Technical Documentation

Bandwidth Management Overview

When you configure the rate-limit profile, packets are tagged with a drop preference. The color-coded tag is added automatically when the committed and peak burst values for an interface’s rate-limit profile are exceeded. The egress forwarding controller uses the drop preference to determine which packets are dropped when there is contention for outbound queuing resources within the E Series router.

The queuing system uses drop eligibility to select packets for dropping when congestion exists on an egress interface. This method is called dynamic color-based threshold dropping. The 2-bit tag assigns a color code to the packet: red, yellow, or green. Each packet queue has two color-based thresholds as well as a queue limit:

Red packets are dropped when congestion causes the queue to fill above the red threshold.
Yellow packets are dropped when the yellow threshold is reached.
Green packets are dropped when the queue limit is reached.

This internal tagging is done automatically when a rate-limit profile is applied to an interface and does not necessarily reflect the operation of the policy on an interface.

Having a committed rate and a peak rate enables you to configure two different fill rates for the token buckets. For example, you can configure the fill rate on the peak token bucket to be faster than the fill rate on the committed bucket. This configuration enables you to accommodate bursts of traffic, but, through coloring, it enables you to identify which packets are committed and which ones are not.

To enforce ingress data rates below the physical line rate of a port, you can rate limit a classified packet flow at ingress. A rate-limit profile with a policy rate-limit profile rule provides this capability. The rate-limit profile defines the attributes of the desired rate.

You can set an action based on one rate or two rates. These actions include drop, transmit, or mark. The default is to transmit committed and conformed packets, and to drop exceeded packets.

A color-coded tag is added automatically to each packet based on the following categories:

Committed—Green
Conformed—Yellow
Exceeded—Red

Figure 1 illustrates congestion management.

Figure 1: Congestion Management

Examples: One-Rate Rate-Limit Profile

A one-rate rate-limit profile can be configured for hard tail drop rate-limit or TCP-friendly behavior. Packets can be categorized as committed, conformed, or exceeded.

You can configure a one-rate rate-limit profile to hard limit a packet flow to a specified rate. To rate limit the traffic on an interface from source IP address 1.1.1.1 to 1 Mbps, issue the following commands:

host1#configure terminal host1(config)#ip rate-limit-profile oneMegRlp one-rate host1(config-rate-limit-profile)#committed-rate 1000000 host1(config-rate-limit-profile)#exit host1(config)#ip classifier-list claclA ip host 1.1.1.1 any host1(config)#ip policy-list testPolicy host1(config-policy-list)#classifier-group claclA host1(config-policy-list-classifier-group)#rate-limit-profile oneMegRlp host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)#interface atm 0/0.0 host1(config-subif)#ip policy input testPolicy statistics enabled

You can also configure a one-rate rate-limit profile to provide a TCP-friendly rate limiter. To configure a rate limiter with TCP-friendly characteristics, we recommend that you set the committed burst to allow for 1 second of data at the specified rate, and the excess burst to allow 1.5 seconds of data at the specified committed rate plus the committed burst. For example:

host1(config)#ip rate-limit-profile tcpFriendly8MB one-rate host1(config-rate-limit-profile)#committed-rate 8000000 host1(config-rate-limit-profile)#committed-burst 1000000 host1(config-rate-limit-profile)#excess-burst 2500000 host1(config-rate-limit-profile)#committed-action transmit host1(config-rate-limit-profile)#exceeded-action drop

Examples: Two-Rate Rate-Limit Profile

You can configure a two-rate rate-limit profile for two different rates, committed and peak, that are used to define a two-rate, three-color marking mechanism. You can categorize packets as committed, conformed, or exceeded:

Up to the committed rate, packets are considered to be committed.
From the committed to peak rate, packets are considered to be conformed.
After the peak rate, packets are considered to be exceeded.

This configuration is implemented with token buckets. See RFC 2698 for more details.

The following example rate limits traffic on an interface from source IP address 1.1.1.1 so that traffic at a rate up to 1 Mbps is colored green and transmitted, traffic at a rate from 1 Mbps to 2 Mbps is colored yellow and transmitted, and traffic at a rate above 2 Mbps is dropped.

host1(config)#ip rate-limit-profile 1MbRLP host1(config-rate-limit-profile)#committed-rate 1000000 host1(config-rate-limit-profile)#peak-rate 2000000 host1(config-rate-limit-profile)# committed-action transmit host1(config-rate-limit-profile)#conformed-action transmit host1(config-rate-limit-profile)#exceeded-action drop host1(config-rate-limit-profile)#exit host1(config)#ip classifier-list claclA ip host 1.1.1.1 any host1(config)#ip policy-list testPolicy host1(config-policy-list)#classifier-group claclA host1(config-policy-list-classifier-group)#rate-limit-profile 1MbRLP host1(config-policy-list-classifier-group)# exit host1(config-policy-list)#exit host1(config-policy-list)#interface atm 0/0.0 host1(config-subif)#ip policy input testPolicy statistics enabled

Examples: Rate-Limiting Individual or Aggregate Packet Flows

You can construct policies to provide rate limiting for individual packet flows or for the aggregate of multiple packet flows. For example, if you have traffic from multiple sources, you can either rate limit each traffic flow individually, or you can rate limit the aggregate flow for the traffic from all sources.

To rate limit individual packet flows, use a separate classifier list to classify each flow.
To rate limit the aggregate of multiple traffic flows, use a single classifier list for the multiple entries.

In the following example, interface ATM 3/1.1 classifies on three traffic flows from different sources. Each traffic flow is rate limited to 1MB (which is defined by the rate-limit profile rl1Meg).

host1(config)#ip classifier-list clFlow1 ip host 10.1.1.1 any host1(config)#ip classifier-list clFlow2 ip host 10.1.1.2 any host1(config)#ip classifier-list clFlow3 ip host 10.1.1.3 any host1(config)#ip policy-list plRateLimit host1(config-policy-list)#classifier-group clFlow1 host1(config-policy-list-classifier-group)#rate-limit-profile rl1Meg host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group clFlow2 host1(config-policy-list-classifier-group)#rate-limit-profile rl1Meg host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#classifier-group clFlow3 host1(config-policy-list-classifier-group)#rate-limit-profile rl1Meg host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)#interface atm 3/1.1 host1(config-subif)#ip policy input plRateLimit statistics enabled host1(config-subif)#exit

In the following example, interface ATM 3/1.1 again classifies on three traffic flows; however, this policy rate limits the aggregate of the three flows to 1 MB.

host1(config)#ip classifier-list clFlowAll ip host 10.1.1.1 any host1(config)#ip classifier-list clFlowAll ip host 10.1.1.2 any host1(config)#ip classifier-list clFlowAll ip host 10.1.1.3 any host1(config)#ip policy-list plRateLimit host1(config-policy-list)#classifier-group clFlowAll host1(config-policy-list-classifier-group)#exit host1(config-policy-list)#exit host1(config)#interface atm 3/1.1 host1(config-subif)#ip policy input plRateLimit statistics enabled host1(config-subif)#exit

Choose Country

North America

Europe

Asia Pacific