QoS Traffic Policing Explained

This topic is to discuss the following lesson:

Very Nice lesson. Appreciate it!

how about hierarchical tocken bucket (HTB)? how many bucket that we use in HTB, and how the policier take the token from the bucket

Hi Rene,
Nice explanation. I have one query though.
With the single rate tri colour policing, if we don’t mention the bc and be values in the cli command, then they both are same. If we have a single burst which is exceeding bc value, then what will happen? Since be is also same as bc will the packet be dropped ( considering that this has violated ) or will the packet pass through if the number of tokens in bc+be is more than the burst arriving?

Hi SP,

When you use single rate three colour policing and don’t specify the bc/be values then you will have two buckets that have the same size. When there are not enough tokens in the bc bucket, it will be empty and we will get some extra tokens from the be bucket…you are now exceeding.

If you send a burst and there are not enough tokens in the bc+be buckets combined, that’s when you are violating and your packet will be dropped.

Hi Rene,

This lesson and your website in general is awesome! Just one thing, am I missing something or there is no lesson with configuration of this stuff? You mentioned “I will explain to you how to configure it on a Cisco router.”, but I can’t find it?

Hi Franjo,

Glad to hear you like it! It seems I never did create the configuration tutorial for policing…I’ll create it tomorrow or monday :slight_smile:


Hi Rene,

I look forward to configuaration tutorial mentioned by You. I hope it will happen soon :wink:

Hi Wojciech,

It’s right here:


Enjoy :slight_smile:

Very clear lesson, keep up the good work.

Nice lesson, and good explanation.

I’ve been having trouble visualizing the different policing/bucket methods and this helped a lot. Great lesson!

Hi Rene,

In term of bandwidth control, shape will be better than policer? As Shape will buffer the exceeded traffic but policer will be drop once exceeded.


Hi Davis,

It depends what you want to achieve.

For example, the ISP will probably use policing since they don’t want to waste resources to buffer customer packets exceeding traffic.

The customer however probably doesn’t want packet drops so they will configure shaping to match the rate that the ISP polices at.

Also keep in mind that shaping adds delay so it’s not a good idea to use this for realtime traffic like VoIP.


Hi Rene,

Got it. Thanks!


Hi Rene

Thanks for the clear explaination.
However, can you explain the best practice which policer is use for which applications?

Example: single rate two Colour for voice traffic?

When will i use singe rate 3 color and when to use dual rate 3 Color?


Hi Muhammad,

Policing is typically implemented by ISPs to limit the traffic of their customers so it will depend on the traffic contract that they sell you.

The single rate two color policer might be a bit unfair since it doesn’t allow bursting. With a CIR of 128kbps then you’ll only be able to reach 128kbps if you keep sending traffic non-stop.

The single rate three color policer allows bursting. Since data traffic is “bursty” by nature, this is probably a bit more fair to use. When your connection is idle, you can accumulate up to the Be and spend your Bc+Be when required.

The Dual rate three-color policer is useful when the ISP is selling more bandwidth than they actually can offer. It’s very unlikely that all customers are sending at maximum capacity all the time so they can offer you a “dual rate” contract. You might pay for a CIR of 128kbps and go up to 256kbps when the network is underutilized.


Hi Rene,

How actually we calculate the BC and BE base on the CIR. What is the standard we should set?

Is the calculation below correct?

CAR (Police) formula:
Bc = CIR / 8 * Tc           (Default Tc = 1.5 seconds)
Be = 2 * Bc


Hi Davis,
How Be is calculated depends on what type of policer is being used.

Single Rate, Two Color Policer
Bc = CIR/32
Be = 0
Single Rate, Three Color Policer
Bc = CIR/32
Be = Bc
Two Rate, Three Color Policer
Bc = CIR/32
Be = PIR/32 (Peak Information Rate)

Hi Andrew,

Will there any different for the result if we set CIR/32 vs CIR/8 for the BE for the Single Rate, Three color policer?