< Home

Configuring Inbound Interface-based Rate Limiting

Context

If rates of traffic sent from users are not limited, continuous burst data from many users congests the network. Inbound interface-based rate limiting controls the rate of traffic entering an interface within a specified range.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run qos-car exclude-interframe

    The system is configured not to count the inter-frame gap and preamble of packets when calculating inbound interface-based rate limiting.

    By default, the system counts the inter-frame gap and preamble of packets when calculating the traffic rate for inbound interface-based rate limiting.

  3. Run interface interface-type interface-number

    The interface view is displayed.

  4. Run qos lr inbound cir cir-value [ cbs cbs-value ]

    Inbound interface-based rate limiting is configured.

    By default, traffic policing is not configured in the inbound direction on an interface.

    When interface-based 802.1X authentication is configured and the RADIUS server delivers the rate limit, the interface does not support the rate limit.

    When inbound interface-based rate limiting, broadcast traffic suppression in a VLAN (for details on how to configure broadcast traffic suppression in a VLAN, see Configuring Traffic Suppression in a VLAN in "Traffic Suppression and Storm Control Configuration" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Security), and inbound MQC-based traffic policing are configured simultaneously on the S2720-EI, S5720-LI, S5720S-LI, S5720-SI, S5720S-SI, S5720I-SI, S5730-SI, S5730S-EI, S6720-LI, S6720S-LI, S6720-SI, and S6720S-SI, these rules take effect in descending order of priority: inbound interface-based rate limiting > broadcast traffic suppression in a VLAN > inbound MQC-based traffic policing. For example, if both inbound interface-based rate limiting and broadcast traffic suppression in a VLAN are configured, inbound interface-based rate limiting takes effect.

    If both the IPSG function and inbound interface-based rate limiting are configured on an interface of the S2720-EI, S5720I-SI, S5720-LI, S5720S-LI, S5720S-SI, S5720-SI, S5730S-EI, S5730-SI, S6720-LI, S6720S-LI, S6720S-SI, and S6720-SI, both IPSG and interface-based rate-limiting configurations take effect as long as the configurations do not conflict. Otherwise, only the IPSG configuration takes effect.

  5. (Optional) Run qos lr inbound whitelist protocol { arp-request | bpdu | dhcp | igmp | rip }*

    Protocol packets are added to the whitelist for inbound interface-based rate limiting and are not rate-limited in the inbound direction of all interfaces.

    By default, no protocol packet is added to the whitelist for inbound interface-based rate limiting.

    Only the S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735-S-I, and S5735S-S support this command.

Configuration Tips

Deleting the Configuration of Inbound Interface-based Rate Limiting

Run the undo qos lr inbound command in the interface view to delete the configuration of inbound interface-based rate limiting configuration.

Verifying the Configuration of Inbound Interface-based Rate Limiting

Run the display qos statistics command to check the rate limiting result and determine whether inbound interface-based rate limiting takes effect.

Statistics about incoming packets on an interface (queried using the display interface or display this interface command) are collected before inbound interface-based rate limiting is performed on the interface. Therefore, you cannot determine whether the rate limit takes effect by comparing the number of incoming packets on an interface with the rate limit.

Parent Topic: Configuring Interface-based Rate Limiting
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >