[cisco-nas] IP CEF Problem

Rommel Y. Catabian rommel.catabian at eaccelera.com
Mon Jan 26 00:31:24 EST 2004 

To Pierre Nepveu and Gert Doering,
Just want to thank you for the information you provided. Have already
configured our router and so far we have not exceeded our rate limit.
Regards,

Rommel Y. Catabian
Eaccelera, Incorporated
Unit D, 34F Tower 2, RCBC Plaza
6819 Ayala Ave. cor. G. Puyat Ave.
Makati City, 1226 Philippines

Email   : rommel.catabian at eaccelera.com
Tel. No.: +632-7574715 or +632-7535000 local 406
Fax No.: +632-753-5013

Website: www.eaccelera.com

----- Original Message ----- 
From: "Pierre Nepveu" <pnepveu at videotron.net>
To: "Rommel Y. Catabian" <rommel.catabian at eaccelera.com>
Cc: <cisco-nas at puck.nether.net>
Sent: Sunday, January 25, 2004 3:46 AM
Subject: Re: [cisco-nas] IP CEF Problem


Rommel,

 >  rate-limit input 2048000 4000 4000 conform-action transmit exceed-action
drop

your values for burst and extended-burst are way too low and will result in
decreased actual thruput when the rate limiting kicks in. I have tested
different values and the Cisco recommended values really do work best.
| Cisco recommends the following values for the normal and extended burst
| parameters:
|
| normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds
| extended burst = 2 * normal burst

The above comes from the following document :
"Policing and Shaping Overview-Cisco IOS Software Releases 12.2 Mainline"
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800bd8ed.html

Using the Cisco recommended values, your config should be :

 rate-limit input  2048000 384000 768000 conform-action transmit
exceed-action drop
 rate-limit output 2048000 384000 768000 conform-action transmit
exceed-action drop

HTH,

-------------------------------------------------------------------
Pierre Nepveu, CCNP                    tel: +1 514.380-4289
Administrateur de reseau                    +1 888.INFOVTL x 4289
Ingenierie / Acces Internet            fax: +1 514 899-8452
Videotron Telecom Ltee (VTL) - Montreal (Quebec), Canada
-------------------------------------------------------------------


Le 2004-01-24 à 12:31, Gert Doering a écrit:

GD> Hi,
GD>
GD> On Sat, Jan 24, 2004 at 07:28:05PM +0800, Rommel Y. Catabian wrote:
GD> > As i read it, i need to enable "IP CEF" on the router (Cisco3660)
which also
GD> > double as a Remote Access Server, to make rate-limiting work. However,
GD> > the problem is our dial-up connections become slower when I enable ip
cef.
GD>
GD> CEF is not required for rate-limiting.
GD>
GD> > CISCO-3660-NAS2#sh version
GD> > Cisco Internetwork Operating System Software
GD> > IOS (tm) 3600 Software (C3660-IS-M), Version 12.2(2)T4,  RELEASE
SOFTWARE
GD> > (fc3)
GD>
GD> ... but this is something you might want to upgrade anyway.  It's "T",
and
GD> the number in brackets is way too low...  there is at least one serious
GD> security vulnerability in this IOS version, which entitles you to a free
GD> upgrade.
GD>
GD> > interface FastEthernet0/0
GD> >  description **UPLINK CONNECTION**
GD> >  ip address 203.190.xx.xx 255.255.255.252
GD> >  ip nat outside
GD> >  rate-limit input 2048000 4000 4000 conform-action transmit
exceed-action drop
GD>
GD> Why *input*?
GD>
GD> You want to do traffic-shaping for *output*.
GD>
GD> (Also, traffic-shaping is more gentle to the packets than
rate-limiting).
GD>
GD> gert
GD>
GD> -- 
GD> USENET is *not* the non-clickable part of WWW!
GD>
//www.muc.de/~gert/
GD> Gert Doering - Munich, Germany
gert at greenie.muc.de
GD> fax: +49-89-35655025
gert at net.informatik.tu-muenchen.de
GD> _______________________________________________
GD> cisco-nas mailing list
GD> cisco-nas at puck.nether.net
GD> https://puck.nether.net/mailman/listinfo/cisco-nas
GD>

More information about the cisco-nas mailing list