[cisco-nas] IP CEF Problem

Alexey G Misurenko mag at caravan.ru
Mon Jan 26 06:01:27 EST 2004 

On Mon, 26 Jan 2004 18:51:33 +0800
"Rommel Y. Catabian" <rommel.catabian at eaccelera.com> wrote:

> Hi,
> I configured the rate-limit as advised but I exceeded (just now) the 2048000
> limit.
> Is there anything I missed in the configuration?

show interface ...

show you statistics before the traffic is shaped or rate-limited.

> 
> Regards,
> 
> Rommel
> 
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> interface FastEthernet0/0
>  description **Ethernet Connection to REACH**
>  ip address 203.190.70.86 255.255.255.252
>  ip nat outside
>  rate-limit input 2048000 384000 768000 conform-action transmit
> exceed-action drop
>  rate-limit output 2048000 384000 768000 conform-action transmit
> exceed-action drop
>  no ip mroute-cache
>  duplex auto
>  speed auto
>  fair-queue
>  no cdp enable
> 
> FastEthernet0/0 is up, line protocol is up
> 
>   5 minute input rate 2076000 bits/sec, 564 packets/sec
>   5 minute output rate 615000 bits/sec, 701 packets/sec
>      80981176 packets input, 1042153441 bytes
>      Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
>      9 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
>      0 watchdog
> 
> 
> 
> ----- Original Message ----- 
> From: "Pierre Nepveu" <pnepveu at videotron.net>
> To: "Rommel Y. Catabian" <rommel.catabian at eaccelera.com>
> Cc: <cisco-nas at puck.nether.net>
> Sent: Sunday, January 25, 2004 3:46 AM
> Subject: Re: [cisco-nas] IP CEF Problem
> 
> 
> Rommel,
> 
>  >  rate-limit input 2048000 4000 4000 conform-action transmit exceed-action
> drop
> 
> your values for burst and extended-burst are way too low and will result in
> decreased actual thruput when the rate limiting kicks in. I have tested
> different values and the Cisco recommended values really do work best.
> | Cisco recommends the following values for the normal and extended burst
> | parameters:
> |
> | normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds
> | extended burst = 2 * normal burst
> 
> The above comes from the following document :
> "Policing and Shaping Overview-Cisco IOS Software Releases 12.2 Mainline"
> http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800bd8ed.html
> 
> Using the Cisco recommended values, your config should be :
> 
>  rate-limit input  2048000 384000 768000 conform-action transmit
> exceed-action drop
>  rate-limit output 2048000 384000 768000 conform-action transmit
> exceed-action drop
> 
> HTH,
> 
> -------------------------------------------------------------------
> Pierre Nepveu, CCNP                    tel: +1 514.380-4289
> Administrateur de reseau                    +1 888.INFOVTL x 4289
> Ingenierie / Acces Internet            fax: +1 514 899-8452
> Videotron Telecom Ltee (VTL) - Montreal (Quebec), Canada
> -------------------------------------------------------------------
> 
> 
> Le 2004-01-24 Ю 12:31, Gert Doering a Иcrit:
> 
> GD> Hi,
> GD>
> GD> On Sat, Jan 24, 2004 at 07:28:05PM +0800, Rommel Y. Catabian wrote:
> GD> > As i read it, i need to enable "IP CEF" on the router (Cisco3660)
> which also
> GD> > double as a Remote Access Server, to make rate-limiting work. However,
> GD> > the problem is our dial-up connections become slower when I enable ip
> cef.
> GD>
> GD> CEF is not required for rate-limiting.
> GD>
> GD> > CISCO-3660-NAS2#sh version
> GD> > Cisco Internetwork Operating System Software
> GD> > IOS (tm) 3600 Software (C3660-IS-M), Version 12.2(2)T4,  RELEASE
> SOFTWARE
> GD> > (fc3)
> GD>
> GD> ... but this is something you might want to upgrade anyway.  It's "T",
> and
> GD> the number in brackets is way too low...  there is at least one serious
> GD> security vulnerability in this IOS version, which entitles you to a free
> GD> upgrade.
> GD>
> GD> > interface FastEthernet0/0
> GD> >  description **UPLINK CONNECTION**
> GD> >  ip address 203.190.xx.xx 255.255.255.252
> GD> >  ip nat outside
> GD> >  rate-limit input 2048000 4000 4000 conform-action transmit
> exceed-action drop
> GD>
> GD> Why *input*?
> GD>
> GD> You want to do traffic-shaping for *output*.
> GD>
> GD> (Also, traffic-shaping is more gentle to the packets than
> rate-limiting).
> GD>
> GD> gert
> GD>
> GD> -- 
> GD> USENET is *not* the non-clickable part of WWW!
> GD>
> //www.muc.de/~gert/
> GD> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> GD> fax: +49-89-35655025
> gert at net.informatik.tu-muenchen.de
> GD> _______________________________________________
> GD> cisco-nas mailing list
> GD> cisco-nas at puck.nether.net
> GD> https://puck.nether.net/mailman/listinfo/cisco-nas
> GD>
> 
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas


-- 
WBR,   Alexey G Misurenko ( MAG-RIPE | MMAGG-RIPN )
CTO of Caravan ISP            http://www.caravan.ru
Phone: +7 095 3632252         Cell:  +7 903 7450163

More information about the cisco-nas mailing list