This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Sample Inbound Rate Limiter configuration for the SecureStacks

Sample Inbound Rate Limiter configuration for the SecureStacks

FAQ_User
Extreme Employee

‎11-19-2014 03:25 PM

Article ID: 11321

Products
C5-Series, all firmware
C3-Series, firmware 1.01.01.0039 and higher
C2-Series, firmware 3.03.23 and higher
B5-Series, all firmware
B3-Series, firmware 1.01.01.0039 and higher
B2-Series, firmware 3.00.14 and higher

Goals
Create a variety of Inbound Rate Limiters (IRL) for demonstration purposes.

The sample configuration presented below will constrain nine sets of port pairs so that each set will limit its traffic, in both directions, to a specific bandwidth unique to that pair. The rate limiting capabilities of the SecureStacks may then be tested by establishing the actual throughput of traffic traversing these port pairs.

The goal is to achieve the following:
    Ports 1 & 13 should limit to 256 kilobits per second (kb/s).
  • Ports 2 & 14 should limit to 512 kb/s.
  • Ports 3 & 15 should limit to 1 megabit per second (Mb/s).
  • Ports 4 & 16 should limit to 2 Mb/s.
  • Ports 5 & 17 should limit to 4 Mb/s.
  • Ports 6 & 18 should limit to 5 Mb/s.
  • Ports 7 & 19 should limit to 8 Mb/s.
  • Ports 8 & 20 should limit to 10 Mb/s.
  • Ports 9 & 21 should limit to 100 Mb/s.
See also: 5821 and 11667.

Solution
Set up a profile/role for each rate limit to be defined.

code:
set policy profile 1 name "limit_256kbps" cos-status enable cos 8

code:
set policy profile 2 name "limit_512kbps" cos-status enable cos 9

code:
set policy profile 3 name "limit_1Mbps" cos-status enable cos 10

code:
set policy profile 4 name "limit_2Mbps" cos-status enable cos 11

code:
set policy profile 5 name "limit_4Mbps" cos-status enable cos 16

code:
set policy profile 6 name "limit_5Mbps" cos-status enable cos 20

code:
set policy profile 7 name "limit_8Mbps" cos-status enable cos 32

code:
set policy profile 8 name "limit_10Mbps" cos-status enable cos 40

code:
set policy profile 9 name "limit_100Mbps" cos-status enable cos 255


Statically assign each role to a pair of test ports. Each role will thus only apply its designated Class of Service to the traffic ingressing its port pairs.

code:
set policy port ge.1.1 1

code:
set policy port ge.1.2 2

code:
set policy port ge.1.3 3

code:
set policy port ge.1.4 4

code:
set policy port ge.1.5 5

code:
set policy port ge.1.6 6

code:
set policy port ge.1.7 7

code:
set policy port ge.1.8 8

code:
set policy port ge.1.9 9

code:
set policy port ge.1.13 1

code:
set policy port ge.1.14 2

code:
set policy port ge.1.15 3

code:
set policy port ge.1.16 4

code:
set policy port ge.1.17 5

code:
set policy port ge.1.18 6

code:
set policy port ge.1.19 7

code:
set policy port ge.1.20 8

code:
set policy port ge.1.21 9


Enable Class of Service, which will be needed to use Inbound Rate Limiting.

code:
set cos state enable


Define the role-referencing cos values (range
code:
0-255
) to leave the traffic at priority
code:
0
(range
code:
0-7
) and to point to a unique logical IRL instance (range
code:
0-99
). This configuration purposely avoids cos values
code:
0-7
because here the priority does not match the cos (10323).

code:
set cos settings 8 priority 0 irl-reference 1

code:
set cos settings 9 priority 0 irl-reference 2

code:
set cos settings 10 priority 0 irl-reference 4

code:
set cos settings 11 priority 0 irl-reference 8

code:
set cos settings 16 priority 0 irl-reference 16

code:
set cos settings 20 priority 0 irl-reference 20

code:
set cos settings 32 priority 0 irl-reference 32

code:
set cos settings 40 priority 0 irl-reference 40

code:
set cos settings 255 priority 0 irl-reference 99


Map each logical IRL instance (range
code:
0-99
) to a hardware-based IRL instance (
code:
0-99
).

code:
set cos reference irl 0.0 1 rate-limit 1

code:
set cos reference irl 0.0 2 rate-limit 2

code:
set cos reference irl 0.0 4 rate-limit 4

code:
set cos reference irl 0.0 8 rate-limit 8

code:
set cos reference irl 0.0 16 rate-limit 16

code:
set cos reference irl 0.0 20 rate-limit 20

code:
set cos reference irl 0.0 32 rate-limit 32

code:
set cos reference irl 0.0 40 rate-limit 40

code:
set cos reference irl 0.0 99 rate-limit 99


Define the behavior of each hardware-based IRL instance (
code:
0-99
).

code:
set cos port-resource irl 0.0 1 unit kbps rate 256 type drop syslog enable trap enable

code:
set cos port-resource irl 0.0 2 unit kbps rate 512 type drop syslog enable trap enable

code:
set cos port-resource irl 0.0 4 unit kbps rate 1000 type drop syslog enable trap enable

code:
set cos port-resource irl 0.0 8 unit kbps rate 2000 type drop syslog enable trap enable

code:
set cos port-resource irl 0.0 16 unit kbps rate 4000 type drop syslog enable trap enable

code:
set cos port-resource irl 0.0 20 unit kbps rate 5000 type drop syslog enable trap enable

code:
set cos port-resource irl 0.0 32 unit kbps rate 8000 type drop syslog enable trap enable

code:
set cos port-resource irl 0.0 40 unit kbps rate 10000 type drop syslog enable trap enable

code:
set cos port-resource irl 0.0 99 unit kbps rate 100000 type drop syslog enable trap enable


View the results.

code:
show config policy

code:
show policy profile all


code:
show config cos

code:
show cos state

code:
show cos settings

code:
show cos reference

code:
show cos port-resource


For Inbound Rate Limiting you may alternately use DiffServ (5848), if your B3/B2 is not Policy-licensed (5781).
0 Kudos
0 REPLIES 0
GTM-P2G8KFN