[nsp] Dynamic Per-MAC rate-limiting or QoS

[Robert A. Hayden]

Hey all, 

I have an interesting one an could use some thoughts on good approaches 
here.  

I have a large ethernet-based network and I would like to be able to put 
some kind of a policy on to an edge switch (generally 3550s or 3750s) to 
state that no single MAC address can exceed "x" bits/second unless an 
exception is put into place.  

Failing that, a layer-2 MAC-based QoS implementation that will mark all 
traffic in excess of 'x' as low priority.

What I'm seeing is a growing proliferation of gigabit-ethernet connected 
workstations on the backbone.  Invariably, one of those boxes is 
compromised with Blaster or nachia or whatever the word-du-jour is and 
starts barfing out 700mb/s of crap, quickly saturating a gigabit backbone 
link.  Even worse, often times it's an academic computer lab with a 
ghosted image, so you end up with 20 or 40 gig-connected machines making 
things difficult.

Oftentimes, these machines actually don't need to talk gigabit, but all of 
Dell's workstations come with those NICs so people feel they just HAVE to 
support it and I'm stuck with the headaches when their viruses get 
cranking.

Has anybody worked with edge-based policies to address these situations on 
these product lines?  Any configuation examples?

- Robert