Port-Based Rate Limiting, Policing, and Shaping

Table 1. Port-Based Rate Limiting, Policing, and Shaping product support

Feature

Product

Release introduced

Egress port shaper

5320 Series

Fabric Engine 8.6

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

Ingress dual rate port policers

5320 Series

Not Supported

5420 Series

Not Supported

5520 Series

Not Supported

5720 Series

Not Supported

Ingress policer and port rate limiter

5320 Series

Fabric Engine 8.6

5420 Series

VOSS 8.5

5520 Series

VOSS 8.5

5720 Series

Fabric Engine 8.7

QoS ingress port rate limiter

5320 Series

Fabric Engine 8.6

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

The switch QoS implementation supports the following two features for bandwidth management and traffic control:

  • ingress port–based rate limiting—a mechanism to limit the traffic rate accepted by the specified ingress port

  • egress port-based shaping—the process by which the system delays and transmits packets to produce an even and predictable flow rate

    Each port has eight unicast and multicast queues, Class of Service (CoS) 0 to CoS 7. Traffic shaping exists on the egress CoS 6 and CoS 7, but you cannot change the configuration. CoS 6 and CoS 7 are strict priority queues, with traffic shaping for CoS 6 at 50 percent and CoS 7 to five percent of line rate.

Each feature is important to deliver DiffServ within a QoS network domain.

Some hardware platforms support an ingress flow-based policer for ACLs. For information about Ingress Flow-based Policer, see Ingress Bandwidth Rate Limiter.

Token Buckets

Tokens are a key concept in traffic control. A port-based rate limiter, policer, shaper, or an ingress flow-based policer calculates the number of packets that passed, and at what data rate. Each packet corresponds to a token, and the port-based rate limiter, policer, shaper, or an ingress flow-based policer transmits or passes the packet if the token is available. For more information, see Token flow.

The token container is like a bucket. In this view, the bucket represents both the number of tokens that a port-rate limiter, policer, or shaper can use instantaneously (the depth of the bucket) and the rate at which the tokens replenish (how fast the bucket refills).

Each policer has two token buckets: one for the peak rate and the other for the service rate. The following figure shows the flow of tokens.

Click to expand in new window
Token flow

Ingress port-rate limiter

Ingress port-rate limiter limits the traffic rate accepted by the specified ingress port. The port drops or re-marks violating traffic. The line rate of the port is the maximum rate that can be set.

For more information on ingress port-rate limiter, see:

Note

Note

If Ingress Flow policer and Ingress port rate limiter features are configured together it might result in more traffic drop than expected. Since both are partially incompatible, best practice is to not configure both together that could affect same traffic. Below are the best practices:
  • If ACL type is inPort, do not configure Qos Port Limiter on any of the ports that are part of ACL

  • If ACL type is inVlan, do not configure Qos Port Limiter on ports that are part of any VLAN in the ACL

  • If ACL type is inVsn, do not configure Qos Port Limiter on ports that are part of any VSN in the ACL