Re: CAR rate limiting

From: Heiko Liedtke (heiko.liedtke@gmx.net)
Date: Sun Sep 10 2006 - 14:04:30 ART

• Next message: Jai Prakash: "OT : Regarding CCIE NO Association with Company"
• Previous message: kelly@cliffhanger.com: "Re: Limited to 5 VTY lines on cisco 2509?"
• Next in thread: route flap: "Re: CAR rate limiting"
• Maybe reply: route flap: "Re: CAR rate limiting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As you have asked for the CONTINUE keyword in the CAR, I found this
document....

http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800d7276.shtml

My understanding of CONTINUE is, that I can use this feature to have
more than two limits for some
kind of traffic.
With a single line rate limit command I can have on action for conform
and one for exceed.
What if i want to have another limit and want to have some more
granularity?
Then I would configure continue as conform action and have to posibility
to configure another rate limit line to specifiy the next limits..

e.g.

Traffic over 500 k ---> Transmit and set IP Prec 5
Traffic over 768 k ---> Transmit and set IP Prec 3
Traffic over 1024k ---> Transmit and set IP Prec 0
Traffic over 1536k---> Drop.

I hope this is correct? Any feedback of the group would be usefull for me...

Cheers
heiko

Michy Eika schrieb:

>Hi folks.
>
>I'll try to answer this question(maybe it's too late).
>I think this question requires nest in policy-map.
>
>
>class-map match-all TCP
> match access-group 101
>class-map match-all WWW
> match access-group 100
>
>policy-map WWW
> class WWW
> police 100000 3125 3125 conform-action transmit exceed-action drop
>policy-map TCP
> class TCP
> police 500000 15625 15625 conform-action transmit exceed-action drop
> service-policy WWW
>!
>!
>!
>interface Ethernet0/0
> no ip address
> service-policy output TCP
> half-duplex
>!
>
>Router#sh policy-map int e0/0
> Ethernet0/0
>
> Service-policy output: TCP
>
> Class-map: TCP (match-all)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: access-group 101
> police:
> 500000 bps, 15625 limit
> conformed 0 packets, 0 bytes; action: transmit
> exceeded 0 packets, 0 bytes; action: drop
> conformed 0 bps, exceed 0 bps
>
> Service-policy : WWW
>
> Class-map: WWW (match-all)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: access-group 100
> police:
> 100000 bps, 3125 limit
> conformed 0 packets, 0 bytes; action: transmit
> exceeded 0 packets, 0 bytes; action: drop
> conformed 0 bps, exceed 0 bps
>
> Class-map: class-default (match-any)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
>
> Class-map: class-default (match-any)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
>
>!
>access-list 100 permit tcp any any eq www
>access-list 101 permit tcp any any
>
>HTH
>
>Michy
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Michael Stout
>Sent: Thursday, August 10, 2006 10:33 AM
>To: apilcher@itgcs.com; mario.salzano@siemens.com; pauld@marshallcomm.com;
>ccielab@groupstudy.com
>Subject: RE: CAR rate limiting
>
>this is indeed very interesting.
>However, if you reversed the order of NoCEF1 and NoCEF2 you would achieve
>the same result.
>The Class lines are parsed in order and when a match is made the code for
>that class is processed.
>I believe the origional question was asking about the contine parameter .
>
>What would you do to the traffic upon the continuation?
>
> --------------------------------------------------------------------
>
> From: "Aaron Pilcher" <apilcher@itgcs.com>
> Reply-To: "Aaron Pilcher" <apilcher@itgcs.com>
> To: "'Salzano, Mario Arthur Costa'" <mario.salzano@siemens.com>,
> "'Paul Dardinski'" <pauld@marshallcomm.com>, "'Cisco certification'"
> <ccielab@groupstudy.com>
> Subject: RE: CAR rate limiting
> Date: Wed, 9 Aug 2006 08:10:20 -0500
> Good point....
>
> class-map match-all NoCEF1
> match not access-group name NoCEF2
> match access-group name NoCEF1
> class-map match-any NoCEF2
> match access-group name NoCEF2
>
> -----Original Message-----
> From: Salzano, Mario Arthur Costa [mailto:mario.salzano@siemens.com]
> Sent: Wednesday, August 09, 2006 8:01 AM
> To: Aaron Pilcher; Paul Dardinski; Cisco certification
> Subject: RE: CAR rate limiting
>
> But FTP is also a TCP protocol. How could we separate them?
>
> Matching NoCEF1 is also a matching on NoCEF2.
>
> Does anybody have an idea for this case?
>
> I think that using "match not" expression could be a solution.
>
> Regards,
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> Aaron Pilcher
> Sent: Wednesday, August 09, 2006 9:38 AM
> To: 'Paul Dardinski'; 'Cisco certification'
> Subject: RE: CAR rate limiting
>
> Yes it is possible using CAR, or LLQ......the enclosed use a higher
> rate
> than than 100/500k....
>
> class-map match-any NoCEF1
> match access-group name NoCEF1
> class-map match-any NoCEF2
> match access-group name NoCEF2
> !
> !
> policy-map LIMIT
> class NoCEF1
> bandwidth 2000
> class NoCEF2
> bandwidth 1000
>
> Interface gig0/0
> service-policy output LIMIT
>
> ip access-list extended NoCEF1
> permit tcp any any
> ip access-list extended NoCEF2
> permit tcp any any eq ftp
> permit tcp any any eq ftp-data
>
> *********************************************
> *********************************************
>
> rate-limit output access-group 100 2000000 1500 2000 conform-action
> transmit
> exceed-action drop
> rate-limit output access-group 101 1000000 1500 2000 conform-action
> transmit exceed-action drop
>
> The ACLs 100 and 101 would, of course be something like the above
> (NoCEF1
> and NoCEF2).
>
> ************************************************************************
> *
> ************************************************************************
> *
>
> Though CEF is commonly configured with all QOS implementations, the
> DocCD
> does not list it as a requirement for either LLQ or CAR.
>
> -aaron
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> Paul
> Dardinski
> Sent: Wednesday, August 09, 2006 6:44 AM
> To: Cisco certification
> Subject: CAR rate limiting
>
> If required for example to limit www traffic to rate x and limit tcp
> traffic to rate y, is this possible using continue via CAR?
>
> Can anyone provide an example config for this?
>
> Ie. limit www to 100k, tcp to 500k?
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Jai Prakash: "OT : Regarding CCIE NO Association with Company"
• Previous message: kelly@cliffhanger.com: "Re: Limited to 5 VTY lines on cisco 2509?"
• Next in thread: route flap: "Re: CAR rate limiting"
• Maybe reply: route flap: "Re: CAR rate limiting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART