Creating a Rate-Limit Profile
You can create one-rate or two-rate rate-limit profiles. The rate-limit-profile one-rate command provides a hard-limit rate limiter or a TCP-friendly rate limiter. The rate-limit-profile two-rate command provides a two-rate, three-color marking mechanism.
 |
NOTE: Mark actions and mask values are supported only on IP, IPv6, and MPLS rate-limit profiles. |
One-Rate
To create or modify a one-rate rate-limit profile, use the following commands with the one-rate keyword:
The following example creates a rate-limit profile named tcpFriendly8Mb. This rate-limit profile, when included as part of a rule in a policy list, sets a TCP-friendly rate for a specified flow:
host1(config)#ip rate-limit-profile tcpFriendly8Mb one-rate
host1(config-rate-limit-profile)#committed-rate 8000000
host1(config-rate-limit-profile)#committed-burst 1500000
host1(config-rate-limit-profile)#excess-burst 3000000
host1(config-rate-limit-profile)#committed-action transmit
host1(config-rate-limit-profile)#conformed-action transmit
host1(config-rate-limit-profile)#exceeded-action drop
host1(config-rate-limit-profile)#mask-val 255
Two-Rate
To create or modify a two-rate rate-limit profile, use the following commands with the two-rate keyword:
The following example creates a rate-limit profile named hardlimit9Mb. This rate-limit profile, when included as part of a rule in a policy list, sets a hard limit on the specified committed rate with no peak rate or peak burst ability:
host1(config)#ip rate-limit-profile hardlimit9Mb two-rate
host1(config-rate-limit-profile)#committed-rate 9000000
host1(config-rate-limit-profile)#committed-burst 20000
host1(config-rate-limit-profile)#committed-action transmit
host1(config-rate-limit-profile)#conformed-action drop
host1(config-rate-limit-profile)#exceeded-action drop
host1(config-rate-limit-profile)#mask-val 255
The following example modifies the rate-limit profile named hardlimit9Mb to include an exceeded action that marks the packets that exceed the peak rate. This marking action sets the DS field in the ToS byte (the six most significant bits) to the decimal value of 7 using a mask value of 0xFC:
host1(config)#ip rate-limit-profile hardlimit9Mb two-rate
host1(config-rate-limit-profile)#exceeded-action mark 7
host1(config-rate-limit-profile)#mask-val 252
To set IP precedence in the ToS byte, use the mask value of 0xE0, for visibility into the three most significant bits.
committed-action
- drop—Drop the packet.
- transmit—Transmit the packet.
- mark—For IP and IPv6 rate-limit profiles, mark the packet by setting the ToS byte (IP) or traffic class field (IPv6) to the specified 8-bit value, and transmit the packet. The mark value is masked with the default 255 unless it is overridden by the mask-val command to specify a different mask.
- mark-exp—For MPLS rate-limit profiles, set the EXP bits of MPLS packets to the specified value in the range 0-7, and transmit the packet. The mark EXP value is masked with the default 7 unless you use the exp-mask command to specify a different mask.
host1(config-rate-limit-profile)#committed-action transmit
committed-burst
- Use to set the committed burst in bytes for a rate-limit profile.
- When you specify a nonzero value for the rate, the burst size is automatically calculated for a 100-ms burst as described below for the committed-rate command. If the calculated burst size is less than the default value of 8 KB, the default value is used.
- During a software upgrade, the committed burst size in a rate-limit profile is automatically set to 8192 bytes if it was less than that value before the upgrade.
- Example
host1(config-rate-limit-profile)#committed-burst 1500000
committed-rate
- Use to set the committed rate in bits per second for a rate-limit profile.
- When you specify a nonzero value for the committed rate, the committed burst size is calculated based on a 100-ms burst as follows:
committed burst in bytes = (committed rate in bps x 100 ms)
The router displays committed rate in bits per second and committed burst in bytes. For example, if the rate is 8 Mbps, the burst size is 100 ms x 8 Mbps = 800,000 bits or 100,000 bytes:
committed burst = (8,000,000 bps x 100 ms)
For this example, displaying the rate-limit profile shows:
committed-rate 8000000
committed-burst 100000
If the calculated burst value is less than the default burst size of 8 KB, the default burst size is used. For most configurations this value should be sufficient, making it optional for you to configure a value for the associated committed burst size.
host1(config-rate-limit-profile)#committed-rate 800000
conformed-action
- drop—Drop the packet.
- transmit—Transmit the packet.
- mark—For IP and IPv6 rate-limit profiles, mark the packet by setting the ToS byte (IP) or traffic class field (IPv6) to the specified 8-bit value, and transmit the packet. The mark value is masked with the default 255 unless it is overridden by the mask-val command to specify a different mask.
- mark-exp—For MPLS rate-limit profiles, set the EXP bits of MPLS packets to the specified value in the range 0-7, and transmit the packet. The mark EXP value is masked with the default 7 unless you use the exp-mask command to specify a different mask.
host1(config-rate-limit-profile)#conformed-action transmit
exceeded-action
- drop—Drop the packet.
- transmit—Transmit the packet.
- mark—For IP and IPv6 rate-limit profiles, mark the packet by setting the ToS byte (IP) or traffic class field (IPv6) to the specified 8-bit value, and transmit the packet. The mark value is masked with the default 255 unless it is overridden by the mask-val command to specify a different mask.
- mark-exp—For MPLS rate-limit profiles, set the EXP bits of MPLS packets to the specified value in the range 0-7, and transmit the packet. The mark EXP value is masked with the default 7 unless you use the exp-mask command to specify a different mask.
host1(config-rate-limit-profile)#exceeded-action drop
excess-burst
- For one-rate rate-limit profiles only, use to set the excess burst in bytes for a rate-limit profile.
- Example
host1(config-rate-limit-profile)#excess-burst 3000000
exp-mask
- Use to set the mask value used for MPLS rate-limit profiles.
- This command is associated with the following commands:
host1(config-rate-limit-profile)#exp-mask 5
mask-val
- Use to set the mask value used for IP and IPv6 rate-limit profiles.
- This command is associated with the following commands:
- Use the following mask values to set the appropriate bits in the ToS field of the IP packet header or in the traffic class field of the IPv6 packet header:
- IP precedence—0xE0 (three most significant bits)
- DS field—0xFC (six most significant bits)
- TOS (IP) or Traffic Class field (IPv6)—0xFF (default)
host1(config-rate-limit-profile)#mask-val 0XFC
peak-burst
- For two-rate rate-limit profiles only, use to set the peak burst in bytes for a rate-limit profile.
- When you specify a nonzero value for the peak rate, the peak burst size is automatically calculated for a 100-ms burst as described below for the peak-rate command. If the calculated peak burst size is less than the default value of 8192 bytes, the default value is used.
- During a software upgrade, the committed burst size in a rate-limit profile is automatically set to 8192 bytes if it was less than that value before the upgrade.
- Example
host1(config-rate-limit-profile)#peak-burst 96256
peak-rate
- For two-rate rate-limit profiles only, use to set the peak rate in bits per second for a rate-limit profile.
- When you specify a nonzero value for the peak rate, the peak burst size is calculated based on a 100-ms burst as follows:
peak burst in bytes = (peak rate in bps x 100 ms)
The CLI displays peak rate in bits per second and peak burst in bytes. For example, if the rate is 8 Mbps, the burst size is 100 ms x 8 Mbps = 800,000 bits or 100,000 bytes:
peak burst = (8,000,000 bps x 100 ms)
For this example, displaying the rate-limit profile shows:
peak-rate 8000000
peak-burst 100000
If the calculated peak burst value is less than the default peak burst size of 8 KB, the default burst size is used. For most configurations this value is sufficient, making it optional to configure the associated peak burst size.
- During a software upgrade, the peak rate in a rate-limit profile is automatically set to 0 if it was nonzero but less than the committed rate before the upgrade.
- Example
host1(config-rate-limit-profile)#peak-rate 0
rate-limit-profile one-rate
- Use to create a rate-limit profile and enter Rate Limit Profile Configuration mode, from which you can configure attributes for the rate-limit profile. See Table 5.
NOTE: The JUNOSe software includes the layer 2 headers in the calculations it uses to enforce the rates that you specify in rate-limit profiles.
- Use one of the ip, ipv6, l2tp, or mpls keywords in front of the command to specify the type of rate-limit-profile you want to create or modify. If you do not include one of the keywords, the router creates an IP rate-limit profile by default.
- If you do not include a one-rate or two-rate keyword, the default is a two-rate rate-limit profile.
- If you enter a rate-limit-profile command with the one-rate keyword and then type exit, the router creates a rate-limit profile with the default values shown in Table 7:
host1(config)#ip rate-limit-profile tcpFriendly10Mb one-rate
rate-limit-profile two-rate
- Use to create a rate-limit profile and enter Rate Limit Profile Configuration mode, from which you can configure attributes for the rate-limit profile. See Table 5.
NOTE: The JUNOSe software includes the layer 2 headers in the calculations it uses to enforce the rates that you specify in rate-limit profiles
- Use one of the ip, ipv6, l2tp, or mpls keywords in front of the command to specify the type of rate-limit profile you want to create or modify. If you do not include one of the keywords, the router creates an IP rate-limit profile by default.
- If you do not include a one-rate or two-rate keyword, the default is a two-rate rate-limit profile.
- If you enter a rate-limit-profile command and then type exit, the router creates a rate-limit profile with the default values shown in Table 8:
- Committed burst size—Set to 8192 if it was less than that value before the upgrade
- Peak burst size—Set to 8192 if it was less than that value before the upgrade
- Peak rate—Set to 0 if it was nonzero but less than the committed rate before the upgrade
host1(config)#ip rate-limit-profile hardlimit9Mb two-rate
|
NOTE: Commands that you issue in Rate Limit Profile Configuration mode do not take effect until you exit from that mode. |