As we use rate limit feature to restrict bandwidth in switch.Today we will see how to control bandwidth with ACL.
For this we need to understand some more related concepts with ACL.
Action Group –
- To support the packet classification and traffic control, the switch extends the traditional ACL, so that the ACL and each permit rule in the ACL can be bound with one action group
- It will take the corresponding action for the matching packet. The action group is the set of actions
- One action group can contain packet mirroring, packet re-direction, packet modification, packet traffic control, and packet counting.
- Each entry of the ACL can be bound to one action group. Execute the corresponding action for the matching packet.
- The action group can only be bound with the IP ACL and can only be bound with the permit rule.
Hope now you have fair enough information about Action group used with ACL. Let’s see how to use it for our requirement.For that, need to understand Traffic meter.
Traffic Meter
It’s a traffic meter, which you define separately in global configuration in Maipu switch for bandwidth control and bind it with action group and then action group will be configured with permit ACL rule. So that as ACL will get match it should apply the action group for matched packets.
Let’s start with some well known terms used in traffic meter.
Related Terms:
CIR: Committed Information Rate
CBS: Committed Burst Size
EBS: Excess Burst Size
PIR: Peak Information Rate
PBS: Peak Burst Size
SRTCM (Single Rate Three Color Marker): It is defined in RFC2697. Use the three parameters (CIR, CBS, and EBS) to realize the single rate control and packet coloring function. It includes color bind mode and color –sensing mode.
Details - The Single Rate Three Color Marker (srTCM) meters an IP packet stream and marks its packets either green, yellow, or red. Marking is based on a Committed Information Rate (CIR) and two associated burst sizes, a Committed Burst Size (CBS) and an Excess Burst Size (EBS). A packet is marked green if it doesn't exceed the CBS, yellow if it does exceed the CBS, but not the EBS, and red otherwise. The srTCM is useful, for example, for ingress policing of a service, where only the length, not the peak rate, of the burst determines service eligibility.
TRTCM (Two Rate Three Color Marker): It is defined in RFC2698. Use CIR, CBS, PIR, and PBS to realize the two rate control and the coloring for packets. It includes the color bind mode and color –sensing mode.
Details: The Two Rate Three Color Marker (trTCM) meters an IP packet stream and marks its packets either green, yellow, or red. A packet is marked red if it exceeds the Peak Information Rate (PIR). Otherwise it is marked either yellow or green depending on whether it exceeds or doesn't exceed the Committed Information Rate (CIR). The trTCM is useful, for example, for ingress policing of a service, where a peak rate needs to be enforced separately from a committed rate.
Working flow of Traffic meter:
- To support the packet based traffic control, you can specify one meter name in the action group.
- The meter supports two modes, including SRTCM and TRTCM. The function of the meter is to remark or drop the packet according to the traffic.
- The meter has the processing action for the coloured packet. When being configured as drop the colored packet, it is used to complete the packet traffic limitation function; when being configured as remark the colored packet, it is used to complete the packet classification according to the traffic so that the user takes different QoS policies in the later data path.
- After the meter is configured to color the packets, the counter in the action group can count the packets.
Below is one configuration example, It will help for better understanding...
Topology:
PC1 sender(192.168.1.9)------- port0/0 swtich port 0/1----------PC2 receiver (192.168.1.15)
Configuration:
Traffic meter: (It is configured with 5Mb)
traffic-meter TEST_VLAN100
meter mode trtcm 5120 160000 5120 512000
meter action red drop
meter action yellow drop
exit
l3-action-group TRAFFIC_LIMIT
meter TEST_VLAN100
exit
ip access-list extended MATCH_TRAFFIC
10 permit ip any any l3-action-group TRAFFIC_LIMIT
exit
vlan 100
ip access-group MATCH_TRAFFIC in
exit
Port configuration:
port 0/0
port-type uni
uni-isolate community
port access vlan 100
load-interval 30
exit
port 0/1
port-type uni
uni-isolate community
port access vlan 100
load-interval 30
exit
You can see, the results in below screenshots.
Screenshots:
BEFORE APPLYING
PC-1 : (Sender- 192.168.1.9) – PC1 in sending 7 MB of traffic to PC 2.
Before Traffic meter:
PC-2 Receiver (192.168.1.15)
Before applying Traffic meter :
After applying traffic meter:
AFTER APPLYING
PC-1 (Sender - 192.168.1.9)
When you apply traffic meter, then also sender will not get affected, it will send the traffic as usual. But you can see the effects in receiver end.
PC-2 (Receiver – 192.168.1.15)
you can see here our ACL is working. After applying traffic meter, the receiver is only receiving 5 MB.
I was doing one testing, Where I used traffic meter. So I shared this testing and traffic meter concepts.
Device used: Maipu 3400 switch
IOS: sp1-g-6.2.17.pck
Plz check the command explanations:
meter mode srtcm cir cbs ebs
meter mode trtcm cir cbs bps pir
Command | Description |
meter mode srtcm | Configure the traffic meter as srtcm mode. The configuration is colored according to the metering result of the traffic meter. |
meter mode trtcm | Configure the traffic meter as trtcm mode. The configuration is colored according to the metering result of the traffic meter. |
Cir | Commitment information rate |
Cbs | Commitment burst size |
Ebs | Exceeding burst size |
Pbs | Peak burst size |
Pir | Peak information rate |
You can use this feature for VLAN based traffic control using ACL.
Hope this information is informative for you.
For feedback, Plz comment with your name and mail id. For new users you can use Name/URL option.
Thanks for reading…
