< Home

Example for Configuring Rate Limiting in a Specified Time Range

Networking Requirements

As shown in Figure 1, users connect to the Internet devices through GE0/0/2 of the switch.

During work hours from 08:30 to 18:00, the rate of traffic sent to the external network cannot exceed 4 Mbit/s.

Figure 1 Networking of rate limiting in a specified time range

Configuration Roadmap

A time-range-based traffic policy can be used to implement rate limiting. The configuration roadmap is as follows:
  1. Configure interfaces to enable the users to connect to the Internet through the Switch.
  2. Configure a time range, which will be applied to an ACL.
  3. Configure an ACL to match traffic passing through the Switch in the specified time range.
  4. Configure an ACL to match HTTP traffic for accessing the Internet in the specified time range.
  5. Configure a traffic policy to limit the rate of packets matching the ACL.
  6. Apply the traffic policy to the inbound direction of GE0/0/1.

Procedure

  1. Create VLANs and configure interfaces.

    # Create VLAN 10 on the Switch.

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit

    # Configure GE0/0/1 and GE0/0/2 on the Switch as trunk interfaces and add them to VLAN 10.

    [Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type trunk
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[Switch-GigabitEthernet0/0/2] quit

    Configure the interface of the LSW connected to the Switch as a trunk interface and add it to VLAN 10.

    # Create VLANIF 10 and assign IP address 192.168.1.1/24 to it.

    [Switch] interface vlanif 10
[Switch-Vlanif10] ip address 192.168.1.1 24
[Switch-Vlanif10] quit

    Configure IP address 192.168.1.2/24 for the router interface connected to the Switch.

  2. Create a time range working_time that defines work hours from 08:30 to 18:00. 

    [Switch] time-range working_time 08:30 to 18:00 working-day

  3. Configure ACL 2001 and define two rules to rate-limit traffic from 192.168.1.11 and 192.168.1.12 during work hours. 

    [Switch] acl number 2001
[Switch-acl-basic-2001] rule permit source 192.168.1.11 0 time-range working_time
[Switch-acl-basic-2001] rule permit source 192.168.1.12 0 time-range working_time
[Switch-acl-basic-2001] quit

  4. Configure ACL 3000 and define one rule to rate-limit HTTP traffic (port 80) from the source IP address 192.168.1.10 to the Internet during work hours. 

    [Switch] acl number 3000
[Switch-acl-adv-3000] rule permit tcp destination-port eq 80 source 192.168.1.10 0 time-range working_time
[Switch-acl-adv-3000] quit

  5. Apply ACL 2001 to a traffic classifier. 

    [Switch] traffic classifier c1 operator or
[Switch-classifier-c1] if-match acl 2001
[Switch-classifier-c1] if-match acl 3000
[Switch-classifier-c1] quit

  6. Configure a traffic behavior and set the rate limit to 4 Mbit/s. 

    [Switch] traffic behavior b1
[Switch-behavior-b1] car cir 4096
[Switch-behavior-b1] quit

  7. Configure a traffic policy and apply the traffic policy on GE0/0/1 in the inbound direction. 

    [Switch] traffic policy p1
[Switch-trafficpolicy-p1] classifier c1 behavior b1
[Switch-trafficpolicy-p1] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] traffic-policy p1 inbound
[Switch-GigabitEthernet0/0/1] quit

  8. Verify the configuration.

    # View the traffic classifier configuration.

    [Switch] display traffic classifier user-defined c1
  User Defined Classifier Information:                                          
   Classifier: c1                                                               
    Operator: OR                                                                
    Rule(s) : if-match acl 2001                                                                                                     
              if-match acl 3000

    # View the traffic policy configuration.

    [Switch] display traffic policy user-defined p1
  User Defined Traffic Policy Information:                                      
  Policy: p1                                                                    
   Classifier: c1                                                               
    Operator: OR                                                                
     Behavior: b1                                                               
      Committed Access Rate:                                                    
        CIR 4096 (Kbps), CBS 512000 (Byte)                                      
        PIR 4096 (Kbps), PBS 512000 (Byte)
        Green Action   : pass                                                   
        Yellow Action  : pass                                                   
        Red Action     : discard

Configuration Files

  • Switch configuration file

    #
sysname Switch
#
vlan batch 10
#
time-range working_time 08:30 to 18:00 working-day     
#
acl number 2001  
 rule 5 permit source 192.168.1.11 0 time-range working_time
 rule 10 permit source 192.168.1.12 0 time-range working_time
#
acl number 3000                                                                                                                     
 rule 5 permit tcp source 192.168.1.10 0 destination-port eq www time-range working_time                                            
#
traffic classifier c1 operator or
 if-match acl 2001                                                                                                                  
 if-match acl 3000
#
traffic behavior b1
 car cir 4096 pir 4096 cbs 512000 pbs 512000 green pass yellow pass red discard 
#
traffic policy p1 match-order config
 classifier c1 behavior b1
#
interface Vlanif10                                                              
 ip address 192.168.1.1 255.255.255.0                                           
#                                                                               
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 10
 traffic-policy p1 inbound
#                                                                               
interface GigabitEthernet0/0/2
 port link-type trunk                                                           
 port trunk allow-pass vlan 10                                                  
#
return
Parent Topic: Configuration Examples for Traffic Policing, Traffic Shaping, and Interface-based Rate Limiting
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >