Port-Based Rate Limiting, Policing, and Shaping
|
Feature |
Product |
Release introduced |
|---|---|---|
|
Egress port shaper |
5320 Series |
Fabric Engine 8.6 |
|
5420 Series |
VOSS 8.4 |
|
|
5520 Series |
VOSS 8.2.5 |
|
|
5720 Series |
Fabric Engine 8.7 |
|
|
VSP 4450 Series |
VSP 4000 4.0 |
|
|
VSP 4900 Series |
VOSS 8.1 |
|
|
VSP 7200 Series |
VOSS 4.2.1 |
|
|
VSP 7400 Series |
VOSS 8.0 |
|
|
VSP 8200 Series |
VSP 8200 4.0 |
|
|
VSP 8400 Series |
VOSS 4.2 |
|
|
VSP 8600 Series |
VSP 8600 4.5 |
|
|
XA1400 Series |
Not Supported |
|
|
Ingress dual rate port policers |
5320 Series |
Not Supported |
|
5420 Series |
Not Supported |
|
|
5520 Series |
Not Supported |
|
|
5720 Series |
Not Supported |
|
|
VSP 4450 Series |
VSP 4000 4.0 |
|
|
VSP 4900 Series |
Not Supported |
|
|
VSP 7200 Series |
Not Supported |
|
|
VSP 7400 Series |
Not Supported |
|
|
VSP 8200 Series |
Not Supported |
|
|
VSP 8400 Series |
Not Supported |
|
|
VSP 8600 Series |
VSP 8600 4.5 |
|
|
XA1400 Series |
Not Supported |
|
|
Ingress policer and port rate limiter |
5320 Series |
Fabric Engine 8.6 |
|
5420 Series |
VOSS 8.5 |
|
|
5520 Series |
VOSS 8.5 |
|
|
5720 Series |
Fabric Engine 8.7 |
|
|
VSP 4450 Series |
Not Supported |
|
|
VSP 4900 Series |
VOSS 8.5 |
|
|
VSP 7200 Series |
Not Supported |
|
|
VSP 7400 Series |
VOSS 8.5 |
|
|
VSP 8200 Series |
Not Supported |
|
|
VSP 8400 Series |
Not Supported |
|
|
VSP 8600 Series |
Not Supported |
|
|
XA1400 Series |
Not Supported |
|
|
QoS ingress port rate limiter |
5320 Series |
Fabric Engine 8.6 |
|
5420 Series |
VOSS 8.4 |
|
|
5520 Series |
VOSS 8.2.5 |
|
|
5720 Series |
Fabric Engine 8.7 |
|
|
VSP 4450 Series |
Not Supported |
|
|
VSP 4900 Series |
VOSS 8.1 |
|
|
VSP 7200 Series |
VOSS 4.2.1 |
|
|
VSP 7400 Series |
Not Supported |
|
|
VSP 8200 Series |
VSP 8200 4.0 |
|
|
VSP 8400 Series |
VOSS 4.2 |
|
|
VSP 8600 Series |
Not Supported |
|
|
XA1400 Series |
VOSS 8.1.50 |
The switch QoS implementation supports the following two features for bandwidth management and traffic control:
-
ingress port–based rate limiting—a mechanism to limit the traffic rate accepted by the specified ingress port
-
egress port-based shaping—the process by which the system delays and transmits packets to produce an even and predictable flow rate
Each port has eight unicast and multicast queues, Class of Service (CoS) 0 to CoS 7. Traffic shaping exists on the egress CoS 6 and CoS 7, but you cannot change the configuration. CoS 6 and CoS 7 are strict priority queues, with traffic shaping for CoS 6 at 50 percent and CoS 7 to five percent of line rate.
Some VOSS hardware platforms allow you to configure an egress shaping rate for each port manually. For XA1400 Series, the egress shaping rate for each front panel port dynamically adjusts to the auto-negotiated link speed, up to the maximum link speed of the port.
The VSP 4450 Series switch QoS implementation supports the following two features for bandwidth management and traffic control:
-
ingress port-based traffic policing—a mechanism to limit the number of packets in a stream that matches a particular classification
-
egress port-based traffic shaping—the process by which the system delays (or drops) and transmits packets to produce an even and predictable flow rate
Each feature is important to deliver DiffServ within a QoS network domain.
Some hardware platforms support an ingress flow-based policer for ACLs. For information about Ingress Flow-based Policer, see Ingress Bandwidth Rate Limiter.
Token Buckets
Tokens are a key concept in traffic control. A port-based rate limiter, policer, shaper, or an ingress flow-based policer calculates the number of packets that passed, and at what data rate. Each packet corresponds to a token, and the port-based rate limiter, policer, shaper, or an ingress flow-based policer transmits or passes the packet if the token is available. For more information, see Token flow.
The token container is like a bucket. In this view, the bucket represents both the number of tokens that a port-rate limiter, policer, or shaper can use instantaneously (the depth of the bucket) and the rate at which the tokens replenish (how fast the bucket refills).
Each policer has two token buckets: one for the peak rate and the other for the service rate. The following figure shows the flow of tokens.
Ingress port-rate limiter
Ingress port-rate limiter limits the traffic rate accepted by the specified ingress port. The port drops or re-marks violating traffic. The line rate of the port is the maximum rate that can be set.
For more information on ingress port-rate limiter, see:
Note
If Ingress Flow policer and Ingress port rate limiter features are configured together it might result in more traffic drop than expected. Since both are partially incompatible, best practice is to not configure both together that could affect same traffic. Below are the best practices:-
If ACL type is inPort, do not configure Qos Port Limiter on any of the ports that are part of ACL
-
If ACL type is inVlan, do not configure Qos Port Limiter on ports that are part of any VLAN in the ACL
-
If ACL type is inVsn, do not configure Qos Port Limiter on ports that are part of any VSN in the ACL