Traffic Policing and Shaping

Traffic Policing and Shaping
Traffic policing and traffic shaping are both ways to control the amount of
traffic through an interface. Policing drops traffic, whereas shaping buffers it
for sending later. Policing can be used inbound or outbound, but shaping is
used only on outbound traffic.
Both mechanisms use a token bucket concept to measure the amount of
bandwidth allowed. Enough tokens enter the bucket at regular intervals to
allow the interface to send the number of bytes configured for that interval.
If a packet enqueued has fewer bytes than are represented by tokens in the
bucket, it considered a conforming packet. The packet is sent and an equivalent
number of tokens are subtracted from the bucket. If it has more bytes
than there are tokens to send, it is considered an exceeding packet. The
router then takes action based on whether policing or shaping is configured.

Some implementations use two token buckets. If a packet exceeds the first
bucket, it is checked against the second one. If there are not enough tokens
in the second bucket to send the packet, it is considered a violation.
If all the tokens are not used within the interval, they can accrue and remain
available to future packets if bursting is enabled.