ip-prec setting and random-dedect

rabeder · ‎02-18-2003

hi,

i have a c1760 router on which i use a route-map to set the ip-prec-bit for

incomming traffic on an ethernet-interface.

!

route-map set_ip_prec permit 10

match ip address voip

set ip precedence critical

!

route-map set_ip_prec permit 20

match ip address premium

set ip precedence flash-override

!

route-map set_ip_prec permit 30

match ip address gold

set ip precedence flash

!

now i want that the input-queue of this ethernet interface does random-dedect regarding the ip-prec bit.

that means if there are pakets arriving with ip-prec=0 (for example sql-slimer akets) that these pakets are droped before pakets with ip-prec=1 .

a.) so does this router mark the pakets with the ip-prec and does then the random-dedect or vize-versa

b.) is it possible to do random dedect on incomming pakets ???

c.) any idea how i can limit traffic from "unknown" pakets (which could be a attack) iin a way that my router does not go out of performance ????

thanks for any idea !!!

mmellet · ‎02-25-2003

Input classification is not supported for non-IP protocols. No input scheduling algorithm is supported on the input besides First In, First Out (FIFO).

For more details please refer the URL.

Quality of Service on Layer 3 Catalyst Switches/Modules Frequently Asked Questions

http://www.cisco.com/en/US/products/hw/switches/ps606/products_qanda_item09186a00800a8922.shtml

lauren · ‎02-25-2003

As far as C) goes you could try using the Modular QoS CLI and CBWFQ instead of the route-maps.

Define classes to match traffic and set the precedences, and then set a default traffic class for anything you havent defined and police/shape that.

CBWFQ works with CEF so the performance hit shouldnt be too much (in fact it may be faster than the route-map)

If you want to control A) you could match and set the prec on the input to the router, and then random-detect on the output (or vice versa should you wish)