Configuring fixed rate limiting

Configuration notes for traffic policies

Consider the following points carefully before configuring traffic policies:

Traffic policies apply to IP ACLs only.

The maximum number of active TPDs (traffic policy definitions) supported by Brocade ICX 6650 is 896.

You can reference the same traffic policy in more than one ACL entry within an ACL. For example, two or more ACL statements in ACL 101 can reference a TPD named TPD1.

You can reference the same traffic policy in more than one ACL. For example, ACLs 101 and 102 could both reference a TPD named TPD1.

Rate limits and ACL counting are applied at the traffic policy level, and are cumulative across ACLs and ACL entries on which they are applied. However, they are not cumulative across port regions. As Brocade ICX 6650 has a single port region, traffic policies defined on Brocade ICX 6650 are cumulative across the device.

For all types of rate limiting on Brocade ICX 6650 (ACL-based; Port-based; and Broadcast, unknown Unicast, and Multicast rate limiting) the minimum value is 125 packets and can be increased in steps of 125 packets.

To modify or delete an active traffic policy, you must first unbind the ACL that references the traffic policy.

Configuring fixed rate limiting

Fixed rate limiting enforces a strict bandwidth limit. The port forwards traffic that is within the limit. If the port receives more than the specified number of fragments in a one-second interval, the device either drops or forwards subsequent fragments in hardware, depending on the exceed action you specify.

NOTE

For related information on traffic policy features and limitations, see “Configuration notes for traffic policies” on page 143.

Follow these steps to implement the ACL-based fixed rate limiting.

1. Create a traffic policy. Enter a command such as the following:

Brocade(config)# traffic-policy TPD1 rate-limit fixed 125 exceed-action drop

2.Create an extended ACL entry (or modify an existing extended ACL entry) with a reference to the traffic policy. Enter a command such as the following.

Brocade(config)# access-list 101 permit ip host 10.10.12.2 any traffic-policy TPD1

3. Bind the ACL to an interface. Enter commands such as the following.

Brocade(config)# interface ethernet 1/1/5

Brocade(config-if-e10000-1/1/5)# ip access-group 101 in

Brocade(config-if-e10000-1/1/5)# exit

The previous commands configure a fixed rate limiting policy that allows port e5 to receive a maximum traffic rate of 125 packets/second. If the port receives additional packets during a given one-second interval, the port drops the additional inbound packets received within that one-second interval.

Brocade ICX 6650 Security Configuration Guide

143

53-1002601-01

 

Page 163
Image 163
Brocade Communications Systems 6650 manual Configuring fixed rate limiting, Configuration notes for traffic policies