3

Is it possible to enable an absolute value rate limit using QOS on a HP ProCurve 5406 switch for a particular IP address on a specific port?

We have a 10Mbps head end connection for multiple locations that is a single physical port. Occasionally a well meaning administrator, or misconfigured application, will push out client updates to all these locations at once. This will immediately saturate the head end causing no small amount of grief to our clients on the far side of it. Nine times out ten, the offender is a one server where anti-virus services, WSUS and other client management applications are installed. Not all of these applications have the ability to configure rate limiting from the context of the application itself.

Is there a way to configure our HP 5406 with an absolute rate limit on that port for that server's IP addresses? I would like to limit it to only being capable of sending 1Mbps worth of traffic over the head end at once.

Everything in the documentation points towards priority queues, which as far as I can tell, isn't really what I want.

Baring accomplishing this goal using rate limiting is there a better way to prevent our services from accidentally saturating this connection?

1 Answers1

4

The 5400zl series supports a very full feature list to provide quality of service (QoS) and traffic management. And for your specific requirement it also supports rate-limiting. Your best bet will be to upgrade to the latest version (K.15.8 at this point in time). The reference is the Advanced Traffic Management guide (current version)

What you need to do is 1. Define a class to match the traffic you wish to limit 2. Define a policy on how to treat the traffic 3. Apply the policy on a interface or VLAN

Something like the following should work:-

class ipv4 servers-to-be-slowed
    match ip 1.2.3.4/32 any
    match ip 1.2.3.5/32 any
    exit
policy qos SlowBadServers
    class servers-to-be-slowed action rate-limit kbps 1000
    exit
interface all service-policy SlowBadServers in

I have written interface all above but you probably want to apply it only to your so called head end connection

ewwhite
  • 194,921
  • 91
  • 434
  • 799
martyvis
  • 239
  • 1
  • 7
  • Unfortunately this doesn't seem to work. Testing with iperf and sFlow still show that I am capable to saturating our Metro-E/TLS WAN links. –  Jun 07 '12 at 21:33
  • @kce did you fix this? I'm having the same issue. The policy is applied, but the monitoring tool shows that it still exceeds the rate-limiting. – Conrad C May 18 '18 at 15:37