Developing a PPS inbound rate limit for N-Series

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 7537 

Products
Matrix N-Series DFE 

Goals
Inbound Rate Limiting (IRL) to a maximum number of Packets Per Second (PPS).
Sample configuration for rate limit at 100 PPS. 

Solution
This configuration uses an LLC frame as an example of a packet to rate limit to no more than 100 packets per second. It is classified via a policy rule to a Class of Service, and then rate limited accordingly. Other packet types may as desired be controlled by varying the policy classification rule(s), and all of this configuration of course is highly tailorable as well. 

In this config breakout, the sequence of the various command groups has been rearranged (from the order seen in the output of a 'show config') to present the commands in a more readily explainable, logical sequence. 

Invoke the Class of Service from a Policy Profile/Role 

This Role (3) assigns a Class of Service (4) to all LLC traffic entering port fe.1.48.

# policy
set policy profile 3 name LLC
set policy rule admin-profile port fe.1.48 mask 16 port-string fe.1.48 admin-pid 3
set policy rule 3 llcDsapSsap 0a-0a-00-0000 mask 16 forward cos 4 syslog enable
!
Assign the Class of Service to the features it will provide 

This command sets the Class of Service (4) so that it maps to a Reference# (5). The associated 802.1p priority is left unstated, so defaults to the same value as the cos (4).

# cos settings
set cos settings 4 irl-reference 5
!
Map the Reference# to the Inbound Rate Limiter 

Group/Index 0.0 will affect the few blade models for which rate limiters 0-31 are available, and0.1 will affect the remaining blade models for which rate limiters 0-7 are available ('show cos port-type irl'). If you only have one type of hardware, you may omit the otherwise-unused commands. 

This command maps the Group/Index and Reference# (5) to the hardware-based Inbound Rate Limiter (6).

# cos reference
set cos reference irl 0.0 5 rate-limit 6
set cos reference irl 0.1 5 rate-limit 6
!
Define the characteristics of the Inbound Rate Limiter 

This command reiterates the Group/Index and hardware Inbound Rate Limiter (6), defining the combination to not exceed 100 PPS (the specified range must be within 1-100 pps) and to syslog when the limit is exceeded.

# cos port-resource
set cos port-resource irl 0.0 6 unit pps rate 100 syslog enable
set cos port-resource irl 0.1 6 unit pps rate 100 syslog enable
!
Enable Class of Service processing 

This command overrides the Port-based Rate Limiting concept in which for each port all priorities are each mapped to a defined inbound or outbound rate limiter (7345) - thus allowing all of the above structure to function as expected.

# cos state
set cos state enable
!
See also: 11731.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.