cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7105
Views
0
Helpful
5
Replies

Rate-limit CIR/bc/be Confusion

Rupesh Kashyap
Level 1
Level 1

Hi, I have to limit WWW Syn packet to 500Kbs. I am confused by CIR, be & be has been choosen like following --

access-list 192 permit tcp any any eq www sync

int f0/1

rate-limit output access-group 192 496000 4000 4000 conform-action permit exceed-action drop

5 Replies 5

andrew.prince
Level 10
Level 10

The recommended be values are 2 x the CIR - otherwise you run the risk of global sync.

HTH>

Istvan_Rabai
Level 7
Level 7

Hi Rupesh,

Don't forget the following:

496000 means cir in bits per second (bps).

4000 means bc and be in BYTES.

For rate limiting the recommended values for bc and be are the following:

bc = (1.5 x cir)/8

be = 2 x bc

This would mean the following recommended configuration for the rate limit command:

rate-limit output access-group 192 496000 93000 186000 conform-action permit exceed-action drop

Cheers:

Istvan

1. At first, I have requested for 500kbs, they why CIR is 496kbs ?

2. Bc will CIRx125ms, which is not 93000 ?

3. Why be = 2x bc

Hi Rupesh,

The following link will give some more explanations on rate-limiting and the recommended settings for bc and be.

http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpolsh.html#wp1000920

Cheers:

Istvan

Joseph W. Doherty
Hall of Fame
Hall of Fame

BTW, I wonder whether your requirement might be better provided by something like the "TCP Intercept" feature.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: