How to configure rate limiting in a traffic policy on an AR

0


1. Create a traffic classifier.
2. Creates a traffic behavior.
3. Creates a traffic policy.
4. Apply the traffic policy.
For example, you can configure rate limiting for the network segment 192.168.1.0 as follows:
#
acl number 3000 //Create ACL 3000 to match the network segment to which the rate of packets needs to be limited.
rule 5 permit ip source 192.168.1.0 0.0.0.255
#
traffic classifier c1 operator or //Configure the matching condition of the traffic classifier to ACL 3000.
if-match acl 3000
#
traffic behavior b1 //Configure the action of the traffic behavior to rate limiting: Set the CIR to 384 kbit/s and the PIR to 768 kbit/s, permit green packets to be sent, forward yellow packets after marking the DSCP priority of yellow packets as 0, and discard red packets.
car cir 384 pir 768 cbs 48000 pbs 96000 mode color-blind green pass yellow pass remark-dscp default red discard
#
traffic policy test //Create a traffic policy and bind it to the traffic classifier and traffic behavior.
classifier c1 behavior b1
#
interface GigabitEthernet0/0/0
ip address 192.168.1.254 255.255.255.0
traffic-policy test inbound //Apply the traffic policy test to the inbound direction of an intranet interface.
#
return

Other related questions:
How to configure a traffic policy for rate limiting on a CE series switch
- Limit traffic rates based on IP addresses. In the following example, the rate limit of packets from the PC with IP address 192.168.1.10 is set to 4 Mbit/s. <HUAWEI> system-view [~HUAWEI] acl 2000 [*HUAWEI-acl4-basic-2000] rule permit source 192.168.1.10 0.0.0.0 [*HUAWEI-acl4-basic-2000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 2000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] car cir 4096 [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit - Limit the rate of packets from devices on a specified network segment. In the following example, the rate limit of packets from devices on the network segment 192.168.1.0 is set to 50 Mbit/s. <HUAWEI> system-view [~HUAWEI] acl 2000 [*HUAWEI-acl4-basic-2000] rule permit source 192.168.1.0 0.0.0.255 [*HUAWEI-acl4-basic-2000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 2000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] car cir 51200 [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit - Limit traffic rates based on IP addresses and protocols. In the following example, the rate limit of HTTP traffic (port 80) from devices on the network segment 192.168.1.0 is set to 10 Mbit/s. <HUAWEI> system-view [~HUAWEI] acl 3000 [*HUAWEI-acl4-advance-3000] rule permit tcp destination-port eq 80 source 192.168.1.0 0.0.0.255 [*HUAWEI-acl4-advance-3000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 3000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] car cir 10240 [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit

How to configure rate limiting based on the SAC signature database on an AR?
The SAC signature database contains thousands of application protocols. An SAC traffic classifier defines the rule for matching packets. Users configure different SAC traffic classifiers to classify packets, and limit the rate of traffic in the traffic behavior. The traffic policy then can be applied in the inbound or outbound direction on the interface.

How to configure an AR to limit the rate of traffic based on MAC addresses
You can configure a traffic policy to limit the rate of traffic based on MAC addresses as follows: # traffic classifier mac1 operator and if-match source-mac 0015-c50d-0001 //Configure a matching rule based on the source MAC address 0015-c50d-0001 in the traffic classifier mac1. traffic classifier mac2 operator and if-match source-mac 0015-c50d-0002 //Configure a matching rule based on the source MAC address 0015-c50d-0002 in the traffic classifier mac2. traffic classifier mac3 operator and if-match source-mac 0015-c50d-0003 //Configure a matching rule based on the source MAC address 0015-c50d-0003 in the traffic classifier mac3. # traffic behavior d1 car cir 3000 cbs 564000 pbs 939000 mode color-blind green pass yellow pass red discard //Create the traffic behavior d1 and configure the rate limit to 3000 kbit/s. # traffic policy myqos //Configure the traffic policy myqos. classifier mac1 behavior d1 //Bind the traffic classifier mac1 to the traffic behavior d1. classifier mac2 behavior d1 //Bind the traffic classifier mac2 to the traffic behavior d1. classifier mac3 behavior d1 //Bind the traffic classifier mac3 to the traffic behavior d1. # interface GigabitEthernet 0/0/0 ip address 10.1.1.1 255.255.255.0 traffic-policy myqos inbound //Apply the traffic policy myqos to the inbound interface. #

How to configure an AR to limit the rate of IPSec data flows
To configure an AR to limit the rate of IPSec data flows, configure the QoS function for IPSec packets first, and then configure rate limiting for IPSec data flows through MQC. system-view [Huawei]ipsec policy huawei 1 manual //Create an IPSec policy, set the SA creation mode to manual, and enter the IPSec policy view. Alternatively, you can complete the following configurations in the ISAKMP policy view, IPSec policy template view, IPSec profile view, Efficient VPN policy view, or GDOI policy view. [Huawei-ipsec-policy-manual-huawei-1]qos group 10 //Configure the QoS group to which IPSec packets belong. [Huawei-ipsec-policy-manual-huawei-1]quit [Huawei]traffic classifier c1 //Create a traffic classifier and enter the traffic classifier view. [Huawei-classifier-c1]if-match qos-group 10 //Configure a matching rule based on QoS group 10. [Huawei-classifier-c1]quit [Huawei]traffic behavior b1 //Create a traffic behavior and enter the traffic behavior view. [Huawei-behavior-b1]car cir 3000 //Limit the rate of traffic. [Huawei-behavior-b1]quit [Huawei]traffic policy p1 //Create a traffic policy and enter the traffic policy view. [Huawei-trafficpolicy-p1]classifier c1 behavior b1 //Bind the traffic classifier to the traffic behavior. [Huawei-trafficpolicy-p1]quit [Huawei]interface GigabitEthernet 0/0/0 [Huawei-GigabitEthernet0/0/0]traffic-policy p1 outbound //Apply the traffic policy on the interface

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top