RE: Ratelimit vs MQC

From: ccie2be (ccie2be@nyc.rr.com)
Date: Tue Jul 12 2005 - 19:59:06 GMT-3

• Next message: Paresh Khatri: "RE: Basic BGP question"
• Previous message: Varthis Vassilantonakis: "frame-relay fragment issues"
• Maybe in reply to: k c: "Ratelimit vs MQC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ed,

To meet the requirements stated, you have to use a nested MQC. The problem
with your sample config is that that config allows to total of 7 mb of
traffic, not 5 mb.

What is needed is a total of 5mb of traffic of which a max of 2mb is allowed
fro FTP.

HTH, Tim

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Ed
Lui
Sent: Tuesday, July 12, 2005 10:58 AM
To: k c
Cc: ccielab@groupstudy.com
Subject: Re: Ratelimit vs MQC

J,
 For method 2, I don't think it is a good idea to nest a policy into
another. In other words, something like below should work
 Method 2)
access-list 101 permit tcp 10.1.1.0 <http://10.1.1.0>
0.0.0.255<http://0.0.0.255>any

class-map match-all ftp
match protocol FTP

class-map match-all tcp
match access-group 101

policy-map ftp_tcp
class ftp
police cir 2000000
class tcp
police cir 5000000

interface f0/0
service-policy input ftp_tcp

HTH,
 Ed Lui
   On 7/11/05, k c <jwongccie@yahoo.com.hk> wrote:
>
> Hi Group,
>
> I need to permit tcp traffic from vlan10 (10.1.1.0 <http://10.1.1.0>) at
> 5Mbps and ftp traffic at 2Mbps. Are the following two methods correct? For
> method 2, will ftp packets match both policies tcp and ftp?
>
> Method 1)
> rate-limit input access-group 101 5000000 10000 20000 conform-action
> continue exceed-action drop
> rate-limit intput access-group 102 2000000 10000 20000 conform-action
> transmit exceed-action drop
> access-list 101 permit tcp 10.1.1.0 <http://10.1.1.0>
0.0.0.255<http://0.0.0.255>any
> access-list 102 permit tcp 10.1.1.0 <http://10.1.1.0>
0.0.0.255<http://0.0.0.255>any eq ftp
> access-list 102 permit tcp 10.1.1.0 <http://10.1.1.0>
0.0.0.255<http://0.0.0.255>any eq ftp-data
>
> Method 2)
> access-list 101 permit tcp 10.1.1.0 <http://10.1.1.0>
0.0.0.255<http://0.0.0.255>any
>
> class-map match-all ftp
> match protocol FTP
>
> class-map match-all tcp
> match access-group 101
>
> policy-map ftp
> class ftp
> police cir 2000000
>
> policy-map tcp
> class tcp
> police cir 5000000
> service-policy ftp
>
> interface f0/0
> service-policy input tcp
>
> Thanks.
>
>
> %og+
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Paresh Khatri: "RE: Basic BGP question"
• Previous message: Varthis Vassilantonakis: "frame-relay fragment issues"
• Maybe in reply to: k c: "Ratelimit vs MQC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3