Configuring Inbound Rate Limiting on the SecureStack A2

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 11695 

Products
SecureStack A2 

Goals
Inbound Rate Limiting.
Sample configuration. 

Solution
This product supports inbound Rate Limiting which is keyed to the combination of Ethernet Port and 802.1P Priority. 

The command set is demonstrated here:
A2H124-24(su)->set port ratelimit ?

disable Disable ratelimiting globally.
enable Enable ratelimiting globally.
<port-string> Port or range of ports

A2H124-24(su)->set port ratelimit disable ?

<cr>

A2H124-24(su)->set port ratelimit enable ?

<cr>

A2H124-24(su)->set port ratelimit fe.1.1 ?

<priority> Priority or list of priorities.

A2H124-24(su)->set port ratelimit fe.1.1 0 ?

<threshold> Ratelimiting threshold (kiloBytes/sec).

A2H124-24(su)->set port ratelimit fe.1.1 0 1000 ?

disable Disable ratelimiting for this entry.
enable Enable ratelimiting for this entry.

A2H124-24(su)->set port ratelimit fe.1.1 0 1000 disable ?

inbound Limit the inbound traffic.
<index> Resource index for this port.(default: none)
<cr>

A2H124-24(su)->set port ratelimit fe.1.1 0 1000 disable inbound ?

<index> Resource index for this port.(default: none)
<cr>

A2H124-24(su)->set port ratelimit fe.1.1 0 1000 disable inbound 1 ?

<cr>

A2H124-24(su)->set port ratelimit fe.1.1 0 1000 enable ?

inbound Limit the inbound traffic.
<index> Resource index for this port.(default: none)
<cr>

A2H124-24(su)->set port ratelimit fe.1.1 0 1000 enable inbound ?

<index> Resource index for this port.(default: none)
<cr>

A2H124-24(su)->set port ratelimit fe.1.1 0 1000 enable inbound 1 ?

<cr>

A2H124-24(su)->show port ratelimit ?

<port-string> Port or range of ports (default: all ports)
<cr>

A2H124-24(su)->show port ratelimit fe.1.1 ?

<cr>

A2H124-24(su)->clear port ratelimit ?

<port-string> Port or range of ports

A2H124-24(su)->clear port ratelimit fe.1.1 ?

<index> Resource index for this port.(default: none)
<cr>

A2H124-24(su)->clear port ratelimit fe.1.1 1 ?

<cr>

A2H124-24(su)->
This example configuration limits UDP traffic on ports 1-3 to a maximum of 25 megabits per second (3125 kilobytes per second).
With TCP traffic, the effective throughput would be significantly lower, as a result of TCP-initiated retransmissions (11667).

* To set the Rate Limiter
set port ratelimit enable
set port ratelimit fe.1.1-3 0-3 3125 enable inbound
set port ratelimit fe.1.1-3 4-7 3125 enable inbound
* To display the results
show port ratelimit

A2H124-24(su)->show port ratelimit
Global Ratelimiting status is enabled.
Port Threshold Priority
Number Index (KBytes) Action Direction List Status
-------- -------- -------- ------------ ---------- ----------- ---------
fe.1.1 1 3125 discard inbound 0-3 enabled
fe.1.1 2 3125 discard inbound 4-7 enabled
fe.1.2 1 3125 discard inbound 0-3 enabled
fe.1.2 2 3125 discard inbound 4-7 enabled
fe.1.3 1 3125 discard inbound 0-3 enabled
fe.1.3 2 3125 discard inbound 4-7 enabled
fe.1.4 1 64 discard inbound 0-3 disabled
fe.1.4 2 64 discard inbound 4-7 disabled
. . .
fe.1.24 1 64 discard inbound 0-3 disabled
fe.1.24 2 64 discard inbound 4-7 disabled
ge.1.27 1 64 discard inbound 0 disabled
ge.1.27 2 64 discard inbound 0 disabled
ge.1.27 3 64 discard inbound 0 disabled
ge.1.27 4 64 discard inbound 0 disabled
ge.1.27 5 64 discard inbound 0 disabled
ge.1.27 6 64 discard inbound 0 disabled
ge.1.27 7 64 discard inbound 0 disabled
ge.1.27 8 64 discard inbound 0 disabled
ge.1.28 1 64 discard inbound 0 disabled
ge.1.28 2 64 discard inbound 0 disabled
ge.1.28 3 64 discard inbound 0 disabled
ge.1.28 4 64 discard inbound 0 disabled
ge.1.28 5 64 discard inbound 0 disabled
ge.1.28 6 64 discard inbound 0 disabled
ge.1.28 7 64 discard inbound 0 disabled
ge.1.28 8 64 discard inbound 0 disabled
A2H124-24(su)->
* To remove the Rate Limiter
set port ratelimit disable
clear port ratelimit fe.1.1-3
You may alternately use DiffServ (5848), requiring a more complicated configuration (due to its much broader functional range) for the same net effect.
Note that the A2 supports neither the policy nor the cos command sets supported by the C3/C2/B3/B2 sister products. 

See also: 7177.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.