Some people have a need to push hardware to it’s limits.  Generally, I end up being one of those people.  I must admit, I enjoy seeing how far things can be pushed, especially when it yields new and or interesting gains or knowledge.  One of the things that I needed to do was to rate limit a large set of addresses, but to allow unfettered access to other resources.  It’s possible there may be a better way to do this, but all of my other attempts to do this failed.  MicroFlow policing would kinda make it work, but the code to do so isn’t all in there yet for the SUP2T in either IOS 12.x or 15.0.  So, given few other choices we forged ahead with the plan to add ACLs, class maps and policy maps to make this work. I knew we’d become resource strapped with this method, but until there was a better way, this was the path.  My IOS foo is admittedly  a tad weak these days working more on JunOS, so if these aren’t the optimal way to