QoS Traffic Policing Explained

I’ve been having trouble visualizing the different policing/bucket methods and this helped a lot. Great lesson!

Hi Rene,

In term of bandwidth control, shape will be better than policer? As Shape will buffer the exceeded traffic but policer will be drop once exceeded.


Hi Davis,

It depends what you want to achieve.

For example, the ISP will probably use policing since they don’t want to waste resources to buffer customer packets exceeding traffic.

The customer however probably doesn’t want packet drops so they will configure shaping to match the rate that the ISP polices at.

Also keep in mind that shaping adds delay so it’s not a good idea to use this for realtime traffic like VoIP.


Hi Rene,

Got it. Thanks!


Hi Rene

Thanks for the clear explaination.
However, can you explain the best practice which policer is use for which applications?

Example: single rate two Colour for voice traffic?

When will i use singe rate 3 color and when to use dual rate 3 Color?


Hi Muhammad,

Policing is typically implemented by ISPs to limit the traffic of their customers so it will depend on the traffic contract that they sell you.

The single rate two color policer might be a bit unfair since it doesn’t allow bursting. With a CIR of 128kbps then you’ll only be able to reach 128kbps if you keep sending traffic non-stop.

The single rate three color policer allows bursting. Since data traffic is “bursty” by nature, this is probably a bit more fair to use. When your connection is idle, you can accumulate up to the Be and spend your Bc+Be when required.

The Dual rate three-color policer is useful when the ISP is selling more bandwidth than they actually can offer. It’s very unlikely that all customers are sending at maximum capacity all the time so they can offer you a “dual rate” contract. You might pay for a CIR of 128kbps and go up to 256kbps when the network is underutilized.


Hi Rene,

How actually we calculate the BC and BE base on the CIR. What is the standard we should set?

Is the calculation below correct?

CAR (Police) formula:
Bc = CIR / 8 * Tc           (Default Tc = 1.5 seconds)
Be = 2 * Bc


Hi Davis,
How Be is calculated depends on what type of policer is being used.

Single Rate, Two Color Policer
Bc = CIR/32
Be = 0
Single Rate, Three Color Policer
Bc = CIR/32
Be = Bc
Two Rate, Three Color Policer
Bc = CIR/32
Be = PIR/32 (Peak Information Rate)

Hi Andrew,

Will there any different for the result if we set CIR/32 vs CIR/8 for the BE for the Single Rate, Three color policer?


So if you defined Be = CIR/8 instead of CIR/32, this means that Be is now 4x larger. This means that you are allowed to store up more “credit” of unused traffic so you can burst more later. Keep in mind, that the average traffic rate, over a large period of time, will still be a maximum of the CIR rate, it is just now with a higher Be, you could potentially send 4x as much traffic in a short interval, if you had not been sending the full amount of traffic for previous intervals (hence you have “built up the credit”).

From a provider’s point of view, this could result in a lot more “spikey” traffic (periods of small activity followed by a period of large activity). Most providers would prefer to have a more predicable traffic flow which is why, when Be is even an option with a Single Rate policer, it will almost always be set such the Be = Bc.

Make sense?

Hi Andrew,

Thanks. Now i understand better for BE.

But i still confusing for BC. How about the result CIR/32 vs CIR/8 for BC?


So in the case where you make Bc = CIR/8 instead of CIR/32 this means that Bc is now 4x bigger. There is a strict relationship between Bc, Tc, and the CIR. The CIR is a constant, so if you make the Bc 4x bigger, then the Tc will have to be 4x smaller. This means the time interval in which Bc bits are transmitted is 4x smaller.

The provider’s police settings usually determine how the customer will set their shape settings on the other end of the link (so they will match). Having a shape rate with a smaller Tc is generally considered good for traffic (like VOIP and Interactive video) where delay needs to be minimized.

Hi Rene

I have 2 question pelase :

1-Please which of the above three catagory is the common use ? as per my idea ( Single Rate, Three-color ) is the common type right ?, so how to change to other catagories in the router ?

2-in this catagory(Dual-Rate, Three-Color ), when the first packet come it check the 1st bucket (BC) , for second packet it will check the (be) directly or it check again the BC if full then it will check BE ?


Hi Rawa,

I answered the first question a bit above this post.

Here’s a configuration example for all types btw:

Policing Configuration Example

The dual-rate three-color policer will always check both buckets. It will try to take tokens from both buckets, if possible then the traffic is conforming. If the BC bucket is empty but the PIR bucket still has tokens then the traffic is exceeding. Keep in mind the PIR bucket is larger than the BC bucket.


Hi Andrew,

I still have some doubt

Let say BC = the total token can be store, if let say the police cir 128kbps, and by default bc=cir/32 which is 4000 bytes.

and every second refilled the token 128000/8 = 16000 bytes, but the BC is only can fill up max 4000 bytes?

Then how the user can get 128kbps if the BC token(4000 bytes) is less than the CIR (16000 bytes)?


In this case your Tc would not be 1 second, instead it would be 250 ms. This means your token bucket would refill 4 times per second. This would allow you to achieve 128kbps.

Hi Andrew,

Ok. now i got it.

Thanks :slight_smile:


HI Rene in this case , the bucket what does it mean.?

BE:Exceeding Traffic

I need to be completely sure about it.

Hello Rayniero

In this case, there are two buckets. One is the BC bucket, which is the commited burst. This is traffic below and up to the CIR of the link. If this bucket is full at any given time, it overflows into the BE bucket, or the excess burst bucket. This has a specific size as well. The tokens are the actual data packets.

In this example the buckets themselves are the maximum packets a link can support per time period. If the BC bucket is 128 kbps, that means 128000 bits in one second. If more than that arrive in one second, the excess goes into the BE bucket. If the BE bucket is 16 kbps, that means than an additional 16000 bits can be acomodated per second. If the BE bucket fills up too, then the additional packets are dropped.

I hope this has been helpful!


19 posts were merged into an existing topic: QoS Traffic Policing Explained