SmartSwitch Router User Reference Manual 303Chapter 21: QoS Configuration GuideLimiting Traffic RateNote: Some commands in this facility require updated SSR hardware. Please refer toAppendix A for details.Rate limiting provides the ability to control the usage of a fundamental network resource,bandwidth. It allows you to limit the rate of traffic that flows through the specifiedinterfaces, thus reserving bandwidth for critical applications. The SSR supports twomodes of rate limiting; only one mode can be in effect at a time. The rate limiting modesare:• Per-flow rate limiting mode allows you to configure policies that limit individual flowsto a specified rate. This is the default rate limiting mode on the SSR.• Aggregate rate limiting mode allows you to configure policies that limit an aggregationof flows (all flows that match an ACL) to a specified rate. For example, you can limittraffic to or from a particular subnet. Aggregate rate limiting mode also allows you toconfigure port-level rate limiting policies that limit traffic coming into a particular port.This type of policy can be used to limit any type of traffic.For per-flow and aggregate rate limiting policies, a traffic profile is used to define the trafficcharacteristics before an upper limit is assigned. The traffic profile is created using anACL, which can utilize any combination of the parameters supported in the IP ACL. Arate limiting policy can then be defined by using the ACL and traffic rate limitations. Youdefine the action to be taken on the traffic that exceeds the upper limit; for example, dropthe packets. Except for port rate limiting, the rate limiting policy is then applied to alogical IP interface.Rate limiting policies work in only one direction; that is, only the traffic coming in on theinterface to which a policy is applied will be subject to rate limiting (except for output portrate limiting policies, which are applied to egress ports). If both incoming and outgoingtraffic to a network or subnet needs to be rate limited, then you should create separatepolicies to be applied to each interface.Note: You can configure a maximum of 24 port and aggregate rate limiting policies perSSR line card.Rate Limiting ModesPer-flow rate limiting is enabled on the SSR by default. If you need to create aggregate orinput port-level rate limiting policies, you must enable the aggregate rate limiting mode.If you enable aggregate rate limiting mode, you will not be able to configure new per-flowrate limiting policies.The rate limiting mode can be changed only if there are no existing rate limiting policies.For example, before you can enable aggregate rate limiting mode, you need to delete anyexisting per-flow rate limiting policies.