Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

1831

FastIron Configuration Guide 1777

53-1002494-02

ACL-based rate limiting using traffic policies

• Specific VLAN members on a port (refer to “Applying an IPv4 ACL to specific VLAN members on

a port (Layer 2 devices only)” on page 1734)

• A subset of ports on a virtual interface (refer to “Applying an IPv4 ACL to a subset of ports on a

virtual interface (Layer 3 devices only)” on page 1735)

Support for fixed rate limiting and adaptive rate limiting

NOTE

ACL-based fixed rate limiting is supported on all FastIron devices. ACL-based adaptive rate limiting is

supported on FastIron X Series and Brocade FCX Series devices only. It is not supported on FastIron

WS devices.

FastIron devices support the following types of ACL-based rate limiting:

• Fixed rate limiting – Enforces a strict bandwidth limit. The device forwards traffic that is within

the limit but either drops all traffic that exceeds the limit, or forwards all traffic that exceeds

the limit at the lowest priority level, according to the action specified in the traffic policy.

• Adaptive rate limiting – Enforces a flexible bandwidth limit that allows for bursts above the

limit. You can configure adaptive rate limiting to forward traffic, modify the IP precedence of

and forward traffic, or drop traffic based on whether the traffic is within the limit or exceeds the

limit.

Configuring ACL-based fixed rate limiting

Use the procedures in this section to configure ACL-based fixed rate limiting. Before configuring

this feature, see what to consider in “Configuration notes and feature limitations for traffic policies”

on page 1774.

Fixed rate limiting enforces a strict bandwidth limit. The port forwards traffic that is within the limit.

If the port receives more than the specified number of fragments in a one-second interval, the

device either drops or forwards subsequent fragments in hardware, depending on the action you

specify.

To implement the ACL-based fixed rate limiting feature, first create a traffic policy, and then

reference the policy in an extended ACL statement. Lastly, bind the ACL to an interface. Complete

the following steps.

1. Create a traffic policy. Enter a command such as the following.

Brocade(config)#traffic-policy TPD1 rate-limit fixed 100 exceed-action drop

2. Create an extended ACL entry or modify an existing extended ACL entry that references the

traffic policy. Enter a command such as the following.

Brocade(config)#access-list 101 permit ip host 210.10.12.2 any traffic-policy

TPD1

3. Bind the ACL to an interface. Enter commands such as the following.

Brocade(config)#interface ethernet 5

Brocade(config-if-e5)#ip access-group 101 in

Brocade(config-if-e5)#exit