We have a partial DS3 circuit that is 18Mb. We have four facilities that connect through an IPSEC connection on this DS3. Three of these facilities just connect to us for green screen however yesterday our forth facility maxxed out the connection so I want to put a rate limit their connection.
I am looking to put a cap of 14Mb, this will keep 4Mb free while also triggering the 75% utilization alert should the main facility be maxing out their rate-limit. I believe this command should perform the actions that I require:
rate-limit input 10000 2000 4000 conform-action transmit exceed-action drop
rate-limit output 10000 2000 4000 conform-action transmit exceed-action drop
Should be ~10Mb normal bandwidth, burstable to ~12Mb and cap at ~14Mb. Does this command look correct?
Thank you for your time.
be aware that rate is expressed in bps so 10000 means only 10 Kbps.
see command reference
you should use
rate-limit output 14000000 2625000 5250000 conform-action transmit exceed-action drop
the recommended rules to dimension buffers are:
normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds
extended burst = 2 * normal burst
However, you could consider a less aggressive policy that is to use outbound shaping.
shape average 14000000
! here rate is in bps
Hope to help