Policing 303
the frame, which is then forwarded to the egress port or interface. Because the frame was
in profile, the policer is also charged the appropriate amount of tokens, equal to the size of
the transmitted frame in bytes. If either policer, microflow or aggregate, determines a frame
is out of profile, that frame is marked down or dropped according to the policy configured
for that specific policer. If only a microflow policer is configured, the out-of-profile action
is derived from the microflow policy. If only an aggregate policer is utilized, it specifies the
out-of-profile action. If both policer types are defined, the most stringent decision is the one
applied. The following list summarizes these rules:
• If the microflow policer returns an out-of-profile decision, mark or drop according to
the microflow policing rule.
• If the aggregate policer returns an out-of-profile decision, mark or drop according to
the aggregate policing rule.
• If either policer returns an out-of-profile decision, mark or drop according to the
policing rule of the policer that returned the out-of-profile decision.
If both policers return an out-of-profile decision and the rule of either one is to drop, the
packet is discarded; otherwise the packet is marked down and transmitted. The new DSCP
value is taken from the policed DSCP mapping table. By default, frames are not marked
down. They are mapped to the equivalent value. However, values can be modified by the
administrator, and customized to meet specific network requirements. As demonstrated
earlier, the mapping table is applied globally to the switch. For further information, refer to
the section on mapping. Neither the microflow nor the aggregate policer is charged for the
packet if either one returns a policing decision.
A Theoretical Example of Policing Behavior
As discussed, tokens in the token bucket are replenished at a regular fixed interval. The rate
at which tokens are placed into the bucket is once every .25 ms. As a result, every second
has 4000 refresh intervals. During every .25-ms interval, (.00025(s) * rate(bps)) tokens are
placed into the bucket. If 10 Mbps is the configured rate, 2500 tokens are placed into the
token bucket every .25 ms, assuming tokens need to be replaced. All tokens exceeding the
capacity of the bucket are discarded. When selecting a burst size, it is important to ensure
it is configured to be equal to or higher than the desired policing rate.
If you set the rate to 10 Mbps, an acceptable bucket depth, based solely on rate, is as follows:
10,000,000 (bps) * .25 (ms) = 2500, which you would round up to 3 kb
However, packets that are transmitted through the network are never fixed in size; instead,
they vary in length. The possibility exists that a maximum frame size (1518 bytes) can
occur at any interval. Therefore, the burst size must be at least equal to the average or largest
packet size. Consider the following example to demonstrate the behavior of the policer.
In this scenario
Time = .25 ms; therefore the following example represents 10 refresh cycles.