[nsp] Interpreting CAR stats

From: Charles Sprickman (spork@inch.com)
Date: Thu Dec 20 2001 - 17:38:55 EST


Hi,

I'm playing around with the following, based on the "secure IOS
template"...

An access list to match udp:

access-list 150 remark car-udp acl
access-list 150 permit udp any any

And apply it to an internet-facing interface:

rate-limit input access-group 150 8000000 1000000 1000000 conform-action
transmit exceed-action drop

Which, if I read this right, means any udp traffic sustained at over 8Mb/s
will be dropped.

If I look at "sh in rate-limit":

  Input
    matches: access-group 150
      params: 8000000 bps, 1000000 limit, 1000000 extended limit
      conformed 5103721 packets, 1642M bytes; action: transmit
      exceeded 1532 packets, 2053547 bytes; action: drop
      last packet: 0ms ago, current burst: 120 bytes
      last cleared 00:51:35 ago, conformed 4244000 bps, exceeded 5000 bps

Which seems to be saying that it's dropping some udp traffic. This
interface has nowhere near 8mb/s of TOTAL traffic...

Where am I going wrong?

Thanks,

Charles

| Charles Sprickman | Internet Channel
| INCH System Administration Team | (212)243-5200
| spork@inch.com | access@inch.com



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:58 EDT