CCIE - Internetwork Expert's Online Community

Could someone please explain why the SG uses 496000 bps as the rate-limit?  The task asks to police the traffic to 500Kbps.  I'm trying to decide if I need to bang my head on the wall for a few hours to reinforce some math concept in that I am forgetting.   Thanks in advance.

bkvalentine:

Could someone please explain why the SG uses 496000 bps as the rate-limit?  The task asks to police the traffic to 500Kbps.  I'm trying to decide if I need to bang my head on the wall for a few hours to reinforce some math concept in that I am forgetting.   Thanks in advance.

Nevemind.  As soon as I posted this I decided I would look up the rate-limit command.  The command reference says that you must use 8kbps increments. 

Given that, I suggest that the soultion provided by the SG violates this task.  Because the solution given polices to 496Kpbs, not 500kbps as required.

Here's my solution:

R5:

interface FastEthernet0/1
 service-policy input P2P
 service-policy output TCP_TO_WEBSERVER

class-map match-all TCP_TO_WEBSERVER
 match access-group name TCP_TO_WEBSERVER
policy-map TCP_TO_WEBSERVER
 class class-default
  service-policy P2P
policy-map ATTACK_MITIGATION
 class TCP_TO_WEBSERVER
  police rate 500000

ip access-list extended TCP_TO_WEBSERVER
 permit tcp any 173.X.5.0 0.0.0.255 eq www syn

Wow.  Maybe I do need to bang my head against a wall for a couple hours.  Here's my REAL solution.  

interface FastEthernet0/1
  service-policy input P2P
  service-policy output PARENT

ip access-list extended TCP_TO_WEBSERVER
 permit tcp any 173.X.5.0 0.0.0.255 eq www syn

class-map match-all TCP_TO_WEBSERVER
 match access-group name TCP_TO_WEBSERVER

policy-map PARENT
 class TCP_TO_WEBSERVER
  police rate 500000
 class class-default
  service-policy P2P