No worries. it's good to be able to think through things like that, because once you understand the options available to you, you'll be able to get through any manipulation they ask you to do! HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al. CCSI/JNCI-M/JNCI-ER VP - Technical Training - IPexpert, Inc. IPexpert Sr. Technical Instructor A Cisco Learning Partner - We Accept Learning Credits! [EMAIL PROTECTED] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 http://www.ipexpert.com _____ From: Aqbalali Arne [mailto:[EMAIL PROTECTED] Sent: Friday, December 14, 2007 5:09 AM To: [EMAIL PROTECTED]; [email protected] Subject: RE: [OSL | CCIE_SP] Rate limiting based on Community Thanks Scott, in fact i saw the same option yesterday in DQOS book for QPPB and they have given an example for community itself. Thanks again. Aqbal _____ From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [email protected] Subject: RE: [OSL | CCIE_SP] Rate limiting based on Community Date: Thu, 13 Dec 2007 08:54:18 -0500 We frequently see communities used in order to do Remote Triggered Black Hole Routing, which is essentially killing traffic based on particular community values by rearranging the next-hop. I don't see why we couldn't use it for policing as well, but there isn't any inherent mechanism of QoS or policing to match on BGP community. So we would need to look at an architecture where there were dual next-hops to really forward traffic. One path is "normal", the other is simply policed. There's a more formal option in place called QPPB (Qos Policy Propogation via BGP) that you may want to look at. :) In a route-map, you can match on BGP communities then "set ip qos-group" which is a non-transitive value. But that's a value that can then be used in MQC to "match qos-group" and set any policing parameters. So there are a couple of options for you to play around with! HTH, Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al. CCSI/JNCI-M/JNCI-ER VP - Technical Training - IPexpert, Inc. IPexpert Sr. Technical Instructor A Cisco Learning Partner - We Accept Learning Credits! [EMAIL PROTECTED] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 http://www.ipexpert.com _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aqbalali Arne Sent: Thursday, December 13, 2007 7:38 AM To: [email protected] Subject: [OSL | CCIE_SP] Rate limiting based on Community Hi, Is there any feature to rate limit the traffic when a router recieves BGP routes with a particular community string attached. May be something to do with DOS attack. Aqbal _____ Post free auto ads on Yello Classifieds now! Try it <http://ss1.richmedia.in/recurl.asp?pid=255> now! _____ Fly HYD-BLR for Rs.499 Log on to MakeMyTrip! Check it out! <http://ss1.richmedia.in/recurl.asp?pid=266>
