Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
291292293294295296297298299300
276
593BNon-MQC approach
In the non-MQC approach, you configure QoS service parameters without using a QoS policy. For
example, you can use the line rate feature to set a rate limit on an interface without using a QoS policy.
147B
Traffic policing
Traffic policing limits the traffic rate and resource usage according to traffic specifications. Once a
particular flow exceeds its specifications, such as assigned bandwidth, the flow is policed to make sure
it is under the specifications. You can use token buckets for evaluating traffic specifications.
594BTraffic evaluation and token buckets
1308BToken bucket features
A token bucket is analogous to a container that holds a certain number of tokens. Each token represents
a certain forwarding capacity. The system puts tokens into the bucket at a constant rate. When the token
bucket is full, the extra tokens cause the token bucket to overflow.
1309BEvaluating traffic with the token bucket
A token bucket mechanism evaluates traffic by looking at the number of tokens in the bucket. If the
number of tokens in the bucket is enough for forwarding the packets, the traffic conforms to the
specification, and is called "conforming traffic." Otherwise, the traffic does not conform to the
specification, and is called "excess traffic."
A token bucket has the following configurable parameters:
Mean rate at which tokens are put into the bucket—The permitted average rate of traffic. It is
usually set to the committed information rate (CIR).
Burst size or the capacity of the token bucket—The maximum traffic size permitted in each burst. It
is usually set to the committed burst size (CBS). The set burst size must be greater than the maximum
packet size.
Each arriving packet is evaluated. In each evaluation, if the number of tokens in the bucket is enough, the
traffic conforms to the specification and the tokens for forwarding the packet are taken away. If the
number of tokens in the bucket is not enough, the traffic is excessive.
595BTraffic policing
Traffic policing supports policing the inbound traffic and the outbound traffic.
A typical application of traffic policing is to supervise the specification of certain traffic entering a
network and limit it within a reasonable range, or to "discipline" the extra traffic to prevent aggressive
use of network resources by a certain application. For example, you can limit bandwidth for HTTP
packets to less than 50% of the total. If the traffic of a certain session exceeds the limit, traffic policing can
drop the packets or reset the IP precedence of the packets.
2490HFigure 179 shows an example of policing
outbound traffic on an interface.