Rate Limiting QoS Rules
Rate limiting controls the overall traffic throughput sent or received on a network interface. A specific bandwidth limit can be set for a network or device; then, if the actual traffic violates that policy at any time, the traffic is shaped in some way. In this implementation, packets are dropped until the traffic flow conforms to the policy with some queuing (delaying packets in transit) applied.
Rate Limiting with the CLI
You can rate limit traffic by turning on Traffic Control and using the Token Bucket Rate as the token bucket limiter. Follow these steps to rate limit the client 10.11.31.115 to approximately 3Mbps and then run a quick test to verify functionality.
- Determine the token bucket rate to achieve the desired rate limit. In the example below, we’ll limit it to 3Mbps (3Mbps = 3000000bps. 3000000/8/8=46875).
- Create a qosrule that does rate limiting for a client.
Controller1# sh qosrule 23
QoS and Firewall Rules
ID : 23
Id Class flow class : on
Destination IP : 10.11.31.115 (this is the client to be rate limited)
Destination IP match : on
Destination IP flow class : on
Destination Netmask : 255.255.255.255
Destination Port : 0
Destination Port match : none
Destination Port flow class : none
Source IP : 0.0.0.0
Source IP match : none
Source IP flow class : none
Source Netmask : 0.0.0.0
Rate Limiting QoS Rules
Source Port : 0
Source Port match : none
Source Port flow class : none
Network Protocol : 6
Network Protocol match : on Network Protocol flow class : on
Firewall Filter ID :
Filter Id match : none
Filter Id Flow Class : none
Packet minimum length : 0
Packet Length match : none
Packet Length flow class : none
Packet maximum length : 0
QoS Protocol : other
Average Packet Rate : 0
Action : forward
Drop Policy : head
Token Bucket Rate : 46875
Priority : 0
Traffic Control : on
DiffServ Codepoint : disabled
Qos Rule Logging : on
Qos Rule Logging Frequency : 31
Rate Limiting QoS Rules with the GUI
You can rate limit traffic for a single user by turning on Traffic Control and using the Token Bucket Rate as the token bucket limiter. Follow these steps to rate limit the traffic:
- Click Configure > QoS Settings > QoS and Firewall rules tab > Add. The QoS and Firewall rules Add window displays.
- Scroll down to the lower half of the QoS and Firewall rules Add window.
- Set Traffic Control On.
- Set the token bucket rate to achieve the desired rate limit. This can be entered in either Kbps (from 0-1000) or Mbps (from 0-64), depending on the needs of your deployment.
- Click OK.
The rate limit is now set.
Rate Limiting Examples
Rate-Limit Clients in the Same Subnet for TCP
To rate-limit clients from the subnet 10.11.31.0, follow these steps:
- Determine the token bucket rate to achieve the desired rate limit. In the example below, we’ll limit it to 3Mbps (3Mbps = 3000000bps. 3000000/8/8=46875).
Rate Limiting QoS Rules
- Create the following qosrule to rate-limit clients from a particular subnet:
Controller1# sh qosrule 23
QoS and Firewall Rules
ID: 23
ID Class flow class : on
Destination : 10.11.31.0 (this is the subnet to be rate limited)
Destination IP match : on
Destination IP flow class : on
Destination Netmask : 255.255.255.0
Destination Port : 0
Destination Port match : none
Destination Port flow class : none
Source IP : 0.0.0.0
Source Netmask : 0.0.0.0
Source Port : 0
Source Port match : none
Source Port flow class : none
Network Protocol : 6
Network Protocol match : on Network Protocol flow class : on
Firewall Filter ID :
Filter Id match : none
Filter Id Flow Class : none
Packet minimum length : 0
Packet Length match : none
Packet Length flow class : none
Packet maximum length : 0
QoS Protocol : other
Average Packet Rate : 0
Action : forward
Drop Policy : head
Token Bucket Rate : 46875
Priority : 0
Traffic Control : on
DiffServ Codepoint : disabled
Qos Rule Logging : on
Qos Rule Logging Frequency : 60
- Configure Chariot to send a TCP downstream to the client 10.11.31.115 using the throughput script. You should see throughput averaging around3Mbps on Chariot.
As a result of this QoS rule, each client in the 10.11.31.xxx network will get approximately get 3 mbps from each individual source in the same subnet.
Rate-Limit Clients From Different Subnets for TCP
To rate-limit clients from any subnet other than the one that those clients are currently using, follow these steps:
Rate Limiting QoS Rules
- Determine the token bucket rate to achieve the desired rate limit. In the example below, we’ll limit it to 3Mbps (3Mbps = 3000000bps. 3000000/8/8=46875).
- Create the following qosrule to rate-limit clients from a particular subnet:
Controller1# sh qosrule 23
QoS and Firewall Rules
ID : 23
Id Class flow class : on
Destination IP : 10.11.31.0 (this is the subnet to be rate limited)
Destination IP match : on
Destination IP flow class : none
Destination Netmask : 255.255.255.0
Destination Port : 0
Destination Port match : none
Destination Port flow class : none
Source IP : 0.0.0.0
Source Netmask : 0.0.0.0
Source Port : 0
Source Port match : none
Source Port flow class : none
Network Protocol : 6
Network Protocol match : on Network Protocol flow class : on
Firewall Filter ID :
Filter Id match : none
Filter Id Flow Class : none
Packet minimum length : 0
Packet Length match : none
Packet Length flow class : none
Packet maximum length : 0
QoS Protocol : other
Average Packet Rate : 0
Action : forward
Drop Policy : head
Token Bucket Rate : 46875
Priority : 0
Traffic Control : on
DiffServ Codepoint : disabled
Qos Rule Logging : on
Qos Rule Logging Frequency : 60
- Configure Chariot to send a TCP downstream to the different clients in 10.11.31.xxx using the throughput script.
All the clients in 10.11.31.xxx network should now share the 3 Mbps from each individual source.
Rate Limiting QoS Rules