Policing is the
monitoring of the data rates for a particular class of traffic. When the data
rate exceeds user-configured values, marking or dropping of packets occurs
immediately. Policing does not buffer the traffic; therefore, the transmission
delay is not affected. When traffic exceeds the data rate, you instruct the
system to either drop the packets or mark QoS fields in them.
You can define
single-rate and dual-rate policers.
monitor the committed information rate (CIR) of traffic. Dual-rate policers
monitor both CIR and peak information rate (PIR) of traffic. In addition, the
system monitors associated burst sizes. Three colors, or conditions, are
determined by the policer for each packet depending on the data rate parameters
supplied: conform (green), exceed (yellow), or violate (red).
You can configure only
one action for each condition. For example, you might police for traffic in a
class to conform to the data rate of 256000 bits per second, with up to 200
millisecond bursts. The system would apply the conform action to traffic that
falls within this rate, and it would apply the violate action to traffic that
exceeds this rate.
For more information
about policers, see RFC 2697 and RFC 2698.