diff --git a/docs/en-US/network-rate.xml b/docs/en-US/network-rate.xml
new file mode 100644
index 00000000000..56fe25c04a5
--- /dev/null
+++ b/docs/en-US/network-rate.xml
@@ -0,0 +1,144 @@
+
+
+%BOOK_ENTITIES;
+]>
+
+
+ Network Throttling
+ Network throttling is the process of controlling the network access and bandwidth usage
+ based on certain rules. &PRODUCT; controls this behaviour of the guest networks in the cloud by
+ using the network rate parameter. This parameter is defined as the default data transfer rate in
+ Mbps (Megabits Per Second) allowed in a guest network. It defines the upper limits for network
+ utilization. If the current utilization is below the allowed upper limits, access is granted,
+ else revoked.
+ You can throttle the network bandwidth either to control the usage above a certain limit for
+ some accounts, or to control network congestion in a large cloud environment. The network rate
+ for your cloud can be configured on the following:
+
+
+ Network Offering
+
+
+ Service Offering
+
+
+ Global parameter
+
+
+ If network rate is set to NULL in service offering, the value provided in the
+ vm.network.throttling.rate global parameter is applied. If the value is set to NULL for network
+ offering, the value provided in the network.throttling.rate global parameter is
+ considered.
+ For the default public, storage, and management networks, network rate is set to 0. This
+ implies that the public, storage, and management networks will have unlimited bandwidth by
+ default. For default guest networks, network rate is set to NULL. In this case, network rate is
+ defaulted to the global parameter value.
+ The following table gives you an overview of how network rate is applied on different types
+ of networks in &PRODUCT;.
+
+
+
+
+
+
+ Networks
+ Network Rate Is Taken from
+
+
+
+
+ Guest network of Virtual Router
+ Guest Network Offering
+
+
+ Public network of Virtual Router
+ Guest Network Offering
+
+
+ Storage network of Secondary Storage VM
+ System Network Offering
+
+
+ Management network of Secondary Storage VM
+ System Network Offering
+
+
+ Storage network of Console Proxy VM
+ System Network Offering
+
+
+ Management network of Console Proxy VM
+ System Network Offering
+
+
+ Storage network of Virtual Router
+ System Network Offering
+
+
+ Management network of Virtual Router
+ System Network Offering
+
+
+ Public network of Secondary Storage VM
+ System Network Offering
+
+
+ Public network of Console Proxy VM
+ System Network Offering
+
+
+ Default network of a guest VM
+ Compute Offering
+
+
+ Additional networks of a guest VM
+ Corresponding Network Offerings
+
+
+
+
+ A guest VM must have a default network, and can also have many additional networks.
+ Depending on various parameters, such as the host and virtual switch used, you can observe a
+ difference in the network rate in your cloud. For example, on a VMware host the actual network
+ rate varies based on where they are configured (compute offering, network offering, or both);
+ the network type (shared or isolated); and traffic direction (ingress or egress).
+ The network rate set for a network offering used by a particular network in &PRODUCT; is
+ used for the traffic shaping policy of a port group, for example: port group A, for that
+ network: a particular subnet or VLAN on the actual network. The virtual routers for that network
+ connects to the port group A, and by default instances in that network connects to this port
+ group. However, if an instance is deployed with a compute offering with the network rate set,
+ and if this rate is used for the traffic shaping policy of another port group for the network,
+ for example port group B, then instances using this compute offering are connected to the port
+ group B, instead of connecting to port group A.
+ The traffic shaping policy on standard port groups in VMware only applies to the egress
+ traffic, and the net effect depends on the type of network used in &PRODUCT;. In shared
+ networks, ingress traffic is unlimited for &PRODUCT;, and egress traffic is limited to the rate
+ that applies to the port group used by the instance if any. If the compute offering has a
+ network rate configured, this rate applies to the egress traffic, otherwise the network rate set
+ for the network offering applies. For isolated networks, the network rate set for the network
+ offering, if any, effectively applies to the ingress traffic. This is mainly because the network
+ rate set for the network offering applies to the egress traffic from the virtual router to the
+ instance. The egress traffic is limited by the rate that applies to the port group used by the
+ instance if any, similar to shared networks.
+ For example:
+ Network rate of network offering = 10 Mbps
+ Network rate of compute offering = 200 Mbps
+ In shared networks, ingress traffic will not be limited for &PRODUCT;, while egress traffic
+ will be limited to 200 Mbps. In an isolated network, ingress traffic will be limited to 10 Mbps
+ and egress to 200 Mbps.
+
diff --git a/docs/en-US/offerings.xml b/docs/en-US/offerings.xml
index ca6312d7bfe..c880a9c4810 100644
--- a/docs/en-US/offerings.xml
+++ b/docs/en-US/offerings.xml
@@ -25,5 +25,6 @@
are discussed in the section on setting up networking for users.
+