Advanced Configuration and Management Guide

The rate policy rules are for three TCP/UDP applications: HTTP (web), FTP, and DNS. The fourth rule is for all other Ethernet traffic (traffic that is not for one of the three applications). The device applies rate policy rules in the order in which you apply them to an interface. In this case, the rules are applied in the following order:

Inbound TCP traffic

Inbound FTP traffic

Outbound DNS traffic

All other inbound Ethernet traffic

Notice that each rule is associated with a traffic direction. You can apply a given rate policy rule to traffic received on an interface, sent on an interface, or both.

For each rule, the device counts the bytes that apply to the rule during each Committed Time Interval (time interval, which can be from 1/10th second up to one second). The device takes the conform action, which is action specified by the rule for Normal Burst Size, so long as the number of bytes for the traffic is within the Normal Burst Size value. Once the number of bytes exceeds the Normal Burst Size and thus enters the Excess Burst Size, the device takes the exceed action. “How Adaptive Rate Limiting Works” on page 4-10describes how the byte counters for the Normal Burst Size and Excess Burst Size are incremented.

Each rule incudes one of the following actions depending on whether the traffic is conforming with the Normal Burst Size or has exceeded the Normal Burst Size:

Forward the traffic

Drop the traffic

Change the IP precedence or Diffserv control point and forward the traffic

Change the IP precedence or Diffserv control point, then continue comparing the traffic to the rate policy rules

Continue comparing the traffic to the rate policy rules without changing the IP precedence or Diffserv control point

In Figure 4.2, all of the policies set the IP precedence to 5 (critical) for in traffic that conforms to the Normal Burst Size. In other words, for all packets up to the maximum number of bytes specified by the Normal Burst Size, the device sets the precedence in each packet to 5.

The policies take different actions for traffic in the Excess Burst Size. Some policies set the precedence and forward the traffic while other policies drop the traffic. In Figure 4.2, the rule for HTTP traffic sets the precedence to zero (routine) for traffic in the Excess Burst Size. The other policies drop the traffic.

In all cases, after the maximum number of bytes for the Normal Burst Interval and the Excess Burst Size match a given rule, the software drops additional bytes that match the rule until the burst size counters are reset.

4 - 6