RE: Access-list rate-limit mask

From: Scott M Vermillion (scott_ccie_list@it-ag.com)
Date: Sat Jan 24 2009 - 05:23:48 ARST

• Next message: joe_astorino@comcast.net: "Re: Access-list rate-limit mask"
• Previous message: mreiks: "Re: Access-list rate-limit mask"
• Maybe in reply to: mreiks: "Access-list rate-limit mask"
• Next in thread: joe_astorino@comcast.net: "Re: Access-list rate-limit mask"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Couple of problems here:

1. Hex 6F = Decimal 111 - not binary 0000 0111. Hex 6F = Binary 0110 1111.
So scratch all that.
2. Legacy rate-limit masks are weird. You should ideally reference them in
the documentation if you face a task involving them.

I believe the proper mask would be 0x48. Sound like BS? Well, it might be;
I'm tired and am working my way through the second (or is it third?)
after-work drink of the evening. ;~). But truthfully these babies are just
plain ugly and I don't believe my notes to be leading me astray. Here's how
the eight IPP values break down as far as all this legacy rate-limit stuff
is concerned:

IPP0 = 0000 0001
IPP1 = 0000 0010
IPP2 = 0000 0100
IPP3 = 0000 1000
IPP4 = 0001 0000
IPP5 = 0010 0000
IPP6 = 0100 0000
IPP7 = 1000 0000

OK, It only gets stranger from here. Now you need to "add" these values.

Adding IPP3 plus IPP6 vertically looks like this:

IPP3 = 0000 1000
+
IPP6 = 0100 0000
________________
= 0100 1000

In hex, obviously, this works out to be 0x48.

Strange, eh? The nuance here is that there are eight values that could
potentially be in need of matching. *ANY COMBINATION* of them could require
matching via a mask. Thus, each of the eight values gets its own unique bit
position asserted to a value of one (none of them gets a value of all zeros,
including IPP0, as that would be ambiguous). With this scheme, any
combination can be accommodated. Give it a try. Pick any two. Then pick
any three. Skip ahead and try them all. I think you'll quickly realize why
this, in some sick way, all makes sense and was actually the path of least
resistance (for the code writer, anyway, not necessarily for the rest of
us!).

(hoping formatting doesn't get too hosed for all of this to make any sense)

Regards,

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
mreiks
Sent: Friday, January 23, 2009 10:50 PM
To: Cisco certification; Cisco certification
Subject: Access-list rate-limit mask

Hi guys

I want to create an access-list with only one line that matches IP
Precedence 3 and 6. I know my option is limited to using the ACL rate-limit
mask with a HEX value.

3 = 0000 0011
6 = 0000 0110

Is the answer to this

   = 0000 0111 = 6F ?

access-list rate-limit 9 mask 6F

Your assistance will be appreciated.

Blogs and organic groups at http://www.ccie.net

• Next message: joe_astorino@comcast.net: "Re: Access-list rate-limit mask"
• Previous message: mreiks: "Re: Access-list rate-limit mask"
• Maybe in reply to: mreiks: "Access-list rate-limit mask"
• Next in thread: joe_astorino@comcast.net: "Re: Access-list rate-limit mask"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST