IT Training
支点培训
武汉网络技术培训体系
武汉网络技术培训
思科路由器rate-limit来限制流量
来源:支点信息   时间:2012-6-7 9:47:47

1. 在全局模式下开启cef:

Router(config)#ip cef

2. 定义标准或者扩展访问列表:

Router(config)#access-list 2 permit 192.168.6.0 0.0.0.255

3. 在希望限制的端口上进行rate-limit:

Rounter(config-if)#rate-limit output access-group 2 128000 16000 16000 conform-action transmit exceed-action drop

rate-limit的命令格式:

#rate-limit {input|output} [access-group number] bps burst-normal burst-max conform-action action exceed-action action

input|output:这是定义数据流量的方向。

access-group number:定义的访问列表的号码。

bps:定义流量速率的上限,单位是bps.

burst-normal burst-max:定义的数据容量的大小,一般采用8000,16000,32000,单位是字节,当到达的数据超过此容量时,将触发某个动作,丢弃或转发等,从而达到限速的目的。

conform-action和exceed-action:分别指在速率限制以下的流量和超过速率限制的流量的处理策略。

action:是处理策略,包括drop和transmit等。

配置指定的访问速率和分布式访问速率策略,你可以使用rate-limit 端口配置命令。

移除rate limit配置,在原命令上加上no移除。

指令:

rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-

normal burst-max conform-action conform-action exceed-action exceed-action

no rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-

normal burst-max conform-action conform-action exceed-action conform-action

参数描述: input?? ??在入口上对接受的packets应用一个访问速率策略

output ?? 在出口上对发送的packets应用一个访问速率策略

access-group 可选项,在指定的访问控制列表上应用访问速率策略 --通常在对指定的ip和应用程序

限速的情况下使用

rate-limit 可选项,这个是rate-limit访问控制策略

acl-index 可选项,Access list number.

bps 平均速率(bits/每秒),为8kbp的倍数

burst-normal 普通的最大速率,The minimum value is bps divided by 2000.

burst-max 非正常时的最大速率(单位字节)

conform-action 相应的行为动作

1.continue --Evaluates the next rate-limit command.

2.drop 丢弃该包

3.set-dscp-continue -----Sets the differentiated services code point (DSCP) (0

to 63) and evaluate the next rate-limit command.

4.set-dscp-transmit―------Sends the DSCP and transmit the packet.

5.set-mpls-exp-transmit―--Sets the MPLS experimental bits (0 to 7) and sends

the packet.

6.set-prec-continue―---Sets the IP precedence (0 to 7) and evaluates the next

rate-limit command.

7.set-qos-continue―---Sets the QoS group ID (1 to 99) and evaluates the next

rate-limit command.

8.transmit―---Sends the packet.

exceed-action--------Action to take on packets that exceed the specified rate

limit. Specify one of the following keywords:

1.continue―--Evaluates the next rate-limit command.

2.drop―--Drops the packet.

3.set-dscp-continue―--Sets the DSCP (0 to 63) and evaluates the next rate-

limit command.

4.set-dscp-transmit―--Sends the DSCP and sends the packet.

5.set-mpls-exp-continue―--Sets the MPLS experimental bits (0 to 7) and

evaluates the next rate-limit command.

6.set-mpls-exp-transmit―--Sets the MPLS experimental bits (0 to 7) and sends

the packet.

7.set-prec-continue―--Sets the IP precedence (0 to 7) and evaluates the next

rate-limit command.

8.set-prec-transmit―--Sets the IP precedence (0 to 7) and sends the packet.

9.set-qos-continue―--Sets the QoS group ID (1 to 99) and evaluates the next

rate-limit command.

10.set-qos-transmit―--Sets the QoS group ID (1 to 99) and sends the packet.

11.transmit―--Sends the packet.

默认情况下: 访问速率和分布式访问速率策略are disabled.

命令模式:

Interface configuration

Command History

Release Modification

11.1 CC This command was introduced.

12.1(5)T The conform and exceed actions were added for the MPLS experimental

field.

Usage Guidelines

使用多个访问速率策略, 在不同的interface下输入

分布式访问速率策略只在 Cisco 7000 series routers with an RSP7000 或者Cisco 7500

series routers with VIP2-40 or greater interface processor下能够使用。 A VIP2-50

interface processor is strongly recommended when the aggregate line rate of

the port adapters on the VIP is greater than DS3. A VIP2-50 interface

processor is required for OC-3 rates.

访问速率和分布式访问速率策略只能对ip传输可用。 访问速率和分布式访问速率策略不支持Fast

EtherChannel, tunnel, 或者 PRI interfaces, 也不支持任何不支持Cisco快速转发(CEF)上的

接口。

Cisco快速转发必须在配置访问速率和分布式访问速率策略前先enabled.

Examples

In the following example, the rate is limited by application:

All World Wide Web traffic is sent. However, the MPLS experimental field for

web traffic that conforms to the first rate policy is set to 5. For

nonconforming traffic, the IP precedence is set to 0 (best effort)。 See the

following commands in the example:

rate-limit input rate-limit access-group 101 20000000 24000 32000 conform-

action

set-mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 0

access-list 101 permit tcp any any eq www

FTP traffic is sent with an MPLS experimental field of 5 if it conforms to the

second rate policy. If the FTP traffic exceeds the rate policy, it is dropped.

See the following commands in the example:

rate-limit input access-group 102 10000000 24000 32000

conform-action set-mpls-exp-transmit 5 exceed-action drop

access-list 102 permit tcp any any eq ftp

Any remaining traffic is limited to 8 Mbps, with a normal burst size of 16,000

bytes and an excess burst size of 24000 bytes. Traffic that conforms is sent

with an MPLS experimental field of 5. Traffic that does not conform is

dropped. See the following command in the example:

rate-limit input 8000000 16000 24000 conform-action set-mpls-exp-transmit 5

exceed-action drop

Notice that two access lists are created to classify the web and FTP traffic

so that they can be handled separately by the CAR feature:

interface Hssi0/0/0

description 45Mbps to R2

rate-limit input rate-limit access-group 101 20000000 24000 32000

conform-action set-mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 0

rate-limit input access-group 102 10000000 24000 32000

conform-action set-mpls-exp-transmit 5 exceed-action drop

rate-limit input 8000000 16000 24000 conform-action

set-mpls-exp-transmit 5 exceed-action drop

ip address 200.200.14.250 255.255.255.252

!

access-list 101 permit tcp any any eq www

access-list 102 permit tcp any any eq ftp

In the following example, the MPLS experimental field is set and the packet is

sent:

interface FastEtheret1/1/0

rate-limit input 8000 1000 1000 access-group conform-action

set mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 5



支点信息是一家以网络技术数据库技术为主导的高端IT技术培训公司,是Pearson VUE国际IT认证考试中心,支点信息为企业及广大学员提供全面、细致、专业的线上、线下服务,致力于为客户提升良好的职业竞争力。

咨询电话:027-87538988

分享到:
 
 
地址:武汉市武昌区华乐商务中心2401(鲁巷购物广场西侧,乘车至“鲁巷站”即到)       邮编:430073      
版权所有 2012 支点信息技术有限公司,Copyright © 20112 zd-lab.com All rights reserved       备案号:鄂ICP备07002426号

咨询电话027-87538988

咨询 QQ:200867967