Single Token Bucket Algorithm
Token Bucket Concepts
When you apply traffic policing to the input or output traffic at an interface, the rate limits and actions specified in the policer configuration are used to enforce a limit on the average throughput rate at the interface while also allowing bursts of traffic up to a maximum number of bytes based on the overall traffic load. Junos OS policers measure traffic-flow conformance to a policing rate limit by using a token bucket algorithm. An algorithm based on a single token bucket allows burst of traffic for short periods, whereas an algorithm based dual token buckets allows more sustained bursts of traffic.
Single Token Bucket Algorithm
A single-rate two-color policer limits traffic throughput at an interface based on how the traffic conforms to rate-limit values specified in the policer configuration. Similarly, a hierarchical policer limits traffic throughput at an interface based on how aggregate and premium traffic subflows conform to aggregate and premium rate-limit values specified in the policer configuration. For both two-color policer types, packets in a conforming traffic flow are categorized as green, and packets in a non-conforming traffic flow are categorized as red.
The single token bucket algorithm measures traffic-flow conformance to a two-color policer rate limit as follows:
The token arrival rate represents the single bandwidth limit configured for the policer. You can specify the bandwidth limit as an absolute number of bits per second by including the bandwidth-limit bps statement. Alternatively, for single-rate two-color policers only, you can use the bandwidth-percent percentage statement to specify the bandwidth limit as a percentage of either the physical interface port speed or the configured logical interface shaping rate.
The token bucket depth represents the single burst size configured for the policer. You specify the burst size by including the burst-size-limit bytes statement.
If the bucket is filled to capacity, arriving tokens “overflow” the bucket and are lost.
When the bucket contains insufficient tokens for receiving or transmitting the traffic at the interface, packets might be dropped or else re-marked with a lower forwarding class, a higher packet loss priority (PLP) level, or both.
Conformance Measurement for Two-Color Marking
In two-color-marking policing, a traffic flow whose average arrival or departure rate does not exceed the token arrival rate (bandwidth limit) is considered conforming traffic. Packets in a conforming traffic flow (categorized as green traffic) are implicitly marked with a packet loss priority (PLP) level of low and then passed through the interface.
For a traffic flow whose average arrival or departure rate exceeds the token arrival rate, conformance to a two-color policer rate limit depends on the tokens in the bucket. If sufficient tokens remain in the bucket, the flow is considered conforming traffic. If the bucket does not contain sufficient tokens, the flow is considered non-conforming traffic. Packets in a non-conforming traffic flow (categorized as red traffic) are handled according to policing actions. Depending on the configuration of the two-color policer, packets might be implicitly discarded; or the packets might be re-marked with a specified forwarding class, a specified PLP, or both, and then passed through the interface.
The number of tokens remaining in the bucket at any given time is a function of the token bucket depth and the overall traffic load.
The token bucket is initially filled to capacity, and so the policer allows an initial traffic burst (back-to-back traffic at average rates that exceed the token arrival rate) up to the size of the token bucket depth.
During periods of relatively low traffic (traffic that arrives at or departs from the interface at average rates below the token arrival rate), unused tokens accumulate in the bucket, but only up to the configured token bucket depth.