how to rate limite with Policer - bytes, packets...?

  • 1
  • Question
  • Updated 3 weeks ago
Need to rate limit an interface to a range that is not withing the standard range of "link speed..." and I am trying to accomplish this with POLICER and ACLs. 

The documentation here: says that policer modes are either packets or kilobytes, but when it's configured/applied inside of iptables.  
Now, configuring the same under NCLU, when you step out the command, the only mode option is packets. 
Knowing that packets can vary in sizes, between IPv4, IPv6, protocol, playload, etc, how does one effectively utilize policer and acl's to rate limit a port? 
By way of testing, I want to limit all traffic on a 10G trunk port to 100K (NOT production environement): and this is how want to accomplish this:

policer-template 100K mode packet rate 13 burst 20
acl mac MAC-100Kb-RATE priority 10 police 100K source-mac any dest-mac any

iface swp49
   acl mac MAC-100Kb-RATE inbound
   acl mac MAC-100Kb-RATE outbound

here is the logic: if the units are KB we'd want 100/8 or 12.5 so round up to 13 to get to ~100Kbps

really could use some deeper insight in how this is all broken down
Photo of Troy MacDonald

Troy MacDonald

  • 720 Points 500 badge 2x thumb

Posted 3 weeks ago

  • 1

Be the first to post a reply!