[c-nsp] Rate limiting questions

Bruce Robertson bruce at greatbasin.net
Fri Oct 26 11:12:37 EDT 2007 

I think you'll find that anything you try to set up is more work than is 
worthwhile for the very small risk that your customers will actually try 
to take advantage of you in this way.  And if they do, tell them to stop 
it or you'll shut them off.

Bruce Robertson, President/CEO                           +1-775-348-7299
Great Basin Internet Services, Inc.    company-wide fax: +1-775-348-9412
http://www.greatbasin.net                       my efax: +1-775-201-1553



Justin Shore wrote:
> Does anyone have any tricks for rate-limiting a pair of customer facing 
> L3 interfaces w/ HSRP across 2 chassis?  I'm working on a co-lo setup 
> and I was thinking about how I'm going to rate-limit the customer and 
> still implement HSRP for access layer redundancy.  Another engineer's 
> question got me wondering.
>
> I was planning on applying the same rate-limits to the customer's L3 
> HSRP interfaces on both routers.  However the customer could easily 
> point half their servers at the interface IP on the standby L3 interface 
> and it will gladly accept and route their traffic.  Of course all return 
> traffic would come through the active HSRP interface but since most 
> co-lo traffic is upstream that rate-limit wouldn't prevent the 
> simultaneous use of both HSRP routers.
>
> Is there a HSRP option to tell the standby router to only route traffic 
> when it's active?  VRRP and GLBP would have the same problem I imagine. 
>   Or is the solution to not pull the interface IPs out of the same block 
> as the floating standby IP, ie address the interfaces with RFC1918 
> addresses?  This way the interface IPs wouldn't be routable from the 
> customer's server unless the customer bound the appropriate private 
> subnet to one of their interfaces and at that point their traffic 
> wouldn't be routable across the 'Net.  I know this has been discussed 
> here dozens of times but I can't remember what the consensus was.
>
> My other rate-limit question was about calculating the figures for CAR. 
>   I once found a nice page that gave suggestions for what formula to use 
> in certain circumstances to calculate burst sizes.  I can't find that 
> bookmark now and my Google-fu isn't turning up anything helpful.  Does 
> anyone know the page or a similar one?  Or does anyone have a suggestion 
> for burst size calculations?
>
> Thanks
>   Justin
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
>

More information about the cisco-nsp mailing list