Traffic Policing

Traffic policing discards excess traffic to limit the traffic within a specified range and to protect network resources as well as the enterprise benefits.

Traffic policing is implemented using the token bucket.

A token bucket has specified capacity to store tokens. The system places tokens into a token bucket at the configured rate. If the token bucket is full, excess tokens overflow and no token is added.

When assessing traffic, a token bucket forwards packets based on the number of tokens in the token bucket. If there are enough tokens in the token bucket for forwarding packets, the traffic rate is within the rate limit. Otherwise, the traffic rate is not within the rate limit.

The working mechanisms of token buckets include single rate single bucket.

Single Bucket at a Single Rate

If burst traffic is not allowed, that is, one token bucket is used.

Figure 5-6 Single bucket at a single rate

As shown in Figure 5-6, the bucket is called bucket C. Tc indicates the number of tokens in bucket C. A single bucket at a single rate uses the following parameters:

• Committed Information Rate (CIR): indicates the rate at which tokens are put into bucket C, that is, the average traffic rate permitted by bucket C.
• Committed burst size (CBS): indicates the capacity of bucket C, that is, maximum volume of burst traffic allowed by bucket C each time.

The system places tokens into the bucket at the CIR. If Tc is smaller than the CBS, Tc increases. If Tc is smaller than or equal to the CBS, Tc remains unchanged.

B indicates the size of an arriving packet:

• If B is smaller than or equal to Tc, the packet is colored green, and Tc decreases by B.
• If B is greater than Tc, the packet is colored red, and Tc remains unchanged.