Here is what I use:
I place the following commands under the unprotected interface facing the
Internet. The syntax for the command is as follows:
rate-limit {input | output} [access-group [rate-limit] acl-index] bps
burst-normal burst-max conform-action action exceed-action action
The numbers mean the following:
bps
Average rate in bits per second. The value must be in increments of
8 kbps. In the example below, 1000000 is the average rate in bps.
burst-normal
Normal burst size in bytes. The minimum value is bps divided by 2000. In
the example below, 1500000 is the normal burst size.
burst-max
Excess burst size in bytes. In the example below, 2000000 is the excess
burst size.
Here is a practical example of how I like to configure rate limits:
! Allow UDP to occupy no more than 2 Mb/s of the pipe.
rate-limit input access-group 150 1000000 1500000 2000000 conform-action
transmit exceed-action drop
! Allow ICMP to occupy no more than 575 Kb/s of the pipe.
rate-limit input access-group 160 496000 550000 575000 conform-action
transmit exceed-action drop
! Rate limit (CAR) ACLs for UDP and ICMP.
access-list 150 permit udp any any
access-list 160 permit icmp any any
Regards,
David Wolsefer, CCIE #5858
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Yee, Jason
Sent: Monday, November 20, 2000 10:20 PM
To: '[EMAIL PROTECTED]'
Subject: access-list for DDOS attack
hi ,
Anyone knows what the parameter in using CAR to rate limit ICMP packets
means , for example :
interface abc
rate-limit output access-group 200 2000000 512000 786000 transmit
exceed-action drop
access-list 200 permit icmp any any echo-reply
what does the 2000000, 512000, 786000 means ?
thanks
Jason
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]