Re: CAR conform-action details

From: Labcciee (labccie@uol.com.br)
Date: Fri Feb 04 2005 - 18:24:22 GMT-3

In the gave example, the continue keyword is necessary because without it
the rate-limit command would match the first line for every packet that
conforms with the limit 50MB of bandwidth and the packet would not be
compared against the other lines, even if it is a http or tfpt packet,
because a match has alredy hapenned.
It fuctions like an access-list, if an match is found no more verification
is made. The continue keyword is necssary, so even is there was a match,
the packet will be compared against the next line.

----- Original Message -----
From: "null void" <nullv0idmain@yahoo.com>
To: "Edwards, Andrew M" <andrew.m.edwards@boeing.com>;
<ccielab@groupstudy.com>
Sent: Friday, February 04, 2005 7:10 PM
Subject: RE: CAR conform-action details

> Thanks very much for the detailed explanation that does help alot.. But I
still am trying to determine weather or not in a multi-line rate limit as
depicted in your great example .. Is the first line required to have a
continue action , to parse the lines that may be below it ? So if I have 4
lines , will traffic be compared to all 4 lines starting from the first one
until a match is made ? Or if you want them all to be used , you must
include on your first rate-limit command a continue keyword ???
>
> Thanks Null
>
> "Edwards, Andrew M" <andrew.m.edwards@boeing.com> wrote:
> I think a good example of this would be as follows:
>
> You have a Fastethernet interface to Vlan 100 and an uplink FastEthernet
> interface towards the core of your network. Service level agreements
> have been made such that all web traffic to any host on Vlan100 should
> be limited to 5Mbps with a precedence set to critical, traffic in excess
> of this should be marked as routine. TFTP traffic to host 1.1.1.1
> should be limited to 2Mbps with offending traffic dropped. In order to
> support a multiple customers aggregating in the core, all customer
> traffic should not exceed 50Mbps. All traffic not covered by the SLA
> towards VLAN100 should be set as priority. Use R1 F0/1.
>
> (vlan100)F0/1-R1-F0/0
>
>
>
> Int f0/1
> Rate-limit in 50000000 9375000 18750000 conform-action continue
> exceed-action drop
>
>
> Rate-limit out 50000000 9375000 18750000 conform-action continue
> exceed-action drop
> Rate-limit access 100 out 5000000 937500 1875000 conform-action
> set-prec-transmit 5 exceed-action drop
> Rate-limit access 110 out 2000000 375000 750000 conform-action transmit
> exceed-action set-prec-trans 0
>
> Access-list 100 permit tcp any eq 80 any
> Access-list 100 permit tcp any any eq 80
> Access-list 100 permit tcp any eq 443 any
> Access-list 100 permit tcp any any eq 443
>
> Access-list 110 permit udp any host 1.1.1.1 eq tftp
> Access-list 110 permit udp any eq tftp host 1.1.1.1
> Access-list 110 permit udp host 1.1.1.1 eq tftp any
> Access-list 110 permit udp host 1.1.1.1 any eq tftp
>
>
> Note the "all customer traffic" wording so its in and out limited.
> Also, note that rate-limit is parsed from top down like an access-list.
>
> HTH,
>
> andy
> -----Original Message-----
> From: null void [mailto:nullv0idmain@yahoo.com]
> Sent: Friday, February 04, 2005 8:06 AM
> To: ccielab@groupstudy.com
> Subject: CAR conform-action details
>
>
> Hi, I was wondering if anyone has further information on
> conform-action-continue option when configuring CAR , in the dqos / odom
> book in the policing section it shows a few multi-line rate-limit
> examples but doesnt really clarify what is required or give detail.. Say
> we have the following situation:
>
> Limit traffic out of R1 G0/0 interface for traffic destined to hosts on
> subnet 1.1.1.x from your networks. TCP traffic must be limited to
> 200Mbps , WWW traffic to 10Mbps , TCP port 3389 to 10Mbps , ftp traffic
> to 5 Mbps. In the dqos book they show the most specific item listed
> first which in this case would be all TCP traffic to rate-limit of
> 2000000 , then they use the conform-action continue , down to 3 other
> lines that or more granular than just all TCP traffic , so my question
> is if you have a multi line rate-limit policy to apply what is the
> thought process in ordering the lines and is the conform-action-continue
> statement required on the first rate-limit command to use say rate-limit
> lines 2 through 6 for example.. Below is from a cco doc and this is
> really all I can find about it.
> TIA Null
>
> ContinueThe packet is evaluated using the next rate policy in a chain
> of rate limits. If there is not another rate policy, the packet is
> transmitted
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:17 GMT-3