What's the difference between "Policing" and "Shaping" when limiting bandwidth consumption?
Clarifying the differences between a couple similar terms.
For today's article, I'd like to clarify on a couple terms related to bandwidth limiting: "Policing" and "Shaping". Different security vendors use different techniques to effectively throttle bandwidth consumption but what do these techniques actually mean? What are the advantages to one vs the other? Let's discuss:
Bandwidth policing aims to reduce consumption by dropping excess traffic beyond a set limit. It's a common feature in security appliances/firewalls and sometimes goes by the term "rating limiting". This technique can be applied for traffic flowing in either direction (inbound or outbound) and because it's dropping packets, the usage patterns typically are jagged.
From a network firewall/device perspective, policing is a very efficient way to freeing up bandwidth but can have noticeable effects on the users (choppy video, TCP re-transmits, etc). It's often used for traffic/protocols that tolerate packet loss (e.g. UDP, voice, etc).
Shaping is a different approach. The goal here is to buffer traffic that exceeds a committed rate into a queue for later transmission. This approach is outbound in nature. Because the data is preserved (just delayed), the effect on the user is typically more subtle (since it smooths out the traffic rate as buffer excess dissipates). Think of this as more of a queuing mechanic with high memory buffers. It's often used for scenarios where delaying insensitive traffic produces less impact on use than packet drops/loss.
This barely scratches the surface but hopefully is a good primer to the topic. For more detail, please check out these resources:
GeeksforGeeks
Name *
Ross Heintzkill
