Thanks for helping me understand this kingsley ----- Original Message ----- From: Kingsley Charles <[email protected]> To: Michael Davis Cc: [email protected] <[email protected]> Sent: Thu Jan 07 00:16:30 2010 Subject: Re: [OSL | CCIE_Security] rate-limit command
Michael I did some investigation and with rate limit, there are some option with which you can rate limit sessions or flows. To classify each flow, you can use dscp, qos group, access-list or rate-list access-list. yourname(config-if)#rate-limit input ? <8000-2000000000> Bits per second access-group Match access list dscp Match dscp value qos-group Match qos-group ID With regards Kings On Wed, Jan 6, 2010 at 4:07 PM, Kingsley Charles <[email protected]> wrote: If you need to do rate-limiting per session or flow, then you need QoS policing. Using class maps you can classify the traffic. With rate-limiting it is straight, it just limits the traffic that enter the interface. For my example, you can rate-limit the 6 users per interface for example serial sub-interfaces. Interface BW should not be considered here. You may have 100 Mbps Ethernet interface in your PC but your broadband connection may provide only 256 kbps which means you can send only 256 kbbs of data. It all depends on what link you have T1, T3, E1, E3, etc With regards Kings On Wed, Jan 6, 2010 at 3:46 PM, Michael Davis <[email protected]> wrote: So if I apply the rate limit, it limits per flow or per session, not in total? If I configure as you say below, each user will get 256k maximum, but the full bandwidth of the interface can still be utilized. From: Kingsley Charles [mailto:[email protected]] Sent: Wednesday, January 06, 2010 9:08 PM To: Michael Davis Cc: [email protected] Subject: Re: [OSL | CCIE_Security] rate-limit command You can configure rate-limit on a dialer interface. For PPPoE connection, the dialer interface is the one throught which the traffic is sent/recieved, hence the rate-limit should be configured on it. On Wed, Jan 6, 2010 at 3:35 PM, Kingsley Charles <[email protected]> wrote: Hi Michael You need to configure rate-limit based on your link speed and the requirement. Let's say you are an ISP having 1544 Kbps link and you are poviding 256 kbps for 6 users. To ensure that an user doesn't consume more than 256 kbps, you need prevent the user by some means. Hence you either configure rate limit inbound on the ISP side or outbound on the user side. rate-limit input 256000000 7000 4000 conform-action transmit exceed-action drop With regards Kings On Wed, Jan 6, 2010 at 1:10 PM, Michael Davis <[email protected]> wrote: Hi everyone – I have 2 questions about the legacy rate-limit command. 1. How do we correctly calculate what the correct normal burst and maximum (excess) burst setting should be? 2. I know you should always apply the rate-limit or QOS service policies to a physical interface, but I saw an ISP engineer apply the rate-limit command to a dialer (pppoe) interface today. Is this a recommended practice? Thanks Michael _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com/> _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
