Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3715
Views
0
Helpful
1
Replies

QoS for Dos attacks

techmail4sam
Level 1
Level 1

‎08-13-2009 01:55 AM

Hi,

I have a policy-map with class-map classifies Dos attack traffic and I have defined service-policy as follows.

example : police cir 20000 bps conform transmit  violate drop

What values should I use for CIR or PIR? How could I calculate these values or retrieve virtual ethernet bandwidth?

Is there something other than CIR or PIR that I can use to limit rate?

Thanks,

D V

Labels:
0 Helpful
1 Reply 1

tkuik
Cisco Employee
Cisco Employee

‎08-18-2009 03:49 PM

The CIR vs PIR is the committed vs peak rates.  Basically, it is up to you to define a 1-rate or 2-rate policer.  When defining an output policy for a veth, I would expect that you will mainly use CIR only.  PIR is useful if you want to mark packets differently.  Seems more useful for packets being sent by the server into the network where you would "color" (or mark) the packets differently based upon how much traffic was being generated.  The QoS config guide has references to the appropriate RFCs that discuss coloring.  This would be done in an input policy on a veth or on an output policy on an eth.

To limit the bandwidth into a VM, I think that CIR, specifying bps, is the best way to go.  You can do this in a policy that is applied as an input eth (if you want to limit all traffic into the server) or as an output veth (if you want to limit what an individual VM sees).

Hope that helps!

Tim

0 Helpful
Customers Also Viewed These Support Documents