×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco 7206VXR rate-limit not working

Unanswered Question
Aug 21st, 2013
User Badges:
  • Bronze, 100 points or more

Hi,


I've Cisco 7206 VXR with IOS "c7200p-advipservicesk9_li-mz.124-15.T3.bin". We have MPLS connections terminated with the VLANS on the fiber gig port. I've applied rate-limit for inbound/outgoing traffic not to exceed certain limit.


But, still I'm seeing traffic is going more than the applied limit.


Ex: This 8MB rate limit applied on subinterface

rate-limit input 8384000 12800 12800 conform-action transmit exceed-action drop


Does anyone has any idea?


Thanks,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Lei Tian Wed, 08/21/2013 - 04:49
User Badges:
  • Cisco Employee,

Hi,

What's the output of 'show interface rate-limit'? Instead of CAR, shaping is used more often on CE. Any reason you prefer CAR over shaping?

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

aijaz802 Wed, 08/21/2013 - 05:27
User Badges:
  • Bronze, 100 points or more

Hi,


Thanks for the response. I want to restrict both inbound and outbound, thats the reason using the CAR.


The output is as below.


GigabitEthernet0/2.106 xxx Company 8Mbps

  Input

    matches: all traffic

      params:  8384000 bps, 4192 limit, 4192 extended limit

      conformed 3400147 packets, 344625643 bytes; action: transmit

      exceeded 509285 packets, 301767312 bytes; action: drop

      last packet: 4ms ago, current burst: 66 bytes

      last cleared 01:32:43 ago, conformed 495000 bps, exceeded 433000 bps

  Output

    matches: all traffic

      params:  8384000 bps, 4192 limit, 4192 extended limit

      conformed 2338356 packets, 483254441 bytes; action: transmit

      exceeded 257774 packets, 100000671 bytes; action: drop

      last packet: 8ms ago, current burst: 1518 bytes

      last cleared 01:31:34 ago, conformed 703000 bps, exceeded 145000 bps

Lei Tian Thu, 08/22/2013 - 03:24
User Badges:
  • Cisco Employee,

Hi,
Looks like the CAR is dropping exceed packets, why do you think it is not working?

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

aijaz802 Thu, 08/22/2013 - 04:37
User Badges:
  • Bronze, 100 points or more

Hi,


Sometimes due to malware/virus activity there is lot of burst in the traffic which is recorded by the SNMP/MRTG monitors. Which is exceeding (going over 20MBPS) what is configured on the interface. Also the CPU usage was drastically increasing during the traffic floodings.


Ex: below see the exceeding value.


GigabitEthernet0/2.106 XXX Company 8Mbps

  Input

    matches: all traffic

      params:  8384000 bps, 4192 limit, 4192 extended limit

      conformed 31582020 packets, 4706M bytes; action: transmit

      exceeded 15257155 packets, 10113M bytes; action: drop

      last packet: 252ms ago, current burst: 0 bytes

      last cleared 20:16:59 ago, conformed 515000 bps, exceeded 1108000 bps

  Output

    matches: all traffic

      params:  8384000 bps, 4192 limit, 4192 extended limit

      conformed 16301291 packets, 2979M bytes; action: transmit

      exceeded 3877345 packets, 882109946 bytes; action: drop

      last packet: 376ms ago, current burst: 0 bytes

      last cleared 20:15:50 ago, conformed 326000 bps, exceeded 96000 bps



Is there any other way to stop this kind of flooding which is causing high cpu/mem and B/W utilization.


Thanks,

Lei Tian Fri, 08/23/2013 - 03:41
User Badges:
  • Cisco Employee,

Hi,


CAR is doing its job. You might want talk to the provider see what service they can provide to block the abnormal traffic rate on their end. If no luck, you can consider platform that can do inbound policing in hardware and can do CoPP to protect CPU.


HTH,

Lei Tian

Actions

This Discussion

Related Content