How port-based fixed rate limiting works, Rate limiting in hardware – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

274

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Port-based rate limiting

How port-based fixed rate limiting works

Fixed rate limiting counts the number of packets that a port receives, in one second intervals. If the
number exceeds the maximum number you specify when you configure the rate, the port drops all
further inbound packets for the duration of the one-second interval.

After the one-second interval is complete, the port clears the counter and re-enables traffic.

Figure 15

shows an example of how Fixed rate limiting works. In this example, a Fixed rate limiting

policy is applied to a port to limit the inbound traffic to 500000 packets a second. During the first
two one-second intervals, the port receives less than 500000 packets in each interval. However,
the port receives more than 500000 packets during the third and fourth one-second intervals, and
consequently drops the excess traffic.

FIGURE 15

Fixed rate limiting

NOTE

The software counts the packets by polling statistics counters for the port every 100 milliseconds,
which provides 10 readings each second. Due to the polling interval, the Fixed Rate Limiting policy
has an accuracy of within 10% of the port's line rate. It is therefore possible for the policy to
sometimes allow more traffic than the limit you specify, but the extra traffic is never more than 10%
of the port's line rate.

Rate limiting in hardware

Each Brocade device supports in hardware rate limiting at line-rate. The device creates entries in
Content Addressable Memory (CAM) for the rate limiting policies. The CAM entries enable the
device to perform the rate limiting in hardware instead of sending the traffic to the CPU. The device
sends the first packet in a given traffic flow to the CPU, which creates a CAM entry for the traffic
flow. A CAM entry consists of the source and destination addresses of the traffic. The device uses
the CAM entry for rate limiting all the traffic within the same flow. A rate limiting CAM entry remains
in the CAM for two minutes before aging out.

Zero bps

Beginning of
one-second
interval

500000 bps (62500 bytes)

The Fixed Rate Limiting policy
allows up to 500000 bits
(62500 bytes) of inbound traffic
during each one-second interval.

Once the maximum rate is reached,
all additional traffic within the
one-second interval is dropped.

One-second

interval

One-second

interval

One-second

interval

One-second

interval