RE: [nsp] rate-limit and acl

From: Cho Man Fai (mfcho@hknet.com)
Date: Mon Aug 21 2000 - 09:58:37 EDT

Next message: mike.norris@heanet.ie: "RE: [nsp] rate-limit and acl"
Previous message: Simon Leinen: "Re: [nsp] Does Cisco have 7xxx VIP/GSR line card related MIBs?"
In reply to: Basil Dolmatov: "RE: [nsp] rate-limit and acl"
Next in thread: mike.norris@heanet.ie: "RE: [nsp] rate-limit and acl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Thanks Basil and Jorma..

What Basil described is what I got from the CCO...

There is a limit on the number of rate-limit statement per interface (I
remember that it is 20), right? If so, I can only have limited sources
with limited bandwidth... Is there any means to limit the traffic for some
sources on an interface more efficiently?

Thanks for any input..

Rgds,
Kenneth

On Mon, 21 Aug 2000, Basil Dolmatov wrote:

>
> Sorry, but seems you have answered another question.
>
> Original question was: "Whether ACL entries in _one_ ACL, connected to
> rate-limit
> command are rate-limited separately, or rate-limit is set for ACL as a
> whole?"
>
> The answer to original question is: "rate-limit" command is limiting
> _aggregate_
> bandwidth for all packets, which qualify imposed rule. If rule is set by
> ACL, then
> limit will be aggregate for _all_ packets, which qualified with this ACL.
>
> If one set several "rate-limit" commands, then they are applied
> sequentially and independently, each one following above mentioned
> technology. Whether to given packet will be applied several "rate-limit"
> commands or not, depends on action clauses in these commands, ACL
> content and order of commands, you are right.
>
> --------------------------------------------------------
> Basil (Vasily) Dolmatov, CCIE #5347, CCNP-Security, CCDA
> LightCom Corp. http://www.lightcom.ru
>
> > -----Original Message-----
> > From: Jorma Mellin [mailto:jorma.mellin@teliafi.net]
> > Sent: Monday, August 21, 2000 3:35 PM
> > To: cisco-nsp@puck.nether.net
> > Subject: RE: [nsp] rate-limit and acl
> >
> >
> > >Further to my query in rate-limit performance impact, I'd like to know
> > >whether every acl entry will be rate-limited individually
> > according to the
> > >rate-limit limit, or all acl entries will be rate-limited as a whole (in
> > >aggregate) to the limit?
> > >
> > >I tried to find out from the CCO, my impression is that the
> > effect will be
> > >a aggregation rather than individual.. If so, is there any alternative
> > >means to achieve rate-limit of each entry of a long acl to the limit
> > >individually?
> >
> > If your acl's do not overlap, they are rate-limited individually.
> > If you use overlapping acl's be careful about the order you
> > enter the rate-limit lines to your config, especially if you
> > use drop as a exceed-action.
> >
> > Jorma
> >
>

Next message: mike.norris@heanet.ie: "RE: [nsp] rate-limit and acl"
Previous message: Simon Leinen: "Re: [nsp] Does Cisco have 7xxx VIP/GSR line card related MIBs?"
In reply to: Basil Dolmatov: "RE: [nsp] rate-limit and acl"
Next in thread: mike.norris@heanet.ie: "RE: [nsp] rate-limit and acl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:15 EDT