[mrtg] Re: off topic CISCO

Dan Swartzendruber dswartz at druber.com
Fri Mar 24 00:42:54 MET 2000 

At 04:37 PM 03/23/2000 -0600, [Krell] wrote:

>I'm running 7206VXR IOS 12.0  been playing with the rate-limit stuff..its
>great!  Now my question is, does Cisco allow us to rate-limit specific ip
>blocks or ip address?

boy you lucked out.  i do this as part of my consulting work.  here's an 
example:

interface Serial0/0
  rate-limit output access-group 114 64000 8000 8000 conform-action 
transmit exceed-action drop

(and farther down, in global section)

access-list 114 permit ip any 216.129.131.0 0.0.0.255

So what this does is: any packet from any host destined to a host in the 
216.129.131.0 C block will be rate limited to an average of 64000 bits per 
second (with a token bucket burst of 8000 bytes).  If you exceed that, 
packet is dropped.  It is possible to concatenate rules like this:

interface Serial0/0
  rate-limit output access-group 114 128000 8000 8000 conform-action 
set-prec-transmit 3 exceed-action set-prec-continue 0
  rate-limit output access-group 114 64000 8000 8000 conform-action 
transmit exceed-action drop

What does this do?  Well, the rate limit rules are applied sequentially, so 
if the rate limit group (decided by access list 114) is using under 128000 
bps, the precedence is set to 3 and transmitted.  If it exceeds 128000 bps, 
the second rule is checked.  If the usage is > 128000 bps and < 
128000+64000, the precedence is set to zero and transmitted (otherwise 
packet dropped).  Why would you want to do this?  Well, this way, if there 
is spare bandwidth, people can burst to fill it.  Oh yeah, you want to do 
something like this in the serial section:

  random-detect
  random-detect precedence 0 20 40 1

RTFM for what the second rule does.  Basically, though, random detect will 
drop packets randomly as the queues get more and more full, but (and here's 
what makes it work) precedence zero packets are dropped before precedence 
three packets (so if the interface has spare BW, they get sent, otherwise, 
droppped).


--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org

More information about the mrtg mailing list