CAR – The grand-old man in policing.

• February 23, 2012
• CCIE  
• Technology  

Below are my findings regarding CAR. Please be advised that this is work in progress.

CAR is the ancient way of doing policing.

It is not configured using any of the new and fancy MQC style configuration.

It is an interface-based command set.

CAR is a policer, and as such it is meant to drop packets at some point.

CAR can be multi-level, meaning you can police according to different specifications.

An example would be your desire to globally police at 5Mbps. If traffic falls within this rate, you want

to police web traffic to 2Mbps.

If it falls within this rate, you might want to police web traffic to a certain site to 500Kbps.

The concept of a token bucket is still used.

Be is an extension to the Bc bucket.

Traffic is only exceeding if it falls above the Bc + Be values.

A big difference compared to CB Policing, is the fact that CAR seems to use a compounded debt algorithm.

As mentioned in: http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcpolts.html

If a packet needs to be sent that exceeds your Bc, you can “borrow” from the Be size. In CB Policing,

you would check if you could send the packet with B alone, and if not, check if it could be sent by Be alone and if this also failed, the packet would be dropped.

In order to set the Be part of the bucket, you would need to have it larger than your Bc. The difference is the

actual Be size.

Example would be: “rate-limit output 8000 2000 3500 conform-action transmit exceed-action drop”

Bc = 2000

Be = 1500

A concept of “statistical fluff-error” (TM Scott Morris) is mentioned by Cisco as being a multiplication of 1.5.

Hence the recommendation from Cisco for Bc and Be is:

Bc = ( CIR / 8 ) * 1.5

Be = Bc * 2

I have no hard evidence on the fill rate of the token bucket, but this seems to indicate on the per-packet basis as used by CB Policing:

”

1. Note the current time.
2. Update the token bucket with the number of tokens that have accumulated continuously since the last time a packet arrived.
3. The total number of accumulated tokens cannot exceed the maxtokens value. Drop excess tokens.
4. Check for packet conformance.”

Source for above statement:

http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008010dd6a.shtml

I would very much appreciate any other information you can provide on this lesser-known policing feature.

Thanks!