[c-nsp] Rate-Limit Problem

Andy Dills andy at xecu.net
Thu Dec 20 16:15:15 EST 2007



On Thu, 20 Dec 2007, Paul Stewart wrote:

> Can anyone tell me why this doesn't work?  We have this implemented in
> dozens of other locations and it works fine...

>  rate-limit input 4200000 2100 2100 conform-action transmit exceed-action
> drop

Your burst buckets are too small.

The general formula you will find to yield the desired bandwidth is:

rate limit <direction> A B C conform-action transmit exceed-action drop

A: Your desired bps
B: 1.5*A/8
C: 2*B

What's happening is you don't allow enough burst, which causes severe TCP 
sawtoothing (where it drops several packets at the max bps, and which then 
causes a fresh slow start, thus making a sawtooth pattern on a graph).

It seems somewhat counterintuitive to allow so much burst, but once you 
configure it and try it out you will probably find it does what you want, 
and under load testing you'll see a nice line on the graph at the desired 
rate.

Andy


---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---


More information about the cisco-nsp mailing list