Single-Rate Three-Color Policer Overview
Single-rate three-color policing uses a bandwidth limit (also called a committed information rate (CIR)), a committed burst size, and an excess burst size. The policer classifies traffic into three groups: traffic that conforms to the bandwidth limit or the committed burst size, traffic that exceeds the bandwidth limit and committed burst size but conforms to the excess burst size, and traffic that exceeds the excess burst size.
Each category is associated with an action. For traffic that conforms to the bandwidth limit or the committed burst size (also called green traffic), the action is to mark the packet with an implicit low loss priority and transmit the packet. For traffic that exceeds the bandwidth limit and committed burst size but conforms to the excess burst size (also called yellow traffic), the action is to mark the packet with an implicit loss priority of medium-high and then transmit the packet. For traffic that exceeds the excess burst size, the action is to mark the packet with an implicit loss priority of high and, optionally, to discard the packet. If congestion occurs downstream, the packets with higher loss priority are more likely to be discarded.
 | Note: The discard action for a tricolor marking policer for a firewall filter is supported on the M120, M320 with Enhanced-III FPCs, M7i and M10i with the Enhanced CFEB (CFEB-E), and the MX Series routers, so it is not necessary to include the logical-interface-policer statement for them. |
The following configuration demonstrates how the policer works in a sample scenario.
If traffic arriving on the logical interface is within the average rate of 40 Mbps (based on the token bucket formula) or within the committed burst size limit of 100 KB, the packets are “green” and are marked with an implicit loss priority of low. If traffic arriving on the logical interface is above the committed information rate and above the committed burst size but still within the excess burst size of 200 KB, the packets are “yellow” and are marked with an implicit loss priority of medium-high. If traffic arriving on the logical interface is above the excess burst size of 200 KB, the packets are “red,” are marked with an implicit loss priority of high, and are discarded. In the “red” case, if you omit the action statement, the packets are still marked with an implicit loss priority of high, but the packets are transmitted. As the traffic rate slows and the newly arriving traffic conforms to the configured limits, Junos OS stops marking packets with the medium-high and high loss priorities and stops dropping red packets.
For single-rate, three-color policing, Junos OS uses two token buckets to manage bandwidth based on the rate of traffic.
When the policer is color-aware, the local router can assign a higher packet-loss priority, but cannot assign a lower packet-loss priority. For example, suppose an upstream router assigned medium-high loss priority to a packet because the packet exceeded the committed information rate on the upstream router interface. The local router cannot change the packet-loss priority to low, even if the packet conforms to the configured committed information route on the local router interface. However, if the stream exceeds the excess burst size configured on the local router interface, the packets are assigned high loss priority.
If you configure a policer to be color-blind instead of color-aware, the color-blind node ignores preexisting markings. A packet with medium-high loss priority can be assigned low or high loss priority.
