Modifies the priority parameters (including IP precedence, DSCP, local
precedence, and 802.1p priority) of the matched traffic.
•
Queuing (for congestion management): Schedules the matched traffic in order to avoid congestion.
For more information, see
•
Packet filtering: Filters matched traffic. For example, you can configure a packet filter to permit or
deny traffic from a suspicious source IP address.
Policy
A policy associates a class with a traffic behavior to define what actions to take on which class of traffic.
You can configure multiple class-behavior associations in a policy.
Traffic Policing
Without limits on user traffic, a network can be overwhelmed very easily. To help assign network
resources such as bandwidth efficiently to improve network performance and hence user satisfaction,
network traffic must be controlled. Traffic policing is a traffic control policy that limits the traffic rate and
resource usage according to traffic specifications.
Traffic evaluation and token buckets
To perform traffic policing, a device must evaluate traffic to determine whether it has exceeded the
specifications. This is typically done with token buckets.
A token bucket is analogous to a container holding a certain number of tokens. The system puts tokens
into the bucket at a set rate. When the token bucket is full, the extra tokens overflows.
The evaluation of traffic specifications is based on whether the number of tokens in the bucket can meet
the need of packet forwarding. Generally, one token is associated with a 1-bit forwarding authority. If the
number of tokens in the bucket is enough for forwarding the packets, the traffic conforms to the
specification and is called conforming traffic; otherwise, the traffic does not conform to the specification
and is called excess traffic.
A token bucket has the following configurable parameters:
•
Mean rate at which tokens are put into the bucket, namely, the permitted average rate of traffic. It
is usually set to the committed information rate (CIR).
•
Burst size or the capacity of the token bucket. It is the maximum traffic size that is permitted in each
burst. It is usually set to the committed burst size (CBS). The set burst size must be greater than the
maximum packet size.
Evaluation is performed for each arriving packet. In each evaluation, if the number of tokens in the bucket
is enough, the traffic conforms to the specification and the tokens for forwarding the packet are taken
away; if the number of tokens in the bucket is not enough, the traffic is excessive.
Traffic policing
Traffic policing regulates particular flows entering or leaving a device according to configured
specifications. When a flow exceeds the specification, some restriction or punishment measures can be
taken to prevent overconsumption of network resources and protect the network resources. For example,
you can limit the bandwidth for HTTP packets to less than 50% of the total and drop the HTTP packets
exceeding the threshold.