[c-nsp] access-list speed limiting.

Richey mylists at battleop.com
Mon May 19 11:42:56 EDT 2008 

Thanks for all of the suggestions.  One thing I see is when someone ask for
help and they report back that it's fixed but they don't say what they ended
up doing to fix the problem.

So here is what seems to work.

I threw out the following:

rate-limit input access-group 150 3000000 16000 24000 conform-action
transmit exceed-action drop
rate-limit output access-group 150 3000000 16000 24000 conform-action
transmit exceed-action drop

Then I added:

traffic-shape group 150 3000000 75000 75000 1000

then in my access-list I added:

access-list 150 permit ip x.x.10.71 host any

in addition to:

access-list 150 permit ip host x.x.10.71 any


Now the bandwidth hogs are at the 3Mb they are paying for and the sales guys
have stopped knocking on my door.  Thanks for the help

Richey



-----Original Message-----
From: Mike Louis [mailto:MLouis at nwnit.com] 
Sent: Monday, May 19, 2008 9:05 AM
To: Lincoln Dale; Richey
Cc: cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] access-list speed limiting.

I had this problem with policing using the standard MQC in 3550s. I had to
adjust the burst size until I got the speed that I wanted. Burst size
greatly affects overall throughput you can achieve. You need to figure out
your throughput, say 3000000 and divide that by your policing interval,
can't recall what it is for CAR but lets say its 1/100, and you get 30000
bits per interval. You may have to convert that to bytes so divide by 8 and
you get your burst size for that data rate.

HTH

mike

CCO has some write ups on policing and intervals. Do a search for "leaky
bucket".


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Lincoln Dale
Sent: Monday, May 19, 2008 7:23 AM
To: Richey
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] access-list speed limiting.



Richey wrote:
> I am trying to limit them to 3Mb down 3Mb up.    When I am testing I am
> seeing full speed both directions.  I did have some success by changing my
> access-list 150 permit ip host x.x.10.71 any to access-list 150 permit ip
> any host x.x.10.71
you will need BOTH of the above if you want to enforce both directions.
>  but I end up with about 1Mb of traffic instead of 3Mb.
>
that is about right.
policing compared to shaping, see
http://www.cisco.com/warp/public/105/policevsshape.html



cheers,

lincoln.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


Note: This message and any attachments is intended solely for the use of the
individual or entity to which it is addressed and may contain information
that is non-public, proprietary, legally privileged, confidential, and/or
exempt from disclosure.  If you are not the intended recipient, you are
hereby notified that any use, dissemination, distribution, or copying of
this communication is strictly prohibited.  If you have received this
communication in error, please notify the original sender immediately by
telephone or return email and destroy or delete this message along with any
attachments immediately.

More information about the cisco-nsp mailing list