RE: CAR rate limiting

From: Michy Eika (cciemaster@shingor.net)
Date: Mon Sep 11 2006 - 13:10:32 ART

• Next message: xprtofnet: "How to filter RP Group registration ?"
• Previous message: Dusty: "pix show command for ids signature"
• Maybe in reply to: Michy Eika: "RE: CAR rate limiting"
• Next in thread: Michy Eika: "RE: CAR rate limiting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Route flap

  Oh, it's my typo. Thanks for correcting.

Michy

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
route flap
Sent: Monday, September 11, 2006 3:08 AM
To: Michy Eika
Cc: Michael Stout; apilcher@itgcs.com; mario.salzano@siemens.com;
pauld@marshallcomm.com; ccielab@groupstudy.com
Subject: Re: CAR rate limiting

Mike,

In my opinion the configuration should look like this:

policy-map WWW-POLICER
   class WWW
    police cir 100000
      conform-action transmit
      exceed-action drop
 !
  policy-map TCP-POLICER
   class TCP
    police cir 500000
      conform-action transmit
      exceed-action drop
      service-policy WWW-POLICER

Apply it outbuond the interface serial

-RalF

On 9/10/06, Michy Eika <cciemaster@shingor.net> wrote:
>
> Hi folks.
>
> I'll try to answer this question(maybe it's too late).
> I think this question requires nest in policy-map.
>
>
> class-map match-all TCP
> match access-group 101
> class-map match-all WWW
> match access-group 100
>
> policy-map WWW
> class WWW
> police 100000 3125 3125 conform-action transmit exceed-action
> drop policy-map TCP
> class TCP
> police 500000 15625 15625 conform-action transmit exceed-action drop
> service-policy WWW
> !
> !
> !
> interface Ethernet0/0
> no ip address
> service-policy output TCP
> half-duplex
> !
>
> Router#sh policy-map int e0/0
> Ethernet0/0
>
> Service-policy output: TCP
>
> Class-map: TCP (match-all)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: access-group 101
> police:
> 500000 bps, 15625 limit
> conformed 0 packets, 0 bytes; action: transmit
> exceeded 0 packets, 0 bytes; action: drop
> conformed 0 bps, exceed 0 bps
>
> Service-policy : WWW
>
> Class-map: WWW (match-all)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: access-group 100
> police:
> 100000 bps, 3125 limit
> conformed 0 packets, 0 bytes; action: transmit
> exceeded 0 packets, 0 bytes; action: drop
> conformed 0 bps, exceed 0 bps
>
> Class-map: class-default (match-any)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
>
> Class-map: class-default (match-any)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
>
> !
> access-list 100 permit tcp any any eq www access-list 101 permit tcp
> any any
>
> HTH
>
> Michy
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Michael Stout
> Sent: Thursday, August 10, 2006 10:33 AM
> To: apilcher@itgcs.com; mario.salzano@siemens.com;
> pauld@marshallcomm.com; ccielab@groupstudy.com
> Subject: RE: CAR rate limiting
>
> this is indeed very interesting.
> However, if you reversed the order of NoCEF1 and NoCEF2 you would
> achieve the same result.
> The Class lines are parsed in order and when a match is made the code
> for that class is processed.
> I believe the origional question was asking about the contine parameter .
>
> What would you do to the traffic upon the continuation?
>
> --------------------------------------------------------------------
>
> From: "Aaron Pilcher" <apilcher@itgcs.com>
> Reply-To: "Aaron Pilcher" <apilcher@itgcs.com>
> To: "'Salzano, Mario Arthur Costa'" <mario.salzano@siemens.com>,
> "'Paul Dardinski'" <pauld@marshallcomm.com >, "'Cisco certification'"
> <ccielab@groupstudy.com>
> Subject: RE: CAR rate limiting
> Date: Wed, 9 Aug 2006 08:10:20 -0500
> Good point....
>
> class-map match-all NoCEF1
> match not access-group name NoCEF2
> match access-group name NoCEF1
> class-map match-any NoCEF2
> match access-group name NoCEF2
>
> -----Original Message-----
> From: Salzano, Mario Arthur Costa [mailto:mario.salzano@siemens.com]
> Sent: Wednesday, August 09, 2006 8:01 AM
> To: Aaron Pilcher; Paul Dardinski; Cisco certification
> Subject: RE: CAR rate limiting
>
> But FTP is also a TCP protocol. How could we separate them?
>
> Matching NoCEF1 is also a matching on NoCEF2.
>
> Does anybody have an idea for this case?
>
> I think that using "match not" expression could be a solution.
>
> Regards,
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> Aaron Pilcher
> Sent: Wednesday, August 09, 2006 9:38 AM
> To: 'Paul Dardinski'; 'Cisco certification'
> Subject: RE: CAR rate limiting
>
> Yes it is possible using CAR, or LLQ......the enclosed use a higher
> rate
> than than 100/500k....
>
> class-map match-any NoCEF1
> match access-group name NoCEF1
> class-map match-any NoCEF2
> match access-group name NoCEF2
> !
> !
> policy-map LIMIT
> class NoCEF1
> bandwidth 2000
> class NoCEF2
> bandwidth 1000
>
> Interface gig0/0
> service-policy output LIMIT
>
> ip access-list extended NoCEF1
> permit tcp any any
> ip access-list extended NoCEF2
> permit tcp any any eq ftp
> permit tcp any any eq ftp-data
>
> *********************************************
> *********************************************
>
> rate-limit output access-group 100 2000000 1500 2000 conform-action
> transmit
> exceed-action drop
> rate-limit output access-group 101 1000000 1500 2000 conform-action
> transmit exceed-action drop
>
> The ACLs 100 and 101 would, of course be something like the above
> (NoCEF1
> and NoCEF2).
>
> ************************************************************************
> *
> ************************************************************************
> *
>
> Though CEF is commonly configured with all QOS implementations, the
> DocCD
> does not list it as a requirement for either LLQ or CAR.
>
> -aaron
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto: nobody@groupstudy.com] On Behalf
> Of
> Paul
> Dardinski
> Sent: Wednesday, August 09, 2006 6:44 AM
> To: Cisco certification
> Subject: CAR rate limiting
>
> If required for example to limit www traffic to rate x and limit tcp
> traffic to rate y, is this possible using continue via CAR?
>
> Can anyone provide an example config for this?
>
> Ie. limit www to 100k, tcp to 500k?
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: xprtofnet: "How to filter RP Group registration ?"
• Previous message: Dusty: "pix show command for ids signature"
• Maybe in reply to: Michy Eika: "RE: CAR rate limiting"
• Next in thread: Michy Eika: "RE: CAR rate limiting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART