Rate-Limiting.
Robert Sherrard
rob at robsherrard.com
Fri Mar 31 01:25:38 UTC 2006
I'm really interested in rate limiting outbound... with many unknown
dest IP's.
Rob
John Kristoff wrote:
> On Thu, 30 Mar 2006 15:56:02 -0800
> Robert Sherrard <rob at robsherrard.com> wrote:
>
>
>> I've got a situation in which I'd like to rate limit a few servers
>> that hang off of my 6590's... it appears that this can only be done
>> on a layer 3 interface. These servers however aren't, they simply on
>> a switch port / access. Aside from hard setting the l2 interface to
>> 10mbit, can anyone think of another creative way to do this? Is one
>> option moving these servers into a separate VLAN, then rate-limiting
>> from there?
>>
>
> Is rate limiting by source IP address an acceptable to you? If so,
> then you could do it that way. An untested example that should set
> you out in search of the necessary doc:
>
> class-map match-all cm-src-specific
> match access-group name acl-src-specific
> !
> interface Vlan99
> service-policy input sp-rate-limit
> !
> policy-map sp-rate-limit
> class cm-src-specific
> police flow mask src-only 1000000 4000 conform-action transmit exceed-action drop
> !
> ip access-list extended acl-src-specific
> permit ip any any
>
> John
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20060330/c24b7402/attachment.html>
More information about the NANOG
mailing list