[c-nsp] Information on rate limit issue
Phil Mayers
p.mayers at imperial.ac.uk
Thu Jun 14 05:45:28 EDT 2007
Paul Schopis wrote:
> Siva, What I am referring to is a hardware limitation on the switch
> that does not allow one to set a proper burst size for above a
> certain rate-limit threshold. Off the top of my head it was ~30 Mbps.
> So anything below that is probably OK. There is a brief description
> at
> http://www.velocityreviews.com/forums/t30721-rate-limiting-with-3550-and-3750-troubles.html.
>
>
> I am only trying to get the specifics. In this write up one of the
> folks on the thread states that the 3750 has a 1 MB total burst
> capability which translates into a 15 Mbps TCP stream that could be
> supported.
A couple of years ago I successfully rate-limited our residences network
on a 3550 using an ingress of 40mbit/sec on the 100TX port facing the
resnet firewall, and an ingress of 65mbit/sec on the gigE port facing
our main core. The config did exactly what it said, and was trivially
obvious. From our SVN repo:
class-map match-all hor-inbound
description Traffic from halls (inbound to us)
match access-group name hor-inbound
class-map match-all hor-outbound
description Traffic to halls (outbound from us)
match access-group name hor-outbound
policy-map hor-inbound
class hor-inbound
police 40000000 2000000 exceed-action drop
policy-map limit-connections
class hor-outbound
police 65000000 2000000 exceed-action drop
interface FastEthernet0/10
description Halls firewall
switchport access vlan xxx
switchport mode access
switchport nonegotiate
service-policy input hor-inbound
interface GigabitEthernet0/1
description Link to core
switchport access vlan yyy
switchport mode access
switchport nonegotiate
service-policy input limit-connections
We didn't see the problem you're referring to. I have RRD graphs showing
the little blighters maxing the links at 40/65 while pulling torrents
and so forth (before we got the p2p under control).
More information about the cisco-nsp
mailing list