HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

301

302

303

304

305

306

307

308

309

310

280

Non-MQC approach

In the non-MQC approach, you configure QoS service parameters without using a QoS policy. For

example, you can use the rate limit feature to limit the traffic rate on an interface without using a QoS

policy.

Traffic policing

Traffic policing limits the traffic rate and resource usage according to traffic specifications. Once a

particular flow exceeds its specifications, such as assigned bandwidth, the flow is policed to make sure

it is under the specifications. You can use token buckets for evaluating traffic specifications.

Traffic evaluation and token buckets

Token bucket features

A token bucket is analogous to a container that holds a certain number of tokens. Each token represents

a certain forwarding capacity. The system puts tokens into the bucket at a constant rate. When the token

bucket is full, the extra tokens cause the token bucket to overflow.

Evaluating traffic with the token bucket

A token bucket mechanism evaluates traffic by looking at the number of tokens in the bucket. If the

number of tokens in the bucket is enough for forwarding the packets, the traffic conforms to the

specification, and is called "conforming traffic." Otherwise, the traffic does not conform to the

specification, and is called "excess traffic."

A token bucket has the following configurable parameters:

• Mean rate at which tokens are put into the bucket—The permitted average rate of traffic. It is

usually set to the committed information rate (CIR).

• Burst size or the capacity of the token bucket—The maximum traffic size permitted in each burst. It

is usually set to the committed burst size (CBS). The set burst size must be greater than the maximum

packet size.

Each arriving packet is evaluated. In each evaluation, if the number of tokens in the bucket is enough, the

traffic conforms to the specification and the tokens for forwarding the packet are taken away. If the

number of tokens in the bucket is not enough, the traffic is excessive.

Traffic policing

Traffic policing supports policing the inbound traffic and the outbound traffic.

A typical application of traffic policing is to supervise the specification of certain traffic entering a

network and limit it within a reasonable range, or to "discipline" the extra traffic to prevent aggressive

use of network resources by a certain application. For example, you can limit bandwidth for HTTP

packets to less than 50% of the total. If the traffic of a certain session exceeds the limit, traffic policing can

drop the packets or reset the IP precedence of the packets. Figure 180 sho

ws an example of polic

ing

outbound traffic on an interface.