Dear experts,
I'd like to rate limit some ingress traffic coming from untrusted source to
10Mbs.
I've an ASR1001X (16.3.7) and this is the config I'd place:
*********************
ip access-list extended ACL_10_203_231_129
permit ip any host 10.203.231.129
class-map match-all CM_LIMIT_INGRESS
match access-group name ACL_10_203_231_129
policy-map PM_LIMIT_INGRESS
class CM_LIMIT_INGRESS
police 10000000 5000000 5000000 conform-action transmit exceed-action
drop violate-action drop
class class-default
The PM is attached to tunnel interface:
TUNNEL0
service-policy input PM_LIMIT_INGRESS
*********************
Can you please confirm:
1) I'll not drop/limit other traffic
2) ASR1001X applies rate limit in hardware and not in software (in order to
avoid CPU overload)
3) is there any mode to limit pps and not only bandwidth
Thanks in advance
Cheers
James
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
I'd like to rate limit some ingress traffic coming from untrusted source to
10Mbs.
I've an ASR1001X (16.3.7) and this is the config I'd place:
*********************
ip access-list extended ACL_10_203_231_129
permit ip any host 10.203.231.129
class-map match-all CM_LIMIT_INGRESS
match access-group name ACL_10_203_231_129
policy-map PM_LIMIT_INGRESS
class CM_LIMIT_INGRESS
police 10000000 5000000 5000000 conform-action transmit exceed-action
drop violate-action drop
class class-default
The PM is attached to tunnel interface:
TUNNEL0
service-policy input PM_LIMIT_INGRESS
*********************
Can you please confirm:
1) I'll not drop/limit other traffic
2) ASR1001X applies rate limit in hardware and not in software (in order to
avoid CPU overload)
3) is there any mode to limit pps and not only bandwidth
Thanks in advance
Cheers
James
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/