Brocade BigIron RX Series Configuration Guide User Manual

Page 596

Advertising
background image

518

BigIron RX Series Configuration Guide

53-1002484-04

Configuring rate limiting policies

19

You can apply an ACL ID to a port-and-ACL-based rate limiting policy before you define the ACL.
The rate limiting policy does not take effect until the ACL is defined.

It is not necessary to remove an ACL from a port-and-ACL-based rate limiting policy before
deleting the ACL.

Refer to the

Chapter 22, “Access Control List”

for details on how to configure ACLs.

To configure a port-and-ACL-based rate limiting policy, enter commands such as the following.

BigIron RX(config)# access-list 50 permit host 1.1.1.2

BigIron RX(config)# access-list 50 deny host 1.1.1.3

BigIron RX(config)# access-list 60 permit host 2.2.2.3

BigIron RX(config)# interface ethernet 1/5

BigIron RX(config-if-e1000-1/5)# rate-limit in access-group 50 500000000

750000000

Average rate is adjusted to 499321856 bits per second

BigIron RX(config-if-e1000-1/5)# rate-limit in access-group 60 100000000

200000000

Average rate is adjusted to 97523712 bits per second

These commands first configure access-list groups that contain the ACLs that will be used in the
rate limiting policy. Use the permit condition for traffic that will be rate limited. Traffic that match
the condition are not subject to rate limiting and allowed to pass through. Refer to

“Configuring a

port-and-IPv6 ACL-based traffic reduction”

on page 518 for information on how to drop traffic that

matches deny conditions.

Next, the commands configure two rate limiting policies on port 1/5. The policies limit the rate of
all inbound IP traffic that match the permit rules of ACLs 50 and 60. The first policy limits the rate
of all permitted IP traffic from host 1.1.1.2 to an requested rate of 500 Mbps with a maximum burst
size of 750 Mbps. Rate of all traffic from host 1.1.1.3 is not subject to rate limiting since it is denied
by ACL 50; it is merely forwarded on the port.

The second policy limits the rate of all IP traffic from host 2.2.2.3 to an requested rate of 100 Mbps
with a maximum burst size of 200 Mbits.

All IP traffic that does not match ACLs 50 and 60 are not subject to rate limiting.

Syntax: [no] rate-limit in access-group <number> | named-access-group <ACL-name>

<requested-rate> <maximum-burst>

The access-group <number> parameter or the named-access-group <acl-name> specifies the ACL
used in the policy.

For information on the other parameters, refer to

“Configuring a port-based rate limiting policy”

on

page 514.

For information on the number of ACL-based rate limiting policies that can be configured, refer to
the

“Configuration considerations”

on page 513.

Configuring a port-and-IPv6 ACL-based traffic reduction

The port-and-IPV6 ACL-based rate limiting limits the rate of traffic on individual physical ports that
match the permit conditions of an IPV6 ACL. Traffic that matches the deny condition is not subject
to rate limiting.

For example, the following commands in the Global Config mode configure the IPv6 access-list
"sample" to permit any traffic from the 10:10::0:0/64 network and deny all other traffic.

Advertising
Popular Brands
Popular manuals