Managing traffic classification policies

To enhance your quality-of-service (QoS) offerings, you can create traffic classification policies to identify and monitor different types of network traffic. These policies can assist with traffic limiting and monitoring.

Traffic classification policies are applied to endpoints on the StorageGRID Load Balancer service for Gateway Nodes and Admin Nodes. To create traffic classification policies, you must have already created load balancer endpoints.

Matching rules and optional limits

Each traffic classification policy contains one or more matching rules to identify the network traffic related to one or more of the following entities:
  • Buckets
  • Tenants
  • Subnets (IPv4 subnets containing the client)
  • Endpoints (load balancer endpoints)
StorageGRID monitors traffic that matches any rule within the policy according to the objectives of the rule. Any traffic that matches any rule for a policy is handled by that policy. Conversely, you can set rules to match all traffic except a specified entity.
Optionally, you can set limits for a policy based on the following parameters:
  • Aggregate Bandwidth In
  • Aggregate Bandwidth Out
  • Concurrent Read Requests
  • Concurrent Write Requests
  • Per-Request Bandwidth In
  • Per-Request Bandwidth Out
  • Read Request Rate
  • Write Requests Rate
Note: You can create policies to limit aggregate bandwidth or to limit per-request bandwidth. However, StorageGRID cannot limit both types of bandwidth at the same time. Aggregate bandwidth limits might impose an additional minor performance impact on non-limited traffic.

Traffic limiting

When you have created traffic classification policies, traffic is limited according to the type of rules and limits you set. For aggregate or per-request bandwidth limits, the requests stream in or out at the rate you set. StorageGRID can only enforce one speed, so the most specific policy match, by matcher type, is the one enforced. For all other limit types, client requests are delayed by 250 milliseconds and receive a 503 Slow Down response for requests that exceed any matching policy limit.

In the Grid Manager, you can view traffic charts and verify that the polices are enforcing the traffic limits you expect.

Using traffic classification policies with SLAs

You can use traffic classification policies in conjunction with capacity limits and data protection to enforce service-level agreements (SLAs) that provide specifics for capacity, data protection, and performance.

Traffic classification limits are implemented per load balancer. If traffic is distributed simultaneously across multiple load balancers, the total maximum rates are a multiple of the rate limits you specify.

The following example shows three tiers of an SLA. You can create traffic classification policies to achieve the performance objectives of each SLA tier.

Service Level Tier Capacity Data Protection Performance Cost
Gold 1 PB storage allowed 3 copy ILM rule

25 K requests/sec

5 GB/sec (40 Gbps) bandwidth

$$$ per month
Silver 250 TB storage allowed 2 copy ILM rule

10 K requests/sec

1.25 GB/sec (10 Gbps) bandwidth

$$ per month
Bronze 100 TB storage allowed 2 copy ILM rule

5 K requests/sec

1 GB/sec (8 Gbps) bandwidth

$ per month