[c-nsp] Rate limiting questions

Church, Charles cchurc05 at harris.com
Fri Oct 26 10:39:55 EDT 2007 

MAC address filter maybe, to prevent access to the burned-in addresses,
but allow it to the HSRP MAC?  You'll need to poke some holes in it to
allow router-router traffic, but I think it'll work.

Chuck

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin Shore
Sent: Friday, October 26, 2007 9:45 AM
To: 'Cisco-nsp'
Subject: [c-nsp] Rate limiting questions


Does anyone have any tricks for rate-limiting a pair of customer facing 
L3 interfaces w/ HSRP across 2 chassis?  I'm working on a co-lo setup 
and I was thinking about how I'm going to rate-limit the customer and 
still implement HSRP for access layer redundancy.  Another engineer's 
question got me wondering.

I was planning on applying the same rate-limits to the customer's L3 
HSRP interfaces on both routers.  However the customer could easily 
point half their servers at the interface IP on the standby L3 interface

and it will gladly accept and route their traffic.  Of course all return

traffic would come through the active HSRP interface but since most 
co-lo traffic is upstream that rate-limit wouldn't prevent the 
simultaneous use of both HSRP routers.

Is there a HSRP option to tell the standby router to only route traffic 
when it's active?  VRRP and GLBP would have the same problem I imagine. 
  Or is the solution to not pull the interface IPs out of the same block

as the floating standby IP, ie address the interfaces with RFC1918 
addresses?  This way the interface IPs wouldn't be routable from the 
customer's server unless the customer bound the appropriate private 
subnet to one of their interfaces and at that point their traffic 
wouldn't be routable across the 'Net.  I know this has been discussed 
here dozens of times but I can't remember what the consensus was.

My other rate-limit question was about calculating the figures for CAR. 
  I once found a nice page that gave suggestions for what formula to use

in certain circumstances to calculate burst sizes.  I can't find that 
bookmark now and my Google-fu isn't turning up anything helpful.  Does 
anyone know the page or a similar one?  Or does anyone have a suggestion

for burst size calculations?

Thanks
  Justin



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list