Configuring rate limiting

This scenario illustrates how to use rate limiting to manage the traffic from various devices connected to a switch. The physical topology of the network looks like this:

A certain amount of broadcast traffic is necessary to maintain healthy network protocols, particularly from routers and across service boundaries. In this scenario, both the service cloud and the router connections limit this traffic to 500 pps. The server has a smaller limit, as it does not require as much network protocol traffic as the service cloud and router.

A multicast server needs to be able to stream multicast traffic to clients, so a multicast rate limit may not be helpful. A computer, however, should not be generating large amounts of multicast traffic (it may be receiving streams, but typically not sending them). In this example, the computer is configured with a multicast rate limit to prevent malicious traffic from taking up network bandwidth.

Finally, while the service cloud and router may need to send traffic for unknown unicast addresses to resolve address forwarding, the server and computer should send very little of this type of traffic. Rate limiting unknown unicast traffic on those two devices enforces that.

  1. Configure broadcast and multicast rate limiting for the service cloud connection.
    switch# config
    switch(config)# interface 1/1/1
    switch(config-if)# rate-limit broadcast 500 pps
    switch(config-if)# rate-limit multicast 500 pps
  2. Configure broadcast rate limiting for the router connection.
    switch(config-if)# interface 1/1/2
    switch(config-if)# rate-limit broadcast 500 pps
  3. Configure broadcast and unknown unicast rate limiting for the server connection.
    switch(config-if)# interface 1/1/5
    switch(config-if)# rate-limit broadcast 100 pps
    switch(config-if)# rate-limit unknown-unicast 50 pps
  4. Configure broadcast, multicast, and unknown unicast rate limiting for the computer connection.
    switch(config-if)# interface 1/1/10
    switch(config-if)# rate-limit broadcast 50 pps
    switch(config-if)# rate-limit multicast 50 pps
    switch(config-if)# rate-limit unknown-unicast 20 pps