Support for IPv4 egress rate limiting is available for SLX 9740 devices on the ethernet, port-channels and VE interfaces. Support for ingress rate limiting is also available for VE interfaces. Filtering can be done on Source IP, Destination IP, IPv4 TOS, IPv4 Protocol, L4 Source Port, and L4 Destination Port.
Before you begin, perform the following tasks:
Create a Policy map with the appropriate Class Map and Police configurations.
Note
IPv4 egress rate limiting is only supported on SLX 9740 devices.The following example summarizes the configuration of IPv4 rate limiting on an ethernet interface for egress traffic.
SLX(config)# ip access-list extended ipv4acl SLX(conf-ipacl-ext)# seq 100 permit ip 10.10.10.10 255.255.255.0 10.10.10.20 255.255.255.0 SLX(conf-ipacl-ext)# exit SLX(config)# class class-map_1 SLX(config-classmap)# match access-group ipv4acl SLX(config-classmap)# exit SLX(config)# policy-map policy-map_1 SLX(config-policymap)# class class-map_1 SLX(config-policymap-class)# police cir 300000 eir 300000000 SLX(config-policymap-class)# exit SLX(config-policymap)# exit SLX(config)# int eth 0/1 SLX(conf-if-eth-0/1)# service-policy out policy-map_1 SLX(conf-if-eth-0/1)# exit SLX(config)#
The following example summarizes the configuration of IPv4 rate limiting on a port-channel for egress traffic. For the configuration of the policy-map refer to the previous section.
SLX (config)# interface port-channel 10
SLX (config-port-channel-10)# service-policy out policy-map_1
This example summarizes the configuration of IPv4 rate limiting on a VE interface for ingress traffic.
SLX (config)# interface ve 100
SLX (config-ve-100)# service-policy in policy-map_1
This example summarizes the configuration of IPv4 rate limiting on a VE interface for egress traffic.
SLX (config)# interface ve 100
SLX (config-ve-100)# service-policy out policy-map_1