QoS Policing Algorithms Explained

Traffic policers and shapers are traffic-conditioning. Quality of Service (QoS) Policing Algorithm is used to classify traffic and enforce other QoS Policing mechanisms such as rate limiting. They classify traffic in an identical manner but differ in their implementation:

  • Policers: Drop or re-mark incoming or outgoing traffic that goes beyond the desired traffic rate.
  • Shapers: Buffer and delay egress traffic rates that momentarily peak above the desired rate until the egress traffic rate drops below the defined traffic rate. If the egress traffic rate is below the desired rate, the traffic is sent immediately.

Single-rate two-color marker/policer:

The single-rate, two-color model is based on the single token bucket algorithm. In this model, traffic can conform to or exceed the Committed Information Rate (CIR). Based on the state of the traffic, various actions such as marking down or dropping can be applied.

These actions are shown in the figure below. On the left side of the figure, the traffic flows that exceed the CIR (depicted by the section above the dotted line) are marked down, while on the right side, the traffic that exceeds the CIR is dropped.

qos policing

Single-rate three-color marker/policer (srTCM)

The single-rate three-color policer algorithms, based on RFC 2697, use two token buckets to differentiate between conforming, exceeding, and violating traffic. For each of these traffic states, the policer performs specific actions, either “marking down” or “dropping” traffic, to effectively manage and control the flow of network data.

The first token bucket operates similarly to the single-rate two-color system but with two notable differences. Firstly, instead of discarding any remaining tokens in the bucket during periods of low or no activity, the algorithm transfers them to a second bucket, allowing QoS policing for potential temporary bursts that may exceed the CIR. These transferred tokens are known as the excess burst (Be). Secondly, the Be represents the maximum number of bits that can exceed the burst size (Bc), providing a mechanism to accommodate short bursts of traffic while still adhering to the overall rate limitations.

 

Traffic can be classified into three colors or states in the single-rate three-color markers:

  1. CONFORM: Traffic is within the size of the Bc and it is typically marked as green. In this state, the traffic can be transmitted without any additional restrictions and may be optionally subject to re-marking, based on network configuration and quality of service (QoS) policing requirements.
  2. EXCEED: Traffic that goes beyond the size of the Bc but remains within the bounds of the Be, typically marked as yellow. In this state, overflow traffic can be subjected to actions like dropping or marking down before being forwarded further.
  3. VIOLATE: Traffic that exceeds the size of the Be and is typically marked as red. Generally, this type of traffic is dropped; however, if desired, it can be marked down and forwarded instead.

A single-rate three-color policer is capable of performing various actions. The figure below illustrates different sections that represent different traffic states. The section below the straight dotted line on the left side corresponds to traffic that conformed to the CIR. Above the dotted line, there is another section indicating exceeding traffic that is marked down. Finally, the top section of the figure represents violating traffic, which is also marked down.

The rates of exceeding and violating traffic differ due to their dependence on random tokens spilling over from the Bc bucket into the Be bucket. The portion of traffic that crosses the CIR and is marked down is above the dotted line on the right side of the diagram. Above the dotted line represents the traffic that violated the CIR and is dropped.

Single-Rate Three-Color Marker/Policer

The single-rate three-color marker uses the below parameters to meter the traffic stream:

  1. Committed Information Rate (CIR): This refers to the policed rate. It represents the guaranteed average rate at which the traffic is allowed to be transmitted.
  2. Committed Burst Size (Bc): This is known as Committed Burst Size (CBS) in RFC 2697. It represents the maximum number of bits or packets, measured in bytes, that can be sent during a short time period while adhering to the CIR.
  3. Excess Burst Size (Be): This is known as Excess Burst Size (EBS) in RFC 2697. This represents the maximum number of bits or packets, measured in bytes, that can exceed the Bc size. It provides additional capacity for temporary traffic bursts that go beyond the CIR.
  4. Bc Bucket Token Count (Tc): This is not the same as the committed time interval (Tc). Instead, this represents the number of tokens in the bucket when it is full. It determines the burst size that the token bucket can accommodate during a brief traffic burst.
  5. Be Bucket Token Count (Te): This represents the number of tokens in the excess bucket when it is full. It determines the capacity of the excess bucket and allows for the storage of tokens beyond the CIR during temporary traffic bursts that exceed the Bc.
  6. Incoming Packet Length (B): This refers to the size of an incoming packet, typically measured in bits.

The figure below illustrates the logical flow of the single-rate three-color marker/policer using a two-token bucket algorithm. This method offers advantages such as reduced TCP retransmissions and improved bandwidth efficiency. It is particularly well-suited for use with AF classes (AFx1, AFx2, and AFx3). However, if the actions for each color differ, a three-color policer may be more appropriate. For cases where the actions for two or more colors are the same, a single-rate two-color policer is recommended to allow conformance and exceeding traffic to transmit without re-marking, keeping the configuration simpler.

 

Single-Rate Three-Color Marker/Policer Token Bucket Algorithm

The two-rate three-color marker/policer, as defined in RFC 2698, shares similarities with the single-rate three-color policer. However, there is a distinct difference: single-rate three-color policers rely on excess tokens from the Bc bucket, potentially leading to variability and unpredictability in traffic flows. The two-rate three-color policer handles this issue by employing two separate rates, the CIR and the Peak Information Rate (PIR). This allows QoS policing for a sustained excess rate based on the PIR, enabling different actions for traffic exceeding the distinct burst values. For example, violating traffic can be dropped at a defined rate, a capability not possible with the single-rate three-color policer. By employing the CIR and PIR, the two-rate three-color policer provides more refined traffic control and management, enhancing the precision of traffic shaping and policing operations.

Two-Rate Three-Color Marker/Policer Token Bucket Algorithm

The parameters used to meter the traffic stream in the two-rate three-color marker are as follows:

Committed Information Rate (CIR): This is the policed rate. It represents the guaranteed average rate at which the traffic is allowed to be transmitted.

Peak Information Rate (PIR): The PIR denotes the maximum allowable traffic rate, ideally set to be equal to or greater than the CIR.

Committed Burst Size (Bc): This is known as Committed Burst Size (CBS) in RFC 2698. It represents the maximum size of the second token bucket, typically measured in bytes.

Peak Burst Size (Be): This is known as Peak Burst Size (PBS) in RFC 2698. It indicates the maximum PIR token size in bytes, with Be required to be equal to or larger than Bc.

Bc Bucket Token Count (Tc): This parameter, not to be confused with the committed time interval (Tc), represents the number of tokens in the Bc bucket.

Bp Bucket Token Count (Tp): This represents the number of tokens in the Bp bucket.

Incoming Packet Length (B): This represents the length of the packet in bits.

 

The two-rate three-color policer uses two token buckets but operates differently from the single-rate three-color policer by employing separate buckets for tokens at different rates instead of transferring unused tokens between buckets. Specifically, the Bc bucket is filled with tokens at the CIR, while the Be bucket is filled with tokens at the PIR. This model designates the Be bucket as the peak limit for traffic that can be sent during a subsecond interval.

The logic of the two-rate three-color policer is different. It first checks if the traffic is within the PIR. If it is, then it compares the traffic against the CIR. In summary, it checks for a violate condition first, then an exceed condition, and finally, a conform condition, which is opposite to the logic of the single-rate three-color policer.

The figure below illustrates the token bucket algorithm used for the two-rate three-color marker/policer.

Two-Rate Three-Color Marker/Policer Token Bucket Algorithm

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: