Maybe its me but why rate limit from the start, i mean doesn't it add more stress to the switch?
Well technically yes, but it's not a bottleneck. It's all done by the same hardware that runs ACLs; rate-limiting (policing) only results in a yes/no decision after an ACL is matched by the ASICs. If you make some ultra large ACL that won't fit in the TCAM (which IOS will tell you), every packet is sent to software for processing, which is a definite bottleneck. So long as your ACL stays in hardware, it's not an issue.
An example of a perfectly legitimate hardware ACL would be "permit ip any any", which is adequate in the case of rate limiting all IP traffic with a service-policy. An example of an ACL that would not fit in hardware would be one that consists of 100 lines like 'permit tcp 184.108.40.206 0.0.0.7 any eq 80' and on down the list for any number of TCP services. Note that the former example is typical for service providers, as they (we) typically don't care what the source ip/port/whatever is; if a customer port has a service-policy applied to it, it needs to match all traffic for obvious reasons.
Now selling BigVPS's! Jacksonville Colocation and dedicated servers by colo4jax
We are *not* a reseller. We own our servers, switches, routers and racks.