Packet's traversing through the interface can be categorized to 3 types in policing.
1. Conforming
2. Exceeding
3. Violating
Conforming means the packets which complies with the agreement between customer and ISP.
Exceeding means the bursting packets.
Violating means the packets which does not comply the agreement at all.
There are 3 actions which can be performed per category.
1. Allow
2. Drop
3. Remark
There are 3 types of policing techniques which can be implemented in Cisco IOS.
1. Single Rate, 2 Color
2. Single Rate, 3 Color
3. Dual Rate, 3 Color
Single Rate - 2 Color
This type of policing is configured for 2 actions. Mostly for Allow and Drop. Anyhow it can be any 2 of the 3 actions like Allow and Remark or Remark and Drop etc.
Since it is single rate, we are policing for the CIR (Committed Information Rate) only.
As with shaping, we use a token bucket to visualize the logic of how policing works.
The Number of Tokens is;
(packet arrival time - previous packet arrival time) / 8
Divided by 8 to count the number per byte, not bits like we did in shaping..
Each time a packet arrives the policer checks the availability of the tokens per the number of bytes of the packet and if there are enough tokens, the packet is allowed and tokens are spent (removed). At the same time it will use the above formula and replenish the bucket with new tokens.
In Shaping, A Token = 1 Bit
In Policing, A Token = 1 Byte
Let's take an example for this with step by step, so that you would understand better..
(1) Assume I configured the policing rate to be 96 Kbps. As soon as I applied it to an interface, the token bucket full of tokens (12,000) is created and waiting for packets.
(2) Let’s assume 1st Packet which has a packet size of 100 bytes comes after 0.5 seconds
(3) So 100 tokens will be removed from the bucket and at the same time it will put 6,000 tokens back into the bucket.
(4) But because the bucket capacity is 12,000, new 5,900 tokens will be spilled and discarded.
(5) Assume 2nd packet of 500 bytes comes after 0.2 seconds from the last packet received time
(6) 500 tokens removed from 12,000 and 2,400 tokens are added same time which will again full the bucket discarding new 1,900 tokens.
(7) Assume 3rd packet comes after 0.01 seconds from the second packet of 300 bytes.
(8) Now 300 tokens will be removed and 120 tokens will be put into the bucket.
(9) Now total number of tokens in the bucket is 11,820 and waiting for the next packet.
So this is how it goes..
If you imagine 1500 byte packets arriving every 0.05 seconds, you’d have a situation where 1500 tokens would be removed and be replenished with 600 every time… the bucket would eventually become empty…
So the 2 actions are performed as per the availability of the tokens when a packet arrives.
If tokens are available (greater than or equal to the number of bytes of the packet), the packet is considered as Conforming and the configured action (ex:- Allow) will be performed.
If tokens are not enough (less than the number of bytes of the packet), the packet is considered as Violating and the configured action (ex:- Drop) will be performed..
Single Rate - 3 Color
This is where the "Excess Burst" (Be) is used in policing. Here there are 2 buckets.
Now what happens here is that when the tokens are replenished, the spilled / discarded token due to the limitation of the bucket size will be put in the next bucket equal to the configured Be amount of tokens in bytes.
When a packet arrives, the tokens of the 1st bucket (Bc) will be spent (Conforming) and if it is not enough it will use the tokens from the 2nd bucket (Exceeding). If both buckets are empty, the packet is considered as a Violating packet.
Based on this logic, we can use all the 2 categories and define the 3 actions..
As an example;
1. Conforming > Allow
2. Exceeding > Allow or Remark
3. Violating > Remark or Drop
Dual Rate - 3 Color
Dual rate means that the policer works for the CIR and PIR (Peak Information Rate).
Let's say if CIR is 96 Kbps and PIR is 16 KBps.
According to the equation, Bc bucket have 12000 tokens and Be bucket will be 2000 tokens.
If the time gap between 1st and 2nd packet is 0.5 seconds, the Bc bucket will be replenished with 6000 tokens and Be bucket will be replenished with 1000 tokens.
The way the tokens are spent on the following logic..
If tokens are available in the Bc bucket (greater than or equal to the number of bytes of the packet),
The packet is considered as Conforming and the configured action (ex:- Allow) will be performed.
Tokens equal to the number of bytes in the packet will be removed from both Bc and Be buckets.
(ex:- if the packet size is 60 bytes, 120 tokens from both buckets will be removed)
If tokens are not available in the Bc bucket, but available in the Be bucket (the number of bytes of the packet are in between the number of tokens of Be bucket and Bc bucket),
The packet is considered as Exceeding and the configured action (ex:- Remark) will be performed.
Tokens equal to the number of bytes in the packet will be removed from Be bucket.
If tokens are not enough in Be bucket too (less than the number of bytes of the packet),
The packet is considered as Violating and the configured action (ex:- Drop) will be performed.
No Tokens will be spent.
No comments:
Post a Comment