From: joe_astorino@comcast.net
Date: Sat Jan 24 2009 - 05:28:47 ARST
Clearly I did not read the documentation on this command! :) I definitely was not aware that the IPP values were some weird numbers in this command set and not equal to what they are in the ToS field of the IP header.
----- Original Message -----
From: "Scott M Vermillion" <scott_ccie_list@it-ag.com>
To: "mreiks" <marakalas.molefe@gmail.com>, "Cisco certification" <ccielab@groupstudy.com>, "Cisco certification" <comserv@groupstudy.com>
Sent: Saturday, January 24, 2009 2:23:48 AM GMT -05:00 US/Canada Eastern
Subject: RE: Access-list rate-limit mask
Hi,
Couple of problems here:
1. Hex 6F = Decimal 111 - not binary 0000 0111. Hex 6F = Binary 0110 1111.
So scratch all that.
2. Legacy rate-limit masks are weird. You should ideally reference them in
the documentation if you face a task involving them.
I believe the proper mask would be 0x48. Sound like BS? Well, it might be;
I'm tired and am working my way through the second (or is it third?)
after-work drink of the evening. ;~). But truthfully these babies are just
plain ugly and I don't believe my notes to be leading me astray. Here's how
the eight IPP values break down as far as all this legacy rate-limit stuff
is concerned:
IPP0 = 0000 0001
IPP1 = 0000 0010
IPP2 = 0000 0100
IPP3 = 0000 1000
IPP4 = 0001 0000
IPP5 = 0010 0000
IPP6 = 0100 0000
IPP7 = 1000 0000
OK, It only gets stranger from here. Now you need to "add" these values.
Adding IPP3 plus IPP6 vertically looks like this:
IPP3 = 0000 1000
+
IPP6 = 0100 0000
________________
= 0100 1000
In hex, obviously, this works out to be 0x48.
Strange, eh? The nuance here is that there are eight values that could
potentially be in need of matching. *ANY COMBINATION* of them could require
matching via a mask. Thus, each of the eight values gets its own unique bit
position asserted to a value of one (none of them gets a value of all zeros,
including IPP0, as that would be ambiguous). With this scheme, any
combination can be accommodated. Give it a try. Pick any two. Then pick
any three. Skip ahead and try them all. I think you'll quickly realize why
this, in some sick way, all makes sense and was actually the path of least
resistance (for the code writer, anyway, not necessarily for the rest of
us!).
(hoping formatting doesn't get too hosed for all of this to make any sense)
Regards,
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
mreiks
Sent: Friday, January 23, 2009 10:50 PM
To: Cisco certification; Cisco certification
Subject: Access-list rate-limit mask
Hi guys
I want to create an access-list with only one line that matches IP
Precedence 3 and 6. I know my option is limited to using the ACL rate-limit
mask with a HEX value.
3 = 0000 0011
6 = 0000 0110
Is the answer to this
= 0000 0111 = 6F ?
access-list rate-limit 9 mask 6F
Your assistance will be appreciated.
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST