Brocade Communications Systems 6650 Switch User Manual


 
Brocade ICX 6650 Security Configuration Guide 147
53-1002601-01
Handling packets that exceed the rate limit
1. Create an adaptive rate limiting traffic policy. Enter command such as the following:
Brocade(config)# traffic-policy adap rate-limit adaptive cir 1000 cbs 1000 pir
2000 pbs 10000 exceed-action drop
2. Create an IPv4 extended ACL or IPv6 ACL that includes the traffic policy and 802.1p priority
matching value. Enter a command such as the following:
Brocade(config)# access-list 136 permit ip any any 802.1p-priority matching 3
traffic-policy adap
3. Bind the ACL to an interface. Enter commands such as the following,.
Brocade(config)# interface ethernet 1/1/7
Brocade(config-if-e10000-1/1/7)# ip access-group 136 in
Brocade(config-if-e10000-1/1/7)# exit
Use the show access-list accounting command to view accounting statistics.
Handling packets that exceed the rate limit
For every traffic policy, you can specify what action to take on packets that exceed the configured
rate limit. For both types of policies (fixed and adaptive rate limiting), you can specify one of the
following actions:
Drop packets that exceed the limit.
Forward packets at the lowest priority level.
NOTE
For information on the how to configure a rate limit in fixed rate limiting, see“Configuring fixed rate
limiting” on page 143. For information on the how to configure a rate limit in adaptive rate limiting,
see“Configuring adaptive rate limiting” on page 144.
Dropping packets
The ultimate action that a device can take on a packet is to drop the packet. You can apply the drop
action on packets that exceed the rate limit in both fixed rate limiting and adaptive rate limiting
traffic policies. In fixed rate limiting policies, a packet is dropped only when the packet rate exceeds
the CIR limit. Whereas, in adaptive rate limiting policies, a packet is dropped only when the packet
rate exceeds PIR limit + PBS within one second.
The following example shows the drop action applied to a fixed rate limiting policy.
Brocade(config)# traffic-policy TPD1 rate-limit fixed 10000 exceed-action drop
The above command sets the fragment threshold at 10000 packets per second. If the port
receives more than 10000 packets in a one-second interval, the device drops the excess
fragments.
Syntax: [no] traffic-policy TPD-name rate-limit fixed cir-value exceed-action drop
The following example shows the drop action applied to an adaptive rate limiting policy.
Brocade(config)# traffic-policy TPDAfour rate-limit adaptive cir 10000 cbs 1600
pir 20000 pbs 4000 exceed-action drop