Header Only - DO NOT REMOVE - Extreme Networks

SecureStack Rate Limiting not Functioning as Expected for Untagged Traffic

Userlevel 3
Article ID: 7177

Matrix C2
SecureStack C2
Firmware 3.03.38 and lower
SecureStack B2
Firmware 3.00.18 and lower
NetSight Policy Manager
Version 2.0.1 and lower

Rate limiting

Rate limiting not functioning for untagged traffic
'set port ratelimit'

802.1Q-VLAN-tagged traffic can be rate limited according to its priority association based on policy.

Untagged traffic, on the other hand, cannot be rate limited according to its priority association based on policy or ingress port priority. This is because priority based (port) rate limiters are applied by hardware prior to packet classification. The impact of this is that all non-priority tagged traffic will have the limiter associated with the default queue (queue 0) applied. This is true even if the packet is later classified to a new priority level. If, however, a rate limit is created for priority 0, all priority (0-7) untagged traffic will be rate limited.

Upgrade to Policy Manager 2.1 or higher, and use Role Based Rate Limiting.

Role Based Rate Limiting provides a very granular rate limiting solution. Unlike our traditional Priority Based Rate Limiting, role based enables rate limits to be assigned at the role and rule level rather than assigning rate limits to 802.1p priority queues.

Release notes state:
Policy Manager now supports inbound role-based rate limiting on SecureStack C2/B2 Devices.

This also requires the use of C2 firmware 4.00.24 or higher, and/or B2 firmware 3.01.16 or higher.

0 replies

Be the first to reply!