We frequently see communities used in order to do Remote Triggered Black Hole Routing, which is essentially killing traffic based on particular community values by rearranging the next-hop. I don't see why we couldn't use it for policing as well, but there isn't any inherent mechanism of QoS or policing to match on BGP community. So we would need to look at an architecture where there were dual next-hops to really forward traffic. One path is "normal", the other is simply policed. There's a more formal option in place called QPPB (Qos Policy Propogation via BGP) that you may want to look at. :) In a route-map, you can match on BGP communities then "set ip qos-group" which is a non-transitive value. But that's a value that can then be used in MQC to "match qos-group" and set any policing parameters. So there are a couple of options for you to play around with! HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al. CCSI/JNCI-M/JNCI-ER VP - Technical Training - IPexpert, Inc. IPexpert Sr. Technical Instructor A Cisco Learning Partner - We Accept Learning Credits! [EMAIL PROTECTED] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 http://www.ipexpert.com _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aqbalali Arne Sent: Thursday, December 13, 2007 7:38 AM To: [email protected] Subject: [OSL | CCIE_SP] Rate limiting based on Community Hi, Is there any feature to rate limit the traffic when a router recieves BGP routes with a particular community string attached. May be something to do with DOS attack. Aqbal _____ Post free auto ads on Yello Classifieds now! Try it now! <http://ss1.richmedia.in/recurl.asp?pid=255>
