beautypg.com

Clearing rate-limit counters, Layer 2 acl-based rate limiting, Configuration rules and notes – Brocade Multi-Service IronWare QoS and Traffic Management Configuration Guide (Supporting R05.6.00) User Manual

Page 49

background image

Multi-Service IronWare QoS and Traffic Management Configuration Guide

35

53-1003037-02

Layer 2 ACL-based rate limiting

2

Clearing rate-limit counters

You can clear rate-limit counters using the following command:

Brocade# clear rate-limit counters ipv6-subnet

Syntax: clear rate-limit counters ipv6-subnet

Layer 2 ACL-based rate limiting

Layer 2 ACL-based rate limiting enables devices to limit the rate of incoming traffic in hardware,
without CPU intervention. Rate limiting in hardware enables the device to manage bandwidth at
line-rate speed.

In general, Layer 2 ACL-based rate limiting works along the same lines as hardware-based rate
limiting feature. All the rules and regulations that apply to hardware-based rate limiting also apply
to this feature.

Configuration rules and notes

You can apply Layer 2 ACL-based rate limiting on a physical port. You cannot apply it to a virtual
interface or a LAG port.

You cannot use IPv4 ACL-based filtering and Layer 2 ACL-based rate limiting on the same port.
You can, however, configure one port on the device to use IP ACLs and another port on the
same device to use Layer 2 ACL-based rate limiting.

You cannot use IPv4 ACL-based rate limiting and Layer 2 ACL-based rate limiting on the same
port. You can, however, configure one port on the device to use IPv4 ACL-base rate limiting and
another port on the same device to use Layer 2 ACL-based rate limiting.

You can bind multiple rate limiting policies to a single port. However, once a matching ACL
clause is found for a packet, the device does not evaluate subsequent clauses in that rate
limiting ACL and subsequent rate limiting ACLs.

Only number ACLs support rate limiting

Layer 2 rate limiting ACLs will function with vlan-cpu-protection, broadcast and multicast
limiting features. If incoming traffic matches an inbound Layer 2 rate limiting ACL, it is first
rate-limited based on the policy. If packets are not dropped due to rate limiting, they are
forwarded either to the CPU or flooded in the VLAN according to the vlan-cpu-protection
feature.

NOTE

The above behavior applies only for the Brocade NetIron XMR and Brocade MLX series, not for the
Brocade NetIron CES and Brocade NetIron CER. For the Brocade NetIron CES and Brocade NetIron
CER platforms, once the broadcast and multicast limiting features are enabled, these limits will take
precedence over the defined port rate-limit.

The broadcast and multicast packet limiting feature limits packets in the CPU, while the Layer
2 ACL RL is a network processing (NP) RL feature. Packets are first subjected to the Layer 2
ACL RL at the NP. Once packets are forwarded to CPU, the broadcast and multicast limiting
feature begins functioning and packets may be dropped in the CPU if the rate exceeds the
limit.

See also other documents in the category Brocade Computer Accessories: