[mrtg] Re: off topic CISCO

Krell krell at centril.net
Sun Mar 26 21:48:55 MEST 2000 

OK this is way out in left field of MRTG subject, but I thought I'd ask
anyway...here goes

what is the fair size of the packets to drop? As in tcp packets bigger
than 8k or udp packets bigger than 8k or even icmp packets bigger than 8k
or what?  How do you about evaluating??

And should the packets be dropped at my connection(s) to the internet or
should they be dropped/filtered on the client end.  And if they are
dropped at my internet connection...will that protect the rest of my
clients?

I'm just getting crazy processloads now a days..it'll stay at 5-7% and all
the suddent it will shoot up to 68%+...I can coordinate the attacks with a
client of mine and we filter out the class c it comes from and the
processor load goes down.

Thanks guys.

Than Chariya


On Thu, 23 Mar 2000, Dan Swartzendruber wrote:

> At 04:37 PM 03/23/2000 -0600, [Krell] wrote:
> 
> >I'm running 7206VXR IOS 12.0  been playing with the rate-limit stuff..its
> >great!  Now my question is, does Cisco allow us to rate-limit specific ip
> >blocks or ip address?
> 
> boy you lucked out.  i do this as part of my consulting work.  here's an 
> example:
> 
> interface Serial0/0
>   rate-limit output access-group 114 64000 8000 8000 conform-action 
> transmit exceed-action drop
> 
> (and farther down, in global section)
> 
> access-list 114 permit ip any 216.129.131.0 0.0.0.255
> 
> So what this does is: any packet from any host destined to a host in the 
> 216.129.131.0 C block will be rate limited to an average of 64000 bits per 
> second (with a token bucket burst of 8000 bytes).  If you exceed that, 
> packet is dropped.  It is possible to concatenate rules like this:
> 
> interface Serial0/0
>   rate-limit output access-group 114 128000 8000 8000 conform-action 
> set-prec-transmit 3 exceed-action set-prec-continue 0
>   rate-limit output access-group 114 64000 8000 8000 conform-action 
> transmit exceed-action drop
> 
> What does this do?  Well, the rate limit rules are applied sequentially, so 
> if the rate limit group (decided by access list 114) is using under 128000 
> bps, the precedence is set to 3 and transmitted.  If it exceeds 128000 bps, 
> the second rule is checked.  If the usage is > 128000 bps and < 
> 128000+64000, the precedence is set to zero and transmitted (otherwise 
> packet dropped).  Why would you want to do this?  Well, this way, if there 
> is spare bandwidth, people can burst to fill it.  Oh yeah, you want to do 
> something like this in the serial section:
> 
>   random-detect
>   random-detect precedence 0 20 40 1
> 
> RTFM for what the second rule does.  Basically, though, random detect will 
> drop packets randomly as the queues get more and more full, but (and here's 
> what makes it work) precedence zero packets are dropped before precedence 
> three packets (so if the interface has spare BW, they get sent, otherwise, 
> droppped).
> 
> 

--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org

More information about the mrtg mailing list