[cisco-nas] IP CEF Problem

Rommel Y. Catabian rommel.catabian at eaccelera.com
Mon Jan 26 06:22:40 EST 2004 

sh int

FastEthernet0/0 is up, line protocol is up
  Hardware is AmdFE, address is 0002.1633.cae0 (bia 0002.1633.cae0)
  Description: **Ethernet Connection to REACH**
  Internet address is XXX.XXX.XX.XX/30
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 13/255, rxload 43/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 10Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters 2d07h
  Input queue: 0/75/1804/0 (size/max/drops/flushes); Total output drops:
15174
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/12053 (size/max total/threshold/drops)
     Conversations  0/137/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 7500 kilobits/sec
  5 minute input rate 1723000 bits/sec, 539 packets/sec
  5 minute output rate 549000 bits/sec, 682 packets/sec
     82781107 packets input, 1827036560 bytes
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     9 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     94610245 packets output, 2867376056 bytes, 0
underruns(4896050/5562882/1)
     1 output errors, 10458933 collisions, 1 interface resets
     0 babbles, 0 late collision, 4766557 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

Thank you.

Rommel Y. Catabian
Eaccelera, Incorporated
Unit D, 34F Tower 2, RCBC Plaza
6819 Ayala Ave. cor. G. Puyat Ave.
Makati City, 1226 Philippines

Email   : rommel.catabian at eaccelera.com
Tel. No.: +632-7574715 or +632-7535000 local 406
Fax No.: +632-753-5013

Website: www.eaccelera.com

----- Original Message ----- 
From: "Alexey G Misurenko" <mag at caravan.ru>
To: <cisco-nas at puck.nether.net>
Sent: Monday, January 26, 2004 7:01 PM
Subject: Re: [cisco-nas] IP CEF Problem


> On Mon, 26 Jan 2004 18:51:33 +0800
> "Rommel Y. Catabian" <rommel.catabian at eaccelera.com> wrote:
>
> > Hi,
> > I configured the rate-limit as advised but I exceeded (just now) the
2048000
> > limit.
> > Is there anything I missed in the configuration?
>
> show interface ...
>
> show you statistics before the traffic is shaped or rate-limited.
>
> >
> > Regards,
> >
> > Rommel
> >
> > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> > interface FastEthernet0/0
> >  description **Ethernet Connection to REACH**
> >  ip address 203.190.70.86 255.255.255.252
> >  ip nat outside
> >  rate-limit input 2048000 384000 768000 conform-action transmit
> > exceed-action drop
> >  rate-limit output 2048000 384000 768000 conform-action transmit
> > exceed-action drop
> >  no ip mroute-cache
> >  duplex auto
> >  speed auto
> >  fair-queue
> >  no cdp enable
> >
> > FastEthernet0/0 is up, line protocol is up
> >
> >   5 minute input rate 2076000 bits/sec, 564 packets/sec
> >   5 minute output rate 615000 bits/sec, 701 packets/sec
> >      80981176 packets input, 1042153441 bytes
> >      Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
> >      9 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
> >      0 watchdog
> >
> >
> >
> > ----- Original Message ----- 
> > From: "Pierre Nepveu" <pnepveu at videotron.net>
> > To: "Rommel Y. Catabian" <rommel.catabian at eaccelera.com>
> > Cc: <cisco-nas at puck.nether.net>
> > Sent: Sunday, January 25, 2004 3:46 AM
> > Subject: Re: [cisco-nas] IP CEF Problem
> >
> >
> > Rommel,
> >
> >  >  rate-limit input 2048000 4000 4000 conform-action transmit
exceed-action
> > drop
> >
> > your values for burst and extended-burst are way too low and will result
in
> > decreased actual thruput when the rate limiting kicks in. I have tested
> > different values and the Cisco recommended values really do work best.
> > | Cisco recommends the following values for the normal and extended
burst
> > | parameters:
> > |
> > | normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds
> > | extended burst = 2 * normal burst
> >
> > The above comes from the following document :
> > "Policing and Shaping Overview-Cisco IOS Software Releases 12.2
Mainline"
> >
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800bd8ed.html
> >
> > Using the Cisco recommended values, your config should be :
> >
> >  rate-limit input  2048000 384000 768000 conform-action transmit
> > exceed-action drop
> >  rate-limit output 2048000 384000 768000 conform-action transmit
> > exceed-action drop
> >
> > HTH,
> >
> > -------------------------------------------------------------------
> > Pierre Nepveu, CCNP                    tel: +1 514.380-4289
> > Administrateur de reseau                    +1 888.INFOVTL x 4289
> > Ingenierie / Acces Internet            fax: +1 514 899-8452
> > Videotron Telecom Ltee (VTL) - Montreal (Quebec), Canada
> > -------------------------------------------------------------------
> >
> >
> > Le 2004-01-24 Ю 12:31, Gert Doering a Иcrit:
> >
> > GD> Hi,
> > GD>
> > GD> On Sat, Jan 24, 2004 at 07:28:05PM +0800, Rommel Y. Catabian wrote:
> > GD> > As i read it, i need to enable "IP CEF" on the router (Cisco3660)
> > which also
> > GD> > double as a Remote Access Server, to make rate-limiting work.
However,
> > GD> > the problem is our dial-up connections become slower when I enable
ip
> > cef.
> > GD>
> > GD> CEF is not required for rate-limiting.
> > GD>
> > GD> > CISCO-3660-NAS2#sh version
> > GD> > Cisco Internetwork Operating System Software
> > GD> > IOS (tm) 3600 Software (C3660-IS-M), Version 12.2(2)T4,  RELEASE
> > SOFTWARE
> > GD> > (fc3)
> > GD>
> > GD> ... but this is something you might want to upgrade anyway.  It's
"T",
> > and
> > GD> the number in brackets is way too low...  there is at least one
serious
> > GD> security vulnerability in this IOS version, which entitles you to a
free
> > GD> upgrade.
> > GD>
> > GD> > interface FastEthernet0/0
> > GD> >  description **UPLINK CONNECTION**
> > GD> >  ip address 203.190.xx.xx 255.255.255.252
> > GD> >  ip nat outside
> > GD> >  rate-limit input 2048000 4000 4000 conform-action transmit
> > exceed-action drop
> > GD>
> > GD> Why *input*?
> > GD>
> > GD> You want to do traffic-shaping for *output*.
> > GD>
> > GD> (Also, traffic-shaping is more gentle to the packets than
> > rate-limiting).
> > GD>
> > GD> gert
> > GD>
> > GD> -- 
> > GD> USENET is *not* the non-clickable part of WWW!
> > GD>
> > //www.muc.de/~gert/
> > GD> Gert Doering - Munich, Germany
> > gert at greenie.muc.de
> > GD> fax: +49-89-35655025
> > gert at net.informatik.tu-muenchen.de
> > GD> _______________________________________________
> > GD> cisco-nas mailing list
> > GD> cisco-nas at puck.nether.net
> > GD> https://puck.nether.net/mailman/listinfo/cisco-nas
> > GD>
> >
> > _______________________________________________
> > cisco-nas mailing list
> > cisco-nas at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nas
>
>
> -- 
> WBR,   Alexey G Misurenko ( MAG-RIPE | MMAGG-RIPN )
> CTO of Caravan ISP            http://www.caravan.ru
> Phone: +7 095 3632252         Cell:  +7 903 7450163
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas

More information about the cisco-nas mailing list