Use Rate-limit to limit traffic

1. Enable CEF in global mode:

Router (config) # IP CEF

2. Define the standard or extended access list:

Router (config) # access-List 2 permit 192.168.6.0 0.0.255

3. Perform rate-limit on the port to be restricted:

Rounter (config-If) # rate-limit output access-group 2 128000 16000 16000 conform-Action transmit exceed-Action drop

Rate-limit command format:

# Rate-limit {input | output} [access-group number] BPS burst-normal burst-Max conform-action Action exceed-action Action

Input | output: this is the direction of data traffic.

Access-group number: the number of the access list defined.

BPS: defines the maximum traffic rate. The unit is bps.

Burst-normal burst-MAX: the size of the defined data capacity, generally 32000, in bytes. When the data reaches exceeds this capacity, an action is triggered, discarded or forwarded to speed limit.

Conform-action and exceed-action are the processing policies for the traffic below the rate limit and the traffic exceeding the rate limit respectively.

Action: A processing policy, including drop and transmit.

Configure the specified access rate and distributed access rate policy. You can use the rate-limit port to configure the command.
Remove the rate limit configuration and add no to the original command.
Command:
Rate-limit {input | output} [access-group [rate-limit] ACL-Index] BPS burst-
Normal burst-Max conform-action conform-Action exceed-action

No rate-limit {input | output} [access-group [rate-limit] ACL-Index] BPS burst-
Normal burst-Max conform-action conform-Action exceed-action conform-action

Parameter description: input ?? ?? Apply an access rate policy to the accepted packets on the portal
Output ?? Apply an access rate policy to the sent packets at the egress
The access-group option applies the access rate policy on the specified Access Control List-usually on the specified IP address and Application
Speed Limit
Rate-limit: Optional. This is the rate-limit access control policy.
ACL-index option, access list number.
BPS average rate (bits/second), a multiple of 8 kbp
Burst-normal maximum rate, the minimum value is BPS divided by 2000.
Maximum rate (in bytes) of the burst-Max exception)
Action corresponding to conform-action
1. Continue -- evaluates the next rate-limit command.

2. Drop to discard the package

3. Set-dscp-continue ----- sets the Differentiated Services Code Point (dscp) (0
To 63) and evaluate the next rate-limit command.

4. Set-dscp-transmit------- sends the dscp and transmit the packet.

5. Set-MPLS-EXP-transmit--- sets the MPLS experimental bits (0 to 7) and sends
The packet.

6. Set-prec-continue---- sets the IP precedence (0 to 7) and evaluates the next
Rate-limit command.

7. Set-QoS-continue---- sets the QoS group ID (1 to 99) and evaluates the next
Rate-limit command.

8. Transmit---- sends the packet.

Exceed-Action -------- action to take on packets that exceed the specified rate
Limit. Specify one of the following keywords:

1. Continue -- evaluates the next rate-limit command.
2. Drop -- drops the packet.
3. Set-dscp-continue--- sets the dscp (0 to 63) and evaluates the next rate-
Limit command.
4. Set-dscp-transmit--- sends the dscp and sends the packet.
5. Set-MPLS-EXP-continue--- sets the MPLS experimental bits (0 to 7) and
Evaluates the next rate-limit command.
6. Set-MPLS-EXP-transmit--- sets the MPLS experimental bits (0 to 7) and sends
The packet.
7. Set-prec-continue--- sets the IP precedence (0 to 7) and evaluates the next
Rate-limit command.
8. Set-prec-transmit--- sets the IP precedence (0 to 7) and sends the packet.
9. Set-QoS-continue--- sets the QoS group ID (1 to 99) and evaluates the next
Rate-limit command.
10. Set-QoS-transmit--- sets the QoS group ID (1 to 99) and sends the packet.
11. Transmit -- sends the packet.

By default, the access rate and distributed access rate policies are disabled.

Command mode:

Interface Configuration

Command history

Release Modification

11.1 CC this command was introduced.

12.1 (5) t the conform and exceed actions were added for the MPLS experimental
Field.

Usage guidelines

Use multiple access rate policies and input them under different interfaces

The distributed access rate policy is only available in Cisco 7000 Series routers with an rsp7000 or Cisco 7500
Series routers with VIP2-40 or greater interface processor can use. A VIP2-50
Interface processor is strongly recommended when the aggregate line rate
The port adapters on the VIP is greater than DS3. A VIP2-50 Interface
Processor is required for OC-3 rates.

The access rate and distributed access rate policies can only be available for IP transmission. The access rate and distributed access rate policies do not support fast
Etherchannel, tunnel, or pri interfaces does not support any
Interface.

Cisco Express Forwarding must be enabled before configuring the access rate and distributed access rate policies.

Examples

In the following example, the rate is limited by application:

All world wide web traffic is sent. However, the MPLS experimental field
Web traffic that conforms to the first rate policy is set to 5.
Nonconforming traffic, the IP precedence is set to 0 (best effort). See
Following commands in the example:

Rate-limit input rate-limit access-group 101 20000000 24000 conform-
Action
Set-MPLS-EXP-transmit 5 exceed-action set-MPLS-EXP-transmit 0

Access-list 101 permit TCP ANY EQ WWW

FTP traffic is sent with an MPLS experimental field of 5 if it conforms to
Second rate policy. If the FTP traffic exceeds the rate policy, it is dropped.
See the following commands in the example:
Rate-limit input access-group 102 10000000 24000
Conform-action set-MPLS-EXP-transmit 5 exceed-Action drop

Access-list 102 permit TCP ANY EQ FTP

Any remaining traffic is limited to 8 Mbps, with a normal burst size of 16,000
Bytes and an excess burst size of 24000 bytes. Traffic that conforms is sent
With an MPLS experimental field of 5. Traffic that does not conform is
Dropped. See the following command in the example:

Rate-limit input 8000000 16000 24000 conform-action set-MPLS-EXP-transmit 5
Exceed-Action drop

Notice that two access lists are created to classify the web and FTP traffic
So that they can be handled separately by the car feature:

Interface hssi0/0/0
Description 45 Mbps to R2
Rate-limit input rate-limit access-group 101 20000000 24000
Conform-action set-MPLS-EXP-transmit 5 exceed-action set-MPLS-EXP-transmit 0
Rate-limit input access-group 102 10000000 24000
Conform-action set-MPLS-EXP-transmit 5 exceed-Action drop
Rate-limit input 8000000 16000 24000 conform-action
Set-MPLS-EXP-transmit 5 exceed-Action drop
IP address 200.200.14.250 255.255.255.252
!
Access-list 101 permit TCP ANY EQ WWW
Access-list 102 permit TCP ANY EQ FTP

In the following example, the MPLS experimental field is set and the packet is
Sent:

Interface fastetheret1/1/0
Rate-limit input 8000 1000 1000 access-Group conform-action
Set MPLS-EXP-transmit 5 exceed-action set-MPLS-EXP-transmit 5