Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
5
Helpful
2
Replies

Using multiple Committed Access Rate statements on 1 interface.

Go to solution
alalli
Level 2
Level 2

‎01-30-2006 09:51 PM - edited ‎03-03-2019 11:36 AM

Good Day All,

I hope to be able to rate-limit certain hosts on the input and output of an Internet connection to 1Meg. bps with the ability to burst to 2Meg. bps.

I would like all other hosts on the network to share the bandwidth on the Internet connection.

Please find a basic config. I hope to do something very similar to this example.

access-list 101 permit ip host 192.168.1.1 any

access-list 101 permit ip any host 192.168.1.1

access-list 102 permit ip host 192.168.1.2 any

access-list 102 permit ip any host 192.168.1.2

interface Ethernet0

rate-limit input access-group 101 1024000 103000 206000 conform-action transmit exceed-action drop

rate-limit input access-group 102 1024000 103000 206000 conform-action transmit exceed-action drop

rate-limit output access-group 101 1024000 103000 206000 conform-action transmit exceed-action drop

rate-limit output access-group 102 1024000 103000 206000 conform-action transmit exceed-action drop

Burst Normal in bytes:

1024000/8=103000

Burst Max in Bytes

2048000/8=206000

I have a couple of questions please about this.

Questions:

1. Does this configuration look reasonable to achieve these goals?

2. I read somewhere that if traffic is not matched by a rate-limit that it is transmitted anyway. Can anyone please confirm this?

I will be running this on a 7204 router that has a average CPU usage of 4-7 percent and low memory used.

Thank you so much for any help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pkhatri
Level 11
Level 11

‎01-30-2006 10:07 PM

Hi,

The config you have got will mostly work. Here are a few comments though:

- CAR is a single-rate policer. Therefore, you can achieve the aim of limiting traffic to 1Mbps using CAR. However, you cannot achieve a precise peak rate of 2Mpbs despite configuring the excess burst size to be twice the normal burst size. However, the config you have will give you performance reasonably close to what you are after.

All traffic that is not matched by the rate-limit statements will NOT be policed. If you want traffic not matching the above two rate-limit statements to be rate-limited to some other value, configure the following:

rate-limit input/output 2000000 conform-action transmit exceed-action drop

(This will be a catch-all since no access-group is specified).

Alternatively, you can drop all traffic that does not match ACL 101 or 102:

rate-limit input/output 2000000 conform-action drop exceed-action drop

Hope that helps - pls rate the post if it does.

Paresh

View solution in original post

0 Helpful
2 Replies 2

Go to solution
pkhatri
Level 11
Level 11

‎01-30-2006 10:07 PM

Hi,

The config you have got will mostly work. Here are a few comments though:

- CAR is a single-rate policer. Therefore, you can achieve the aim of limiting traffic to 1Mbps using CAR. However, you cannot achieve a precise peak rate of 2Mpbs despite configuring the excess burst size to be twice the normal burst size. However, the config you have will give you performance reasonably close to what you are after.

All traffic that is not matched by the rate-limit statements will NOT be policed. If you want traffic not matching the above two rate-limit statements to be rate-limited to some other value, configure the following:

rate-limit input/output 2000000 conform-action transmit exceed-action drop

(This will be a catch-all since no access-group is specified).

Alternatively, you can drop all traffic that does not match ACL 101 or 102:

rate-limit input/output 2000000 conform-action drop exceed-action drop

Hope that helps - pls rate the post if it does.

Paresh

0 Helpful

Go to solution
alalli
Level 2
Level 2
In response to pkhatri

‎01-30-2006 11:17 PM

Thanks mate :)!!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card