JUNOSe 7.2.x Policy Management Configuration Guide
80 ! Hierarchical Rate Limits
These actions become the same action if the hierarchy has only one rate limit.
Combining these actions with the additional choices to transmit or drop packets
results in the following possible actions:
! Drop—Drops the packet at that rate limit in the hierarchy. The packet does not
change the state of any rate limit further down the hierarchy.
! Transmit final—Sets the packet color and ends the packet's traversal of the
rate-limit hierarchy at the current rate limit. The packet is forwarded and the
rate limits further down the hierarchy are not affected. Because transmit final is
based on the result of the rate limit, transmit is not an attribute of the node in
the rate-limit hierarchy. Committed packets can exit the hierarchy while
conformed and exceeded packets continue to the next rate limit.
! Transmit conditional—Sets the packet color to the result calculated by the rate
limit and forwards the packet to the next rate limit for processing, also
transferring ownership of the packet to the next rate limit. The next rate limit
can then set the packet color according to the state of its token buckets and
apply its actions to the packet. The transmit conditional option is the same as
connecting the two rate limits in series.
! Transmit unconditional—Sets the packet color to the result calculated by the
rate limit, retains ownership of the packet, and forwards the packet to the next
rate limit. Later rate limits only decrement their current token counts by the
packet length but do not otherwise affect the packet, either by changing its
color or applying their actions to it. Although the packet is not affected, the
remaining rate limits change because the token counts are reduced, making
them more likely to make other packets conformed or exceeded. Transmit
unconditional is not allowed as an exceeded action.
After the transmit-unconditional completes, the packet traverses to the end of
the hierarchy. Because ownership of the packet has been retained, no rate limit
further down can apply its actions to it. Some of the later rate limits might
already have very low token counts, which must still be decremented when
processing a transmit-unconditional packet (if necessary, by making the token
count negative). Negative token counts enable the remaining rate limits to
restrict the total traffic through them to their peak rate (over a large enough
averaging interval, which is a function of rates and burst sizes only). Transmit
unconditional packets traversing the rate-limit hierarchy reduce the number of
tokens available for other packets.
A rate limit has one of the four preceding actions configured for each possible
result: committed, conformed, and exceeded. (Transmit unconditional is not
allowed as an exceeded action.) The action taken depends only on the result of that
rate limit, its rates, burst sizes, and current token state. In addition, the rate limit
assigns a color to the packet, depending on both the result of the rate limit and the
packet's incoming color. The final color after a packet has finished traversing a
rate-limit hierarchy is a function of all the rate limits that owned the packet.
Policy actions are processed in the following order:
1. log
2. filter
To Next Page
Loading...
Need help?
General
