Rate-limit CIR/bc/be Confusion

Unanswered Question
Jun 17th, 2009

Hi, I have to limit WWW Syn packet to 500Kbs. I am confused by CIR, be & be has been choosen like following --

access-list 192 permit tcp any any eq www sync

int f0/1

rate-limit output access-group 192 496000 4000 4000 conform-action permit exceed-action drop

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Istvan_Rabai Wed, 06/17/2009 - 22:48

Hi Rupesh,

Don't forget the following:

496000 means cir in bits per second (bps).

4000 means bc and be in BYTES.

For rate limiting the recommended values for bc and be are the following:

bc = (1.5 x cir)/8

be = 2 x bc

This would mean the following recommended configuration for the rate limit command:

rate-limit output access-group 192 496000 93000 186000 conform-action permit exceed-action drop

Cheers:

Istvan

Rupesh Kashyap Thu, 06/18/2009 - 00:31

1. At first, I have requested for 500kbs, they why CIR is 496kbs ?

2. Bc will CIRx125ms, which is not 93000 ?

3. Why be = 2x bc

Joseph W. Doherty Thu, 06/18/2009 - 06:45

BTW, I wonder whether your requirement might be better provided by something like the "TCP Intercept" feature.

Actions

This Discussion