Extreme Networks

EF · ‎07-05-2023

Hi team!!

In order to protect an special device (IoT) we want limit the number of unicast packets delivered by one port (maybe in VLAN would be usefull if in port is not possible).

I see that ERS/VSP has rate limit for broadcast and multicast traffic but not unicast.

Is there any way or technic to achieve this?

Thanks a lot!!

EF

Jamestibbets · ‎07-05-2023

@EF wrote:
Hi team!!
In order to protect an special device (IoT) we want limit the number of unicast packets delivered by one port (maybe in VLAN would be usefull if in port is not possible).
I see that ERS/VSP has rate limit for broadcast and multicast traffic but not unicast. MyAccountAccess
Is there any way or technic to achieve this?
Thanks a lot!!
EF

Hello,

In ERS/VSP switches, rate limiting based on the number of unicast packets is not a built-in feature. The rate limiting capabilities in these switches typically focus on broadcast and multicast traffic.

However, there are alternative approaches you can consider to achieve your goal of limiting the number of unicast packets delivered by a specific port or VLAN:

Traffic policing: You can use traffic policing to limit the overall bandwidth usage of a port or VLAN. While this won't directly limit the number of unicast packets, it can effectively restrict the amount of traffic that can be transmitted, which indirectly limits the number of packets.

VLAN-based filtering: If you want to limit unicast packets within a specific VLAN, you can consider using VLAN-based filtering techniques. For example, you can configure a VLAN access control list (VACL) to drop or rate limit specific types of unicast traffic within the VLAN.

Access control lists (ACLs): You can apply ACLs to specific ports or VLAN interfaces to control the traffic flow. By defining rules in the ACL, you can permit or deny specific types of unicast packets based on various criteria such as source/destination IP address, source/destination port, etc. You can also set rate limits within the ACL to control the rate of specific unicast traffic.

View solution in original post

Jamestibbets · ‎07-05-2023

@EF wrote:
Hi team!!
In order to protect an special device (IoT) we want limit the number of unicast packets delivered by one port (maybe in VLAN would be usefull if in port is not possible).
I see that ERS/VSP has rate limit for broadcast and multicast traffic but not unicast. MyAccountAccess
Is there any way or technic to achieve this?
Thanks a lot!!
EF

Hello,

In ERS/VSP switches, rate limiting based on the number of unicast packets is not a built-in feature. The rate limiting capabilities in these switches typically focus on broadcast and multicast traffic.

However, there are alternative approaches you can consider to achieve your goal of limiting the number of unicast packets delivered by a specific port or VLAN:

Traffic policing: You can use traffic policing to limit the overall bandwidth usage of a port or VLAN. While this won't directly limit the number of unicast packets, it can effectively restrict the amount of traffic that can be transmitted, which indirectly limits the number of packets.

VLAN-based filtering: If you want to limit unicast packets within a specific VLAN, you can consider using VLAN-based filtering techniques. For example, you can configure a VLAN access control list (VACL) to drop or rate limit specific types of unicast traffic within the VLAN.

Access control lists (ACLs): You can apply ACLs to specific ports or VLAN interfaces to control the traffic flow. By defining rules in the ACL, you can permit or deny specific types of unicast packets based on various criteria such as source/destination IP address, source/destination port, etc. You can also set rate limits within the ACL to control the rate of specific unicast traffic.

dgme · 2 weeks ago

To limit the number of unicast packets delivered by a port or VLAN on an Extreme Networks device (ERS/VSP), you can utilize rate limiting features such as Port-Based Rate Limiting or VLAN-Based Rate Limiting. While these features primarily focus on controlling the rate of traffic (in bits per second), they can indirectly limit the number of packets as well.

Here's how you can achieve this:

Port-Based Rate Limiting: Configure rate limiting directly on the port where the IoT device is connected. This will limit the overall bandwidth usage of the port, which indirectly limits the number of packets that can be sent/received.
VLAN-Based Rate Limiting: If multiple IoT devices are connected to the same VLAN, you can apply rate limiting at the VLAN level to control the aggregate traffic from all devices in that VLAN.
Quality of Service (QoS): You can prioritize or deprioritize certain types of traffic using QoS policies. By deprioritizing unicast traffic from the IoT device, you can effectively limit its impact on other devices or applications.
Traffic Filtering and ACLs: Implement access control lists (ACLs) or traffic filtering policies to selectively allow or deny certain types of traffic. This can help prevent excessive unicast traffic from reaching other devices.
Monitoring and Analysis: Use network monitoring tools to analyze traffic patterns and identify any devices generating excessive unicast traffic. Once identified, you can take appropriate action to limit or control their traffic.

Keep in mind that while rate limiting can help control the amount of traffic, it may not directly limit the number of packets. However, by effectively managing the bandwidth available to the IoT device, you can indirectly achieve your goal of limiting unicast packet delivery.

Consult the documentation and configuration guides specific to your Extreme Networks device model for detailed instructions on implementing rate limiting and other traffic management features. If you need further assistance, feel free to ask! DGme

Extreme Networks

ERS/VOSS - Is it possible to rate-limit on port/VLAN based on the number of unicast packets ?

ERS/VOSS - Is it possible to rate-limit on port/VLAN based on the number of unicast packets ?