Data-packet switches are a central part of data networks. Some data-packet switches are able to perform port rate limiting whereby the data-packet switch limits the amount of data that ingresses a particular port of the data-packet switch to a user-specified amount. Currently, sophisticated, high-end data-packet switches are capable of performing port rate limiting.
To enforce a rate limit, a data-packet switch may inspect data packets received at a port on a packet-by-packet basis to determine if forwarding a particular data packet to a destination port of the data-packet switch will violate the rate limit. If forwarding the data packet will violate the rate limit, the data packet is discarded rather than forwarded to the destination port.
Performing packet-by-packet inspection requires that the data-packet switch utilize a silicon device having specific hardware features. These features are typically available only on high-end, expensive silicon devices and may include: memory for storing data packets while waiting for inspection; inspection logic for inspecting each data packet; and classification logic for classifying each data packet according to one or more parameters, such as classification according to the port on which the data packet ingressed the data-packet switch.
Using these expensive silicon devices results in an expensive data-packet switch. Due to their expense, operators cannot afford to deploy such data-packet switches widely in their networks, despite their desire to use rate limiting. Consequently, operators often limit deployment of rate limiting to a few locations within their networks.