06-17-2009 08:14 AM - edited 03-04-2019 05:09 AM
Hi, I have to limit WWW Syn packet to 500Kbs. I am confused by CIR, be & be has been choosen like following --
access-list 192 permit tcp any any eq www sync
int f0/1
rate-limit output access-group 192 496000 4000 4000 conform-action permit exceed-action drop
06-17-2009 09:45 AM
The recommended be values are 2 x the CIR - otherwise you run the risk of global sync.
HTH>
06-17-2009 10:48 PM
Hi Rupesh,
Don't forget the following:
496000 means cir in bits per second (bps).
4000 means bc and be in BYTES.
For rate limiting the recommended values for bc and be are the following:
bc = (1.5 x cir)/8
be = 2 x bc
This would mean the following recommended configuration for the rate limit command:
rate-limit output access-group 192 496000 93000 186000 conform-action permit exceed-action drop
Cheers:
Istvan
06-18-2009 12:31 AM
1. At first, I have requested for 500kbs, they why CIR is 496kbs ?
2. Bc will CIRx125ms, which is not 93000 ?
3. Why be = 2x bc
06-18-2009 03:37 AM
Hi Rupesh,
The following link will give some more explanations on rate-limiting and the recommended settings for bc and be.
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpolsh.html#wp1000920
Cheers:
Istvan
06-18-2009 06:45 AM
BTW, I wonder whether your requirement might be better provided by something like the "TCP Intercept" feature.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: