Question

How to configure Interface Policer or Rate-limit traffic on the Versa FlexVNF Interfaces?

Solution

Interface Policer or Rate-limit traffic helps in controlling the amount of traffic hitting the router incoming Interface in any WAN interface or LAN interface.

Policing works only on ingress direction. 

1. Follow these steps to create a QOS profile on the Versa Director:
   1. Login to Versa Director.
   2. Select Appliance Context > Branch > Networking > Class of Service  > Qos Profiles, and click +.
   3. Set Peak Rate (Kbps).
   4. Select Forwarding Class and Loss Priority as applicable.
   5. Clock OK.
      
2. Create Qos Policy and Rules:
   1. Navigate to Appliance Context > Branch > Networking > Class of Service  > Qos Policies > Policies >.
      
      
   2. Provide a name for the policy, and click OK.
   3. Navigate to Appliance Context > Branch > Networking > Class of Service  > Qos Policies > Rules >.
      
   4. Provide a name for the rule.
   5. Under Source/Destination tab, select only the Source Zone and leave rest of the entries blank.
      Here the selected Intf-SD-WAN-Zone binds to only one interface vni-0/0.
      
   6. Under Enforce tab > Action Setting, select Drop Excess Traffic.
   7. Select the appropriate Qos Profile, and click OK.
      
3. Run show interfaces statistics vni-0/0 and show orgs org-services Tenant-Org-2 class-of-service qos-policies rules qos-policy-stats CLI commands to verify the applied configuration by checking the interface statistics, and check if the configured Qos Policies and rules count are increasing.

admin@Branch-100-DIA-cli> show interfaces statistics vni-0/0
         TENANT                       HOST  RX       RX               RX      RX    TX       TX              TX      TX
NAME     ID      VRF                  INF   PACKETS  PPS  RX BYTES    ERRORS  BPS   PACKETS  PPS  TX BYTES   ERRORS  BPS
---------------------------------------------------------------------------------------------------------------------------
vni-0/0  2       SD-WAN-Transport-VR  eth1  1256438  2    2491501297  0       2912  1073904  2    300661272  1       3112

admin@Branch-100-DIA-cli> show orgs org-services Tenant-Org-2 class-of-service qos-policies rules qos-policy-stats
                             QOS     QOS      QOS      QOS      QOS      PPS      PPS      KBPS     KBPS
                      QOS    DROP    DROP     FORWARD  FORWARD  SESSION  POLICER  POLICER  POLICER  POLICER
                RULE  HIT    PACKET  BYTE     PACKET   BYTE     DENY     PKTS     BYTES    PKTS     BYTES
NAME            NAME  COUNT  COUNT   COUNT    COUNT    COUNT    COUNT    DROPPED  DROPPED  DROPPED  DROPPED
-------------------------------------------------------------------------------------------------------------
Qos-Policies-1  R1    3414   3331    5043134  10       777      0        0        0        3331     5043134

If excess traffic is flowing to the configured interface, then the appropriate packet Drop count starts increasing.

NOTE: The output in Step 3 confirms:

•    The traffic is hitting the appropriate interface(created Qos rule).
•    Traffic exceeding the configured value is getting dropped.              

NOTE: 

• The first output shows the amount of live traffic hitting the interface VNI-0/0. 
• The second output shows the Qos Policies rule the traffic is hitting, and shows the Drop count for the KBPS policer because the traffic has reached the Peak Rate value in KBPS.