Match Access-Group Class Map Policing

The ACL-based policing feature controls the amount of bandwidth consumed by an individual flow or aggregate of inbound flows by limiting the traffic rate on a port according to criteria defined by the match access-group class map.

Access groups are used for Layer 2 and Layer 3 ACL-based ingress rate limiting and for denial of service (DoS) mitigation.

ACL-based rate limiting is built on ACL and policer features. It limits the following traffic:

• Layer 3 traffic that matches the permit conditions in an IPv4 access list.
• Layer 2 traffic that matches the permit conditions in Layer 2 access lists.

  Layer 2 ACL-based rate limiting can occur on VPLS endpoints when the TCAM profile is set to Default and MAC ACLs support VPLS-based filtering. You should configure the Layer 2 filter parameters to match the outer VLAN, VLAN-tag format and to match the inner VLAN based on the traffic received on a logical interface (LIF) for which rate limiting is required. For more information on filtering by the VLAN-tag type, see the Extreme SLX-OS Security Configuration Guide.

  

  Note

  Layer 2 ACL-based rate limiting on VPLS endpoints is supported only on devices based on the DNX chipset family. For more information, see Supported Hardware.