From: Michy Eika (cciemaster@shingor.net)
Date: Sun Sep 10 2006 - 10:46:32 ART
Hi folks.
I'll try to answer this question(maybe it's too late).
I think this question requires nest in policy-map.
class-map match-all TCP
match access-group 101
class-map match-all WWW
match access-group 100
policy-map WWW
class WWW
police 100000 3125 3125 conform-action transmit exceed-action drop
policy-map TCP
class TCP
police 500000 15625 15625 conform-action transmit exceed-action drop
service-policy WWW
!
!
!
interface Ethernet0/0
no ip address
service-policy output TCP
half-duplex
!
Router#sh policy-map int e0/0
Ethernet0/0
Service-policy output: TCP
Class-map: TCP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 101
police:
500000 bps, 15625 limit
conformed 0 packets, 0 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
conformed 0 bps, exceed 0 bps
Service-policy : WWW
Class-map: WWW (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 100
police:
100000 bps, 3125 limit
conformed 0 packets, 0 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
!
access-list 100 permit tcp any any eq www
access-list 101 permit tcp any any
HTH
Michy
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Michael Stout
Sent: Thursday, August 10, 2006 10:33 AM
To: apilcher@itgcs.com; mario.salzano@siemens.com; pauld@marshallcomm.com;
ccielab@groupstudy.com
Subject: RE: CAR rate limiting
this is indeed very interesting.
However, if you reversed the order of NoCEF1 and NoCEF2 you would achieve
the same result.
The Class lines are parsed in order and when a match is made the code for
that class is processed.
I believe the origional question was asking about the contine parameter .
What would you do to the traffic upon the continuation?
--------------------------------------------------------------------
From: "Aaron Pilcher" <apilcher@itgcs.com>
Reply-To: "Aaron Pilcher" <apilcher@itgcs.com>
To: "'Salzano, Mario Arthur Costa'" <mario.salzano@siemens.com>,
"'Paul Dardinski'" <pauld@marshallcomm.com>, "'Cisco certification'"
<ccielab@groupstudy.com>
Subject: RE: CAR rate limiting
Date: Wed, 9 Aug 2006 08:10:20 -0500
Good point....
class-map match-all NoCEF1
match not access-group name NoCEF2
match access-group name NoCEF1
class-map match-any NoCEF2
match access-group name NoCEF2
-----Original Message-----
From: Salzano, Mario Arthur Costa [mailto:mario.salzano@siemens.com]
Sent: Wednesday, August 09, 2006 8:01 AM
To: Aaron Pilcher; Paul Dardinski; Cisco certification
Subject: RE: CAR rate limiting
But FTP is also a TCP protocol. How could we separate them?
Matching NoCEF1 is also a matching on NoCEF2.
Does anybody have an idea for this case?
I think that using "match not" expression could be a solution.
Regards,
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
Aaron Pilcher
Sent: Wednesday, August 09, 2006 9:38 AM
To: 'Paul Dardinski'; 'Cisco certification'
Subject: RE: CAR rate limiting
Yes it is possible using CAR, or LLQ......the enclosed use a higher
rate
than than 100/500k....
class-map match-any NoCEF1
match access-group name NoCEF1
class-map match-any NoCEF2
match access-group name NoCEF2
!
!
policy-map LIMIT
class NoCEF1
bandwidth 2000
class NoCEF2
bandwidth 1000
Interface gig0/0
service-policy output LIMIT
ip access-list extended NoCEF1
permit tcp any any
ip access-list extended NoCEF2
permit tcp any any eq ftp
permit tcp any any eq ftp-data
*********************************************
*********************************************
rate-limit output access-group 100 2000000 1500 2000 conform-action
transmit
exceed-action drop
rate-limit output access-group 101 1000000 1500 2000 conform-action
transmit exceed-action drop
The ACLs 100 and 101 would, of course be something like the above
(NoCEF1
and NoCEF2).
************************************************************************
*
************************************************************************
*
Though CEF is commonly configured with all QOS implementations, the
DocCD
does not list it as a requirement for either LLQ or CAR.
-aaron
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
Paul
Dardinski
Sent: Wednesday, August 09, 2006 6:44 AM
To: Cisco certification
Subject: CAR rate limiting
If required for example to limit www traffic to rate x and limit tcp
traffic to rate y, is this possible using continue via CAR?
Can anyone provide an example config for this?
Ie. limit www to 100k, tcp to 500k?
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART