- 论坛徽章:
- 0
|
配置指定的访问速率和分布式访问速率策略,你可以使用rate-limit 端口配置命令.
移除rate limit配置,在原命令上加上no移除.
指令:
rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action conform-action exceed-action exceed-action
no rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action conform-action exceed-action conform-action
参数描述: input?? ??在入口上对接受的packets应用一个访问速率策略
output ?? 在出口上对发送的packets应用一个访问速率策略
access-group 可选项,在指定的访问控制列表上应用访问速率策略 --通常在对指定的ip和应用程序限速的情况下使用
rate-limit 可选项,这个是rate-limit访问控制策略
acl-index 可选项,Access list number.
bps 平均速率(bits/每秒),为8kbp的倍数
burst-normal 普通的最大速率,The minimum value is bps divided by 2000.
burst-max 非正常时的最大速率(单位字节)
conform-action 相应的行为动作
1.continue --Evaluates the next rate-limit command.
2.drop 丢弃该包
3.set-dscp-continue -----Sets the differentiated services code point (DSCP) (0 to 63) and evaluate the next rate-limit command.
4.set-dscp-transmit—------Sends the DSCP and transmit the packet.
5.set-mpls-exp-transmit—--Sets the MPLS experimental bits (0 to 7) and sends the packet.
6.set-prec-continue—---Sets the IP precedence (0 to 7) and evaluates the next rate-limit command.
7.set-qos-continue—---Sets the QoS group ID (1 to 99) and evaluates the next rate-limit command.
8.transmit—---Sends the packet.
exceed-action--------Action to take on packets that exceed the specified rate limit. Specify one of the following keywords:
1.continue—--Evaluates the next rate-limit command.
2.drop—--Drops the packet.
3.set-dscp-continue—--Sets the DSCP (0 to 63) and evaluates the next rate-limit command.
4.set-dscp-transmit—--Sends the DSCP and sends the packet.
5.set-mpls-exp-continue—--Sets the MPLS experimental bits (0 to 7) and evaluates the next rate-limit command.
6.set-mpls-exp-transmit—--Sets the MPLS experimental bits (0 to 7) and sends the packet.
7.set-prec-continue—--Sets the IP precedence (0 to 7) and evaluates the next rate-limit command.
8.set-prec-transmit—--Sets the IP precedence (0 to 7) and sends the packet.
9.set-qos-continue—--Sets the QoS group ID (1 to 99) and evaluates the next rate-limit command.
10.set-qos-transmit—--Sets the QoS group ID (1 to 99) and sends the packet.
11.transmit—--Sends the packet.
默认情况下: 访问速率和分布式访问速率策略are disabled.
命令模式:
Interface configuration
Command History
Release Modification
11.1 CC This command was introduced.
12.1(5)T The conform and exceed actions were added for the MPLS experimental field.
Usage Guidelines
使用多个访问速率策略, 在不同的interface下输入
分布式访问速率策略只在 Cisco 7000 series routers with an RSP7000 或者Cisco 7500 series routers with VIP2-40 or greater interface processor下能够使用. A VIP2-50 interface processor is strongly recommended when the aggregate line rate of the port adapters on the VIP is greater than DS3. A VIP2-50 interface processor is required for OC-3 rates.
访问速率和分布式访问速率策略只能对ip传输可用. 访问速率和分布式访问速率策略不支持Fast EtherChannel, tunnel, 或者 PRI interfaces, 也不支持任何不支持Cisco快速转发(CEF)上的接口.
Cisco快速转发必须在配置访问速率和分布式访问速率策略前先enabled.
Examples
In the following example, the rate is limited by application:
All World Wide Web traffic is sent. However, the MPLS experimental field for web traffic that conforms to the first rate policy is set to 5. For nonconforming traffic, the IP precedence is set to 0 (best effort). See the following commands in the example:
rate-limit input rate-limit access-group 101 20000000 24000 32000 conform-action
set-mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 0
access-list 101 permit tcp any any eq www
FTP traffic is sent with an MPLS experimental field of 5 if it conforms to the second rate policy. If the FTP traffic exceeds the rate policy, it is dropped. See the following commands in the example:
rate-limit input access-group 102 10000000 24000 32000
conform-action set-mpls-exp-transmit 5 exceed-action drop
access-list 102 permit tcp any any eq ftp
Any remaining traffic is limited to 8 Mbps, with a normal burst size of 16,000 bytes and an excess burst size of 24000 bytes. Traffic that conforms is sent with an MPLS experimental field of 5. Traffic that does not conform is dropped. See the following command in the example:
rate-limit input 8000000 16000 24000 conform-action set-mpls-exp-transmit 5
exceed-action drop
Notice that two access lists are created to classify the web and FTP traffic so that they can be handled separately by the CAR feature:
interface Hssi0/0/0
description 45Mbps to R2
rate-limit input rate-limit access-group 101 20000000 24000 32000
conform-action set-mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 0
rate-limit input access-group 102 10000000 24000 32000
conform-action set-mpls-exp-transmit 5 exceed-action drop
rate-limit input 8000000 16000 24000 conform-action
set-mpls-exp-transmit 5 exceed-action drop
ip address 200.200.14.250 255.255.255.252
!
access-list 101 permit tcp any any eq www
access-list 102 permit tcp any any eq ftp
In the following example, the MPLS experimental field is set and the packet is sent:
interface FastEtheret1/1/0
rate-limit input 8000 1000 1000 access-group conform-action
set mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 5
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/4812/showart_434648.html |
|
免费注册
发表于 2007-12-03 04:45