Traffic Policies for ACL-Based Rate Limit Configuration Notes

Version:
RUCKUS FastIron QoS and Traffic Management Configuration Guide, 09.0.10
RUCKUS FastIron QoS and Traffic Management Configuration Guide, 08.0.95
RUCKUS FastIron QoS and Traffic Management Configuration Guide, 10.0.10
RUCKUS FastIron QoS and Traffic Management Configuration Guide, 10.0.20
Last UpdatedOct 15, 2024
2 minutes read

Traffic Policies for ACL-Based Rate Limit Configuration Notes

Traffic policies are rules that define rate limits on packets permitted by ACLs. As traffic policies apply rate limits on specific interfaces using ACLs, this method is also called ACL-based rate limiting.

Applying a traffic policy to an interface includes the following steps:

Creating a traffic policy
Adding a reference to the traffic policy in an ACL entry
Binding the ACL that contains the ACL entry to an interface

Traffic policies consist of policy names and policy definitions:

Traffic policy name—A string of up to eight alphanumeric characters that identifies individual traffic policy definitions.
Traffic policy definition (TPD)—The command filter associated with a traffic policy name. A TPD can define any one of the following:
- Rate limiting policy
- ACL counting policy
- Combined rate limiting and ACL counting policy

ACL-Based Rate Limiting Using Traffic Policies

ACL-based rate limiting provides the facility to limit the rate for IP traffic that matches the permit conditions in extended IP ACLs. This feature is available in the Layer 2 and Layer 3 code.

To configure ACL-based rate limiting, you create individual traffic policies and then reference the traffic policies in one or more ACL entries (also called clauses or statements). The traffic policies go into effect on ports to which the ACLs are bound.

When you configure a traffic policy for rate limiting, the device automatically enables rate limit counting, similar to the two-rate three-color marker (trTCM) mechanism described in RFC 2698 for adaptive rate limiting, and the single-rate three-color marker (srTCM) mechanism described in RFC 2697 for fixed rate limiting. This feature counts the number of bytes and trTCM or srTCM conformance level per packet to which rate limiting traffic policies are applied.

You can configure ACL-based rate limiting on the following interface types:

Physical Ethernet interfaces
Virtual interfaces
LAG ports
Specific VLAN members on a port
A subset of ports on a virtual interface

For more information on ACLs, refer to the RUCKUS FastIron Security Configuration Guide.

ACL-Based Fixed Rate Limiting

Fixed rate limiting enforces a strict bandwidth limit. The device forwards traffic that is within the limit but either drops all traffic that exceeds the limit or forwards all traffic that exceeds the limit at the lowest priority level, according to the action specified in the traffic policy.

ACL-Based Adaptive Rate Limiting

Adaptive rate limiting enforces a flexible bandwidth limit that allows for bursts above the limit. You can configure adaptive rate limiting to forward traffic, modify the IP precedence of and forward traffic, or drop traffic based on whether the traffic is within the limit or exceeds the limit.

RUCKUS FastIron QoS and Traffic Management Configuration Guide, 09.0.10