rate limit question

Answered Question
Aug 9th, 2008

Hi,


I configure the core router with three rate-limits and I would like to meet the requirment below:


A. no matter what situation, it has 10M bandwidth for 192.168.17.0 segment and 172.16.17.0 segment

B. no matter what situation, it has 512K bandwidth for server 192.168.17.25 and 172.16.17.25

C. no matter what situation, it has 7.6M bandwidth for server 192.168.16.0 segment to another segment



interface FastEthernet 0/0


rate-limit output access-group 151 10000000 2000 2000 conform-action continue exceed-action drop

rate-limit output access-group 152 512000 2000 2000 conform-action continue exceed-action drop

rate-limit output access-group 153 7680000 2000 2000 conform-action continue exceed-action drop


access-list 151 permit ip 192.168.17.0 0.0.0.255 172.16.17.0 0.0.0.255

access-list 152 permit ip host 192.168.17.25 host 172.16.17.25

access-list 153 permit ip 192.168.16.0 0.0.0.255 any



Questions

1. does it reserve 10M + 512K + 7.6M bandwidth for three rate-limites? (or only 10M?)

2. If host 192.168.17.25 to 172.16.17.25 exceed 512K, does it go to pervious rate-limit (151)? or

it will not go to rate-limit 152?


rdgs




Correct Answer by Giuseppe Larosa about 8 years 6 months ago

Hello Anita,

first of all, as in the ACLs the statement order is very important


in the first place you need to have the most specific statement otherwise the second statement will never work.

To be independent on the order redefine the ACLs as follow:


access-list 151 deny ip host 192.168.17.25 host 172.16.17.25

access-list 151 permit ip 192.168.17.0 0.0.0.255 172.16.17.0 0.0.0.255


Having clearly separated the most specific req. from the first req.


rate-limit output access-group 152 512000 2000 2000 conform-action continue exceed-action drop


you are already providing 512K, I would reduce the rate for the less specific req:


rate-limit output access-group 151 9488000 2000 2000 conform-action continue exceed-action drop


the third statement stays the same.


Notice that you are not providing minimum normal and extended burst sizes (2000 2000).


answers:

1) see above my suggestions

only 10 Mbps (acl 152 shouldn't match) + 7,6 Mbps

2) no, traffic from 192.168.17.25 to 172.16.17.25 cannot exceed 512k with my config, with yours acl 152 will never match so they are processed by acl 151 and rate limit is 10000000


Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Sat, 08/09/2008 - 01:48

Hello Anita,

first of all, as in the ACLs the statement order is very important


in the first place you need to have the most specific statement otherwise the second statement will never work.

To be independent on the order redefine the ACLs as follow:


access-list 151 deny ip host 192.168.17.25 host 172.16.17.25

access-list 151 permit ip 192.168.17.0 0.0.0.255 172.16.17.0 0.0.0.255


Having clearly separated the most specific req. from the first req.


rate-limit output access-group 152 512000 2000 2000 conform-action continue exceed-action drop


you are already providing 512K, I would reduce the rate for the less specific req:


rate-limit output access-group 151 9488000 2000 2000 conform-action continue exceed-action drop


the third statement stays the same.


Notice that you are not providing minimum normal and extended burst sizes (2000 2000).


answers:

1) see above my suggestions

only 10 Mbps (acl 152 shouldn't match) + 7,6 Mbps

2) no, traffic from 192.168.17.25 to 172.16.17.25 cannot exceed 512k with my config, with yours acl 152 will never match so they are processed by acl 151 and rate limit is 10000000


Hope to help

Giuseppe

Actions

This Discussion