CHAPTER 10. QoS178 © SAMSUNG Electronics Co., Ltd.Traffic Policing Functionality on iBG2016Customers will now be able to rate limit inbound traffic on the WAN linksusing policing while doing CBQ for outbound traffic. This means theiBG2016 can now provide QoS for traffic in both directions, eliminatingdependency on the upstream router. Policing of outbound WAN traffic is alsopossible, but using CBQ to shape traffic is recommended because of reasonsmentioned in section ‘Traffic Policing versus Traffic Shaping’.Additionally, CBQ in iBG2016 OS also provides bandwidth guarantee,bandwidth borrowing and prioritization. It provides ‘Total Link AccessControl’ instead of just rate limiting.Traffic policing is also supported on Ethernet interfaces. Please check section‘Verifying Policing Status and Configuration’ for limitations.Traffic policing is implemented using a token bucket algorithm. Users will beable specify two parameters when configuring traffic policing, Rate(token fillrate) and Peak(number of tokens). Rate is specified in Kbps. Peak can bespecified in kilobits or as a duration(based on the configured rate) inmilliseconds. ‘Rate’ determines the average bandwidth for the policed flowand ‘Peak’ determines the maximum peak(in bits or bytes) permitted for theflow. Packets conforming to these limits will be forwarded and those violatingthese limits will be dropped.Specifying just the ‘Rate’ and ‘Peak’ makes the policing feature simple andeffective. The ‘extended peak’ parameter is needed to permit a large packet,by loaning tokens, when there are not enough tokens available at a given timefor the entire packet. The iBG2016 policing algorithm allows for such‘loaning of tokens’ by default.Configuring Traffic PolicingAs with CBQ, the first step is traffic classification. Flows should be definedby creating traffic classes. To classify based on multiple fields, for example,source IP address and port, a hierarchy of classes should be created. Trafficpolicing for a class can be configured using the ‘police’ command at the classlevel as shown below. Policing for non-leaf classes(which define moreaggregate flows) is currently not be supported. Multi-level policing will besupported in a later release.
