[cisco-nas] IP CEF Problem

Rommel Y. Catabian rommel.catabian at eaccelera.com
Mon Jan 26 05:51:33 EST 2004 

Hi,
I configured the rate-limit as advised but I exceeded (just now) the 2048000
limit.
Is there anything I missed in the configuration?

Regards,

Rommel

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
interface FastEthernet0/0
 description **Ethernet Connection to REACH**
 ip address 203.190.70.86 255.255.255.252
 ip nat outside
 rate-limit input 2048000 384000 768000 conform-action transmit
exceed-action drop
 rate-limit output 2048000 384000 768000 conform-action transmit
exceed-action drop
 no ip mroute-cache
 duplex auto
 speed auto
 fair-queue
 no cdp enable

FastEthernet0/0 is up, line protocol is up

  5 minute input rate 2076000 bits/sec, 564 packets/sec
  5 minute output rate 615000 bits/sec, 701 packets/sec
     80981176 packets input, 1042153441 bytes
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     9 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog



----- Original Message ----- 
From: "Pierre Nepveu" <pnepveu at videotron.net>
To: "Rommel Y. Catabian" <rommel.catabian at eaccelera.com>
Cc: <cisco-nas at puck.nether.net>
Sent: Sunday, January 25, 2004 3:46 AM
Subject: Re: [cisco-nas] IP CEF Problem


Rommel,

 >  rate-limit input 2048000 4000 4000 conform-action transmit exceed-action
drop

your values for burst and extended-burst are way too low and will result in
decreased actual thruput when the rate limiting kicks in. I have tested
different values and the Cisco recommended values really do work best.
| Cisco recommends the following values for the normal and extended burst
| parameters:
|
| normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds
| extended burst = 2 * normal burst

The above comes from the following document :
"Policing and Shaping Overview-Cisco IOS Software Releases 12.2 Mainline"
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800bd8ed.html

Using the Cisco recommended values, your config should be :

 rate-limit input  2048000 384000 768000 conform-action transmit
exceed-action drop
 rate-limit output 2048000 384000 768000 conform-action transmit
exceed-action drop

HTH,

-------------------------------------------------------------------
Pierre Nepveu, CCNP                    tel: +1 514.380-4289
Administrateur de reseau                    +1 888.INFOVTL x 4289
Ingenierie / Acces Internet            fax: +1 514 899-8452
Videotron Telecom Ltee (VTL) - Montreal (Quebec), Canada
-------------------------------------------------------------------


Le 2004-01-24 à 12:31, Gert Doering a écrit:

GD> Hi,
GD>
GD> On Sat, Jan 24, 2004 at 07:28:05PM +0800, Rommel Y. Catabian wrote:
GD> > As i read it, i need to enable "IP CEF" on the router (Cisco3660)
which also
GD> > double as a Remote Access Server, to make rate-limiting work. However,
GD> > the problem is our dial-up connections become slower when I enable ip
cef.
GD>
GD> CEF is not required for rate-limiting.
GD>
GD> > CISCO-3660-NAS2#sh version
GD> > Cisco Internetwork Operating System Software
GD> > IOS (tm) 3600 Software (C3660-IS-M), Version 12.2(2)T4,  RELEASE
SOFTWARE
GD> > (fc3)
GD>
GD> ... but this is something you might want to upgrade anyway.  It's "T",
and
GD> the number in brackets is way too low...  there is at least one serious
GD> security vulnerability in this IOS version, which entitles you to a free
GD> upgrade.
GD>
GD> > interface FastEthernet0/0
GD> >  description **UPLINK CONNECTION**
GD> >  ip address 203.190.xx.xx 255.255.255.252
GD> >  ip nat outside
GD> >  rate-limit input 2048000 4000 4000 conform-action transmit
exceed-action drop
GD>
GD> Why *input*?
GD>
GD> You want to do traffic-shaping for *output*.
GD>
GD> (Also, traffic-shaping is more gentle to the packets than
rate-limiting).
GD>
GD> gert
GD>
GD> -- 
GD> USENET is *not* the non-clickable part of WWW!
GD>
//www.muc.de/~gert/
GD> Gert Doering - Munich, Germany
gert at greenie.muc.de
GD> fax: +49-89-35655025
gert at net.informatik.tu-muenchen.de
GD> _______________________________________________
GD> cisco-nas mailing list
GD> cisco-nas at puck.nether.net
GD> https://puck.nether.net/mailman/listinfo/cisco-nas
GD>

More information about the cisco-nas mailing list