From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Fri Feb 02 2007 - 18:29:59 ART
Hi guys,
the task looks really familiar ;)
Just a quick note: there some interesting differences between the
'rate-limit' and 'police' commands, both in configuration syntax and
functionality:
1) MQC commands implement RFC-compliant two or single-rate three-color
policer
2) Rate-limit implements single-rate two-color policer with 'RED-Like' drop
behavior, which is not RFC-compliant in strict sense.
3) With MQC, Be sets the 'absolute' extended bucket size, while with
rate-limit
it's 'relative' to Bc, i.e. excess burst with Rate-Limit is Be-Bc.
<qoute>
Extended burst is configured by setting the extended burst value greater
than the normal burst value. Setting the extended burst value equal to the
normal burst value excludes the extended burst capability. If extended burst
is not configured, the exceed action of CAR takes effect because a
sufficient number of tokens are not available.
</quote>
Therefore, strictly speaking it's not correct just to 'copy' rate-limit Be
to MQC Be.
Also, if you'd look at 'drop behavoir' of rate-limit you'll find it pretty
funny indeed :)
-- Petr Lapukhov, CCIE #16379 (R&S/Security) petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com
2007/2/2, Sergey Golovanov <sergey.golovanov@iementor.com>: > > Shamin, > > MQC police commands are identical to rate-limit. Just create your three > class-maps matching on each ACL (101, 102, 103). And then under policy-map > you can use the same keywords: > > class-map ACL100 > match access-group 100 > class-map ACL101 > match access-group 101 > class-map ACL102 > match access-group 102 > > policy-map test > class ACL100 > police 8000 2000 2000 confirm-action drop exceed-action drop > class ACL101 > police 128000 2000 2000 conform-action transmit exceed-action > set-prec-transmit 0 > class ACL102 > police 256000 4000 8000 conform-action transmit exceed-action > set-prec-transmit 0 > > -------------------------------------------------------------------- > Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service Provider/Storage) > "Please, don't ask me for my ccie #, there are reasons why I can't release > it" > ieMentor Instructor and Content Developer > sergey.golovanov@iementor.com > http://www.iementor.com > > > > -------Original Message------- > > From: Shamin <ccie.xpert@gmail.com> > > Subject: Help On MQC POLICE command > > Sent: Feb 02 '07 14:12 > > > > Hi Friends, > > > > I have a Task which requires to convert the following configuration in > > legacy CAR to MQC > > > > > > Interface FastEthernet 0/0 > > rate-limit input access-group 100 8000 2000 2000 confirm-action drop > > exceed-action drop > > ! > > rate-limit input access-group 101 128000 2000 2000 conform-action > > transmit exceed-action set-prec-transmit 0 > > ! > > rate-limit input access-group 102 256000 4000 8000 conform-action > transmit > > exceed-action set-prec-transmit 0 > > > > access-list 100 permit icmp any any > > access-list 101 permit udp any any > > access-list 102 permit tcp any any > > > > > > My understanding of Police command is not very good. Can anyone help me > in > > this with explanation as to which values will match the values above in > the > > policy-map MQC police command. > > > > Your help is highly appreciated, and will help me understand one of the > few > > misunderstood topic of mine > > > > regards > > Shamin > > > > _______________________________________________________________________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:45 ART