F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

331

332

333

334

335

336

337

338

339

340

317

Item Descri

tion

CIR

Set the CIR.

If you apply an IP network segment-based CAR list to an interface, the CIR you defined

takes on different meanings depending on the configurations of the per-IP address rate

limiting function and the shared bandwidth mode for the CAR list.

• If the per-IP address rate limiting function is not enabled, the CIR specifies the total

bandwidth for the network segment and will be allocated to each IP address

based on its traffic size.

• If the per-IP address rate limiting function is enabled but the shared bandwidth

mode is not enabled, the CIR specifies bandwidth for each IP address, and the

bandwidth cannot be shared by the other IP addresses in the network segment.

• If both the per-IP address rate limiting function and the shared bandwidth mode

are enabled, the CIR specifies the total shared bandwidth for the network

segment, which will be dynamically and evenly allocated to traffic by IP address.

For example, apply a CAR list to an interface with 10 Mbps of total bandwidth to

perform per-IP address rate limiting for the network segment 10.1.0.1 to 10.1.0.100.

If the shared bandwidth mode is enabled for the CAR list, you can set the CIR to 10

Mbps at maximum. If the shared bandwidth mode is not enabled for the CAR list, you

can set the CIR to 100 kbps at maximum.

CBS

Set the CBS, that is, the size of burst traffic when the actual average rate is no bigger

than CIR.

EBS Set the EBS.

Green

Set the action to be taken on conforming packets:

• Discard—Drops the packets.

• Pass—Permits the packets to pass through.

Red

Set the action to be taken on excess packets:

• Discard—Drops the packets.

• Pass—Permits the packets to pass through.

615BTraffic policing configuration example

1327BNetwork requirements

As shown in 2515HFigure 232, configure Firewall to limit the rate of traffic received on GigabitEthernet 0/1 as

follows:

• Perform traffic policing for traffic of Host A through Host Z (on the IP segment 2.1.1.1 to 2.1.1.100).

• Set the per-IP rate limit to 50 kbps.

The remaining bandwidth is shared by all IP addresses.