[j-nsp] policer useless

Blaz Zupan blaz@inlimbo.org
Sun, 15 Sep 2002 17:49:23 +0200 (MET DST)


> I believe that Markus has measured whether the policer (which is
> apparently what Blaz had configured on his box) does indeed police
> traffic to the expected levels.  Markus indicates that it seems to

Actually I agree on this. I have a ISP connected to us and am policing him at
40 Mbps and he *does* reach this limit - apparently because an ISP's traffic
pattern is made up of lots of TCP, UDP and other traffic flows. But trying to
get a single TCP flow to reach the policed transfer rate does not seem to
work. I've read the various explanations posted on this list and I'm trying to
understand why I don't see the same behaviour with Cisco's CAR (rate-limit)
which is supposed to be the same as JunOS policing.

> do so.  I'm not sure this is an issue or "right" or "wrong", but rather,
> how should Blaz configure his box to get the desired behavior.

Agreed.

> Clearly, as you have pointed out, behavior of a TCP connection
> when policed is different from the behavior when it is shaped (or
> "queued" per some of the other messages in this thread).

Agreed on this as well, as I said in another post, I'm not comparing JunOS
policing to Cisco traffic shaping (which would be comparing apples to
oranges) but I am comparing Cisco CAR to JunOS policing, which is (at least to
my understanding) supposed to be the same thing.

> Claiming that policing is completely useless is certainly within
> your rights, however there are plenty of service providers who
> choose to police traffic (whether using routers, frame relay switches,
> etc.) and of course, lots of TCP traffic flows through these devices.

Exactly, and I'm not saying policing is useless, I'm saying that policing as
I'm currently expericing it in my test is useless - I'm trying to find out why
this is so and reading through the archives of this list and don't think I'm
alone. :-)