Archive for the ‘time’ tag
Stubby Post – Time-based ACLs and Policy-maps
Certain divisions of the company tend to shoot themselves in the foot by kicking off large file transfers during business hours, so I had a thought that maybe we could use time-based ACLs to do some QoSing for those guys. I fired up GNS3 with a 3600 running 12.4(25b) with some virtual PCs on it’s Ethernet interfaces.
time-range BUSINESSHOURS periodic daily 8:00 to 17:00 ! ip access-list extended PINGS permit icmp any any time-range BUSINESSHOURS ! class-map match-all PINGS match access-group name PINGS ! policy-map PM-F0/0-OUT class PINGS
First, I set the router’s time to outside of the time range and sent some pings over.
R1#sh clock
00:01:13.107 UTC Wed Apr 28 2010
R1#sh access-lists
Extended IP access list PINGS
10 permit icmp any any time-range BUSINESSHOURS (inactive)
R1#sh policy-map int f0/0
FastEthernet0/0
Service-policy output: PM-F0/0-OUT
Class-map: PINGS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: access-group name PINGS
Class-map: class-default (match-any)
11 packets, 1140 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Alright, that’s expected. Now let’s set the clock to within the time range and repeat.
R1#sh clock
13:00:12.887 UTC Wed Apr 28 2010
R1#sh access-lists
Extended IP access list PINGS
10 permit icmp any any time-range BUSINESSHOURS (active) (10 matches)
R1#sh policy-map int f0/0
FastEthernet0/0
Service-policy output: PM-F0/0-OUT
Class-map: PINGS (match-all)
10 packets, 980 bytes
5 minute offered rate 0 bps
Match: access-group name PINGS
Class-map: class-default (match-any)
20 packets, 1970 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
How about that? Time-based ACLs seems to work with policy-maps. I didn’t know that.
Unix Epoch + 1234567890 = Next Friday
I’m kind of an obsessive-compulsive when it comes to numbers (1, 2, 3, 4, 5…), so I’m fairly excited about next Friday (..6, 7, 8, 9, 10…) when Epoch time reaches 1234567890 at 18:31:30 on 13 February(…11, 12, 13, 14, 15…). I’m sure my ADD will kick in (Oh, look. A squirrel!) right before, but I’ll try to remember to run to a Linux box and type date +%s (…16, 17, 18, 19, 20! Made it!).
Leap Second
Did anyone notice (or care about) the leap second? I did neither. Here’s some cool output from Kevin Oberman on the NANOG list, though.
bash-2.05b# date
Thu Jan 1 00:59:58 CET 2009
bash-2.05b# date
Thu Jan 1 00:59:59 CET 2009
bash-2.05b# date
Thu Jan 1 00:59:60 CET 2009
bash-2.05b# date
Thu Jan 1 01:00:00 CET 2009
bash-2.05b# date
Thu Jan 1 01:00:01 CET 2009
bash-2.05b#