Hierarchical Rate-Limit Actions - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual

Hierarchical Rate-Limit Actions

Copyright © 2010, Juniper Networks, Inc.
Color-aware uses the incoming packet color in its algorithm
Not promoting packets means that if the packet enters the rate limit as yellow and the
rate-limit then determines that it is green, the packet remains yellow. If the rate limit
determines it is red, then the packet is colored red.
A rate-limit rule is an instance of a rate-limit profile. The same profile can be used to
create many rate-limit rules in the same hierarchy or in different rate-limit hierarchies.
The classifier group that defines the flow can use a mark rule with color-mark profile to
set the packet ToS field based on the packet color. A rate-limit hierarchy invoked from
the classifier group is one way of changing the packet color; the rate-limit hierarchy is
invoked before the classifier group runs the mark rule to set the packet ToS.
Every packet traversing a rate-limit hierarchy has an owner that is defined by the last
rate limit that can apply its actions to the packet; this is a configuration option.
A rate limit in the hierarchy that does not own the packet only decrements its tokens, but
cannot perform any of the following actions:
Transfer ownership of the packet to the next rate limit.
Retain ownership of the packet but consume tokens from the remaining rate limits in
the hierarchy.
Exit the rate-limit hierarchy, making that rate limit the final one for the packet.
These actions become the same action if the hierarchy has only one rate limit. Combining
these actions with the additional choices to transmit or drop packets results in the
following possible actions:
Drop—Drops the packet at that rate limit in the hierarchy. The packet does not change
the state of any rate limit further down the hierarchy.
Transmit final—Sets the packet color and ends the packet's traversal of the rate-limit
hierarchy at the current rate limit. The packet is forwarded and the rate limits further
down the hierarchy are not affected. Because transmit final is based on the result of
the rate limit, transmit is not an attribute of the node in the rate-limit hierarchy.
Committed packets can exit the hierarchy while conformed and exceeded packets
continue to the next rate limit.
Transmit conditional—Sets the packet color to the result calculated by the rate limit
and forwards the packet to the next rate limit for processing, also transferring ownership
of the packet to the next rate limit. The next rate limit can then set the packet color
according to the state of its token buckets and apply its actions to the packet. The
transmit conditional option is the same as connecting the two rate limits in series.
Transmit unconditional—Sets the packet color to the result calculated by the rate limit,
retains ownership of the packet, and forwards the packet to the next rate limit. Later
rate limits only decrement their current token counts by the packet length but do not
otherwise affect the packet, either by changing its color or applying their actions to it.
Although the packet is not affected, the remaining rate limits change because the
Chapter 5: Creating Rate-Limit Profiles
61