Manage rate limit policies

A rate limit policy is a set of rules that define average bandwidth and burst buffer for specific traffic flows. A rate limit policy provides accurate bandwidth control for the traffic between a VM and a network site.

To apply a rate limit policy to VMs, you must specify it in a port profile. Compared with the inbound and outbound traffic limits of a port profile, a rate limit policy provides more granular traffic control.

Restrictions and guidelines

In RBAC mode, only a security administrator can manage rate limit policies.

Add a rate limit policy

On the top navigation bar, click Security.
From the left navigation pane, select Network Security > Rate Limit Policies.
Click Add.
Specify the policy name, description, and owner.
Configure whether to configure the policy as a time-based policy. If yes, specify the time when the policy takes effect.
To add a rule, click Add Rule, configure the rule, and then click Finish.
Click OK.

Edit a rate limit policy

From the left navigation pane, select Network Security > Rate Limit Policies.
Click Edit in the Actions columns for a rate limit policy.
Edit the description of the policy.
Edit the rules of the policy:
- To add a rule, click Add Rule.
- To edit a rule, click Edit in the Action column.
- To delete a rule, click Delete in the Action column.
- To set the priorities of rules, click Edit Priority.
Click OK.

Convert a private rate limit policy to a public rate limit policy

On the top navigation bar, click Security.
From the left navigation pane, select Network Security > Rate Limit Policies.
In the Actions columns for a private rate limit policy, click More and then select Convert to Public Policy.
In the dialog box that opens, click OK.

Copy a rate limit policy

On the top navigation bar, click Security.
From the left navigation pane, select Network Security > Rate Limit Policies.
In the Actions columns for a rate limit policy, click More and then select Copy.
In the dialog box that opens, configure the parameters and then click OK.

Export a rate limit policy

Perform this task to export a rate limit policy to the specified storage location.

On the top navigation bar, click Security.
From the left navigation pane, select Network Security > Rate Limit Policies.
In the Actions columns for a rate limit policy, click More and then select Export.
Click OK.

Import a rate limit policy

Perform this task to import a rate limit policy template to the platform. This feature improves the efficiency of rate limit policy configuration and avoids configuration errors, allowing multiple platforms to share the same rate limit policy easily.

On the top navigation bar, click Security.
From the left navigation pane, select Network Security > Rate Limit Policies.
Click Import, and then select the desired rate limit policy file.
In the dialog box that opens, configure the parameters and then click OK.

Delete a rate limit policy

On the top navigation bar, click Security.
From the left navigation pane, select Network Security > Rate Limit Policies.
In the Actions columns for a rate limit policy, click More and then select Delete.
In the dialog box that opens, click OK.

Filter rate limit policies

On the top navigation bar, click Security.
From the left navigation pane, select Network Security > Rate Limit Policies.
Select Public, Private, or All from the Used By field to filter rate limit policies by owner.

Parameters

Rate limit parameters:

Name: Specify a rate limit policy name.
Description: Specify a description for the rate limit policy.
Used By: Select the policy owner. Options include Public and Private. A public rate limit policy can be viewed and used by all users, and a private rate limit policy can be viewed and used only by users in the same user group as the policy creator.

Parameters for adding a rule:

Rate Limit Method: Select a rate limit method. Options include IP, ARP, and Broadcast.
Remote CIDR: Enter a network segment in CIDR format. 0.0.0.0/0 represents any IPv4 address. ::/0 represents any IPv6 address. To specify any IP address, leave this field empty. This parameter is required only when the rate limit method is IP.
Direction: Select a traffic direction:
- Upstream—Traffic from a VM to a remote site.
- Downstream—Traffic from a remote site to a VM.
Average Bandwidth: Enter the average bandwidth in Kbps or Mbps.
Burst Buffer: Enter the burst buffer size in KBytes or MBytes.
Edit Rule Priorities: Set the priorities of rules. If a remote IP address matches two rules in the same direction, and the network segment of the high-priority rule contains that of the low-priority rules, the system uses the high-priority rule. For example, rule A and rule B are applied to the upstream direction. Rule A contains network 192.168.100.0/24, and rule B contains network 192.168.100.40/32. If the priority of rule A is higher than that of rule B, rule A takes effect.