Uploaded by samrajjuniper

Traffic Policing – IT Tips for Systems and Network Administrators

advertisement
IT Tips for Systems and Network Administrators
IT Tips for Systems and Network Administrators
Traffic Policing
 skminhaj
 Uncategorized
 February 16, 2016
3 Minutes
Traffic Policing, like Traffic Shaping (https://sites.google.com/site/amitsciscozone/home/qos/trafficshaping), is used to abide by the traffic contract i.e. maintain CIR. The Policer measures the
cumulative byte-rate of the packets. The Policer acts on the packet as either allowed to pass, dropped
or remarked with a different IP Precedence or IP DSCP value.
CB Policing also uses the concept of token bucket; however, there are variations in its operation as
compared to CB Shaping. CB Policing can be configured to use three categories about whether a
packet is conforming to the traffic contractConforming- Packet is inside the contract
Exceeding- Packet is using up an excess burst capability
Violating- Packet is outside the contract
CB Policing: Single Token Bucket, Single Rate
When using token buckets for policing, two important things happen.
1. Tokens are replenished into the bucket- In CB Policing, each token is the right to send one byte
(instead of a bit in CB Shaping). CB Policing replenished tokens in the bucket in response to a packet
arriving at the policing function. Every time a packet is policed, CB policing puts some tokens back
into the bucket. The number of tokens put in the bucket is calculated based on the formula(Current_packet_arrival_rate – Previous_packet_arrival_rate) * (Police_rate) / 8
For example, suppose the Police_rate is 128000kbps (or 16000 KBps). If the last packet policed was 1
second ago, CB policing will put 16000 tokens in the bucket.
2. The Policer decides if the packet conforms to the contract or not- CB Policing compares the
number of bytes in the packet to the number of tokens in the token bucket.
If the number of bytes in the packet less is than or equal to number of tokens in the token bucket,
the packetconforms to the contract. CB policing removes tokens from the token bucket equal to
the number of bytes in the packet and then performs the action that conform to the contract.
If the number of bytes in the packet is greater than the number of tokens in the token bucket, the
packetexceeds the contract. CB policing does not remove the tokens from the bucket and performs
the action on packets that exceed the contract (drop or remark to different IP Precedence or IP
DSCP value)
CB Policing: Dual Token Bucket, Single Rate
Dual token bucket supports Bc (committed burst) and Be (excess burst). In dual token bucket (Bc and
Be buckets), CB policing characterizes packet into three groupsConform
Exceed
Violate
CB policing continues to replenish the Bc bucket when a packet arrives. However, any spilled tokens
are captured in the Be bucket. If the Be bucket fills then the tokens are wasted. The number of tokens
replenished in the Bc bucket is calculated using the same above formula.
The dual token bucket now follows the following algorithmIf the number of bytes in the packet is less than or equal to the number of tokens in the Bc bucket,
the packetconforms.CB policing removes tokens from Bc bucket equal to the number of bytes in
the packet and then performs the action that conform to the contract.
If the packet does not conform, and if the number of bytes in the packet is less than or equal to
number of tokens in the Be bucket, the packet exceeds. CB policing removes tokens from Be bucket
equal to the number of bytes in the packet and then performs the action that exceed the contract.
If the packet neither conforms nor exceeds, the packet violates. CB policing does not remove
tokens from any bucket, and perform the action that violates the contract.
CB Policing: Dual Token Bucket, Dual Rate
Dual token bucket with dual rate has two sustained rates, CIR (Committed Information Rate) and PIR
(Peak Information Rate). The CIR conforms to the traffic contract while PIR exceeds CIR. CB Policing
replenishes tokens into both, CIR and PIR, buckets when a packet arrives that needs to be policed.
The PIR bucket is replenished with tokens directly rather than collecting spilled tokens.
For example, if CIR is 128kbps (or 16KBps) and PIR is 256kbps (or 32 kBps), then if 1 second is the
difference between last policed packet and new packet arrival time, 16000 tokens will be replenished
in CIR bucket while 32000 tokens will be replenished in PIR bucket. If either bucket spills tokens, they
are wasted.
The spending of token algorithm is similar as above but with little differenceIf the number of bytes in the packet is less than or equal to the tokens in the CIR bucket, the
packetconforms. CB policing removes tokens from CIR bucket equal to the number of bytes in the
packet, and performs the conform action. However, it will also remove the same amount of
tokens from the PIR bucket.
If the packet does not conform, and if the number of bytes in the packet is less than or equal to
number of tokens in the PIR bucket, the packet exceeds. CB policing removes tokens from PIR
bucket equal to the number of bytes in the packet and then performs the action that exceed the
contract.
If the packet neither conforms nor exceeds, the packet violates. CB policing does not remove
tokens from any bucket, and perform the action that violates the contract.
Published by skminhaj
View all posts by skminhaj
Blog at WordPress.com.
Download