Policer and Protocol Policer

Objective

This document provides instructions on setting up Policers and Protocol Policers in VoltConsole. Policers and Protocol Policers are available in system, application, and shared namespaces.

Policer is used for applying rate limits to traffic and protocol policer rate-limits traffic for specific type of packets such as TCP, UDP, etc. You can use policers in ACLs and network policies.

Prerequisites

The following prerequisites apply:

Configuration

Perform the following steps in VoltConsole to set up new Policers and Protocol Policers:

Policers

Step 1: Log into VoltConsole, open Policers.
  • Log into your VoltConsole, go to console.ves.volterra.io, using your email and password.
  • Select System icon, located in upper-left corner under Volterra.
  • Open Security tab, located in left column.
  • Select Firewall, from drop-down menu.
  • Select Policers, from pop-up menu.

image3
Figure: VoltConsole Policers

Step 2: Add Policer.
  • Select Add Policer button in Policers, located under No Policer Configured in middle of page.

Note: The Add Policer center button is only visible when no policer is present. In case policers are present, use the + Add Policer option at the top left of the page

image4
Figure: Add Policer button

Note: The Add Policer center button is only visible when no policer is present. For example, if there are two pre-existing policers, it wont be visible, but if you delete those it will be visible.

  • Enter Name in Metadata.

Note: The configuration object will be created with Name. It has to be unique within the namespace. The value of name has to follow DNS-1035 format. (DNS-1035 label must be lower case alphanumeric characters - start with letters - and end in letters or numbers corresponding with domains and clusters e.g. abc-123).

  • Select Labels as needed.

Note: Labels, Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.

  • Enter Description as needed.

Note: Human readable Description for the object.

image5
Figure: Add Policer Metadata

Step 3: Configure Policer.
  • Select Policer Mode, from drop-down menu.

    • Not Shared, A separate policer instance is created for each reference to the policer.
    • Shared, A common policer instance is used for for all references to the policer.

Note: Policer mode specifies if policer needs to share the traffic limits across term references or a separate instance has to be created for each reference. For example if Rule 1 and Rule 2 refer to policer and each rule should get bandwidth of 10Kb, then policer mode to be used is “Not Shared” If both Rule 1 and Tule 2 cumulatively need 10kbs then a policer should be created with node as “Shared”.

  • Enter Committed information Rate(pps) value.

Note: Packets per second (pps).

Note: The committed information is the guaranteed packets rate for traffic arriving or departing under normal conditions. e.g. 10000 pps (Min value is 1).

  • Enter Burst Size(pps) value.

Note: The maximum size permitted for bursts of data e.g. 10000 pps burst (Min value is 1).

  • Select Policer Type Single-Rate Two-Color Policer Basic Single-Rate Two-Color Policer option if needed.

    image5
    Figure: Add Policer Metadata

    • Click Save and Exit button to add new policer.

Protocol Policers

Step 4: Add Protocol Policers.
  • Log into your VoltConsole, go to console.ves.volterra.io, using your email and password.
  • Select System icon, located in upper-left corner under Volterra.
  • Open Security tab, located in left column.
  • Select Firewall, from drop-down menu.
  • Select Protocol Policers, from pop-up menu.

image3
Figure: VoltConsole Protocol Policers

  • Select Add Protocol Policer button, in Protocol Policers located under No Protocol Policer Configured in middle of page.

Note: The Add Protocol Policer center button is only visible when no protocol policer is present. In case policers are present, use the + Add Protocol Policer option at the top left of the page

Step 5: Configure Protocol Policers.

image6
Figure: Add Protocol Policer

  • Enter Name in Metadata.
  • Enter Labels and Description as needed.

image7
Figure: Add Protocol Policer Metadata

  • Click + Add item button under Protocol Policer section.

Note: Two drop-down options will appear.

  • Select Packet Type (TCP, ICMP, UDP, DNS) in drop-down menu.

Note: Provide various protocol specific match conditions. Another drop-down option will appear for TCP and ICMP Packet type options.

  • Select Policer in drop-down menu.

Note: Reference to policer object to apply traffic rate limits.

image7
Figure: Add Protocol Policer Metadata

  • Click Save & Exit.

Note: Click Cancel and Exit to cancel request and return to previous page.


Concepts