Configuring IPv6 Egress Rate Limiting

Support for IPv6 egress rate limiting is available for SLX 9740/Extreme 8820 devices on the ethernet, and port-channels and VE interfaces. Support for ingress rate limiting is also available for VE interfaces. Filtering can be done on Source IP, Destination IP, and L4 Destination Port.

Before you begin

Before you begin, perform the following tasks:

  • Create a Policy map with the appropriate Class Map and Police configurations.

  • Enable IPv6 Optimised profile. Will not work with Default profile.

Note

Note

IPv6 egress rate limiting is only supported on SLX 9740/Extreme 8820 devices.

Procedure

  1. Enable the ipv6-optimised profile.
    SLX # configure terminal
    SLX (config) # hardware
    SLX (config-hardware)# profile tcam ipv6-optimised
    SLX (config-hardware)# end
    SLX (config)# 
  2. Create an IPv6 Extended ACL.
    SLX (config)# ipv6 access-list extended ipv6acl
    seq 100 permit ipv6 4001::/64 any 
  3. Create a class map.
    SLX (config)# class-map class-map_1
    SLX (config-classmap)# match access-group ipv6acl 
  4. Create a policy map.
    SLX (config)# policy-map policy-map_1
    SLX (config-policymap)# 
  5. Apply the class map to the policy map.
    SLX (config-policymap)# class class-map_1 
    SLX (config-policymap-class)#  
  6. Create a Police entry for this policy map.
    SLX (config-policymap-class)# police cir 300000 eir 300000000
    SLX (config-policymap-class)# 
  7. Apply the policy map.
    • Apply to the interface.

      SLX (config)# int eth 0/1
      SLX (config-if-eth-0/1)# service-policy out policy-map_1 
    • Apply to the port-channel.

      SLX (config)# interface port-channel 10
      SLX (config-port-channel-10)# service-policy out policy-map_1 
    • Apply to the VE interface in the ingress direction

      SLX (config)# interface ve 100
      SLX (config-ve-100)# service-policy in policy-map_1 
    • Apply to the VE interface in the egress direction

      SLX (config)# interface ve 100
      SLX (config-ve-100)# service-policy out policy-map_1 

Example

The following example summarizes the configuration of IPv6 rate limiting on an ethernet interface for egress traffic.

SLX(config)# ipv6 access-list extended ipv6acl
SLX(conf-ipacl-ext)# seq 100 permit ipv6 4001::/64 any 
SLX(conf-ipacl-ext)# exit
SLX(config)# class class-map_1
SLX(config-classmap)# match access-group ipv6acl
SLX(config-classmap)# exit
SLX(config)# policy-map policy-map_1
SLX(config-policymap)# class class-map_1
SLX(config-policymap-class)# police cir 300000 eir 300000000
SLX(config-policymap-class)# exit
SLX(config-policymap)# exit
SLX(config)# int eth 0/1
SLX(conf-if-eth-0/1)# service-policy out policy-map_1
SLX(conf-if-eth-0/1)# exit
SLX(config)#

The following example summarizes the configuration of IPv6 rate limiting on a port-channel for egress traffic. For the configuration of the policy-map refer to the previous section.

SLX (config)# interface port-channel 10
SLX (config-port-channel-10)# service-policy out policy-map_1

This example summarizes the configuration of IPv6 rate limiting on a VE interface for ingress traffic.

SLX (config)# interface ve 100 
SLX (config-ve-100)# service-policy in policy-map_1    

This example summarizes the configuration of IPv6 rate limiting on a VE interface for egress traffic.

SLX (config)# interface ve 100 
SLX (config-ve-100)# service-policy out policy-map_1