[j-nsp] policer useless

Blaz Zupan blaz@inlimbo.org
Wed, 11 Sep 2002 17:30:50 +0200 (MET DST)


> You're doing policing, which sabotages TCP's congestion avoidance
> mechanisms. A problem VERY well known since the days of the IMPs. :-)

Ok, but isn't Cisco's rate-limit also policing? rate-limit on IOS works just
fine for me. I always though the difference between traffic-shape and
rate-limit on Cisco's was that traffic-shape was buffering packets and sending
them out at the expected rate on the other side, while rate limiting will be
the equivalent of JunOS policing, basically just throwing away all packets
above the agreed level. So, either IOS rate-limit is not the same as JunOS
policing or JunOS policing is not working as well as IOS rate-limit is.

> Basically, you have no chance. You need to do queuing... with
> policing you're totally lost.

Translation: I can't use a Juniper box in my case and need to move all those
sub-rate service customers to a Cisco box?

> Policing is OK to have a "safety ceiling", but not for "limiting
> regular traffic down to agreed levels".

Ok, I see. Basically, if we have lots of customers with slow links downstream
an interface, policing would work fine for us (limiting the aggregate
bandwidth available to those customers to an agreed level) but if those
customers have fast links and there's not that so many of them (i.e. if they
have a fast ethernet connection to our Juniper), policing will be basically
useless as it will heavily interfere with TCP.