Filter
Top Products
Port Traffic Controls
Rate-Limiting
■ Optimum rate-limiting operation: Optimum rate-limiting occurs with
64-byte packet sizes. Traffic with larger packet sizes can result in
performance somewhat below the configured bandwidth. This is to
ensure the strictest possible rate-limiting of all sizes of packets.
Note on Testing Rate-limiting is applied to the available bandwidth on a port, and not to any
Rate-Limiting
specific applications running through the port. If the total bandwidth
requested by all applications is less than the configured maximum rate, then
no rate-limit can be applied. This situation occurs with a number of popular
throughput-testing applications, as well as most regular network applications.
Consider the following example that uses the minimum packet size:
The total available bandwidth on a 100 Mbps port “X” (allowing for Inter-
packet Gap—IPG), with no rate-limiting restrictions, is:
(((100,000,000 bits) / 8 ) / 84) x 64 = 9,523,809 bytes per second
where:
– The divisor (84) includes the 12-byte IPG, 8-byte preamble, and 64-
bytes of data required to transfer a 64-byte packet on a 100 Mbps link.
– Calculated “bytes-per-second” includes packet headers and data. This
value is the maximum “bytes-per-second” that 100 Mbps can support
for minimum-sized packets.
Suppose port “X” is configured with a rate limit of 50% (4,761,904 bytes).
If a throughput-testing application is the only application using the port,
and transmits 1 Mbyte of data through the port, it uses only 10.5% of the
port’s available bandwidth, and the rate-limit of 50% has no effect. This
is because the maximum rate permitted (50%) exceeds the test applica-
tion’s bandwidth usage (126,642-164,062 bytes, depending upon packet
size, which is only 1.3-1.7% of the available total). Before rate-limiting can
occur, the test application’s bandwidth usage must exceed 50% of the
port’s total available bandwidth. That is, to test the rate-limit setting, the
following must be true:
bandwidth usage > (0.50 x 9,523,809)
ICMP Rate-Limiting
In IP networks, ICMP (Internet Control Message Protocol) messages are
generated in response to either inquiries or requests from routing and diag-
nostic functions. These messages are directed to the applications originating
the inquiries. In unusual situations, if the messages are generated rapidly with
the intent of overloading network circuits, they can threaten network avail-
ability. This problem is visible in denial-of-service (DoS) attacks or other
malicious behaviors where a worm or virus overloads the network with ICMP
13-10