beautypg.com

Configuring acl-based fixed rate limiting, Configuring acl-based fixed rate, Limiting – Brocade FastIron Ethernet Switch Traffic Management Guide User Manual

Page 67

background image

You can configure ACL-based rate limiting on the following interface types:

Physical Ethernet interfaces

Virtual interfaces

Trunk ports

Specific VLAN members on a port (refer to "Applying an IPv4 ACL to specific VLAN members on a
port (Layer 2 devices only)" section in the FastIron Ethernet Switch Security Configuration Guide ).

A subset of ports on a virtual interface (refer to "Applying an IPv4 ACL to a subset of ports on a
virtual interface (Layer 3 devices only)" section in the FastIron Ethernet Switch Security
Configuration Guide ).

Support for fixed rate limiting and adaptive rate limiting

FastIron devices support the following types of ACL-based rate limiting:

Fixed rate limiting - Enforces a strict bandwidth limit. The device forwards traffic that is within the
limit but either drops all traffic that exceeds the limit, or forwards all traffic that exceeds the limit at
the lowest priority level, according to the action specified in the traffic policy.

Adaptive rate limiting - Enforces a flexible bandwidth limit that allows for bursts above the limit.
You can configure adaptive rate limiting to forward traffic, modify the IP precedence of and forward
traffic, or drop traffic based on whether the traffic is within the limit or exceeds the limit.

Configuring ACL-based fixed rate limiting

Use the procedures in this section to configure ACL-based fixed rate limiting. Before configuring this
feature, see what to consider in

Configuration notes and feature limitations for traffic policies

on page

62.

Fixed rate limiting enforces a strict bandwidth limit. The port forwards traffic that is within the limit. If the
port receives more than the specified number of fragments in a one-second interval, the device either
drops or forwards subsequent fragments in hardware, depending on the action you specify.

To implement the ACL-based fixed rate limiting feature, first create a traffic policy, and then reference
the policy in an extended ACL statement. Lastly, bind the ACL to an interface. Complete the following
steps.

1.

Create a traffic policy. Enter a command such as the following.

device(config)#traffic-policy TPD1 rate-limit fixed 100 exceed-action drop

2.

Create an extended ACL entry or modify an existing extended ACL entry that references the traffic
policy. Enter a command such as the following.

device(config)#access-list 101 permit ip host 10.10.12.2 any traffic-policy TPD1

3.

Bind the ACL to an interface. Enter commands such as the following.

device(config)#interface ethernet 1/1/5

device(config-if-e5)#ip access-group 101 in

device(config-if-e5)#exit

The previous commands configure a fixed rate limiting policy that allows port 1/1/5 to receive a
maximum traffic rate of 100 kbps (100 pkts/s for ICX 6650). If the port receives additional bits
during a given one-second interval, the port drops the additional inbound packets that are received
within that one-second interval.

Syntax: [no] traffic-policy TPDname rate-limit fixed cirvalue exceed-action action remark-cos[
count ]

Syntax: access-list num {permit | deny.... } traffic policy TPDname

Support for fixed rate limiting and adaptive rate limiting

FastIron Ethernet Switch Traffic Management Guide

65

53-1003093-03

See also other documents in the category Brocade Computer Accessories: