Routing

Dear all.

 

I read many documents about CoS and I have a question like that.

When configuring a polcier, we have two parameter

1: bandwith-limit : It's quite clear

2: burst-size-limit : What does it do ? And what is this paramenter role? And what happens if we change it's value?

As I read from Juniper website "A policer burst-size limit controls the number of bytes of traffic that can pass through a policed interface unrestricted when a burst of traffic pushes the average transmit or receive rate above the configured bandwidth limit" But I really don't understand what it means.

There is an imaginary bucket full of tokens (each token represents a byte).

bandwidth-limit is the rate at which the bucket is filled (in bits per second, so you need to divide that number by 8 if you want to know the bytes per second figure)

burst-size-limit is the size of the bucket, in bytes

Every time a packet is evaluated by the policer, we check the packet size X, and if the bucket has >= X tokens, then the packet passes, and we remove X tokens from the bucket.

So the burst-size determines how many packets "in a burst" can pass the policer, all of a sudden, without giving time for the bucket to refill.

I'm still confused with your explanation. So, if I have this configuration

--------

set firewall policer HAN_CHE_.1 if-exceeding bandwidth-limit 300k
set firewall policer HAN_CHE_.1 if-exceeding burst-size-limit 15k

-----

And

set firewall policer HAN_CHE_.1 if-exceeding bandwidth-limit 300k

set firewall policer HAN_CHE_.1 if-exceeding burst-size-limit 30k

If I apply this policer on a Gigabit Ethernet, which is better ? If banwidth reaches 300k, so which configuration will make the packets dropped?

If bit rate of traffic passing through policer  is less as compare to configured bandwidth-limit "call it out flow" then bytes will simply pass

If bit rate of traffic passing through policer is greater then as compared to configured bandwidth-limit then how traffic would be treated ???? Should bytes be dropped as it is crossing the bandwidth-limit. Answer is "no" bytes should have "pocket (burst-size-limit)" where there could stay for a while if "out flow" is too narrow to give them chance before drop out. If out flow is still too narrow to handle incoming bits and "pocket" is already filled then next byte will be dropped.

 

 

Now question is size of "pocket or burst-size-limit"

• A burst-size limit should not be set lower than 10 times the maximum transmission unit (MTU) of the traffic on the interface to be policed.
• The amount of time to allow a burst of traffic at the full line rate of a policed interface should not be lower than 5 milliseconds.

Now suppose if your interface has line rate of 1Gbps what should be bandiwdth-limit (it should be decided by you) burst-size-limit must be enough to hold burst of traffice at line rate (1Gbps) for at least 5ms.

burst-size-limit= interface line rate * .005

burst-size-limit (for 1Gbps interface) =1000000000 * .005

burst-size-limit (for 1Gbps interface)= 5000000 Bits

burst-size-limit (for 1Gbps interface)= 5000000 / 8 = 625000 Byts

burst-size-limit (for 1Gbps interface)=625000 / 10000 = 625 kilo Byts

 

Reference link

http://www.juniper.net/techpubs/en_US/junos11.3/topics/reference/general/policer-guidelines-burst-size-calculating.html

 

 

 

Please mark this as accepted solution if it works for you

A kudos is a good way of appreciation

 

Kashif Nawaz

JNCIP-Sec ,JNCIP-Ent

JNCIS-Ent, JNCIS-Sec

JNCIA-Junos

 

 

 

 

Hi Kashif,

 

Using your example above, what happens if you exceed the burst-size?

 

So let's say for a

 

1Gbps interface

bandwidth-limit 1Gbps

burst-size 625 kB

 

At a given instance, we're seeing throughput of 500 Mbps and burst of 700 kB. Would my traffic be dropped? i.e. the 75 kB above the burst-size.