per source ip flow shaping

Unanswered Question
May 27th, 2007

Hello, Professionals

I need to shape every ip address from /24 network to 10Mbit/s ingress speed. How to do this without write 253 ACL (one for every ip). I am sure there must be a more efficient way to do that... Please help me. Thanks , and have a good day

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
slavov.emil Sun, 05/27/2007 - 23:17

It is hard to believe that ... Linux can do it with HASHLIMIT , i think IOS also can perform this kind of limiting becouse is more advanced networking OS

Paolo Bevilacqua Mon, 05/28/2007 - 09:32

Nothing to wonder about. I can probably come up with 1,000 things that IOS does while linux doesn't, and vice-versa.

slavov.emil Mon, 05/28/2007 - 10:19

I think SCE can do it... The idea behind this is to limit traffic from some of my clients that can flood some of the servers with 100Mbps. I use rate limit per destination on access ports , but the problem is that if some ip floods all ips on same interface take packet loss. If there is some good solution that prevents this please make me aware. Thanks

Paolo Bevilacqua Mon, 05/28/2007 - 10:35

Since you want to basically limit all output from certain sources up to a maximum, at that point that may be the same as to hardconfig ports at 10 mbps.

slavov.emil Mon, 05/28/2007 - 12:45

If there is no other services maybe is sweetable. But there is file transfer between hosts , some multicast streams ...

Paolo Bevilacqua Mon, 05/28/2007 - 13:56

On the other hand even if you had an easy configuration method to make so that any source does not pass 10 mpbs in sending, that would affect also file transfers and multicast, so it really all depends on what you want to do.

slavov.emil Tue, 05/29/2007 - 04:09

I plan to enable this configuration close interfaces for servers that need to be protected, not on all network. However maybe some CBWFQ rules can make similar efect. Thanks for guidance. Have a nice day

slavov.emil Tue, 05/29/2007 - 05:13

I find another good solution to achieve this functionality:

PFC QoS applies the bandwidth limit specified in a microflow policer separately to each flow in matched

? You can configure a microflow policer to use only source addresses, which applies the microflow policer to all traffic from a source address regardless of the destination addresses.


This Discussion