Re: Cisco 7206VXR rate-limit not working

aijaz802 · ‎08-21-2013

Hi,

I've Cisco 7206 VXR with IOS "c7200p-advipservicesk9_li-mz.124-15.T3.bin". We have MPLS connections terminated with the VLANS on the fiber gig port. I've applied rate-limit for inbound/outgoing traffic not to exceed certain limit.

But, still I'm seeing traffic is going more than the applied limit.

Ex: This 8MB rate limit applied on subinterface

rate-limit input 8384000 12800 12800 conform-action transmit exceed-action drop

Does anyone has any idea?

Thanks,

Lei Tian · ‎08-21-2013

Hi,

What's the output of 'show interface rate-limit'? Instead of CAR, shaping is used more often on CE. Any reason you prefer CAR over shaping?

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

aijaz802 · ‎08-21-2013

Hi,

Thanks for the response. I want to restrict both inbound and outbound, thats the reason using the CAR.

The output is as below.

GigabitEthernet0/2.106 xxx Company 8Mbps

Input

matches: all traffic

params: 8384000 bps, 4192 limit, 4192 extended limit

conformed 3400147 packets, 344625643 bytes; action: transmit

exceeded 509285 packets, 301767312 bytes; action: drop

last packet: 4ms ago, current burst: 66 bytes

last cleared 01:32:43 ago, conformed 495000 bps, exceeded 433000 bps

Output

matches: all traffic

params: 8384000 bps, 4192 limit, 4192 extended limit

conformed 2338356 packets, 483254441 bytes; action: transmit

exceeded 257774 packets, 100000671 bytes; action: drop

last packet: 8ms ago, current burst: 1518 bytes

last cleared 01:31:34 ago, conformed 703000 bps, exceeded 145000 bps

Lei Tian · ‎08-22-2013

Hi,
Looks like the CAR is dropping exceed packets, why do you think it is not working?

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

aijaz802 · ‎08-22-2013

Hi,

Sometimes due to malware/virus activity there is lot of burst in the traffic which is recorded by the SNMP/MRTG monitors. Which is exceeding (going over 20MBPS) what is configured on the interface. Also the CPU usage was drastically increasing during the traffic floodings.

Ex: below see the exceeding value.

GigabitEthernet0/2.106 XXX Company 8Mbps

Input

matches: all traffic

params: 8384000 bps, 4192 limit, 4192 extended limit

conformed 31582020 packets, 4706M bytes; action: transmit

exceeded 15257155 packets, 10113M bytes; action: drop

last packet: 252ms ago, current burst: 0 bytes

last cleared 20:16:59 ago, conformed 515000 bps, exceeded 1108000 bps

Output

matches: all traffic

params: 8384000 bps, 4192 limit, 4192 extended limit

conformed 16301291 packets, 2979M bytes; action: transmit

exceeded 3877345 packets, 882109946 bytes; action: drop

last packet: 376ms ago, current burst: 0 bytes

last cleared 20:15:50 ago, conformed 326000 bps, exceeded 96000 bps

Is there any other way to stop this kind of flooding which is causing high cpu/mem and B/W utilization.

Thanks,

Lei Tian · ‎08-23-2013

Hi,

CAR is doing its job. You might want talk to the provider see what service they can provide to block the abnormal traffic rate on their end. If no luck, you can consider platform that can do inbound policing in hardware and can do CoPP to protect CPU.

HTH,

Lei Tian