rate-limit |
Creates a rate-limit rule and configures the match criteria. When applied, a
rate-limit is applied to packets that match the configured criteria. These packets
could be incoming, outgoing, or both. The match criteria options are: app-category and application. |
app-category [<PURVIEW-APP-CATEGORY-NAME>|all] |
Uses application category as the match criteria
- <PURVIEW-APP-CATEGORY-NAME> – Specify the application category.
- all – The system rate-limits all packets irrespective of the application
category.
|
application <PURVIEW-APP-NAME> |
Uses application name as the match criteria
- <PURVIEW-APP-NAME> –
Specify the application name. Each packet‘s application is matched with the
application specified here. In case of a match, the system rate-limits the
packet.
|
[egress|ingress] |
The egress and ingress parameters are recursive and can
be used to rate limit either incoming, outgoing, or both incoming and outgoing
traffic.
- egress – Rate limits outgoing
traffic
- ingress – Rate limits incoming
traffic
After selecting the traffic type (incoming/outgoing) configure the rate and
maximum burst size.
|
rate <50-1000000> |
The following parameters are common to the ‘egress‘ and
‘ingress‘ keywords:
- rate – Configures the rate limit, in Kbps, for both incoming and outgoing
packets
- <50-1000000> – Specify the rate limit from 50 - 1000000 Kbps.
|
max-burst-size |
The following parameters are common to the ‘egress‘ and
‘ingress‘ keywords:
- max-burst-size – Configures the maximum burst size, in Kbytes, for both
incoming and outgoing packets
- <2-1024> – Specify the maximum burst size from 2 - 1024 Kbytes.
|
schedule <SCHEDULE-POLICY-NAME> |
Schedules an enforcement time for this rate-limit rule by associating a
schedule policy with it. Use this parameter to apply rule-specific enforcement
time.
- schedule
<SCHEDULE-POLICY-NAME> – Associates a schedule policy with the rule. When
associated, the rule is enforced only on the days and time configured in the
schedule policy. Without the association of a schedule policy, all rules within
an application policy are enforced concurrently (defined by the purview-application-policy →
enforcement-time command). If scheduling a rule, ensure that the time
configured in the schedule policy is a subset of the application policy‘s
enforcement time. In other words the application policy should be active when
the rule is being enforced. For example, if the application policy is enforced
on Mondays from 10:00 to 22:00 hours and the schedule policy time-rule is set
for Fridays, then this rule will never be hit. When enforcing rules at different
times the best practice would be to keep the application policy active at all
time (i.e., retain the default enforcement-time setting as ‘all‘).
- <SCHEDULE-POLICY-NAME> – Specify the policy name (should be existing
and configured). After applying a schedule policy, specify a precedence for
the rule.
In case of no schedule policy being applied, the rule is enforced as per the
enforcement-time configured in the application policy. For more information, see
enforcement-time .
|
precedence <1-256> |
Assigns a precedence value for this mark rule. The precedence value
differentiates between rules applicable to applications and the application
categories they belong. The allow, deny, mark, rate-limit options are mutually
exclusive. In other words, in an application policy, for a specific application or
application category, you can create either an allow rule, or a deny rule, or a mark
and rate-limit rule. |