HP 6308M-SX, 9304M, 9308M manual 103

Advanced Configuration and Management Guide

•4 – flash override precedence

•5 – critical precedence

•6 – internetwork control precedence

•7 – network control precedence

•set-prec-continue<new-prec> – Set the IP precedence to one of the values listed above, then evaluate the traffic based on the next rate policy.

•drop – Drop the packet.

•continue – Evaluate the traffic based on the next rate policy.

The exceed-action<action> parameter specifies the action you want the device to perform for traffic that matches the rule but exceeds the <normal-burst-size> within a given Committed Time Interval. You can specify one of the actions listed above.

Complete CLI Examples

This section lists and explains the CLI commands for implementing the Adaptive Rate Limiting applications in “Examples of Adaptive Rate Limiting Applications” on page 4-5.

Commands for “Adaptive Rate Policies For an Uplink”

To configure the Adaptive Rate Limiting application described in “Adaptive Rate Policies For an Uplink” on page 4­ 5, enter the following commands.

The first three commands configure extended ACLs to characterize the traffic. ACL 101 is for all web traffic. ACL 102 is for all FTP traffic. ACL 102 is for all DNS traffic. Each of the ACLs matches on any source and destination IP address.

HP9300(config)# access-list 101 permit tcp any any eq http

HP9300(config)# access-list 102 permit tcp any any eq ftp

HP9300(config)# access-list 103 permit udp any any eq dns

The following command changes the CLI to the configuration level for port 1/1. If the port is the primary port in a trunk group, the rate policy configuration applies to all ports in the trunk group. In this case, port 1/1 is the primary port in a trunk group that also contains port 1/2.

HP9300(config)# interface ethernet 1/1

The following command configures a rate limit rule that uses ACL 101.

HP9300(config-if-e1000-1/1)# rate-limit input access-group 101 10000000 125000 187500 conform-action set-prec-transmit 5 exceed-action set-prec-transmit 0

The rule compares all inbound packets on the trunk group to ACL 101. For packets that match the ACL, the rule either sets the IP precedence to 5 (critical) and then sends the packet, or sets the IP precedence to 0 (routine) and sends the packet. The rule sets the precedence to 5 for all packets received up to the maximum Normal Burst Size, 125000 bytes. Once the interface receives this many bytes in the inbound direction that match ACL 101, the device sets the precedence for the next 62500 bytes to the value associated with the Excess Burst Size.

The burst size counters increment for the duration of the Committed Time Interval, then change back to zero for the next Committed Time Interval. The length of the Committed Time Interval is determined by the ratio of the Average Rate to the Normal Burst Size. In this case, the ratio is 10:1, so the Committed Time Interval is 1/10th second long. The counter for the Normal Burst Size accumulates packets for 1/10th second, then returns to zero. The counter for the Excess Burst Size accumulates packets for 2/10ths second, then returns to zero.

The following command configures a rate limit rule that uses ACL 102. This rule also applies to inbound traffic. The action for packets that exceed the Normal Burst Size is different from the action in the rule above. The rule above sets the precedence to 0 in packets received after the maximum number of conforming packets (the number represented by the Normal Burst Size) is received within the Committed Time Interval.

The following rule drops packets received after the maximum number of conforming packets have been received.

HP9300(config-if-e1000-1/1)# rate-limit input access-group 102 10000000 125000

4 - 18