You can set two token buckets, the C bucket and the E bucket, to evaluate traffic in a more complicated
environment and achieve more policing flexibility. For example, traffic policing uses four parameters:
CIR: Rate at which tokens are put into the C bucket, that is, the average packet transmission or
forwarding rate allowed by the C bucket.
CBS: Size of the C bucket, that is, transient burst of traffic that the C bucket can forward.
Peak information rate (PIR): Rate at which tokens are put into the E bucket, that is, the average
packet transmission or forwarding rate allowed by the E bucket.
Excess burst size (EBS): Size of the E bucket, that is, transient burst of traffic that the E bucket can
CBS is implemented with the C bucket and EBS with the E bucket. In each evaluation, packets are
measured against the buckets:
If the C bucket has enough tokens, packets are colored green.
If the C bucket does not have enough tokens but the E bucket has enough tokens, packets are
If neither the C bucket nor the E bucket has sufficient tokens, packets are colored red.
A typical application of traffic policing is to supervise the specification of certain traffic entering a network
and limit it within a reasonable range, or to "discipline" the extra traffic. In this way, the network
resources and the interests of the carrier are protected. For example, you can limit bandwidth for HTTP
packets to less than 50% of the total. If the traffic of a certain session exceeds the limit, traffic policing
can drop the packets or reset the IP precedence of the packets.
Figure 4-1 Schematic diagram for traffic policing
Traffic policing is widely used in policing traffic entering the networks of internet service providers (ISPs).
It can classify the policed traffic and take pre-defined policing actions on each packet depending on the
Forwarding the traffic if the evaluation result is "conforming."
Dropping the traffic if the evaluation result is "excess."
Marking a conforming packet or a non-conforming packet with a new DSCP precedence value and
forwarding the packet.