CAR con drop a seguito di una conform-action
Inviato: ven 08 mag , 2009 1:06 pm
Riporto un estratto del libro Cisco IOS Cookbook (seconda edizione)
Faccio fatica a comprendere il senso del drop dopo la conform-action nella seconda rate-limit.
Si tratta di un errore ?
**********************************************************
Of course, it's never completely ideal to allow a remote device to send too many packets across the network, only to drop them as they are received. But it is sometimes useful when your network acts as a service provider to other networks. For example, you might have downstream customers who have subscribed to a subrate service. This would include things like selling access through an Ethernet port, but restricting the customer to some lower rate such as 100Kbps.
Alternatively, you could use inbound rate-limit commands to ensure that your downstream customers are allowed to use your network for surfing the web, but only if the rate is kept below some threshold:
Router(config)#access list 101 permit tcp any eq www any
Router(config)#access list 101 permit tcp any any eq www
Router(config)#access list 103 permit ip any any
Router(config)#interface HSSI0/0
Router(config-if)#rate-limit input 50000 4500 4500 conform-action transmit exceed-action continue
Router(config-if)#rate-limit input access-group 101 100000 4500 9000 conform-action drop exceed-action continue
Router(config-if)#rate-limit input access-group 103 100000 4500 9000 conform-action transmit exceed-action drop
Router(config-if)#end
Router#
Faccio fatica a comprendere il senso del drop dopo la conform-action nella seconda rate-limit.
Si tratta di un errore ?
**********************************************************
Of course, it's never completely ideal to allow a remote device to send too many packets across the network, only to drop them as they are received. But it is sometimes useful when your network acts as a service provider to other networks. For example, you might have downstream customers who have subscribed to a subrate service. This would include things like selling access through an Ethernet port, but restricting the customer to some lower rate such as 100Kbps.
Alternatively, you could use inbound rate-limit commands to ensure that your downstream customers are allowed to use your network for surfing the web, but only if the rate is kept below some threshold:
Router(config)#access list 101 permit tcp any eq www any
Router(config)#access list 101 permit tcp any any eq www
Router(config)#access list 103 permit ip any any
Router(config)#interface HSSI0/0
Router(config-if)#rate-limit input 50000 4500 4500 conform-action transmit exceed-action continue
Router(config-if)#rate-limit input access-group 101 100000 4500 9000 conform-action drop exceed-action continue
Router(config-if)#rate-limit input access-group 103 100000 4500 9000 conform-action transmit exceed-action drop
Router(config-if)#end
Router#