[cisco-nas] IP CEF Problem

Pierre Nepveu pnepveu at videotron.net
Sat Jan 24 14:46:14 EST 2004 

Rommel,

 >  rate-limit input 2048000 4000 4000 conform-action transmit exceed-action drop

your values for burst and extended-burst are way too low and will result in
decreased actual thruput when the rate limiting kicks in. I have tested
different values and the Cisco recommended values really do work best.
| Cisco recommends the following values for the normal and extended burst
| parameters:
|
| normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds
| extended burst = 2 * normal burst

The above comes from the following document : 
"Policing and Shaping Overview-Cisco IOS Software Releases 12.2 Mainline"
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800bd8ed.html

Using the Cisco recommended values, your config should be :

 rate-limit input  2048000 384000 768000 conform-action transmit exceed-action drop
 rate-limit output 2048000 384000 768000 conform-action transmit exceed-action drop

HTH,

-------------------------------------------------------------------
Pierre Nepveu, CCNP                    tel: +1 514.380-4289 
Administrateur de reseau                    +1 888.INFOVTL x 4289
Ingenierie / Acces Internet            fax: +1 514 899-8452
Videotron Telecom Ltee (VTL) - Montreal (Quebec), Canada
-------------------------------------------------------------------


Le 2004-01-24 à 12:31, Gert Doering a écrit:

GD> Hi,
GD> 
GD> On Sat, Jan 24, 2004 at 07:28:05PM +0800, Rommel Y. Catabian wrote:
GD> > As i read it, i need to enable "IP CEF" on the router (Cisco3660) which also 
GD> > double as a Remote Access Server, to make rate-limiting work. However, 
GD> > the problem is our dial-up connections become slower when I enable ip cef. 
GD> 
GD> CEF is not required for rate-limiting.
GD> 
GD> > CISCO-3660-NAS2#sh version
GD> > Cisco Internetwork Operating System Software
GD> > IOS (tm) 3600 Software (C3660-IS-M), Version 12.2(2)T4,  RELEASE SOFTWARE 
GD> > (fc3)
GD> 
GD> ... but this is something you might want to upgrade anyway.  It's "T", and
GD> the number in brackets is way too low...  there is at least one serious
GD> security vulnerability in this IOS version, which entitles you to a free
GD> upgrade.
GD> 
GD> > interface FastEthernet0/0
GD> >  description **UPLINK CONNECTION**
GD> >  ip address 203.190.xx.xx 255.255.255.252
GD> >  ip nat outside
GD> >  rate-limit input 2048000 4000 4000 conform-action transmit exceed-action drop
GD> 
GD> Why *input*?
GD> 
GD> You want to do traffic-shaping for *output*.
GD> 
GD> (Also, traffic-shaping is more gentle to the packets than rate-limiting).
GD> 
GD> gert
GD> 
GD> -- 
GD> USENET is *not* the non-clickable part of WWW!
GD>                                                            //www.muc.de/~gert/
GD> Gert Doering - Munich, Germany                             gert at greenie.muc.de
GD> fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
GD> _______________________________________________
GD> cisco-nas mailing list
GD> cisco-nas at puck.nether.net
GD> https://puck.nether.net/mailman/listinfo/cisco-nas
GD>

More information about the cisco-nas mailing list