From: Karim (karim_ccie@hotmail.com)
Date: Thu Apr 15 2004 - 06:54:33 GMT-3
Hi Group,
Required to limit the ICMP traffic to 128K and allow a burst of 1/4 of this
rate (128000).
The offered solution:
using Rate-limit is:
access-list 100 permit icmp any any
!
interface Ethernet0/0
rate-limit output access-group 100 128000 4000 4000 conform-action transmit
exceed-action drop
Using MQC:
class-map match-all icmp
match access-group 101
!
policy-map icmp
class icmp
police 128000 bc 4000 conform-action transmit exceed-action drop
OR police 128000 4000 4000 conform-action transmit exceed-action drop
!
access-list 101 permit icmp any any
interface fa0/0
service-policy output icmp
I know that 4000 is taken from 128000/(8*4). I am confused, why it was solved
as above, I was thinking to solve as follows:
My solution:
Using rate-limit:
access-list 100 permit icmp any any
!
interface Ethernet0/0
rate-limit output access-group 100 128000 16000 20000 conform-action transmit
exceed-action drop
Parameters calculated as follows:
bc= 128000/8 = 16000. And for busting to 1/4 the 128K, set the be= 16000 +
(16000/4) = 20000.
Using MQC with the same previous parameters:
class-map match-all icmp
match access-group 101
!
policy-map icmp
class icmp
police 128000 bc 16000 be 20000 conform-action transmit exceed-action drop
!
access-list 101 permit icmp any any
interface fa0/0
service-policy output icmp
Can someone help, why didn't we use the second solution and why is it wrong
????????
Thanks for your help,
Karim.
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:47 GMT-3