Hi, I have a question on rate-limiting. We are rate-limiting per ACL 109 which is applied via a rate-limit statement to our serial interface. I can see that for periods of time, we are exceeding our normal and excess burst.
Is there any recommended way of increasing the size of the normal and burst measurements so that less traffic will be dropped but at the same time making sure that we so not exceed the 5meg already allocated to this traffic?
How does one work out the normal and excess bursts? I've searched the web but can't find a definitive answer.
ip address x.x.x.x x.x.x.x
no ip redirects
no ip unreachables
no ip proxy-arp
rate-limit output access-group 109 5000000 4470 4470 conform-action transmit exceed-action drop
no ip mroute-cache
no cdp enable
access-list 109 permit ip host xx.xx.xx.xx any
ISP_1#sh int pos 2/0 rate-limit
matches: access-group 109
params: 5000000 bps, 4470 limit, 4470 extended limit
conformed 15956424 packets, 11692M bytes; action: transmit
exceeded 747192 packets, 942248096 bytes; action: drop
last packet: 0ms ago, current burst: 0 bytes
last cleared 3d18h ago, conformed 286000 bps, exceeded 23000 bps
If your IOS supports either shaping and/or rate-limiting, there's seldom need to perform both.
Generally, since shaping buffers bursts, it often drops less packets than rate-limiting, but actual impact depends on the traffic. (Sam makes a great point about shaping having possible additional delays not seen with rate-limiting.)
Whether you're doing shaping or rate-limiting, both will send at link speed, when they transmit. Assuming your ISP is policing your traffic to an agreed "bandwidth", ideally you would want to match their policing parameters to obtain the most possible bandwidth. This would be true regardless whether you rate-limit or shape.