How to configure a traffic policy for rate limiting on a CE series switch

14

- Limit traffic rates based on IP addresses. In the following example, the rate limit of packets from the PC with IP address 192.168.1.10 is set to 4 Mbit/s.
<HUAWEI> system-view [~HUAWEI] acl 2000 [*HUAWEI-acl4-basic-2000] rule permit source 192.168.1.10 0.0.0.0 [*HUAWEI-acl4-basic-2000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 2000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] car cir 4096 [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit
- Limit the rate of packets from devices on a specified network segment. In the following example, the rate limit of packets from devices on the network segment 192.168.1.0 is set to 50 Mbit/s.
<HUAWEI> system-view [~HUAWEI] acl 2000 [*HUAWEI-acl4-basic-2000] rule permit source 192.168.1.0 0.0.0.255 [*HUAWEI-acl4-basic-2000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 2000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] car cir 51200 [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit
- Limit traffic rates based on IP addresses and protocols. In the following example, the rate limit of HTTP traffic (port 80) from devices on the network segment 192.168.1.0 is set to 10 Mbit/s.
<HUAWEI> system-view [~HUAWEI] acl 3000 [*HUAWEI-acl4-advance-3000] rule permit tcp destination-port eq 80 source 192.168.1.0 0.0.0.255 [*HUAWEI-acl4-advance-3000] quit [*HUAWEI] traffic classifier c1 [*HUAWEI-classifier-c1] if-match acl 3000 [*HUAWEI-classifier-c1] quit [*HUAWEI] traffic behavior b1 [*HUAWEI-behavior-b1] car cir 10240 [*HUAWEI-behavior-b1] quit [*HUAWEI] traffic policy p1 [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 [*HUAWEI-trafficpolicy-p1] quit [*HUAWEI] interface 10ge 1/0/1 [*HUAWEI-10GE1/0/1] traffic-policy p1 inbound [*HUAWEI-10GE1/0/1] quit [*HUAWEI] commit

Other related questions:
How to configure rate limiting in a traffic policy on an AR

1. Create a traffic classifier.
2. Creates a traffic behavior.
3. Creates a traffic policy.
4. Apply the traffic policy.
For example, you can configure rate limiting for the network segment 192.168.1.0 as follows:
#
acl number 3000 //Create ACL 3000 to match the network segment to which the rate of packets needs to be limited.
rule 5 permit ip source 192.168.1.0 0.0.0.255
#
traffic classifier c1 operator or //Configure the matching condition of the traffic classifier to ACL 3000.
if-match acl 3000
#
traffic behavior b1 //Configure the action of the traffic behavior to rate limiting: Set the CIR to 384 kbit/s and the PIR to 768 kbit/s, permit green packets to be sent, forward yellow packets after marking the DSCP priority of yellow packets as 0, and discard red packets.
car cir 384 pir 768 cbs 48000 pbs 96000 mode color-blind green pass yellow pass remark-dscp default red discard
#
traffic policy test //Create a traffic policy and bind it to the traffic classifier and traffic behavior.
classifier c1 behavior b1
#
interface GigabitEthernet0/0/0
ip address 192.168.1.254 255.255.255.0
traffic-policy test inbound //Apply the traffic policy test to the inbound direction of an intranet interface.
#
return

How to configure rate limiting based on the SAC signature database on an AR?
The SAC signature database contains thousands of application protocols. An SAC traffic classifier defines the rule for matching packets. Users configure different SAC traffic classifiers to classify packets, and limit the rate of traffic in the traffic behavior. The traffic policy then can be applied in the inbound or outbound direction on the interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top