RE: Ratelimit vs MQC

From: Chris Lewis \(chrlewis\) (chrlewis@cisco.com)
Date: Tue Jul 12 2005 - 12:28:24 GMT-3

• Next message: ccie2004@excite.com: "Re: OSPF LSA Filtering"
• Previous message: Fady Boules: "FastReroute"
• Maybe in reply to: k c: "Ratelimit vs MQC"
• Next in thread: Ed Lui: "Re: Ratelimit vs MQC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ed,

Nested policies are a key benefit of the MQC system. Whether you do or
do not next policies depend upon the requirements of the question. In
the original example, all TCP traffic is limited to 5M, and within that
5M, FTP is limited to 2 M. With your example, if something matches the
FTP policy-map, it will be counted against tha and not the tcp class, so
it is possible to get 5M of TCP traffic AND 2 Meg of FTP traffica llowed
by the configuration you show.

That is fine, it just depends upon the question requirements.

Chris

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ed Lui
Sent: Tuesday, July 12, 2005 9:58 AM
To: k c
Cc: ccielab@groupstudy.com
Subject: Re: Ratelimit vs MQC

J,
 For method 2, I don't think it is a good idea to nest a policy into
another. In other words, something like below should work Method 2)
access-list 101 permit tcp 10.1.1.0 <http://10.1.1.0>
0.0.0.255<http://0.0.0.255>any

class-map match-all ftp
match protocol FTP

class-map match-all tcp
match access-group 101

policy-map ftp_tcp
class ftp
police cir 2000000
class tcp
police cir 5000000

interface f0/0
service-policy input ftp_tcp

HTH,
 Ed Lui
   On 7/11/05, k c <jwongccie@yahoo.com.hk> wrote:
>
> Hi Group,
>
> I need to permit tcp traffic from vlan10 (10.1.1.0 <http://10.1.1.0>)
> at 5Mbps and ftp traffic at 2Mbps. Are the following two methods
> correct? For method 2, will ftp packets match both policies tcp and
ftp?
>
> Method 1)
> rate-limit input access-group 101 5000000 10000 20000 conform-action
> continue exceed-action drop rate-limit intput access-group 102 2000000

> 10000 20000 conform-action transmit exceed-action drop access-list 101

> permit tcp 10.1.1.0 <http://10.1.1.0>
0.0.0.255<http://0.0.0.255>any
> access-list 102 permit tcp 10.1.1.0 <http://10.1.1.0>
0.0.0.255<http://0.0.0.255>any eq ftp
> access-list 102 permit tcp 10.1.1.0 <http://10.1.1.0>
0.0.0.255<http://0.0.0.255>any eq ftp-data
>
> Method 2)
> access-list 101 permit tcp 10.1.1.0 <http://10.1.1.0>
0.0.0.255<http://0.0.0.255>any
>
> class-map match-all ftp
> match protocol FTP
>
> class-map match-all tcp
> match access-group 101
>
> policy-map ftp
> class ftp
> police cir 2000000
>
> policy-map tcp
> class tcp
> police cir 5000000
> service-policy ftp
>
> interface f0/0
> service-policy input tcp
>
> Thanks.
>
>
> %og+
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: ccie2004@excite.com: "Re: OSPF LSA Filtering"
• Previous message: Fady Boules: "FastReroute"
• Maybe in reply to: k c: "Ratelimit vs MQC"
• Next in thread: Ed Lui: "Re: Ratelimit vs MQC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3