ناسا هاست ارائه دهنده سرور مجازی لینوکس و هاست پرسرعت وردپرس به همراه سی پنل و دایرکت ادمین لینک مایکروویو
نمایش نتایج: از شماره 1 تا 1 , از مجموع 1

موضوع: QOS: Configuring Policing using the access-list rate-limit command

  1. #1
    Super Moderator patris_70 آواتار ها
    تاریخ عضویت
    Jan 1970
    نوشته ها
    6,854
    تشکرها / پسندها

    پیش فرض QOS: Configuring Policing using the access-list rate-limit command

    کد:
    http://ardenpackeer.com/qos-voip/qos-configuring-policing-using-the-access-list-rate-limit-command/
    Let’s say you have a scenario that says we want to configure R2 such that all inbound traffic marked with an IP precedence of 5 and 3 should be limitied to a maximum of 1Mbps. Anything above this rate should be discarded.

    Sounds simple enough. What are the different IOS tools that you can use accomplish this?

    Method 1: MQC


    کد:
    ip access-list extended PRECEDENCE53 
     permit ip any any precedence 5 
     permit ip any any precedence 3 
    
    class-map match-any PRECEDENCE53 
      match access-group name PRECEDENCE53 
    ! 
    ! 
    policy-map CAR 
      class PRECEDENCE53 
         police 1000000 35000 35000 conform-action transmit exceed-action drop 
    ! 
    interface FastEthernet0/0 
     service-policy input CAR
    Pretty simple really. We have used an extended access-list that matches IP Precedence values 5 and 3 on class “PRECEDENCE53″. All traffic in that class will be policed to 1Mbs (the normal and burst sizes have been set to 35,000).

    Let’s verify this:

    Verification:


    کد:
    R2#sh policy-map int f0/0 
     FastEthernet0/0  
    
      Service-policy input: CAR 
    
        Class-map: PRECEDENCE53 (match-any) 
          0 packets, 0 bytes 
          5 minute offered rate 0 bps, drop rate 0 bps 
          Match: access-group name PRECEDENCE53 
            0 packets, 0 bytes 
            5 minute rate 0 bps 
          police: 
            1000000 bps, 35000 limit 
            conformed 0 packets, 0 bytes; action: transmit 
            exceeded 0 packets, 0 bytes; action: drop 
            conformed 0 bps, exceed 0 bps 
    
    
        Class-map: class-default (match-any) 
          17 packets, 1258 bytes 
          5 minute offered rate 0 bps, drop rate 0 bps 
          Match: any
    Looks good. How about we do the same thing, but this time using the traditional rate-limit command?

    Method 2: Rate-Limit with extended access-list


    کد:
    access-list 101 permit ip any any precedence 5 
    access-list 101 permit ip any any precedence 3 
    ! 
    interface FastEthernet0/0 
     rate-limit input access-group 101 1000000 35000 35000 conform-action transmit exceed-action drop
    Not much different really (just less typing!). Let’s verify this:

    Verification:


    کد:
    R2#sh int f0/0 rate-limit  
    
    FastEthernet0/0 
      Input 
        matches: access-group 101 
          params:  1000000 bps, 35000 limit, 35000 extended limit 
          conformed 0 packets, 0 bytes; action: transmit 
          exceeded 0 packets, 0 bytes; action: drop 
          last packet: 97872632ms ago, current burst: 0 bytes 
          last cleared 00:00:07 ago, conformed 0 bps, exceeded 0 bps
    Looks great.

    Method 3: Access-list rate-limit command


    Now, for the twist! I’m going to add one more condition. We are only allowed to have a 1 line ACL for this. What the?! How are we going to do that. The extended access-lists (whether named or not) only allow you to match one precedence per line! Enter the access-list rate-limit command!

    There is always more than one way to skin a cat (poor cat!…whoever came up with that expression is one sick puppy). The CCIE exam often forces us to perform a task in multiple ways. Each methos acts like a little tool in your toolkit that you can whip out at a moments notice. This is no exception.

    Let’s take a look at that rate-limit command closely:

    کد:
    R2(config)#int f0/0 
    R2(config-if)#rate-limit input access-group ? 
      <1-2699>    Access list index 
      rate-limit  Match rate-limit access list 
    
    R2(config-if)#rate-limit input access-group rate-limit ? 
      <0-99>     Rate-limit prec access list index 
      <100-199>  Rate-limit mac access list index 
      <200-299>  Rate-limit exp access list index
    Looks like when you define an access-list on the rate-limit command, you have the option of specifying a special type of access list.

    کد:
    R2(config)#access-list ? 
      <1-99>            IP standard access list 
      <100-199>         IP extended access list 
      <1000-1099>       IPX SAP access list 
      <1100-1199>       Extended 48-bit MAC address access list 
      <1200-1299>       IPX summary address access list 
      <1300-1999>       IP standard access list (expanded range) 
      <200-299>         Protocol type-code access list 
      <2000-2699>       IP extended access list (expanded range) 
      <300-399>         DECnet access list 
      <400-499>         XNS standard access list 
      <500-599>         XNS extended access list 
      <600-699>         Appletalk access list 
      <700-799>         48-bit MAC address access list 
      <800-899>         IPX standard access list 
      <900-999>         IPX extended access list 
      dynamic-extended  Extend the dynamic ACL abolute timer 
      rate-limit        Simple rate-limit specific access list
    See that right at the end there (I never really noticed it before today either!). What the hell is that thing?

    کد:
    R2(config)#access-list rate-limit ? 
      <0-99>     Precedence ACL index 
      <100-199>  MAC address ACL index 
      <200-299>  mpls exp ACL index
    Well looks like we can match Precedence, MAC, or MPLS experimental bits. We want Precedence…

    کد:
    R2(config)#access-list rate-limit 1 ? 
      <0-7>  Precedence 
      mask   Use precedence bitmask
    Looks promising, I wander if you can specify more than one Precedence? That would solve our problem!

    کد:
    R2(config)#access-list rate-limit 1 7 ? 
      <cr>
    Doh! Damn, but what about that mask option? Well turns out, according to the [فقط اعضا می توانند لینک ها را مشاهده کنند برای ثبت نام اینجا را کلیک کنید], we can specify more than one precedence value using a mask! Cool!

    R2(config)#access-list rate-limit 1 mask ? <0-FF> Precedence bit mask There area 8 IP precedence values <0-7>. To calculate the rate-limit mask, each bit corresponds to one IP Precedence value so:



    So If I want to match IP Precedence 5 and 3 thats:

    00100000 + 00001000 = 00101000

    Converting 00101000 to hex gives us 0×28.

    So the corresponding rate-limit mask to match IP precedence 5 and 3 is:

    کد:
    R2(config)#access-list rate-limit 1 mask 28
    Our final configuration then (using a 1 line access-list) is:

    کد:
    access-list rate-limit 1 mask 28 
    ! 
    interface FastEthernet0/0 
     rate-limit input access-group rate-limit 1 1000000 35000 35000 conform-action transmit exceed-action drop

    Verification:


    کد:
    R2#sh int f0/0 rate-limit  
    
    FastEthernet0/0 
      Input 
        matches: access-group rate-limit 1 
          params:  1000000 bps, 25000 limit, 25000 extended limit 
          conformed 0 packets, 0 bytes; action: transmit 
          exceeded 0 packets, 0 bytes; action: drop 
          last packet: 100597644ms ago, current burst: 0 bytes 
          last cleared 00:33:18 ago, conformed 0 bps, exceeded 0 bps 
    
    R2#sh access-lists 
    Rate-limit access list 1 
        mask 28
    So we have managed to solve the scenario in two lines! Bring on those “use the minimum configuration possible” questions! Hope this helps! Now back to labs
    داخل انجمن سوال کنید تا دیگران هم اگر مشکل شما را دارند یا برایشان در آینده پیش بیاید استفاده کنند. پیغام خصوصی برای جواب دادن به سوال نیست.

  2. # ADS
    Circuit advertisement
    تاریخ عضویت
    Always
    نوشته ها
    Many
    مودم LTE بیرونی
     

اطلاعات موضوع

کاربرانی که در حال مشاهده این موضوع هستند

در حال حاضر 1 کاربر در حال مشاهده این موضوع است. (0 کاربران و 1 مهمان ها)

علاقه مندی ها (Bookmarks)

علاقه مندی ها (Bookmarks)

مجوز های ارسال و ویرایش

  • شما نمیتوانید موضوع جدیدی ارسال کنید
  • شما امکان ارسال پاسخ را ندارید
  • شما نمیتوانید فایل پیوست کنید.
  • شما نمیتوانید پست های خود را ویرایش کنید
  •