you can rate limit with layer 3 switches (arguably the same as 'router'; saying 'layer 3 router' is redundant) too. you dont need layer 3 capabilities to do rate limiting, but it does come in handy if you want to rate limit based on ACLs.
The Captus IPS 4000 has L2 rate limiting capabilities as does ASL (Astaro Security Linux) v5, which we plan to begin testing next month if all goes as planned. Only caveat is price: one can expect to pay anywhere from $7000 - 14,000 or more to implement one of these devices.
Originally posted by jsw6 Some layer 2 switches support rate-limiting as well. Foundry switches running layer 2 images are one example.
as a matter of precision, although foundry calls the image that comes with most switches by default 'layer 2', it actually does have certain layer 3 capabilities, such as layer 3 acls. their layer 3 images enable things like OSPF and RIP support.
in this vein, your cheapest solution would be a foundry FWS24, which can be gotten on the aftermarket for $500+. clearly, you need to do a lot of testing on aftermarket equipment for use in anything but lab environments. FWS24s are now EOL'ed, so keep that in mind. if you want to do a serious amount of rate limiting in production, i would recommend at least using the FBS line (slightly faster cpu).
cisco 3550 EMI will do rate-limiting (not sure about SMI, but probably not). it will not work that well, so dont bother.
perhaps if you elaborate a bit on what kind of rate-limiting you want to do, we can give you better recommendations.
Originally posted by DeathNova The Captus IPS 4000 has L2 rate limiting capabilities as does ASL (Astaro Security Linux) v5, which we plan to begin testing next month if all goes as planned. Only caveat is price: one can expect to pay anywhere from $7000 - 14,000 or more to implement one of these devices.
what do they bring to the table that the other devices dont? is the rate-limiting done fully in asic?