Example for Configuring Traffic Shaping to Limit the Rate of Packets Based on Internal IP Addresses

1008 0 0 0

Example for Configuring Traffic Shaping to Limit the Rate of Packets Based on Internal IP Addresses

Applicability

This example applies to all versions and AR routers.

Networking Requirements

RouterA is deployed at the egress of an enterprise network. Users in the enterprise are located on two network segments and access the server on 222.1.1.1/24 through RouterA. The rate of packets from enterprise devices on 192.168.10.0/24 to the server needs to be limited to 64 kbit/s.

Figure 2  Networking for limiting the rate of packets based on internal IP addresses

1d05a028b77d4fc5966be7384d59145d

Procedure

  1. Configure RouterA.

    #
     sysname RouterA
    #
    vlan batch 10 20 
    #
    acl number 3001  //Configure ACL 3001.
     rule 5 permit ip source 192.168.10.0 0.0.0.255  //Configure rule 5 to allow packets on 192.168.10.0 to pass through.
     rule 10 permit ip source 192.168.20.0 0.0.0.255  //Configure rule 10 to allow packets on 192.168.20.0 to pass through.
    acl number 3002  //Configure ACL 3002.
     rule 5 permit ip source 192.168.10.0 0.0.0.255  //Configure rule 5 to allow packets on 192.168.10.0 to pass through.
    #
    qos queue-profile limit  //Create a queue profile named limit.
      queue 3 gts cir 64 cbs 1600  //Set the CIR of queue 3 to 64 kbit/s.
    #
    traffic classifier c1 operator or
     if-match acl 3002  //Configure a traffic classifier named c1 to match ACL 3002.
    #
    traffic behavior b1
     remark local-precedence af3  //Configure traffic behavior b1: Re-mark packets matching the traffic classifier with AF3. When permit or deny is not specified, the permit action is taken by default.
    #
    traffic policy p1
     classifier c1 behavior b1  //Configure a traffic policy named p1, and bind traffic classifier c1 to traffic behavior b1 in the traffic policy.
    #
    interface Vlanif10
     ip address 192.168.10.1 255.255.255.0 
    #
    interface Vlanif20
     ip address 192.168.20.1 255.255.255.0 
    #
    interface Ethernet2/0/0
     port link-type trunk  //Configure the link type of the interface as trunk.
     port trunk allow-pass vlan 10 20  //Add the interface to VLAN 10 and VLAN 20.
     traffic-policy p1 inbound  //Apply the traffic policy p1 to the inbound direction on the interface.
    #
    interface GigabitEthernet3/0/0
     ip address 222.0.1.1 255.255.255.0 
     qos queue-profile limit  //Apply the queue profile limit to the interface.
     nat outbound 3001  //Perform NAT for packets matching ACL 3001.
    #
    ip route-static 0.0.0.0 0.0.0.0 222.0.1.2
    #
    

  2. Verify the configuration.

    Run the display qos queue statistics interface gigabitethernet 3/0/0 command to check the traffic statistics on GE3/0/0 where the queue profile limit is applied. You can see that the rate of outgoing packets on the interface is within the rate limit. When the queue is full, excess packets are discarded.

  3. Configuration Notes

  • On the switch, set the link type of the interfaces connected to the user network segments to access, and add the interfaces to service VLANs of users.
  • Configure the interface of the switch connected to RouterA as a trunk interface and add the interface to service VLANs.

  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top