So I started to work on a rate-limiting question that I had previously done
in a lab. I wanted to do it another way this time. The question tells you
to not allow more then 150k of ICMP out a particular interface. Last time I
did this, I used MQC. I wanted to use the legacy way this time and here is
the command:
access-list 150 permit icmp any any
rate-limit output access-group 150 150000 28125 56250 conform-action
transmit exceed-action drop
So I etnered the commands above and I did a "show interface rate-limit".
Low and behold, the IOS changed my rate! There's a paste below to show what
it did. Now with the policy-map, it kept my value at exactly 150k, so I'm
assuming that the legacy would be wrong because the questions stipulates
150k for a rate and the legacy way changes it to 144k. See below for
details. I thought it was interesting and thought I'd share. I was able
to put the above command in at 152000 and it took it perfect. Hmmm, not
sure why the legacy command makes you round it to every 8000bps, anybody
know? Also, I manually calculated the rates on the legacy rate-limit
command according to the formula on the policing guide. With MQC policing,
it can automatically calculate, but it doesn't use the same formula. How
should I handle that in the lab if confronted? I also pasted the
service-policy below to show the differences.
Show run after I did the command:
ip address 155.1.146.1 255.255.255.0
rate-limit output access-group 150 *144000* 28125 56250 conform-action
transmit exceed-action drop
show interface rate-limit:
FastEthernet0/0
Output
matches: access-group 150
params: *144000* bps, 28125 limit, 56250 extended limit
extra data cutout
FastEthernet0/0
Service-policy output: POLICE
Class-map: class-default (match-any)
1 packets, 60 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
police:
* rate 150000 bps, burst 4687 bytes*
regards,
Dale
