Extreme SLX-OS QoS and Traffic Management Configuration Guide, 20.6.1
>
Traffic Policing
>
Match Access-Group Class Map Policing
> ACL-based rate limiting use cases
Published March 2024
Search this document
Print this page
Email this page
View PDF
Previous
Next
Preface
Text Conventions
Documentation and Training
Help and Support
Send Feedback
About This Document
What's New in this Document
Supported Hardware
Traffic Policing
Traffic Policing Overview
Service Policy Configuration Rules
Policy Maps
Committed Information Rate and Committed Burst Size
Excess Information Rate and Excess Burst Size
Traffic Policing Behaviors
Traffic management egress buffer thresholds
Class Maps
Class map policer configuration parameters
Traffic policer configuration rules for class maps
Default Class Map Traffic Policing
Single rate three color marker
Two-rate, three-color marker
Match Access-Group Class Map Policing
Precedence for ACL and Rate Limiting Features
Considerations for Layer 2 ACL-based Rate Limiting
Configure Layer 2 ACL Rate Limiting
ACL-based rate limiting use cases
Use case 1: Protection against TCP SYN attacks
Use case 2: Protection against TCP RST attacks
Use case 3: Protection against ping flood attacks
Use case 4: Protection against UDP flood attacks
Configuring all the use cases for ACL traffic filtering
Control Plane Policing
CoPP Discard and Permit for Control Packets
CoPP Rate Limiting
CoPP-related Commands
VLAN-based rate limiting
Configuration Considerations for VLAN-based Rate Limiting
Configure VLAN-based Rate Limiting
Show Commands for VLAN-based Rate Limiting
Bridged-domain based rate limiting
Configuration Considerations for Bridge Domain-based Rate Limiting
Configuring bridge-domain based rate limiting
Show Commands for Bridge Domain-based Rate Limiting
Receive ACL Rate Limiting
Configuring RACL rate limiting
Egress ACL Rate Limiting
Egress ACL Rate Limiting Considerations
Configure Egress ACL Rate Limiting
Configuring IPv4 Egress Rate Limiting
Configuring IPv6 Egress Rate Limiting
Configure Statistics Support for Egress ACL Rate Limit
Egress ACL Rate Limiting Show Commands
TTL 0/1 Rate Limiting
Subnet Trap Rate Limiting
Rate Limiting Scalability
Configuring traffic policing
Configuring a class map using an ACL
Configuring a policy map
Configuring port-based traffic policing
Configuring ACL-based rate limiting
Configuring use case 1: Protection against TCP SYN attacks
Configuring use case 1: Bind the TCP SYN ACL to an interface
Configuring use case 2: Protection against TCP RST attacks
Configuring use case 2: Bind the TCP RST ACL to an interface
Configuring use case 3: Protection against ping flood attacks
Configuring use case 3: Bind the ping flood attack ACL to an interface
Configuring use case 4: Protection against UDP flood attacks
Configuring use case 4: Bind the UDP ACL to an interface
Configuring and applying all four use cases for ACL-based traffic filtering
Storm Control for Broadcast, Unknown Unicast, and Multicast Traffic
Configuring Storm Control on an Ethernet Interface
Configuring storm control globally on the device
Quality of Service
QoS overview
QoS Unicast and Multicast Traffic
QoS on the SLX 9250, SLX 9150, Extreme 8520, and Extreme 8720
IEEE 802.1q ToS-DSCP header fields
QoS Feature Support on SLX-OS Platforms
Congestion control
Weighted random early detection
How WRED works
Applying WRED
Link Level Flow Control
Transient Buffer Congestion Detection
Explicit Congestion Notification
Hardware Buffer Configuration for Lossless Traffic
Scheduling
Scheduling types
QoS strict priority egress traffic scheduling
Weighted round robin egress traffic scheduling
Fair queue egress traffic scheduling
Multicast queue scheduling
QoS Ingress Data Buffer Management
Ingress QoS mutation
Egress QoS Mutation
QoS Mutation Maps
Configuring QoS for control traffic
Increase the Egress Throughput on a TM Port
Configure a CoS-to-traffic Class Mutation Map
Applying a CoS-to-traffic class mutation map to an interface
Configuring DSCP mappings
Configuring a DSCP-to-DSCP mutation map
Applying a DSCP-to-DSCP mutation map to an egress interface
DSCP-to-Traffic Class Mappings
Configuring a DSCP-to-traffic class mutation map
Applying a DSCP-to-traffic class mutation map to an interface
Configuring a DSCP-to-traffic class and drop precedence mutation map
Applying a DSCP-to-traffic class and drop precedence mutation map to an interface
Configuring traffic class-to-CoS mappings
Configuring a traffic class-to-CoS mutation map
Applying a traffic class-to-CoS mutation map to an egress interface
Configuring an Interface Level QoS Traffic Class
Configuring Traffic Class to DSCP Mappings
Applying a Traffic Class to DSCP Map to an Egress Interface
Configuring Interface level QoS Trust DSCP
Describes configuring Interface level QoS Remark DSCP
Configuring congestion control
Configuring WRED
Configuring link level flow control
Enable Priority Flow Control
Configuring Hardware Buffer for Lossless Traffic
Monitor TM Deleted or Discarded Packets
Displaying the egress queue state information for an interface
Displaying the RED Profile and dropped packets information for an interface
Configuring Explicit Congestion Notification
Configuring Enhanced Transmission Selection
LLDP TLVs for Enhanced Transmission Selection
Priority Flow Control Configuration TLV
Enhanced Transmission Selection (ETS) Recommendation TLV
Enhanced Transmission Selection (ETS) Configuration TLV
Link Aggregation TLV
Configuring scheduling
Configuring strict priority egress scheduling
Configure a Strict Priority for the Multicast Queue
Flow-based QoS
Configuring a class map using an ACL
Configuring a policy map
Configuring QoS mutation map actions
Apply QoS Mutation Maps to an Interface
Bind the Policy Map at the System Level
Bind the Policy Map to an Interface
Configuring the QoS policing rate
Applying the QoS policing rate to an interface
Configure Virtual Output Queuing
Configure an MPLS QoS DSCP-to-EXP Mutation Map
Applying an MPLS QoS DSCP-to-EXP mutation map globally
Configure an MPLS QoS EXP-to-DSCP Mutation Map
Applying an MPLS QoS EXP-to-DSCP mutation map globally
Configure an MPLS QoS EXP-to-Traffic Class Mutation Map
Applying an MPLS QoS EXP-to-traffic class mutation map globally
Configure an MPLS QoS Traffic Class-to-EXP Mutation Map
Applying an MPLS QoS traffic class-to-EXP mutation map globally
Configuring a CoS Mutation map on SLX 9740 and Extreme 8820
Applying a CoS Mutation map to a SLX 9740 or Extreme 8820
Traffic Management Counters and Statistics
Counters and Statistics Overview
Traffic Management Counter Types
Traffic Management Counters
ACL-based rate limiting use cases
Use case 1 - protection against TCP SYN attacks
and
Configuring use case 1 - protection against TCP SYN attacks
.
Use case 2 - protection against TCP RST attacks
and
Configuring use case 2 - protection against TCP RST attacks
.
Use case 3 - protection against Ping attacks
and
Configuring use case 3 - protection against ping flood attacks
.
Use case 4 - protection against UDP flood attacks
and
Configuring use case 4 - protection against UDP flood attacks
.