Technical Documentation
New
Configuring a TCP-Friendly One-Rate Rate-Limit Profile
You can configure a committed rate, committed burst, and excess burst for the token bucket. For example, to configure a rate-limit process with hard tail dropping of packets when tokens are unavailable, set the committed rate and committed burst to a nonzero value, and set the excess burst to zero. Setting the excess burst to a nonzero value causes the router to drop packets in a more friendly way.
The configuration values for the preceding attributes determine the degree of friendliness of the rate-limit process. Instead of tail dropping packets that arrive outside the committed and burst rate envelope, the TCP-friendly bucket enables more tokens to be borrowed, up to a limit determined by the excess burst size. The next packet that borrows tokens in excess of the excess burst size is deemed excessive and is dropped if the exceeded action is set to drop.
The rate-limit algorithm is designed to avoid consecutive packet drops in the initial stages of congestion when the packet flow rate exceeds the committed rate of the token bucket. The intention is that just a few packet drops are sufficient for TCP’s congestion control algorithm to drastically scale back its sending rate. Eventually, the packet flow rate falls below the committed rate, which enables the token bucket to replenish faster because of the reduced load.
If the packet flow rate exceeds the committed rate for an extended period of time, the rate-limit algorithm tends toward hard tail dropping. In a properly configured scenario, the rate limiter is consistently driven to borrow tokens because of TCP’s aggressive nature, but it replenishes the tokens as TCP backs off, resulting in a delivered rate that is very close to the rate configured in the rate-limit profile.
The recommended burst sizes for TCP-friendly behavior are:
- Committed burst—0.2 to 2.0 seconds of the committed rate
- Excess burst—1.0 to 2.0 seconds of the committed rate, plus the committed burst
For example, if the committed rate is 1,000,000 bps, the recommended burst sizes are as follows:
- Committed burst is 1,000,000 x 1.0 x 1/8 = 125,000 bytes
Multiplying the committed rate by 1.0 seconds converts the rate to bits, then multiplying the number of bits by 1/8 converts the value to bytes.
- Excess burst is 1,000,000 x 1.5 x 1/8 + 125,000 = 312,500
bytes
Multiplying the committed rate by 1.5 converts the rate to bits, then multiplying the number of bits by 1/8 converts the value to bytes.
TCP-friendly rate limits have only one token bucket, but they also maintain a cumulative debt counter that represents how much traffic above the committed rate has recently been seen. This cumulative debt increases until it reaches the extended burst value; at that point the cumulative debt is reset to 0, but the offending packet is marked red. The cumulative debt increases faster than just by the packet size, so if the TCP source does not respond to TCP flow control and more of its packets are dropped.
Table 1 presents equations that can also represent the algorithm for the TCP-friendly one-rate rate limit profile when using hierarchical rate limiting, where:
- B = size of packet in bytes
- CD = cumulative debt
- t = time
- T(t) = number of tokens in token bucket at time t
Table 1: TCP-Friendly One-Rate Rate-Limit Profile Algorithms
Step
Result
If not color aware, use green as the incoming packet color, otherwise use the actual packet color
–
If incoming packet color is green
–
If T(t) > = B
- Packet is colored
- T(t) is decremented by B
If T(t) < B and CD is incremented by
B – T(t)–
If CD < Extended Burst and T(t) < B
- Packet is colored
- T(t) is decremented by B (allow T(t) < 0, if necessary)
If CD > = Extended Burst B and T(t) < B
- Packet is colored
- CD is reset to 0
If incoming packet color is (only occurs in color-aware operation)
–
If T(t) < B and CD is incremented
by B– T(t)–
If CD < Extended Burst
- Packet is colored yellow
- T(t) is decremented by B (allow T(t) < 0, if necessary)
If CD >= Extended Burst
- Packet is colored
- CD is reset to 0
If incoming packet color is (only occurs in color-aware operation)
- Packet is colored red
