It depends on the task. But policing using MQC gives more options. With MQC, you can have single and dual bucket system also you can use single or double metering (CIR and PIR). With dual bucket, you get three actions - confirm, exceed and violate. Now you won't find that those with rate-limiting.
Bc = CIR/8 * 0.25 Rate < Bc ----- confirm Bc < Rate < Be ------> exceed Rate > Be ----------> violate Rate-limiting works differently. Here Be = 2Bc Bc = CIR/8 * 1.5 Rate < Bc ----- confirm Bc < Rate < Be ------> exceed and Probability dropping Rate > Be ----------> exceed and Complete droppping With regards Kings On Tue, Nov 29, 2011 at 1:44 AM, Derek <[email protected]> wrote: > If I want to control icmp traffic inbound (Smurf attacK) based some > bandwidth X and normal burst Y max burst Z....which technology is best > suited? I feel both will suffice but CAR was not originally built for DoS > protection based on Yusuf's Network Security Book...anyone have thoughts on > this? > > access-list extended smurf > permit icmp any any echo-reply (target traffic) > permit icmpy any any echo (reflector traffic) > > > class smurf > match access-list name smurf > > policy-map smurf > class smurf > police x y z conform-action transmit exceed-action drop > violate-action drop > > f0/1 > service-policy input smurf > OR > > > f0/x > rate-limit input access-group smurf x y z conform-action transmit > exceed-action drop > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
