08-09-2008 12:37 AM - edited 03-03-2019 11:05 PM
Hi,
I configure the core router with three rate-limits and I would like to meet the requirment below:
A. no matter what situation, it has 10M bandwidth for 192.168.17.0 segment and 172.16.17.0 segment
B. no matter what situation, it has 512K bandwidth for server 192.168.17.25 and 172.16.17.25
C. no matter what situation, it has 7.6M bandwidth for server 192.168.16.0 segment to another segment
interface FastEthernet 0/0
rate-limit output access-group 151 10000000 2000 2000 conform-action continue exceed-action drop
rate-limit output access-group 152 512000 2000 2000 conform-action continue exceed-action drop
rate-limit output access-group 153 7680000 2000 2000 conform-action continue exceed-action drop
access-list 151 permit ip 192.168.17.0 0.0.0.255 172.16.17.0 0.0.0.255
access-list 152 permit ip host 192.168.17.25 host 172.16.17.25
access-list 153 permit ip 192.168.16.0 0.0.0.255 any
Questions
1. does it reserve 10M + 512K + 7.6M bandwidth for three rate-limites? (or only 10M?)
2. If host 192.168.17.25 to 172.16.17.25 exceed 512K, does it go to pervious rate-limit (151)? or
it will not go to rate-limit 152?
rdgs
Solved! Go to Solution.
08-09-2008 01:48 AM
Hello Anita,
first of all, as in the ACLs the statement order is very important
in the first place you need to have the most specific statement otherwise the second statement will never work.
To be independent on the order redefine the ACLs as follow:
access-list 151 deny ip host 192.168.17.25 host 172.16.17.25
access-list 151 permit ip 192.168.17.0 0.0.0.255 172.16.17.0 0.0.0.255
Having clearly separated the most specific req. from the first req.
rate-limit output access-group 152 512000 2000 2000 conform-action continue exceed-action drop
you are already providing 512K, I would reduce the rate for the less specific req:
rate-limit output access-group 151 9488000 2000 2000 conform-action continue exceed-action drop
the third statement stays the same.
Notice that you are not providing minimum normal and extended burst sizes (2000 2000).
answers:
1) see above my suggestions
only 10 Mbps (acl 152 shouldn't match) + 7,6 Mbps
2) no, traffic from 192.168.17.25 to 172.16.17.25 cannot exceed 512k with my config, with yours acl 152 will never match so they are processed by acl 151 and rate limit is 10000000
Hope to help
Giuseppe
08-09-2008 01:48 AM
Hello Anita,
first of all, as in the ACLs the statement order is very important
in the first place you need to have the most specific statement otherwise the second statement will never work.
To be independent on the order redefine the ACLs as follow:
access-list 151 deny ip host 192.168.17.25 host 172.16.17.25
access-list 151 permit ip 192.168.17.0 0.0.0.255 172.16.17.0 0.0.0.255
Having clearly separated the most specific req. from the first req.
rate-limit output access-group 152 512000 2000 2000 conform-action continue exceed-action drop
you are already providing 512K, I would reduce the rate for the less specific req:
rate-limit output access-group 151 9488000 2000 2000 conform-action continue exceed-action drop
the third statement stays the same.
Notice that you are not providing minimum normal and extended burst sizes (2000 2000).
answers:
1) see above my suggestions
only 10 Mbps (acl 152 shouldn't match) + 7,6 Mbps
2) no, traffic from 192.168.17.25 to 172.16.17.25 cannot exceed 512k with my config, with yours acl 152 will never match so they are processed by acl 151 and rate limit is 10000000
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: