Extreme SLX-OS QoS and Traffic Management Configuration Guide, 20.2.1a
> Traffic Policing
Published August 2020
Search this document
Print this page
Email this page
View PDF
Previous
Next
Preface
Text Conventions
Documentation and Training
Getting Help
Providing Feedback
About This Document
Supported Hardware
What's New in this Document
Traffic Policing
Traffic Policing Overview
Service Policy Configuration Rules
Policy Maps
Committed Information Rate and Committed Burst Size
Excess Information Rate and Excess Burst Size
Traffic Policing Behaviors
Traffic management egress buffer thresholds
Class Maps
Class map policer configuration parameters
Traffic policer configuration rules for class maps
Default Class Map Traffic Policing
Single rate three color marker
Two-rate, three-color marker
Match Access-Group Class Map Policing
Precedence for ACL and Rate Limiting Features
Considerations for Layer 2 ACL-based Rate Limiting
Configure Layer 2 ACL Rate Limiting
ACL-based rate limiting use cases
Use case 1: Protection against TCP SYN attacks
Use case 2: Protection against TCP RST attacks
Use case 3: Protection against ping flood attacks
Use case 4: Protection against UDP flood attacks
Configuring all the use cases for ACL traffic filtering
Control Plane Policing
CoPP Discard and Permit for Control Packets
CoPP Rate Limiting
CoPP-related Commands
VLAN-based rate limiting
Configuration Considerations for VLAN-based Rate Limiting
Configure VLAN-based Rate Limiting
Show Commands for VLAN-based Rate Limiting
Bridged-domain based rate limiting
Configuration Considerations for Bridge Domain-based Rate Limiting
Configuring bridge-domain based rate limiting
Show Commands for Bridge Domain-based Rate Limiting
Receive ACL Rate Limiting
Configuring RACL rate limiting
Egress ACL Rate Limiting
Egress ACL Rate Limiting Considerations
Configure Egress ACL Rate Limiting
Configure Statistics Support for Egress ACL Rate Limit
Egress ACL Rate Limiting Show Commands
TTL 0/1 Rate Limiting
Subnet Trap Rate Limiting
Rate Limiting Scalability
Configuring traffic policing
Configuring a class map using an ACL
Configuring a policy map
Configuring port-based traffic policing
Configuring ACL-based rate limiting
Configuring use case 1: Protection against TCP SYN attacks
Configuring use case 1: Bind the TCP SYN ACL to an interface
Configuring use case 2: Protection against TCP RST attacks
Configuring use case 2: Bind the TCP RST ACL to an interface
Configuring use case 3: Protection against ping flood attacks
Configuring use case 3: Bind the ping flood attack ACL to an interface
Configuring use case 4: Protection against UDP flood attacks
Configuring use case 4: Bind the UDP ACL to an interface
Configuring and applying all four use cases for ACL-based traffic filtering
Storm Control for Broadcast, Unknown Unicast, and Multicast Traffic
Configuring Storm Control on an Ethernet Interface
Configuring storm control globally on the device
Quality of Service
QoS overview
QoS Unicast and Multicast Traffic
QoS on the SLX 9150 and SLX 9250 Devices
IEEE 802.1q ToS-DSCP header fields
Congestion control
Weighted random early detection
How WRED works
Applying WRED
Link Level Flow Control
Transient Buffer Congestion Detection
Scheduling
Scheduling types
QoS strict priority egress traffic scheduling
Weighted round robin egress traffic scheduling
Fair queue egress traffic scheduling
Multicast queue scheduling
QoS Ingress Data Buffer Management
Ingress QoS mutation
Egress QoS Mutation
QoS Mutation Maps
Configuring QoS for control traffic
Increase the Egress Throughput on a TM Port
Configure a CoS-to-traffic Class Mutation Map
Applying a CoS-to-traffic class mutation map to an interface
Configuring DSCP mappings
Configuring a DSCP-to-DSCP mutation map
Applying a DSCP-to-DSCP mutation map to an egress interface
Configuring DSCP-to-CoS mappings
Configure a DSCP-to-CoS Mutation Map
Applying a DSCP-to-CoS mutation map to an interface
DSCP-to-Traffic Class Mappings
Configuring a DSCP-to-traffic class mutation map
Applying a DSCP-to-traffic class mutation map to an interface
Configuring a DSCP-to-traffic class and drop precedence mutation map
Applying a DSCP-to-traffic class and drop precedence mutation map to an interface
Configuring traffic class-to-CoS mappings
Configuring a traffic class-to-CoS mutation map
Applying a traffic class-to-CoS mutation map to an egress interface
Configuring congestion control
Configuring WRED
Configuring link level flow control
Enable Priority Flow Control
Monitor TM Deleted or Discarded Packets
Displaying the egress queue state information for an interface
Configuring scheduling
Configuring strict priority egress scheduling
Configure a Strict Priority for the Multicast Queue
Flow-based QoS
Configuring a class map using an ACL
Configuring a policy map
Configuring QoS mutation map actions
Apply QoS Mutation Maps to an Interface
Bind the Policy Map at the System Level
Bind the Policy Map to an Interface
Configuring the QoS policing rate
Applying the QoS policing rate to an interface
Configure Virtual Output Queuing
Configure an MPLS QoS DSCP-to-EXP Mutation Map
Applying an MPLS QoS DSCP-to-EXP mutation map globally
Configure an MPLS QoS EXP-to-DSCP Mutation Map
Applying an MPLS QoS EXP-to-DSCP mutation map globally
Configure an MPLS QoS EXP-to-Traffic Class Mutation Map
Applying an MPLS QoS EXP-to-traffic class mutation map globally
Configure an MPLS QoS Traffic Class-to-EXP Mutation Map
Applying an MPLS QoS traffic class-to-EXP mutation map globally
Traffic Management Counters and Statistics
Counters and Statistics Overview
Traffic Management Counter Types
Traffic Management Counters
Traffic Policing