cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
294
Views
0
Helpful
1
Replies

rate limit question

anitachoi3
Level 1
Level 1

Hi,

I configure the core router with three rate-limits and I would like to meet the requirment below:

A. no matter what situation, it has 10M bandwidth for 192.168.17.0 segment and 172.16.17.0 segment

B. no matter what situation, it has 512K bandwidth for server 192.168.17.25 and 172.16.17.25

C. no matter what situation, it has 7.6M bandwidth for server 192.168.16.0 segment to another segment

interface FastEthernet 0/0

rate-limit output access-group 151 10000000 2000 2000 conform-action continue exceed-action drop

rate-limit output access-group 152 512000 2000 2000 conform-action continue exceed-action drop

rate-limit output access-group 153 7680000 2000 2000 conform-action continue exceed-action drop

access-list 151 permit ip 192.168.17.0 0.0.0.255 172.16.17.0 0.0.0.255

access-list 152 permit ip host 192.168.17.25 host 172.16.17.25

access-list 153 permit ip 192.168.16.0 0.0.0.255 any

Questions

1. does it reserve 10M + 512K + 7.6M bandwidth for three rate-limites? (or only 10M?)

2. If host 192.168.17.25 to 172.16.17.25 exceed 512K, does it go to pervious rate-limit (151)? or

it will not go to rate-limit 152?

rdgs

1 Accepted Solution

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Anita,

first of all, as in the ACLs the statement order is very important

in the first place you need to have the most specific statement otherwise the second statement will never work.

To be independent on the order redefine the ACLs as follow:

access-list 151 deny ip host 192.168.17.25 host 172.16.17.25

access-list 151 permit ip 192.168.17.0 0.0.0.255 172.16.17.0 0.0.0.255

Having clearly separated the most specific req. from the first req.

rate-limit output access-group 152 512000 2000 2000 conform-action continue exceed-action drop

you are already providing 512K, I would reduce the rate for the less specific req:

rate-limit output access-group 151 9488000 2000 2000 conform-action continue exceed-action drop

the third statement stays the same.

Notice that you are not providing minimum normal and extended burst sizes (2000 2000).

answers:

1) see above my suggestions

only 10 Mbps (acl 152 shouldn't match) + 7,6 Mbps

2) no, traffic from 192.168.17.25 to 172.16.17.25 cannot exceed 512k with my config, with yours acl 152 will never match so they are processed by acl 151 and rate limit is 10000000

Hope to help

Giuseppe

View solution in original post

1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Anita,

first of all, as in the ACLs the statement order is very important

in the first place you need to have the most specific statement otherwise the second statement will never work.

To be independent on the order redefine the ACLs as follow:

access-list 151 deny ip host 192.168.17.25 host 172.16.17.25

access-list 151 permit ip 192.168.17.0 0.0.0.255 172.16.17.0 0.0.0.255

Having clearly separated the most specific req. from the first req.

rate-limit output access-group 152 512000 2000 2000 conform-action continue exceed-action drop

you are already providing 512K, I would reduce the rate for the less specific req:

rate-limit output access-group 151 9488000 2000 2000 conform-action continue exceed-action drop

the third statement stays the same.

Notice that you are not providing minimum normal and extended burst sizes (2000 2000).

answers:

1) see above my suggestions

only 10 Mbps (acl 152 shouldn't match) + 7,6 Mbps

2) no, traffic from 192.168.17.25 to 172.16.17.25 cannot exceed 512k with my config, with yours acl 152 will never match so they are processed by acl 151 and rate limit is 10000000

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: