Brocade Communications Systems 6650 Switch User Manual


 
Brocade ICX 6650 Security Configuration Guide 141
53-1002601-01
Chapter
5
ACL-based Rate Limiting
Table 19 lists the ACL-based rate limiting features supported on Brocade ICX 6650. These features
are supported in the Layer 2, edge Layer 3, and full Layer 3 software images, except where
explicitly noted.
ACL-based rate limiting overview
ACL-based rate limiting is a method for restricting inbound IP traffic that was permitted by extended
IP ACLs, to administrator-configured rates. ACL-based rate limiting is available in the Layer 2 and
Layer 3 images.
ACL-based rate limiting is defined using traffic policies. To configure ACL-based rate limiting, you
create a traffic policy, reference the traffic policy in one or more ACL entries, and bind the ACL to an
interface or port. The traffic policies become effective on ports to which the ACL is bound.
You can configure ACL-based rate limiting on the following interface types:
Physical Ethernet interfaces
Virtual interfaces
Trunk ports
Specific VLAN members on a port
A subset of ports on a virtual interface
Types of ACL-based rate limiting
ACL-based rate limiting is of two types:
Fixed rate limiting – Enforces a strict bandwidth limit. Traffic that exceeds the configured rate
limit is either dropped or forwarded at the lowest priority level, depending on the action
specified in the traffic policy. To configure fixed rate limiting, refer to “Configuring fixed rate
limiting” on page 143.
TABLE 19 Supported ACL-based rate limiting features
Feature Brocade ICX 6650
Traffic policies Yes
ACL-based fixed rate limiting Yes
ACL-based adaptive rate limiting Yes
802.1p priority bit inspection in the ACL
for adaptive rate limiting
Yes
ACL statistics Yes