Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
Brocade ICX 6650 Security Configuration Guide
143
53-1002601-01
Configuring fixed rate limiting
Configuration notes for traffic policies
Consider the following points carefully before configuring traffic policies:
•
Traffic policies apply to IP ACLs only.
•
The maximum number of active TPDs (traffic policy definitions) supported by Brocade ICX
6650 is 896.
6650 is 896.
•
You can reference the same traffic policy in more than one ACL entry within an ACL. For
example, two or more ACL statements in ACL 101 can reference a TPD named TPD1.
example, two or more ACL statements in ACL 101 can reference a TPD named TPD1.
•
You can reference the same traffic policy in more than one ACL. For example, ACLs 101 and
102 could both reference a TPD named TPD1.
102 could both reference a TPD named TPD1.
•
Rate limits and ACL counting are applied at the traffic policy level, and are cumulative across
ACLs and ACL entries on which they are applied. However, they are not cumulative across port
regions. As Brocade ICX 6650 has a single port region, traffic policies defined on Brocade ICX
6650 are cumulative across the device.
ACLs and ACL entries on which they are applied. However, they are not cumulative across port
regions. As Brocade ICX 6650 has a single port region, traffic policies defined on Brocade ICX
6650 are cumulative across the device.
•
For all types of rate limiting on Brocade ICX 6650 (ACL-based; Port-based; and Broadcast,
unknown Unicast, and Multicast rate limiting) the minimum value is 125 packets and can be
increased in steps of 125 packets.
unknown Unicast, and Multicast rate limiting) the minimum value is 125 packets and can be
increased in steps of 125 packets.
•
To modify or delete an active traffic policy, you must first unbind the ACL that references the
traffic policy.
traffic policy.
Configuring fixed rate limiting
Fixed rate limiting enforces a strict bandwidth limit. The port forwards traffic that is within the limit.
If the port receives more than the specified number of fragments in a one-second interval, the
device either drops or forwards subsequent fragments in hardware, depending on the exceed
action you specify.
If the port receives more than the specified number of fragments in a one-second interval, the
device either drops or forwards subsequent fragments in hardware, depending on the exceed
action you specify.
NOTE
For related information on traffic policy features and limitations, see
Follow these steps to implement the ACL-based fixed rate limiting.
1. Create a traffic policy. Enter a command such as the following:
Brocade(config)# traffic-policy TPD1 rate-limit fixed 125 exceed-action drop
2. Create an extended ACL entry (or modify an existing extended ACL entry) with a reference to
the traffic policy. Enter a command such as the following.
Brocade(config)# access-list 101 permit ip host 10.10.12.2 any traffic-policy
TPD1
TPD1
3. Bind the ACL to an interface. Enter commands such as the following.
Brocade(config)# interface ethernet 1/1/5
Brocade(config-if-e10000-1/1/5)# ip access-group 101 in
Brocade(config-if-e10000-1/1/5)# exit
Brocade(config-if-e10000-1/1/5)# ip access-group 101 in
Brocade(config-if-e10000-1/1/5)# exit
The previous commands configure a fixed rate limiting policy that allows port e5 to receive a
maximum traffic rate of 125 packets/second. If the port receives additional packets during a given
one-second interval, the port drops the additional inbound packets received within that one-second
interval.
maximum traffic rate of 125 packets/second. If the port receives additional packets during a given
one-second interval, the port drops the additional inbound packets received within that one-second
interval.