Traffic policing
Traffic policing supports policing the inbound traffic and the outbound traffic.
A typical application of traffic policing is to supervise the specification of certain traffic entering a network and limit it within a reasonable range, or to "discipline" the extra traffic to prevent aggressive use of network resources by a certain application. For example, you can limit bandwidth for HTTP packets to less than 50% of the total. If the traffic of a certain session exceeds the limit, traffic policing can drop the packets or reset the IP precedence of the packets. Figure 7 shows an example of policing outbound traffic on an interface.
Figure 7: Traffic policing
Traffic policing is widely used in policing traffic entering the networks of ISPs. It can classify the policed traffic and take predefined policing actions on each packet depending on the evaluation result:
Forwarding the packet if the evaluation result is "conforming."
Dropping the packet if the evaluation result is "excess."
Forwarding the packet with its IP precedence re-marked if the evaluation result is "conforming."
Delivering the packet to next-level traffic policing with its IP precedence re-marked if the evaluation result is "conforming."
Entering the next-level policing (you can set multiple traffic policing levels each focused on specific objects).