rate-limit

purview-application-policy

Creates a rate-limit rule and configures the match criteria

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
Note

Note

Purview DPI engine is not supported on the WiNG 7.1.2 enabled NX5500, NX7500, NX9500, NX9600 and VX9000 platforms. This support will be introduced in future releases.

Syntax

rate-limit [app-category [<PURVIEW-APP-CATEGORY-NAME>|all]|application <PURVIEW-APP-NAME>] 
([egress|ingress]) rate <50-1000000> max-burst-size <2-1024> schedule <SCHEDULE-POLICY-NAME> (precedence <1-256>)

Parameters

rate-limit [app-category [<PURVIEW-APP-CATEGORY-NAME>|all]|application <PURVIEW-APP-NAME>] 
([egress|ingress]) rate <50-1000000> max-burst-size <2-1024> schedule <SCHEDULE-POLICY-NAME> (precedence <1-256>)
rate-limit Creates a rate-limit rule and configures the match criteria. When applied, a rate-limit is applied to packets that match the configured criteria. These packets could be incoming, outgoing, or both. The match criteria options are: app-category and application.
app-category [<PURVIEW-APP-CATEGORY-NAME>|all] Uses application category as the match criteria
  • <PURVIEW-APP-CATEGORY-NAME> – Specify the application category.
  • all – The system rate-limits all packets irrespective of the application category.
application <PURVIEW-APP-NAME> Uses application name as the match criteria
  • <PURVIEW-APP-NAME> – Specify the application name. Each packet‘s application is matched with the application specified here. In case of a match, the system rate-limits the packet.
[egress|ingress] The egress and ingress parameters are recursive and can be used to rate limit either incoming, outgoing, or both incoming and outgoing traffic.
  • egress – Rate limits outgoing traffic
  • ingress – Rate limits incoming traffic

After selecting the traffic type (incoming/outgoing) configure the rate and maximum burst size.

rate <50-1000000> The following parameters are common to the ‘egress‘ and ‘ingress‘ keywords:
  • rate – Configures the rate limit, in Kbps, for both incoming and outgoing packets
    • <50-1000000> – Specify the rate limit from 50 - 1000000 Kbps.
max-burst-size The following parameters are common to the ‘egress‘ and ‘ingress‘ keywords:
  • max-burst-size – Configures the maximum burst size, in Kbytes, for both incoming and outgoing packets
    • <2-1024> – Specify the maximum burst size from 2 - 1024 Kbytes.
schedule <SCHEDULE-POLICY-NAME> Schedules an enforcement time for this rate-limit rule by associating a schedule policy with it. Use this parameter to apply rule-specific enforcement time.
  • schedule <SCHEDULE-POLICY-NAME> – Associates a schedule policy with the rule. When associated, the rule is enforced only on the days and time configured in the schedule policy. Without the association of a schedule policy, all rules within an application policy are enforced concurrently (defined by the purview-application-policy → enforcement-time command). If scheduling a rule, ensure that the time configured in the schedule policy is a subset of the application policy‘s enforcement time. In other words the application policy should be active when the rule is being enforced. For example, if the application policy is enforced on Mondays from 10:00 to 22:00 hours and the schedule policy time-rule is set for Fridays, then this rule will never be hit. When enforcing rules at different times the best practice would be to keep the application policy active at all time (i.e., retain the default enforcement-time setting as ‘all‘).
    • <SCHEDULE-POLICY-NAME> – Specify the policy name (should be existing and configured). After applying a schedule policy, specify a precedence for the rule.

In case of no schedule policy being applied, the rule is enforced as per the enforcement-time configured in the application policy. For more information, see enforcement-time .

precedence <1-256> Assigns a precedence value for this mark rule. The precedence value differentiates between rules applicable to applications and the application categories they belong. The allow, deny, mark, rate-limit options are mutually exclusive. In other words, in an application policy, for a specific application or application category, you can create either an allow rule, or a deny rule, or a mark and rate-limit rule.

Examples

nx9500-6C8809(config-purview-app-policy-Bing)#rate-limit application BGP ingress rate 100 
max-burst-size 25 egress rate 50 max-burst-size 25 precedence 6
nx9500-6C8809(config-purview-app-policy-Bing)#show context
purview-application-policy Bing
 description "This application policy allows Bing search engine packets"
 enforcement-time days weekdays start-time 12:30 end-time 20:00
 allow application Bing precedence 1
 allow app-category business precedence 2
 deny app-category "social networking" precedence 3
 mark app-category video dscp 9 precedence 4
 mark application facetime dscp 10 precedence 5
 rate-limit application BGP ingress rate 100 max-burst-size 25 egress rate 50 max-burst-size 25 precedence 6
 logging level critical
nx9500-6C8809(config-purview-app-policy-Bing)#

Related Commands

no Removes this rate-limit rule from the Purview application policy