Guarav,
I would guess their train of though being average rate + normal burst,
496000 + 4000 is 500000. The fishy part is that average rate is in bits
and bursts are in bytes...
HTH
A.
On 7/28/2010 11:10 PM, Gaurav Thukral wrote:
> Hi experts
>
> I came accross one following question while practicing for my security
> section of CCIE SP :-
>
> Recently monitoring of your web server on VLAN 5 has shown an inordinate
> amount of half open TCP se ssions, possibly indicating a DoS attack. In
> order to reduce the load on the server while the possibility of attack is
> investigated configure R5 to that TCP requests sent to this server are
> limited to a maximum of 500Kbps.
>
> Following is the solution given for this.
>
> ANS:
>
> interface Ethernet0/1
> rate-limit output access-group 192 *496000 *4000 4000 conform-action
> transmit exceed-action drop
> !
> access-list 192 permit tcp any 173.1.5.0 0.0.0.255 eq www syn
>
>
> According to me in this case CIR should be 500000 as question says "maximum
> of 500" and accordingly Bc and Be should be calculated. Not sure how Bc and
> Be value is taken here. Can someone please explain this. ?
>
> Thanks& Regards,
> Gaurav.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 28 2010 - 23:19:51 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART