Port-Based Rate Limiting, Policing, and Shaping

Table 1. Port-Based Rate Limiting, Policing, and Shaping product support

Feature

Product

Release introduced

Egress port shaper

5320 Series

Fabric Engine 8.6

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

VSP 4450 Series

VSP 4000 4.0

VSP 4900 Series

VOSS 8.1

VSP 7200 Series

VOSS 4.2.1

VSP 7400 Series

VOSS 8.0

VSP 8200 Series

VSP 8200 4.0

VSP 8400 Series

VOSS 4.2

VSP 8600 Series

VSP 8600 4.5

XA1400 Series

Not Supported

Ingress dual rate port policers

5320 Series

Not Supported

5420 Series

Not Supported

5520 Series

Not Supported

5720 Series

Not Supported

VSP 4450 Series

VSP 4000 4.0

VSP 4900 Series

Not Supported

VSP 7200 Series

Not Supported

VSP 7400 Series

Not Supported

VSP 8200 Series

Not Supported

VSP 8400 Series

Not Supported

VSP 8600 Series

VSP 8600 4.5

XA1400 Series

Not Supported

Ingress policer and port rate limiter

5320 Series

Fabric Engine 8.6

5420 Series

VOSS 8.5

5520 Series

VOSS 8.5

5720 Series

Fabric Engine 8.7

VSP 4450 Series

Not Supported

VSP 4900 Series

VOSS 8.5

VSP 7200 Series

Not Supported

VSP 7400 Series

VOSS 8.5

VSP 8200 Series

Not Supported

VSP 8400 Series

Not Supported

VSP 8600 Series

Not Supported

XA1400 Series

Not Supported

QoS ingress port rate limiter

5320 Series

Fabric Engine 8.6

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

5720 Series

Fabric Engine 8.7

VSP 4450 Series

Not Supported

VSP 4900 Series

VOSS 8.1

VSP 7200 Series

VOSS 4.2.1

VSP 7400 Series

Not Supported

VSP 8200 Series

VSP 8200 4.0

VSP 8400 Series

VOSS 4.2

VSP 8600 Series

Not Supported

XA1400 Series

VOSS 8.1.50

The switch QoS implementation supports the following two features for bandwidth management and traffic control:

  • ingress port–based rate limiting—a mechanism to limit the traffic rate accepted by the specified ingress port

  • egress port-based shaping—the process by which the system delays and transmits packets to produce an even and predictable flow rate

    Each port has eight unicast and multicast queues, Class of Service (CoS) 0 to CoS 7. Traffic shaping exists on the egress CoS 6 and CoS 7, but you cannot change the configuration. CoS 6 and CoS 7 are strict priority queues, with traffic shaping for CoS 6 at 50 percent and CoS 7 to five percent of line rate.

    Some VOSS hardware platforms allow you to configure an egress shaping rate for each port manually. For XA1400 Series, the egress shaping rate for each front panel port dynamically adjusts to the auto-negotiated link speed, up to the maximum link speed of the port.

The VSP 4450 Series switch QoS implementation supports the following two features for bandwidth management and traffic control:

  • ingress port-based traffic policing—a mechanism to limit the number of packets in a stream that matches a particular classification

  • egress port-based traffic shaping—the process by which the system delays (or drops) and transmits packets to produce an even and predictable flow rate

Each feature is important to deliver DiffServ within a QoS network domain.

Some hardware platforms support an ingress flow-based policer for ACLs. For information about Ingress Flow-based Policer, see Ingress Bandwidth Rate Limiter.

Token Buckets

Tokens are a key concept in traffic control. A port-based rate limiter, policer, shaper, or an ingress flow-based policer calculates the number of packets that passed, and at what data rate. Each packet corresponds to a token, and the port-based rate limiter, policer, shaper, or an ingress flow-based policer transmits or passes the packet if the token is available. For more information, see Token flow.

The token container is like a bucket. In this view, the bucket represents both the number of tokens that a port-rate limiter, policer, or shaper can use instantaneously (the depth of the bucket) and the rate at which the tokens replenish (how fast the bucket refills).

Each policer has two token buckets: one for the peak rate and the other for the service rate. The following figure shows the flow of tokens.

Click to expand in new window
Token flow

Ingress port-rate limiter

Ingress port-rate limiter limits the traffic rate accepted by the specified ingress port. The port drops or re-marks violating traffic. The line rate of the port is the maximum rate that can be set.

For more information on ingress port-rate limiter, see:

Note

Note

If Ingress Flow policer and Ingress port rate limiter features are configured together it might result in more traffic drop than expected. Since both are partially incompatible, best practice is to not configure both together that could affect same traffic. Below are the best practices:
  • If ACL type is inPort, do not configure Qos Port Limiter on any of the ports that are part of ACL

  • If ACL type is inVlan, do not configure Qos Port Limiter on ports that are part of any VLAN in the ACL

  • If ACL type is inVsn, do not configure Qos Port Limiter on ports that are part of any VSN in the ACL