[c-nsp] Rate limiting but on packet count not bandwidth

Ross Vandegrift ross at kallisti.us
Wed Dec 17 11:25:11 EST 2008

On Wed, Dec 17, 2008 at 04:00:56PM +0100, Primoz Jeroncic wrote:
> Hi guys
> Does anyone have any idea if rate limiting traffic based on packet
> count would be possible on Cat3550/3560/3570 or any Cisco router?
> I would need to limit some users which don't generate much of
> traffic (only about 5 or 6Mbps), but packet count is huge (30k+ per sec).
> So is there some option to limit their fraffic to let's say 5000packets/sec
> regardless on bandwidth they use?

I've wanted this on Catalyst platforms for a long time, it doesn't
really exist.  On your platforms, you should be able to apply unicast
storm-control to control the number of pps on a per-physical port
basis, but you can't write a QoS policy that can be applied in
general.  Doesn't seem to be any way to do it on a VLAN.  If you
enable it on a trunk port, all VLANs will be dropped when one exceeds
the threshold - probably not what you want.


Ross Vandegrift
ross at kallisti.us

"If the fight gets hot, the songs get hotter.  If the going gets tough,
the songs get tougher."
	--Woody Guthrie

More information about the cisco-nsp mailing list