10-21-2009 12:05 PM - edited 03-04-2019 06:27 AM
Does anyone know if the 7200 routers do policing and rate limiting on a per flow basis? I'm trying to figure out a way to limit traffic based on source or flow, but unfortunately i don't know the source IP's of the traffic.
Thanks in Advance.
10-21-2009 01:41 PM
hello Darren Sasso,
I didnt actually get policing and rate limiting per flow bases. Do you mean flow which is used in Class bases weighted fair quesing?
You can try Network Based Application recongnization. (NBAR). And the use Police or bandwidth commands to control that application traffic.
HTH Please rate if it helps.
Thanks
Subodh
10-21-2009 02:31 PM
Per-user microflow policing is only available on Cat6k with Sup720 or Cat4500.
If you have neither switch, an option would be implementing an ingress service-policy at the LAN access-layer and tag abnormal traffic with a policer.
For instance:
1) Create a police-dsp map
mls qos map policed-dscp 0 to 8
2) create the policy-map - any traffic over 256kbps will change the dscp from 0 to 8 (CS1)
policy-map NETPRO
class class-default
police 256000000 32000 exceed-action policed-dscp-transmit
3) apply this policy on ingress.
interface fx/x
service-policy input NETPRO
Any traffic exceeding 256kbps from connected devices will be marked with CS1.
Now, at the 7200, you can configure a class to match on CS1 traffic and perform any QoS queueing strategy against it - like policing or rate limiting.
class-map SCAVENGER
match ip dscp 8
policy-map WAN_QOS
class SCAVENGER
police xxx
or you can shape it as well
policy-map WAN_QOS
class SCAVENGER
shape average xxxx
interface sx/x
service-policy output WAN_QOS
Regards
Edison.
10-22-2009 12:16 PM
Thank you both for your input
Darren
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide