Per-Stream Filtering and Policing (PSFP), standardized in IEEE 802.1Qci, is a mechanism for enhancing fault containment in Time-Sensitive Networking (TSN) domains. This paper examines two limitations of PSFP that challenge the prevailing “zero-fault” perception. First, the Flow Meter inside PSFP measures traffic in Service Data Unit (SDU) bytes—i.e., from the MAC destination address through Frame Check Sequence—while common Ethernet shapers such as the Credit-Based Shaper (CBS) regulate on the full “on-wire” packet length, which includes the SDU plus the 8-byte preamble and 12-byte inter-frame gap. This results in a 20-byte per-frame gap that can increase admissible rates: for minimum-size packets, a talker may exceed its contractual bandwidth by up to 30%, allowing queue build-up. Second, CBS positive-credit recovery phase permits the transmission of bursts, whose size increases with the idleSlope setting. To avoid unintended drops, the Flow Meter’s Committed Burst Size must be set proportionally higher, which can reduce the policing effect and widen the window in which faulty talkers may impact critical streams. Through deterministic analysis with RTaW-Pegase and hardware-in-the-loop experiments on an automotive TSN testbed, we quantify both effects and assess configuration-level mitigations. We then discuss possible standard-evolution options, including SDU-aware byte counting and lower-bound filters for frame sizes, that could address these gaps. The aim of this paper is to guide practitioners toward PSFP configurations that enable effective fault containment and make suggestions for PSFP improvements that could provide even stronger guarantees.
Ladeira et al. (Tue,) studied this question.