Rate-limit CIR/bc/be Confusion

Unanswered Question
Jun 17th, 2009
User Badges:

Hi, I have to limit WWW Syn packet to 500Kbs. I am confused by CIR, be & be has been choosen like following --


access-list 192 permit tcp any any eq www sync


int f0/1

rate-limit output access-group 192 496000 4000 4000 conform-action permit exceed-action drop

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Istvan_Rabai Wed, 06/17/2009 - 22:48
User Badges:
  • Gold, 750 points or more

Hi Rupesh,


Don't forget the following:


496000 means cir in bits per second (bps).


4000 means bc and be in BYTES.


For rate limiting the recommended values for bc and be are the following:


bc = (1.5 x cir)/8

be = 2 x bc


This would mean the following recommended configuration for the rate limit command:


rate-limit output access-group 192 496000 93000 186000 conform-action permit exceed-action drop


Cheers:

Istvan


Rupesh Kashyap Thu, 06/18/2009 - 00:31
User Badges:

1. At first, I have requested for 500kbs, they why CIR is 496kbs ?


2. Bc will CIRx125ms, which is not 93000 ?


3. Why be = 2x bc

Joseph W. Doherty Thu, 06/18/2009 - 06:45
User Badges:
  • Super Bronze, 10000 points or more

BTW, I wonder whether your requirement might be better provided by something like the "TCP Intercept" feature.

Actions

This Discussion