For the purpose of managing bandwith usage on peak hours (office hours) and off-peak hours (after work hours), use access lists in the router configuration in conjunction with the Cisco rate-limit command and time related rules, like enable ntp, scheduler, and the time-range commands.
Mitigate Denial of Service Attack
Another application for the rate-limit command is a method to prevent DoS attacks, by controlling the bandwidth rate or to limite the connection rate of incoming traffic. If used properly, this command will reduce the impact of an attack on a vulnerable computer. Most effectively used in conjunction with an Access Control List (ACL), a firewall, and an intrusion detection system (IDS). However it may be necessary to establish a traffic flow reporting baseline first.
Firewalls are a separate topic beyond the scope of the course, but I saw a practise quiz question ask about Cisco PIX firewalls. A firewall is useful for infection containment during threat detection in the mitigation process by splitting the network into different security zones.
Configuration
The full description is found on the Cisco website in the set qos-group of commands, and I have the habit of taking a few notes down for myself. The usage:
rate-limt {input|output}[dscp dscp-value] [access-group rate-limit access list] bps burst-normal burst-max conform-action [action you want] exceed-action [action you want]
To remove the command, use no in front of the whole configuration line.
rate-limit output access-group 100 192000 36000 72000 conform-action transmit exceed-action drop
rate-limit output access-group 101 800000 150000 300000 conform-action transmit exceed-action drop
Where access-list 100 is for office hours
access-list 101 is for off peak hours or after work hours
The three numbers indicating bit rates for the rate-limit command listen in order. The bit rates to use can be calculated form the excel bit rate calculator link below.
bps - average bit rate in increments of 8kps
burst-normal - average burst size in bytes. The minimum value is bps/ 200
burst-max - excess burst size in bytes
Specify a time-range, example if Office Hours were 8am to 4pm Zulu (you'll have to change your numbers to match your real office hours but Cisco uses the time settings in Zulu only. I don't actually work 8am to 4pm Zulu just makes it easy to write this time-range article). The question mark is a symbol that prompts the Cisco IOS to list follow on options you can use.
time-range OFF-PEAK-TIME-RANGE
periodic ?
list days of the week: Monday Tuesday Wednesday Thursday Friday Saturday Sunday
periodic Monday Tuesday Wednesday Thursday Friday ?
specify the time in zulu
periodic Monday Tuesday Wednesday Thursday Friday 16:00 to 23:59
periodic Tuesday Wednesday Thursday 0:00 to 7:59
time-range OFFICE-HOURS-TIME-RANGE
periodic Monday Tuesday Wednesday Thursday Friday 8:00 to 15:59
My question is what happens with Saturday and Sunday? I've been just leaving it blank and assuming that goes full throttle. Never seen anything bad happen so I've been assuming it's working out ok.
Download your own Bit Rate Calculator here:
https://learningnetwork.cisco.com/docs/DOC-7874
No comments:
Post a Comment