Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
274
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Port-based rate limiting
How port-based fixed rate limiting works
Fixed rate limiting counts the number of packets that a port receives, in one second intervals. If the
number exceeds the maximum number you specify when you configure the rate, the port drops all
further inbound packets for the duration of the one-second interval.
number exceeds the maximum number you specify when you configure the rate, the port drops all
further inbound packets for the duration of the one-second interval.
After the one-second interval is complete, the port clears the counter and re-enables traffic.
shows an example of how Fixed rate limiting works. In this example, a Fixed rate limiting
policy is applied to a port to limit the inbound traffic to 500000 packets a second. During the first
two one-second intervals, the port receives less than 500000 packets in each interval. However,
the port receives more than 500000 packets during the third and fourth one-second intervals, and
consequently drops the excess traffic.
two one-second intervals, the port receives less than 500000 packets in each interval. However,
the port receives more than 500000 packets during the third and fourth one-second intervals, and
consequently drops the excess traffic.
FIGURE 15
Fixed rate limiting
NOTE
The software counts the packets by polling statistics counters for the port every 100 milliseconds,
which provides 10 readings each second. Due to the polling interval, the Fixed Rate Limiting policy
has an accuracy of within 10% of the port's line rate. It is therefore possible for the policy to
sometimes allow more traffic than the limit you specify, but the extra traffic is never more than 10%
of the port's line rate.
The software counts the packets by polling statistics counters for the port every 100 milliseconds,
which provides 10 readings each second. Due to the polling interval, the Fixed Rate Limiting policy
has an accuracy of within 10% of the port's line rate. It is therefore possible for the policy to
sometimes allow more traffic than the limit you specify, but the extra traffic is never more than 10%
of the port's line rate.
Rate limiting in hardware
Each Brocade device supports in hardware rate limiting at line-rate. The device creates entries in
Content Addressable Memory (CAM) for the rate limiting policies. The CAM entries enable the
device to perform the rate limiting in hardware instead of sending the traffic to the CPU. The device
sends the first packet in a given traffic flow to the CPU, which creates a CAM entry for the traffic
flow. A CAM entry consists of the source and destination addresses of the traffic. The device uses
the CAM entry for rate limiting all the traffic within the same flow. A rate limiting CAM entry remains
in the CAM for two minutes before aging out.
Content Addressable Memory (CAM) for the rate limiting policies. The CAM entries enable the
device to perform the rate limiting in hardware instead of sending the traffic to the CPU. The device
sends the first packet in a given traffic flow to the CPU, which creates a CAM entry for the traffic
flow. A CAM entry consists of the source and destination addresses of the traffic. The device uses
the CAM entry for rate limiting all the traffic within the same flow. A rate limiting CAM entry remains
in the CAM for two minutes before aging out.
Zero bps
Beginning of
one-second
interval
one-second
interval
500000 bps (62500 bytes)
The Fixed Rate Limiting policy
allows up to 500000 bits
(62500 bytes) of inbound traffic
during each one-second interval.
allows up to 500000 bits
(62500 bytes) of inbound traffic
during each one-second interval.
Once the maximum rate is reached,
all additional traffic within the
one-second interval is dropped.
all additional traffic within the
one-second interval is dropped.
One-second
interval
One-second
interval
One-second
interval
One-second
interval