In class based policing there are three main classification methods used to manage traffic: the single-rate two-color policer, the single-rate three-color policer and the dual-rate three-color policer. It took me sometime to understand how these work as they are in my opinion, advanced QoS concepts. This being said, let’s do a quick review on the QoS traffic terminology and how the Token bucket concept works before we show how these different policers function.
**Please note that I am not going to go over the fundamentals of QoS. I will only do a quick overview of the terminologies that you should already know like the Tc, Bc and Be.
In a Cisco router, the IOS divides a single second into multiple sub-second intervals. Each of these intervals is called a Tc. In traffic shaping, a router can send a burst of traffic equal to the commited burst (Bc) during each of these intervals. Now in the Token bucket scenario, imagine a bucket and Tokens. Each token equates to 1 bit of information that can be sent into the bucket. The size of the Token bucket is defined by the commited burst value (Bc). There are two actions that can happen; either Tokens are replenished or Tokens are consumed. At the beginning of each Tc interval, the Token bucket will be replenished with Tokens equal to the value of the Bc. If the Token bucket is full or there is not enough room for all the replenished Tokens then some or all of the Tokens spill out. This is where the concept of the excess burst (Be) comes into play. In a scenario where there is an excess burst (Be) defined, these spilled tokens are not discarded and can be re-used.
Class based policing can be configured to use three primary categories in how it sees a packet in relation to the configured traffic contract:
-Violating: The packet is outside the contract
-Conforming: The packet is inside the contract
-Exceeding: The packet is outside the contract but within the excess burst capability
Single-Rate Two Color Policer:
In a Single-Rate Two Color Policer, each token equals the ability to send one byte (instead of 1 bit in regular CB Shaping). The number of tokens put in the bucket is calculated with the following formula:
(Current Packet Arrival Rate – Previous Packet Arrival Rate ) * (Police Rate / 8)
If the number of bytes in the packet is less than or equal to the number of tokens from the token bucket then the packet is said to conform to the contract. It will remove tokens from the token bucket equal to the number of bytes in the packet and then do the action that conforms to the policy.
Single-Rate Three Color Policer:
The Single-Rate Three Color policing concept supports the idea of a Bc (commited burst) and a Be (excess burst). This means that you now have three groups in which you can categorize your traffic: Conform, Exceed and Violate. When a packet arrives, the policer will continue to replenish with Bc as per Tc interval as usual. However, any tokens that overflow are captured in the Be bucket.
If the Be bucket fills then the tokens are discarded. The number of Tokens being replenished in the Bc bucket is calculated using the same formula than the Single-Rate Two Color Policer.
Dual-Rate Three Color Policer:
As per the name (Dual-Rate), this policer brings a second token bucket and thus offering two sustained rates: the CIR (Committed Information Rate) and the PIR (Peak Information Rate). The CIR conform to the traffic contract while the PIR exceeds the CIR. In this policer, Tokens will be replenished into both: The Bc bucket will be replenished at the CIR rate and the Be bucket at the PIR rate.
If the number of bytes in the packet is less than or equal to the tokens in the CIR bucket, the packet conforms and Tokens from the CIR bucket will be removed (equal to the number of bytes in the packet) and it will also remove the same amount of tokens from the PIR bucket.
Remember that these policing techniques can be used for remarking also rather than just dropping the traffic. Hope this was informative.