Ingress Bandwidth Rate Limiter

Table 1. Port-Based Rate Limiting, Policing, and Shaping product support
Feature	Product	Release introduced
Egress port shaper	5320 Series	Fabric Engine 8.6
	5420 Series	VOSS 8.4
	5520 Series	VOSS 8.2.5
Ingress dual rate port policers	5320 Series	Not Supported
	5420 Series	Not Supported
	5520 Series	Not Supported
Ingress policer and port rate limiter	5320 Series	Fabric Engine 8.6
	5420 Series	VOSS 8.5
	5520 Series	VOSS 8.5
QoS ingress port rate limiter	5320 Series	Fabric Engine 8.6
	5420 Series	VOSS 8.4
	5520 Series	VOSS 8.2.5

Ingress bandwidth rate limiter functionality handles congestion, meters traffic, and takes action based on the ACL filter rules. A policer can be attached directly to an ACL ACE entry to perform flow-based rate limiting. You can configure the service rate and peak rate. All traffic that qualifies for a filter is metered. Every packet that exceeds the service rate is marked as yellow, and every packet that exceeds the peak rate is marked as red and is dropped.

The ingress flow-based policer limits the traffic rate accepted by the specified ingress port. The port drops or re-marks violating traffic. The line rate of the port is the maximum rate that can be configured.

The ingress flow-based policer is available on the following interfaces:

Ingress port (inPort)
Ingress VLAN (inVLAN)
Ingress VSN (inVSN)

Operation Considerations

The following section describes operational considerations for ingress bandwidth rate limiter functionality:

IPv4 policer statistics are available for red, yellow, and green packets and bytes.
Egress port (outPort) interface is not supported.
Policers are not supported on IPv6 ACLs.
Supports QoS ACEs only.
You can configure the default action policer within an ACL for permit action mode only.
Drop action mode is not supported.
monitor-dst-ports, monitor-dst-mlt, or monitor-isid-offset actions are supported. All traffic received is mirrored.
The filter with policer and redirect-next-hop actions redirect only the traffic that passes the policer (if the stream is 100 Mbps, and the policer peak-rate is 50 Mbps, only 50 Mbps is redirected).
Ingress policer/port rate limiter and QoS port rate limiter features are partially incompatible. Configuring both of these features together that can affect the same traffic can result in more traffic drop than expected. The best practices are as follows:
- If ACL type is inPort, do not configure Qos port limiter on any of the ports that are part of ACL
- If ACL type is inVlan, do not configure Qos port limiter on ports that are part of any VLAN in the ACL
- If ACL type is inVsn, do not configure Qos port limiter on ports that are part of any VSN in the ACL