HP VPN Firewall Appliances Network Management Configuration Guide
281
Figure 180 Traffic policing
Traffic policing is widely used in policing traffic entering the networks of ISPs. It can classify the policed
traffic and take predefined policing actions on each packet depending on the evaluation result, for
example:
• Forwarding the packet if the evaluation result is "conforming."
• Dropping the packet if the evaluation result is "excess."
Rate limit
Rate limit also uses token buckets to evaluate traffic specifications for traffic control. The rate limit of a
physical interface specifies the maximum rate for forwarding packets (including critical packets).
Compared with traffic policing, rate limit can only limit traffic rate on a physical interface. To limit the rate
of all the packets on an interface as a whole, using rate limit is easier.
For more information about token buckets, see "Traffic evaluation and token buckets."
W
hen rate lim
it is configured on an interface, a token bucket handles all packets to be sent through the
interface for rate limiting. If the token bucket has enough tokens, packets can be forwarded. Otherwise,
packets are put into QoS queues for congestion management. In this way, the traffic passing the physical
interface is controlled.