The speed-limit command sets the rate limit for encrypted traffic on an IPSec tunnel.
The undo speed-limit command cancels the configuration.
By default, the rate limit for encrypted traffic on an IPSec tunnel is 0, that is, traffic is not limited.
speed-limit { inbound | outbound } speed-limit [ policy-based | sa-based ]
undo speed-limit { inbound | outbound }
| Parameter | Description | Value |
|---|---|---|
| inbound | Specifies the inbound rate limit. | - |
| outbound | Specifies the outbound rate limit. | - |
| speed-limit | Specifies the rate limit. | The value is 0 or an integer that ranges from 08 to 4194303, in kbit/s. The default value is 0, indicating that the rate limit is disabled. |
| policy-based | Indicates that the rate limit is set based on the IPSec policy. | - |
| sa-based | Indicates that the rate limit is set based on the IPSec SA (IPSec tunnel). | - |
Manual IPSec policy view, ISAKMP IPSec policy view, IPSec policy template view, IPSec profile view
Usage Scenario
When multiple IPSec tunnels are established on the device (for example, a branch device), traffic conflict occurs if the data traffic is heavy. You can set the rate limit for each IPSec tunnel. Excess traffic is discarded and traffic on each tunnel can be correctly transmitted.
When the headquarters establishes IPSec tunnels with multiple branches, traffic conflict occurs between the branches if the data traffic of one branch is heavy. You can set the rate limit for each IPSec tunnel based on the IPSec policy to discard the excess traffic. Excess traffic is discarded and traffic on each tunnel can be correctly transmitted.
Precautions
If no parameter is selected, the device performs rate limit based on the IPSec tunnel by default.
The sum of rate limits for all IPSec tunnels based on an IPSec policy cannot exceed the rate limit of the policy.
# Set the IPSec tunnel-based rate limit for IPSec policy policy1 to 500 kbyte/s.
<sysname> system-view [sysname] ipsec policy policy1 1 manual [sysname-ipsec-policy-manual-policy1-1] speed-limit inbound 500
<sysname> system-view [sysname] ipsec policy policy1 1 manual [sysname-ipsec-policy-manual-policy1-1] speed-limit inbound 500 policy-based