rate-limit

配置指定的访问速率和分布式访问速率策略,你可以使用rate-limit 端口配置命令. 移除rate limit配置，在原命令上加上no移除.

指令：

rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action conform-action exceed-action exceed-action

no rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action conform-action exceed-action conform-action


参数描述： input　 　在入口上对接受的packets应用一个访问速率策略

output 　 在出口上对发送的packets应用一个访问速率策略

access-group 可选项，在指定的访问控制列表上应用访问速率策略 --通常在对指定的ip和应用程序限速的情况下使用

rate-limit 可选项，这个是rate-limit访问控制策略

acl-index 可选项，Access list number.

bps 平均速率(bits/每秒)，为8kbp的倍数

burst-normal 普通的最大速率，The minimum values is bps divided by 2000.

burst-max 非正常时的最大速率（单位字节）

conform-action 相应的行为动作


1.continue --Evaluates the next rate-limit command.

2.drop 丢弃该包

3.set-dscp-continue -----Sets the differentiated services code point (DSCP) (0 to 63) and evaluate the next rate-limit command.

4.set-dscp-transmit—------Sends the DSCP and transmit the packet.

5.set-mpls-exp-transmit—--Sets the MPLS experimental bits (0 to 7) and sends the packet.

6.set-prec-continue—---Sets the IP precedence (0 to 7) and evaluates the next rate-limit command.

7.set-qos-continue—---Sets the QoS group ID (1 to 99) and evaluates the next rate-limit command.

8.transmit—---Sends the packet.

exceed-action--------Action to take on packets that exceed the specified rate limit. Specify one of the following keywords:

1.continue—--Evaluates the next rate-limit command.
2.drop—--Drops the packet.
3.set-dscp-continue—--Sets the DSCP (0 to 63) and evaluates the next rate-limit command.
4.set-dscp-transmit—--Sends the DSCP and sends the packet.
5.set-mpls-exp-continue—--Sets the MPLS experimental bits (0 to 7) and evaluates the next rate-limit command.
6.set-mpls-exp-transmit—--Sets the MPLS experimental bits (0 to 7) and sends the packet.
7.set-prec-continue—--Sets the IP precedence (0 to 7) and evaluates the next rate-limit command.
8.set-prec-transmit—--Sets the IP precedence (0 to 7) and sends the packet.
9.set-qos-continue—--Sets the QoS group ID (1 to 99) and evaluates the next rate-limit command.
10.set-qos-transmit—--Sets the QoS group ID (1 to 99) and sends the packet.
11.transmit—--Sends the packet.



默认情况下： 访问速率和分布式访问速率策略are disabled.

命令模式：

Interface configuration


Command History

Release Modification

11.1 CC This command was introduced.

12.1(5)T The conform and exceed actions were added for the MPLS experimental field.


Usage Guidelines

使用多个访问速率策略, 在不同的interface下输入

分布式访问速率策略只在 Cisco 7000 series routers with an RSP7000 或者Cisco 7500 series routers with VIP2-40 or greater interface processor下能够使用. A VIP2-50 interface processor is strongly recommended when the aggregate line rate of the port adapters on the VIP is greater than DS3. A VIP2-50 interface processor is required for OC-3 rates.

访问速率和分布式访问速率策略只能对ip传输可用. 访问速率和分布式访问速率策略不支持Fast EtherChannel, tunnel, 或者 PRI interfaces, 也不支持任何不支持Cisco快速转发(CEF)上的接口.

Cisco快速转发必须在配置访问速率和分布式访问速率策略前先enabled.

Examples

In the following example, the rate is limited by application:


All World Wide Web traffic is sent. However, the MPLS experimental field for web traffic that conforms to the first rate policy is set to 5. For nonconforming traffic, the IP precedence is set to 0 (best effort). See the following commands in the example:


rate-limit input rate-limit access-group 101 20000000 24000 32000 conform-action
set-mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 0

access-list 101 permit tcp any any eq www


FTP traffic is sent with an MPLS experimental field of 5 if it conforms to the second rate policy. If the FTP traffic exceeds the rate policy, it is dropped. See the following commands in the example:


rate-limit input access-group 102 10000000 24000 32000
conform-action set-mpls-exp-transmit 5 exceed-action drop

access-list 102 permit tcp any any eq ftp


Any remaining traffic is limited to 8 Mbps, with a normal burst size of 16,000 bytes and an excess burst size of 24000 bytes. Traffic that conforms is sent with an MPLS experimental field of 5. Traffic that does not conform is dropped. See the following command in the example:


rate-limit input 8000000 16000 24000 conform-action set-mpls-exp-transmit 5
exceed-action drop


Notice that two access lists are created to classify the web and FTP traffic so that they can be handled separately by the CAR feature:

interface Hssi0/0/0
description 45Mbps to R2
rate-limit input rate-limit access-group 101 20000000 24000 32000
conform-action set-mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 0
rate-limit input access-group 102 10000000 24000 32000
conform-action set-mpls-exp-transmit 5 exceed-action drop
rate-limit input 8000000 16000 24000 conform-action
set-mpls-exp-transmit 5 exceed-action drop
ip address 200.200.14.250 255.255.255.252
!
access-list 101 permit tcp any any eq www
access-list 102 permit tcp any any eq ftp


In the following example, the MPLS experimental field is set and the packet is sent:

interface FastEtheret1/1/0
rate-limit input 8000 1000 1000 access-group conform-action
set mpls-exp-transmit 5 exceed-action set-mpls-exp-transmit 5



相关命令：

access-list --------rate-limit Configures an access list for use with CAR policies.

show access-lists rate-limit--------Displays information about rate-limit access lists.

show interfaces rate-limit--------Displays information about CAR for an interface.

show ip rsvp installed--------- Displays RSVP-related installed filters and corresponding bandwidth information.


rate－limit是QOS(Quality of Service)即服务质量保证实现的主要命令 用法基本用为：
rate-limit input 128000 8000 9000 conform-action transmit exceed-action drop
rate-limit output 128000 8000 9000 conform-action transmit exceed-action drop
对于一条链路，input和output都要设置。 这句话的意思是，限制带宽为128kbps，对于一个连接普通 突发速率8kBytes（即64kbps），最大突发9k（即72kbps） 如在这个范围内，进行的操作是 transmit(传输) 如果超出就是的操作(Exceed-action)是drop（丢弃） 在这里，最主要测参数是 128000，限制带宽，后面2个是限制每个连接的突发带宽，这样保证不会因为一个人ftp而导致整个链路 性能下降很多 在conform-action里，除了transmit以外，还有一个很好的做法，就是set-prec- transmit 5,即
rate-limit input 128000 8000 9000 conform-action set-prec-transmit 5 exceed-action drop
rate-limit output 128000 8000 9000 conform-action set-prec-transmit 5 exceed-action drop
这个的含义是如果普通单连接突发速率在8kbytes（64kbps）以下时，正常传输 如果在 8kbytes（64kbps）和9kbytes（72kbps）之间是，优先级变为5级（中级），如果超出 9kbytes（72kbps）就drop