Sorry, but seems you have answered another question.
Original question was: "Whether ACL entries in _one_ ACL, connected to
rate-limit
command are rate-limited separately, or rate-limit is set for ACL as a
whole?"
The answer to original question is: "rate-limit" command is limiting
_aggregate_
bandwidth for all packets, which qualify imposed rule. If rule is set by
ACL, then
limit will be aggregate for _all_ packets, which qualified with this ACL.
If one set several "rate-limit" commands, then they are applied
sequentially and independently, each one following above mentioned
technology. Whether to given packet will be applied several "rate-limit"
commands or not, depends on action clauses in these commands, ACL
content and order of commands, you are right.
--------------------------------------------------------
Basil (Vasily) Dolmatov, CCIE #5347, CCNP-Security, CCDA
LightCom Corp. http://www.lightcom.ru
> -----Original Message-----
> From: Jorma Mellin [mailto:jorma.mellin@teliafi.net]
> Sent: Monday, August 21, 2000 3:35 PM
> To: cisco-nsp@puck.nether.net
> Subject: RE: [nsp] rate-limit and acl
>
>
> >Further to my query in rate-limit performance impact, I'd like to know
> >whether every acl entry will be rate-limited individually
> according to the
> >rate-limit limit, or all acl entries will be rate-limited as a whole (in
> >aggregate) to the limit?
> >
> >I tried to find out from the CCO, my impression is that the
> effect will be
> >a aggregation rather than individual.. If so, is there any alternative
> >means to achieve rate-limit of each entry of a long acl to the limit
> >individually?
>
> If your acl's do not overlap, they are rate-limited individually.
> If you use overlapping acl's be careful about the order you
> enter the rate-limit lines to your config, especially if you
> use drop as a exceed-action.
>
> Jorma
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:15 EDT