[c-nsp] rate limiting newbie question

Fredrik.Jacobsson at enskilda.se Fredrik.Jacobsson at enskilda.se
Thu Apr 20 07:26:25 EDT 2006 

Again - thank you for the pointer, Oliver.

I have another question :)

Over this new ethernet-based connection will we tunnel all our traffic in
GRE-tunnels.
It will be ipsec-encrypted using transport mode.
(using "crypto map" instead of "tunnel protection" since we want to use gre
keepalives on ethernet-interfaces)
The policy-map from the earlier discussion will be applied to the physical
interface and we'd do a "qos pre-classify" on the tunnel-interface.

Now...as we dont want our routers to need to do fragmentation we add "ip tcp
adjust-mss" (to handle TCP) and lower the mtu (for UDP) on the
tunnel-interface.

Once apon a few years ago, we did a combo of calculations and tries to find
a good level on mtu and mss-adjust levels.
Sad to say I dont have a clue on how we got the values we're using today..

We're using:
 ip mtu 1422
 ip tcp adjust-mss 1382

I've tried to read up on it on cisco.com but had troubles finding exact
data, for gre and ipsec with transport mode.
For this connection we can get through with (extended pinging df-bit set)
1500 bytes.

How would you set the mtu/mss values? And how did you get there? :)

Many thanks
/Fredrik Jacobsson




-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com] 
Sent: den 13 april 2006 14:12
To: Fredrik.Jacobsson at enskilda.se; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] rate limiting newbie question

Fredrik.Jacobsson at enskilda.se <> wrote on Thursday, April 13, 2006 2:04
PM:

> Hi!
> 
> I (customer) have a ip-vpn service provided dropping off an ethernet
> interface.
> The service is for 8 Mbit/s.
> 
> Obviously I want to send my packets in a controlled behaviour and do
> queuing myself to prioritize some packets in front of other so no
> congestion 
> occurs at the service provider routers.
> 
> Today I have this on my old link, a serial interface: (on a
> 2800-router 
> running 12.4)
> 
> policy-map mypolicy
>  class voip
>   pri 72
>  class business-critical
>   band 1024
>  class class-default
>   fair-queue
> 
> Now I also need to make sure that the maximum bandwidth for entire
> policy doesn't exceed 8192 kbps.
> Do I really need to set a shape/police for each class? I don't want
> to limit a class...but the entire interface speed.

policy-map parent
 shape average 8192000
 service-policy mypolicy
!
int fastethernet0
 service-policy output parent

will do the trick..

	oli

P.S: Check the archives, this topic has come up quite frequently
lately..


**********************************************************************************************************************
Confidentiality Notice

The content of this message, including attachments, is intended for the confidential use of the individual(s) or entity(-ies) to whom it is addressed only and may contain personal and/or confidential information. Please notify the sender immediately by returning this message if you are not the intended recipient. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that reading, duplicating, or in any way disseminating its content to any other person, is strictly prohibited.

If the content of this message, including attachments, includes an offer to provide any service or product, an offer or a solicitation of an offer to buy or sell any securities or any other investment product, please refer to the disclaimer on www.enskilda.se, which applies also to the content of this message. Any such transaction will also be subject to any other Terms of Business currently in place between us.

If you are a client of Enskilda Securities with access to Enskilda Research Online and this message contains a research report or the content of this message, including attachments, may be regarded as an advice in relation to companies or securities, please refer to the general and company specific disclaimers, respectively, on Enskilda Research Online.
**********************************************************************************************************************

More information about the cisco-nsp mailing list