04-01-2021 05:51 PM
Hi,
I am looking for some clarity on rate-limiting traffic on a port basis. I have a 1G connection that I want to split into two 500Mbps links by using rate limiting on ports.
VSP4K
I just want to confirm my understanding as it differs from VSP7K to 4K.
If I want to rate limit port 2 for example, do I need to use both ingress and egress ?
(config)#int gigabitEthernet ½
(config-if)#qos if-policer peak-rate 512000 svc-rate 512000
(config-if)#qos if-shaper shape-rate 512000
Steve
Solved! Go to Solution.
04-20-2021 12:09 PM
The usual approach is that the provider (yourself) applies an ingress policer on the port.
While the customer (Customer A / Customer B) would use an egress shaper on their own equipment, facing up to your port.
An ingress policer is cruder; you bandwidth limit the port, and if the bandwidth is exceeded you do not really care what traffic you drop (though a dual-rate policer can be more accomodating than a single-rate policer). A policer does not look at QoS markings, because there is typically no buffering at ingress anyway.
An egress shaper ties into QoS egress buffering (where buffers are always present). Which is handy for the customer’s perspective; if the link utilization reaches the shaper rate, then QoS automatically ensures that only the most precious traffic makes use of that bandwidth.
Coming to the VSPs, they all support egress shaping, but ingress policing varies across the platforms. But you are in luck, the VSP4k does and it support a dual rate policer.
However the policer is on a per-port basis.
So if you wanted to apply different policers to different VLANs on the same port, you would have to use some hairpin connections to separate the 2 VLANs into 2 separate ports, then apply the respective policers to those ports.
04-20-2021 12:09 PM
The usual approach is that the provider (yourself) applies an ingress policer on the port.
While the customer (Customer A / Customer B) would use an egress shaper on their own equipment, facing up to your port.
An ingress policer is cruder; you bandwidth limit the port, and if the bandwidth is exceeded you do not really care what traffic you drop (though a dual-rate policer can be more accomodating than a single-rate policer). A policer does not look at QoS markings, because there is typically no buffering at ingress anyway.
An egress shaper ties into QoS egress buffering (where buffers are always present). Which is handy for the customer’s perspective; if the link utilization reaches the shaper rate, then QoS automatically ensures that only the most precious traffic makes use of that bandwidth.
Coming to the VSPs, they all support egress shaping, but ingress policing varies across the platforms. But you are in luck, the VSP4k does and it support a dual rate policer.
However the policer is on a per-port basis.
So if you wanted to apply different policers to different VLANs on the same port, you would have to use some hairpin connections to separate the 2 VLANs into 2 separate ports, then apply the respective policers to those ports.
04-08-2021 05:35 PM
If I can rephrase the ask
The goal is:
We have a 1 Gbps internet connection is being shared by CompanyA and CompanyB. Company A will use VLAN A, Company B have VLAN B, we want to ensure that either company can only utilize 500Mbps at a time.
I was thinking of doing this on the VSP4K ports as close to the border router as possible and use port-based limiting, maybe there is a better way to achieve the same goal ?