Products
C5-Series, all firmware
C3-Series, firmware 1.01.01.0039 and higher
C2-Series, firmware 3.03.23 and higher
B5-Series, all firmware
B3-Series, firmware 1.01.01.0039 and higher
B2-Series, firmware 3.00.14 and higher
Goals
Create a variety of Inbound Rate Limiters (IRL) for demonstration purposes.
The sample configuration presented below will constrain nine sets of port pairs so that each set will limit its traffic, in both directions, to a specific bandwidth unique to that pair. The rate limiting capabilities of the SecureStacks may then be tested by establishing the actual throughput of traffic traversing these port pairs.
The goal is to achieve the following:
- Ports 1 & 13 should limit to 256 kilobits per second (kb/s).
- Ports 2 & 14 should limit to 512 kb/s.
- Ports 3 & 15 should limit to 1 megabit per second (Mb/s).
- Ports 4 & 16 should limit to 2 Mb/s.
- Ports 5 & 17 should limit to 4 Mb/s.
- Ports 6 & 18 should limit to 5 Mb/s.
- Ports 7 & 19 should limit to 8 Mb/s.
- Ports 8 & 20 should limit to 10 Mb/s.
- Ports 9 & 21 should limit to 100 Mb/s.
Solution
Set up a profile/role for each rate limit to be defined.
code:
set policy profile 1 name "limit_256kbps" cos-status enable cos 8
code:
set policy profile 2 name "limit_512kbps" cos-status enable cos 9
code:
set policy profile 3 name "limit_1Mbps" cos-status enable cos 10
code:
set policy profile 4 name "limit_2Mbps" cos-status enable cos 11
code:
set policy profile 5 name "limit_4Mbps" cos-status enable cos 16
code:
set policy profile 6 name "limit_5Mbps" cos-status enable cos 20
code:
set policy profile 7 name "limit_8Mbps" cos-status enable cos 32
code:
set policy profile 8 name "limit_10Mbps" cos-status enable cos 40
code:
set policy profile 9 name "limit_100Mbps" cos-status enable cos 255
Statically assign each role to a pair of test ports. Each role will thus only apply its designated Class of Service to the traffic ingressing its port pairs.
code:
set policy port ge.1.1 1
code:
set policy port ge.1.2 2
code:
set policy port ge.1.3 3
code:
set policy port ge.1.4 4
code:
set policy port ge.1.5 5
code:
set policy port ge.1.6 6
code:
set policy port ge.1.7 7
code:
set policy port ge.1.8 8
code:
set policy port ge.1.9 9
code:
set policy port ge.1.13 1
code:
set policy port ge.1.14 2
code:
set policy port ge.1.15 3
code:
set policy port ge.1.16 4
code:
set policy port ge.1.17 5
code:
set policy port ge.1.18 6
code:
set policy port ge.1.19 7
code:
set policy port ge.1.20 8
code:
set policy port ge.1.21 9
Enable Class of Service, which will be needed to use Inbound Rate Limiting.
code:
set cos state enable
Define the role-referencing cos values (range
code:
) to leave the traffic at priority 0-255
code:
(range 0
code:
) and to point to a unique logical IRL instance (range 0-7
code:
). This configuration purposely avoids cos values 0-99
code:
because here the priority does not match the cos (10323).0-7
code:
set cos settings 8 priority 0 irl-reference 1
code:
set cos settings 9 priority 0 irl-reference 2
code:
set cos settings 10 priority 0 irl-reference 4
code:
set cos settings 11 priority 0 irl-reference 8
code:
set cos settings 16 priority 0 irl-reference 16
code:
set cos settings 20 priority 0 irl-reference 20
code:
set cos settings 32 priority 0 irl-reference 32
code:
set cos settings 40 priority 0 irl-reference 40
code:
set cos settings 255 priority 0 irl-reference 99
Map each logical IRL instance (range
code:
) to a hardware-based IRL instance (0-99
code:
).0-99
code:
set cos reference irl 0.0 1 rate-limit 1
code:
set cos reference irl 0.0 2 rate-limit 2
code:
set cos reference irl 0.0 4 rate-limit 4
code:
set cos reference irl 0.0 8 rate-limit 8
code:
set cos reference irl 0.0 16 rate-limit 16
code:
set cos reference irl 0.0 20 rate-limit 20
code:
set cos reference irl 0.0 32 rate-limit 32
code:
set cos reference irl 0.0 40 rate-limit 40
code:
set cos reference irl 0.0 99 rate-limit 99
Define the behavior of each hardware-based IRL instance (
code:
).0-99
code:
set cos port-resource irl 0.0 1 unit kbps rate 256 type drop syslog enable trap enable
code:
set cos port-resource irl 0.0 2 unit kbps rate 512 type drop syslog enable trap enable
code:
set cos port-resource irl 0.0 4 unit kbps rate 1000 type drop syslog enable trap enable
code:
set cos port-resource irl 0.0 8 unit kbps rate 2000 type drop syslog enable trap enable
code:
set cos port-resource irl 0.0 16 unit kbps rate 4000 type drop syslog enable trap enable
code:
set cos port-resource irl 0.0 20 unit kbps rate 5000 type drop syslog enable trap enable
code:
set cos port-resource irl 0.0 32 unit kbps rate 8000 type drop syslog enable trap enable
code:
set cos port-resource irl 0.0 40 unit kbps rate 10000 type drop syslog enable trap enable
code:
set cos port-resource irl 0.0 99 unit kbps rate 100000 type drop syslog enable trap enable
View the results.
code:
show config policy
code:
show policy profile all
code:
show config cos
code:
show cos state
code:
show cos settings
code:
show cos reference
code:
show cos port-resource
For Inbound Rate Limiting you may alternately use DiffServ (5848), if your B3/B2 is not Policy-licensed (5781).