Rate-limit
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-20-2014 10:01 AM
Hi everybody.
I have two Summit x670 (15.4.1.3) switches and I'd like to limit inbound broadcast, multicast and unknown unicast packets on specific ports. So, I've configured rate-limit to 500pps.
config port 3 rate-limit flood broadcast 500
config port 3 rate-limit flood multicast 500
config port 3 rate-limit flood unknown-destmac 500Then I see the output of "show ports 3 stat" command. I see only 10-20 pps, but Flood Rate Exceeded counter is increasing and I have log messages like
Flood Rate Limiting activated on Port 3
I have two Summit x670 (15.4.1.3) switches and I'd like to limit inbound broadcast, multicast and unknown unicast packets on specific ports. So, I've configured rate-limit to 500pps.
config port 3 rate-limit flood broadcast 500
config port 3 rate-limit flood multicast 500
config port 3 rate-limit flood unknown-destmac 500Then I see the output of "show ports 3 stat" command. I see only 10-20 pps, but Flood Rate Exceeded counter is increasing and I have log messages like
Flood Rate Limiting activated on Port 3
23 REPLIES 23
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-23-2016 05:54 AM
Hi, I believe a fix is included in 21.1 for this feature. You might want to try if you have G2.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-23-2016 05:44 AM
Hi,
currently i fight on the same line - means i use rate-limit (1000pps on a 1GB Link) and wonder why rate-limit exceeded and the counters are far away from this 1000pps threshold.
I use a X670V-G2. i use rate-limit to avoid loops because RSTP is to complex to setup in my environment (that it works with netlogin and is compatible to enterasys).
So i think because the new (G2 Switches) are measures based on the mentioned 15,6 micro-secs time slots (tokens) the configured CLI threshold in packets per second will never working reliable. Means the ASIC cannot measure the configured CLI limit in pps reliable.
I think there is currently (nearly) an ON - OFF Situation regarding rate-limits.If you turn it on, set it to the max value 262144 - because then max. 4 Packets per time slot (15,625 micro-secs) are allowed OR at least to a value 131072 then 2 Packets allowed.
This is step back / disadvantage compared to the G1 Switch Platform - normally we expect the Switch will offer better features!
Currently there is a KB Article which explain that:
"How to rate-limit implement on EXOS platforms?" KB2628
Are my understandings right ? If not please correct me.
Regards
currently i fight on the same line - means i use rate-limit (1000pps on a 1GB Link) and wonder why rate-limit exceeded and the counters are far away from this 1000pps threshold.
I use a X670V-G2. i use rate-limit to avoid loops because RSTP is to complex to setup in my environment (that it works with netlogin and is compatible to enterasys).
So i think because the new (G2 Switches) are measures based on the mentioned 15,6 micro-secs time slots (tokens) the configured CLI threshold in packets per second will never working reliable. Means the ASIC cannot measure the configured CLI limit in pps reliable.
I think there is currently (nearly) an ON - OFF Situation regarding rate-limits.If you turn it on, set it to the max value 262144 - because then max. 4 Packets per time slot (15,625 micro-secs) are allowed OR at least to a value 131072 then 2 Packets allowed.
This is step back / disadvantage compared to the G1 Switch Platform - normally we expect the Switch will offer better features!
Currently there is a KB Article which explain that:
"How to rate-limit implement on EXOS platforms?" KB2628
Are my understandings right ? If not please correct me.
Regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-04-2015 12:25 PM
Hi,
if you want to stick to a pps measuring, apply a meter, otherwise yes, the newer chipsets are not working anymore at the /s sampling rate. This is the reason why you may hit the rate-limit while you don't have that much of traffic on a per second time basis.
As for tcpdump (I saw it mentioned in this thread), if you plan to use it keep in mind that you're sniffing in software, so it takes potentially a lot of resources, which may have a bad side effect. So take care with that. Port mirroring is happening in hardware, it's better to use it.
if you want to stick to a pps measuring, apply a meter, otherwise yes, the newer chipsets are not working anymore at the /s sampling rate. This is the reason why you may hit the rate-limit while you don't have that much of traffic on a per second time basis.
As for tcpdump (I saw it mentioned in this thread), if you plan to use it keep in mind that you're sniffing in software, so it takes potentially a lot of resources, which may have a bad side effect. So take care with that. Port mirroring is happening in hardware, it's better to use it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-04-2015 12:25 PM
Thanks, useful advice.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-04-2015 04:39 AM
Hi everybody.
It might be interesting for somebody. I've got some explanations from TAC. My problem with rate-limit is peculiarity or feature of platform.
One second is divided into 15.625 microseconds intervals. The rate-limiting mechanism occurs when the platform receives lots of packets in one 15.625 microsecond interval.
For example. I've configured
conf ports 25 rate-limit flood broadcast 100000
Rate-limiting mechanism occurs when the box receives ~1.5 packet in 15.625 microsecond.
It might be interesting for somebody. I've got some explanations from TAC. My problem with rate-limit is peculiarity or feature of platform.
One second is divided into 15.625 microseconds intervals. The rate-limiting mechanism occurs when the platform receives lots of packets in one 15.625 microsecond interval.
For example. I've configured
conf ports 25 rate-limit flood broadcast 100000
Rate-limiting mechanism occurs when the box receives ~1.5 packet in 15.625 microsecond.
