[nsp] Interpreting CAR stats

From: Charles Sprickman (spork@inch.com)
Date: Thu Dec 20 2001 - 17:38:55 EST

Next message: Khing Maung: "[nsp] Line Err Secs"
Previous message: Jason Mealins: "Re: [nsp] Compatible Fast Ethernet Module for 2651?"
Next in thread: Charles Sprickman: "[nsp] Interpreting CAR stats"
Maybe reply: Charles Sprickman: "[nsp] Interpreting CAR stats"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Hi,

I'm playing around with the following, based on the "secure IOS
template"...

An access list to match udp:

access-list 150 remark car-udp acl
access-list 150 permit udp any any

And apply it to an internet-facing interface:

rate-limit input access-group 150 8000000 1000000 1000000 conform-action
transmit exceed-action drop

Which, if I read this right, means any udp traffic sustained at over 8Mb/s
will be dropped.

If I look at "sh in rate-limit":

  Input
    matches: access-group 150
      params: 8000000 bps, 1000000 limit, 1000000 extended limit
      conformed 5103721 packets, 1642M bytes; action: transmit
      exceeded 1532 packets, 2053547 bytes; action: drop
      last packet: 0ms ago, current burst: 120 bytes
      last cleared 00:51:35 ago, conformed 4244000 bps, exceeded 5000 bps

Which seems to be saying that it's dropping some udp traffic. This
interface has nowhere near 8mb/s of TOTAL traffic...

Where am I going wrong?

Thanks,

Charles

Next message: Khing Maung: "[nsp] Line Err Secs"
Previous message: Jason Mealins: "Re: [nsp] Compatible Fast Ethernet Module for 2651?"
Next in thread: Charles Sprickman: "[nsp] Interpreting CAR stats"
Maybe reply: Charles Sprickman: "[nsp] Interpreting CAR stats"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:58 EDT