Rate-limit CIR/bc/be Confusion

Rupesh Kashyap · ‎06-17-2009

Hi, I have to limit WWW Syn packet to 500Kbs. I am confused by CIR, be & be has been choosen like following --

access-list 192 permit tcp any any eq www sync

int f0/1

rate-limit output access-group 192 496000 4000 4000 conform-action permit exceed-action drop

andrew.prince · ‎06-17-2009

The recommended be values are 2 x the CIR - otherwise you run the risk of global sync.

HTH>

Istvan_Rabai · ‎06-17-2009

Hi Rupesh,

Don't forget the following:

496000 means cir in bits per second (bps).

4000 means bc and be in BYTES.

For rate limiting the recommended values for bc and be are the following:

bc = (1.5 x cir)/8

be = 2 x bc

This would mean the following recommended configuration for the rate limit command:

rate-limit output access-group 192 496000 93000 186000 conform-action permit exceed-action drop

Cheers:

Istvan

Rupesh Kashyap · ‎06-18-2009

1. At first, I have requested for 500kbs, they why CIR is 496kbs ?

2. Bc will CIRx125ms, which is not 93000 ?

3. Why be = 2x bc

Istvan_Rabai · ‎06-18-2009

Hi Rupesh,

The following link will give some more explanations on rate-limiting and the recommended settings for bc and be.

Cheers:

Istvan

Joseph W. Doherty · ‎06-18-2009

BTW, I wonder whether your requirement might be better provided by something like the "TCP Intercept" feature.