Traffic policing configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 348

323

Item

Description

CIR

Set the committed information rate (CIR).

IMPORTANT:

If you apply an IP network segment-based CAR list to an interface, the CIR you defined
takes on different meanings depending on the configurations of the per-IP address rate

limiting function and the shared bandwidth mode for the CAR list.

•

If the per-IP address rate limiting function is not enabled, the CIR specifies the total

bandwidth for the network segment and will be allocated to each IP address based

on its traffic size.

•

If the per-IP address rate limiting function is enabled but the shared bandwidth mode

is not enabled, the CIR specifies bandwidth for each IP address, and the bandwidth

cannot be shared by the other IP addresses in the network segment.

•

If both the per-IP address rate limiting function and the shared bandwidth mode are

enabled, the CIR specifies the total shared bandwidth for the network segment,

which will be dynamically and evenly allocated to traffic by IP address.

For example, apply a CAR list to an interface with 10 Mbps of total bandwidth to perform
per-IP address rate limiting for the network segment 10.1.0.1 to 10.1.0.100. If the shared

bandwidth mode is enabled for the CAR list, you can set the CIR to 10 Mbps at maximum;
if the shared bandwidth mode is not enabled for the CAR list, you can set the CIR to 100

kbps at maximum.

CBS

Set the committed burst size (CBS), that is, the size of burst traffic when the actual
average rate is no bigger than CIR.

EBS

Set the excess burst size (EBS).

Green

Set the action to be taken on conforming packets.

•

Discard—Drops the packets.

•

Pass—Permits the packets to pass through.

Red

Set the action to be taken on excess packets.

•

Discard—Drops the packets.

•

Pass—Permits the packets to pass through.

Traffic policing configuration example

Network requirements

As shown in

Figure 230

, configure SecPath to limit the total rate of traffic that GigabitEthernet 0/1

receives from network segment 2.1.1.1 to 2.1.1.100 to 50 kbps.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer