Hi,
I'm playing around with the following, based on the "secure IOS
template"...
An access list to match udp:
access-list 150 remark car-udp acl
access-list 150 permit udp any any
And apply it to an internet-facing interface:
rate-limit input access-group 150 8000000 1000000 1000000 conform-action
transmit exceed-action drop
Which, if I read this right, means any udp traffic sustained at over 8Mb/s
will be dropped.
If I look at "sh in rate-limit":
Input
matches: access-group 150
params: 8000000 bps, 1000000 limit, 1000000 extended limit
conformed 5103721 packets, 1642M bytes; action: transmit
exceeded 1532 packets, 2053547 bytes; action: drop
last packet: 0ms ago, current burst: 120 bytes
last cleared 00:51:35 ago, conformed 4244000 bps, exceeded 5000 bps
Which seems to be saying that it's dropping some udp traffic. This
interface has nowhere near 8mb/s of TOTAL traffic...
Where am I going wrong?
Thanks,
Charles
| Charles Sprickman | Internet Channel
| INCH System Administration Team | (212)243-5200
| spork@inch.com | access@inch.com
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:58 EDT