Configuring bandwidth limitation for the USG2000 or USG5000

Configure bandwidth limitation for the USG.

Bandwidth limitation can be achieved through traffic policing, traffic shaping, and interface rate limiting.
Configure traffic policing, traffic shaping, and interface rate limiting to implement traffic control.
1. Configuration procedure:
Configure traffic shaping (QoS GTS).
Configure traffic policing (QoS CAR).
Configure the interface bandwidth (QoS LR).
2. Configuration example:
USG_A and USG_B are interconnected through their GE interface 0/0/1 and GE interface 0/0/2. The server and PC1 can access the Internet through either USG_A or USG_B. The server and PC1 are on the same network segment as GE interface 0/0/3 of USG_A.
Apply the following traffic control policies for packets received by GE interface 0/0/2 of USG_B from the server and PC1:
Limit the rate of packets sent from the server to 54,000 kbit/s.
Limit the rate of packets sent from PC1 to 8000 kbit/s, and the rate of burst traffic to 15,000 kbit/s.
Apply the following traffic control policies for packets received and sent by GE interface 0/0/2 and GE interface 0/0/1 of USG_B:
Limit the rate of packets received by GE interface 0/0/2 of USG_B to 500,000 kbit/s.
Limit the rate to 1000 kbit/s for packets forwarded by GE interface 0/0/1 of USG_B to the Internet.
Network topology:
(Internal server and PC1)---(4)USG_A(1)---(2)USG_B(3)--Internet
Server: 1.1.1.1/8
PC1: 1.1.1.2/8
(1) 172.16.1.2
(2) 172.16.1.1
(3) 172.17.1.1/24
(4) 1.1.1.10/8
3. Configuration procedure:
Configure traffic policing, traffic shaping, and interface rate limiting as follows:
1. Configure traffic shaping on the outbound interface GE interface 0/0/1 of USG_A to ensure compliance with the traffic rate on GE interface 0/0/2 of USG_B.
2. Configure traffic policing on GE interface 0/0/2 of USG_B to limit the packets sent from the server and PC1.
3. Configure interface rate limiting for GE interface 0/0/1 of USG_B to limit the packets destined for the Internet.
4. Procedure:
a. For the USG series, add interfaces to security zones and configure inter-zone packet filtering to ensure normal network communication. The configuration procedure is not described here. For the USG BSR and HSR series, you do not need to add interfaces to security zones or configure packet filtering.
b. Configure IP addresses for interfaces. Configure routes to ensure normal network communication. The configuration procedure is not described here.
c. Configure traffic shaping on GE interface 0/0/1 of USG_A. Traffic shaping is performed for sent packets that exceed the rate 500,000 kbit/s to reduce the packet loss rate on GE interface 0/0/2 of USG_B.
system-view
[USG_A] interface GigabitEthernet 0/0/1
[USG_A-GigabitEthernet0/0/1] qos gts any cir 500000 //Traffic shaping
[USG_A-GigabitEthernet0/0/1] quit
d. Configure traffic policing on GE interface 0/0/2 of USG_B.
[USG_B] system-view
[USG_B] acl number 2001
[USG_B-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0
[USG_B-acl-basic-2001] quit
[USG_B] acl number 2002
[USG_B-acl-basic-2002] rule permit source 1.1.1.2 0.0.0.0
[USG_B-acl-basic-2002] quit
[USG_B] interface GigabitEthernet 0/0/2 //Traffic policing
[USG_B-GigabitEthernet0/0/2] qos car inbound acl 2001 cir 54000 cbs 54000 green pass red discard
[USG_B-GigabitEthernet0/0/2] qos car inbound acl 2002 cir 8000 cbs 15000 green pass red discard
[USG_B-GigabitEthernet0/0/2] quit
e. Configure interface rate limiting on GE interface 0/0/1 of USG_B to ensure that the rate for GE interface 0/0/1 to send packets does not exceed 1000 kbit/s.
[USG_B] interface GigabitEthernet 0/0/1 //Interface rate limiting
[USG_B-GigabitEthernet0/0/1] qos lr cir 1000 cbs 500
[USG_B-GigabitEthernet0/0/1] quit
5. Verification:
On the USG, run display qos gts interface [ interface-type interface-number ] to view traffic shaping configuration.

Scroll to top