Traffic policing
Encyclopedia
Traffic policing is the process of monitoring network traffic
for compliance with a traffic contract
and taking steps to enforce that contract. Traffic sources which are aware of a traffic contract may apply traffic shaping
to ensure their output stays within the contract and is thus not discarded. Traffic exceeding a traffic contract may be discarded immediately, marked as non-compliant, or left as-is, depending on administrative policy and the characteristics of the excess traffic.
distributed throughout periods when incoming traffic exceeded the contract. If the source does not limit its sending rate (for example, through a feedback mechanism), this will continue, and may appear to the recipient as if link errors or some other disruption is causing random packet loss.
With reliable protocols, such as TCP
as opposed to UDP
, the dropped packets will not be acknowledged by the receiver, and therefore will be resent by the emitter, thus generating more traffic.
The received traffic, which has experienced policing en route, will typically comply with the contract, although jitter
may be introduced by elements in the network downstream of the policer.
) typically adapt rapidly to static policing, converging on a rate just below the policed sustained rate.
As a result, it may be hard for endpoints to distinguish TCP traffic that has been merely policed from TCP traffic that has been shaped
.
-level dropping is enforced (as opposed to that achieved through packet-based policing) the impact is particularly severe on longer packets. Since cells are typically much shorter than the maximum packet size, conventional policers discard cells which do not respect packet boundaries, and hence the total amount of traffic dropped will typically be distributed throughout a number of packets. Almost all known packet reassembly mechanisms will respond to a missing cell by dropping the packet entirely, and consequently a very large number of packet losses can result from moderately exceeding the policed contract.
). Where it exceeds the contract, some policy determines if any given PDU
is dropped, or if marking is implemented, if and how it is to be marked. Marking can comprise setting a congestion flag (such as ECN
flag of TCP
or CLP
bit of ATM
) or setting a traffic aggregate indication (such as Differentiated Services
Code Point of IP
).
In simple implementations, traffic is classified into two categories, or "colors" : compliant (green) and in excess (red). RFC 2697 proposes a more precise classification, with three "colors". In this document, the contract is described through three parameters: Committed Information Rate (CIR), Committed Burst Size (CBS), and Excess Burst Size (EBS). A packet is "green" if it doesn't exceed the CBS, "yellow" if it does exceed the CBS, but not the EBS, and "red" otherwise.
The "single-rate three-color marker" described by RFC 2697 allows for temporary bursts. The bursts are allowed when the line was under-used before they appeared. A more predictable algorithm is described in RFC 2698, which proposes a "double-rate three-color marker". RFC 2968 defines a new parameter, the Peak Information Rate (PIR).
algorithm.
Traffic policing in ATM networks is known as Usage Parameter Control (UPC) and Network Parameter Control (NPC). The network can also discard non-conformant traffic in the network (using Priority Control). The reference for both traffic policing and traffic shaping in ATM (given by the ATM Forum
and the ITU-T
) is the Generic Cell Rate Algorithm (GCRA), which is described as a version of the leaky bucket
algorithm.
Traffic policing requires maintenance of numerical statistics and measures for each policed traffic flow, but it does not require implementation or management of significant volumes of packet buffer. Consequently it is significantly less complex to implement than traffic shaping.
networks (for example ATM systems) can perform Connection Admission Control (CAC) based on traffic contracts. In the context of Voice over IP
(VoIP), this is also known as Call Admission Control
(CAC).
An application that wishes to use a connection-oriented
network to transport traffic must first request a connection (through signalling, for example Q.2931), which involves informing the network about the characteristics of the traffic and the quality of service
(QoS) required by the application. This information is matched against a traffic contract. If the connection request is accepted, the application is permitted to use the network to transport traffic.
This function protects the network resources from malicious connections and enforces the compliance of every connection to its negotiated traffic contract.
Difference between CAC and traffic policing is that CAC is an a priori verification (before the transfer occurs), while traffic policing is an a posteriori verification (during the transfer).
Network traffic
Network traffic is data in a network. In computer networks, the data is encapsulated in packets.*Network traffic control*Network traffic measurement*Network traffic simulation...
for compliance with a traffic contract
Traffic contract
If a service wishes to use a broadband network to transport a particular kind of traffic, it must first inform the network about what kind of traffic is to be transported, and the performance requirements of that traffic...
and taking steps to enforce that contract. Traffic sources which are aware of a traffic contract may apply traffic shaping
Traffic shaping
Traffic shaping is the control of computer network traffic in order to optimize or guarantee performance, improve latency, and/or increase usable bandwidth for some kinds of packets by delaying other kinds of packets that meet certain criteria...
to ensure their output stays within the contract and is thus not discarded. Traffic exceeding a traffic contract may be discarded immediately, marked as non-compliant, or left as-is, depending on administrative policy and the characteristics of the excess traffic.
Effect
The recipient of traffic that has been policed will observe packet lossPacket loss
Packet loss occurs when one or more packets of data travelling across a computer network fail to reach their destination. Packet loss is distinguished as one of the three main error types encountered in digital communications; the other two being bit error and spurious packets caused due to noise.-...
distributed throughout periods when incoming traffic exceeded the contract. If the source does not limit its sending rate (for example, through a feedback mechanism), this will continue, and may appear to the recipient as if link errors or some other disruption is causing random packet loss.
With reliable protocols, such as TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
as opposed to UDP
User Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
, the dropped packets will not be acknowledged by the receiver, and therefore will be resent by the emitter, thus generating more traffic.
The received traffic, which has experienced policing en route, will typically comply with the contract, although jitter
Jitter
Jitter is the undesired deviation from true periodicity of an assumed periodic signal in electronics and telecommunications, often in relation to a reference clock source. Jitter may be observed in characteristics such as the frequency of successive pulses, the signal amplitude, or phase of...
may be introduced by elements in the network downstream of the policer.
Impact on Congestion-Controlled Sources
Sources with feedback-based congestion control mechanisms (for example TCPTransmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
) typically adapt rapidly to static policing, converging on a rate just below the policed sustained rate.
As a result, it may be hard for endpoints to distinguish TCP traffic that has been merely policed from TCP traffic that has been shaped
Traffic shaping
Traffic shaping is the control of computer network traffic in order to optimize or guarantee performance, improve latency, and/or increase usable bandwidth for some kinds of packets by delaying other kinds of packets that meet certain criteria...
.
Impact in the case of ATM
Where cellCell relay
In computer networking, cell relay refers to a method of statistically multiplexing small fixed-length packets, called "cells", to transport data between computers or kinds of network equipment. It is an unreliable, connection-oriented packet switched data communications protocol.Cell relay...
-level dropping is enforced (as opposed to that achieved through packet-based policing) the impact is particularly severe on longer packets. Since cells are typically much shorter than the maximum packet size, conventional policers discard cells which do not respect packet boundaries, and hence the total amount of traffic dropped will typically be distributed throughout a number of packets. Almost all known packet reassembly mechanisms will respond to a missing cell by dropping the packet entirely, and consequently a very large number of packet losses can result from moderately exceeding the policed contract.
Process
RFC 2475 describes traffic policing elements like a meter and a dropper. They may also optionally include a marker. The meter measures the traffic and determines whether or not it exceeds the contract (for example by GCRAGeneric cell rate algorithm
The Generic Cell Rate Algorithm is an algorithm that is used in Asynchronous Transfer Mode networks to measure the timing of cells on Virtual Channels and or Virtual Paths against bandwidth and jitter limits contained in a traffic contract for the VC or VP to which the cells belong...
). Where it exceeds the contract, some policy determines if any given PDU
Protocol data unit
In telecommunications, the term protocol data unit has the following meanings:#Information that is delivered as a unit among peer entities of a network and that may contain control information, address information, or data....
is dropped, or if marking is implemented, if and how it is to be marked. Marking can comprise setting a congestion flag (such as ECN
Explicit Congestion Notification
Explicit Congestion Notification is an extension to the Internet Protocol and to the Transmission Control Protocol and is defined in RFC 3168 . ECN allows end-to-end notification of network congestion without dropping packets. ECN is an optional feature that is only used when both endpoints...
flag of TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
or CLP
Cell Loss Priority
Cell Loss Priority is a flag bit in the ATM cell header that determines the probability of a cell being discarded if the network becomes congested. Cells where the CLP = 0 are insured traffic and unlikely to be dropped...
bit of ATM
Asynchronous Transfer Mode
Asynchronous Transfer Mode is a standard switching technique designed to unify telecommunication and computer networks. It uses asynchronous time-division multiplexing, and it encodes data into small, fixed-sized cells. This differs from approaches such as the Internet Protocol or Ethernet that...
) or setting a traffic aggregate indication (such as Differentiated Services
Differentiated services
Differentiated Services or DiffServ is a computer networking architecture that specifies a simple, scalable and coarse-grained mechanism for classifying and managing network traffic and providing Quality of Service on modern IP networks...
Code Point of IP
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
).
In simple implementations, traffic is classified into two categories, or "colors" : compliant (green) and in excess (red). RFC 2697 proposes a more precise classification, with three "colors". In this document, the contract is described through three parameters: Committed Information Rate (CIR), Committed Burst Size (CBS), and Excess Burst Size (EBS). A packet is "green" if it doesn't exceed the CBS, "yellow" if it does exceed the CBS, but not the EBS, and "red" otherwise.
The "single-rate three-color marker" described by RFC 2697 allows for temporary bursts. The bursts are allowed when the line was under-used before they appeared. A more predictable algorithm is described in RFC 2698, which proposes a "double-rate three-color marker". RFC 2968 defines a new parameter, the Peak Information Rate (PIR).
Implementations
On Cisco equipment, both traffic policing and shaping are implemented through the token bucketToken bucket
The token bucket is an algorithm used in packet switched computer networks and telecommunications networks to check that data transmissions conform to defined limits on bandwidth and burstiness ....
algorithm.
Traffic policing in ATM networks is known as Usage Parameter Control (UPC) and Network Parameter Control (NPC). The network can also discard non-conformant traffic in the network (using Priority Control). The reference for both traffic policing and traffic shaping in ATM (given by the ATM Forum
ATM Forum
The ATM Forum was founded in 1991 to be the industry consortium to promote Asynchronous Transfer Mode technology used in telecommunication networks. It was a non-profit international organization. The ATM Forum created over 200 implementation agreements....
and the ITU-T
ITU-T
The ITU Telecommunication Standardization Sector is one of the three sectors of the International Telecommunication Union ; it coordinates standards for telecommunications....
) is the Generic Cell Rate Algorithm (GCRA), which is described as a version of the leaky bucket
Leaky bucket
The leaky bucket is an algorithm used in packet switched computer networks and telecommunications networks to check that data transmissions conform to defined limits on bandwidth and burstiness . The leaky bucket algorithm is also used in leaky bucket counters, e.g...
algorithm.
Traffic policing requires maintenance of numerical statistics and measures for each policed traffic flow, but it does not require implementation or management of significant volumes of packet buffer. Consequently it is significantly less complex to implement than traffic shaping.
Connection Admission Control as an alternative
Connection-orientedConnection-oriented
Connection-oriented communication is a data communication mode in telecommunications whereby the devices at the end points use a protocol to establish an end-to-end logical or physical connection before any data may be sent. In case of digital transmission, in-order delivery of a bit stream or...
networks (for example ATM systems) can perform Connection Admission Control (CAC) based on traffic contracts. In the context of Voice over IP
Voice over IP
Voice over Internet Protocol is a family of technologies, methodologies, communication protocols, and transmission techniques for the delivery of voice communications and multimedia sessions over Internet Protocol networks, such as the Internet...
(VoIP), this is also known as Call Admission Control
Call Admission Control
Call Admission Control prevents oversubscription of VoIP networks. It is used in the call set-up phase and applies to real-time media traffic as opposed to data traffic...
(CAC).
An application that wishes to use a connection-oriented
Connection-oriented
Connection-oriented communication is a data communication mode in telecommunications whereby the devices at the end points use a protocol to establish an end-to-end logical or physical connection before any data may be sent. In case of digital transmission, in-order delivery of a bit stream or...
network to transport traffic must first request a connection (through signalling, for example Q.2931), which involves informing the network about the characteristics of the traffic and the quality of service
Quality of service
The quality of service refers to several related aspects of telephony and computer networks that allow the transport of traffic with special requirements...
(QoS) required by the application. This information is matched against a traffic contract. If the connection request is accepted, the application is permitted to use the network to transport traffic.
This function protects the network resources from malicious connections and enforces the compliance of every connection to its negotiated traffic contract.
Difference between CAC and traffic policing is that CAC is an a priori verification (before the transfer occurs), while traffic policing is an a posteriori verification (during the transfer).