[c-nsp] Rate Limiting on Cisco ASR1006
manderson
chiefwfb at gmail.com
Thu Feb 10 13:11:49 EST 2011
class-map match-all rate-limit
match access-group name rate-limit-acl
!
policy-map rate-limit-pm
class rate-limit
shape average percent 50
This is what I use on my ASR
On Mon, Feb 7, 2011 at 10:00 AM, <cisco-nsp-request at puck.nether.net> wrote:
> Send cisco-nsp mailing list submissions to
> cisco-nsp at puck.nether.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> or, via email, send a message with subject or body 'help' to
> cisco-nsp-request at puck.nether.net
>
> You can reach the person managing the list at
> cisco-nsp-owner at puck.nether.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cisco-nsp digest..."
>
>
> Today's Topics:
>
> 1. Re: TTL not decrementing (MPLS, SXI, Sup720) (Manu Chao)
> 2. Re: TTL not decrementing (MPLS, SXI, Sup720) (Peter Rathlev)
> 3. Re: TTL not decrementing (MPLS, SXI, Sup720) (Daniel Dib)
> 4. Re: NTP Server Recommendation? (Daniska, Tomas)
> 5. Re: Tool to Calculate Rate Limits (Seth Mattinen)
> 6. Rate Limiting on Cisco ASR1006 (Righa Shake)
> 7. Re: Rate Limiting on Cisco ASR1006 (Piotr Wojciechowski)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 7 Feb 2011 15:09:03 +0100
> From: Manu Chao <linux.yahoo at gmail.com>
> To: Peter Rathlev <peter at rathlev.dk>
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] TTL not decrementing (MPLS, SXI, Sup720)
> Message-ID:
> <AANLkTimG0rSaD6WCA+akL9ifM3SLifS+KVpaYOi4om1t at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> If IP TTL propagation is disabled in your MPLS Core with the no mpls ip
> propagate-ttl command in global configuration mode, the TTL value is not
> copied in the IP header and on your end to end traceroute.
>
> R/
> Manu
>
> On Wed, Jan 26, 2011 at 9:51 PM, Peter Rathlev <peter at rathlev.dk> wrote:
>
> > On Wed, 2011-01-26 at 20:01 +0000, Phil Mayers wrote:
> > > There are some funny behaviours w.r.t traceroute under PFC-3B and
> > > earlier versions. Do you have a mix of PFC/DFC versions?
> >
> > Thanks for the tip. I looked more carefully at other devices and found
> > out that at least one other device behaves like this. And it's also
> > PFC3B with traffic exiting a CFC-equipped 6724-SFP, like this device.
> >
> > Other devices with PFC3C (i.e. VS-S720-10G) but similar CFC-equipped
> > cards haven't got the problem. And PFC3B-equipped cards where the
> > traffic arrives on DFC3C-equipped cards (WS-X6708-10GE) also haven't.
> >
> > > We see oddities routinely with penultimate hop popping and vrf
> aggregate
> > > labels, including the same behaviour you're seeing. I believe it's a
> > > hardware limitation.
> >
> > I guess we have to live with it then. At least the PFC3B based sups are
> > getting close to a well earned pension.
> >
> > If anyone would happen to know a work-around, even at the cost of
> > performance, I'd really like to hear about it. It's more than enough
> > trouble to explain traceroutes without this... :-)
> >
> > --
> > Peter
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 07 Feb 2011 15:16:30 +0100
> From: Peter Rathlev <peter at rathlev.dk>
> To: Manu Chao <linux.yahoo at gmail.com>
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] TTL not decrementing (MPLS, SXI, Sup720)
> Message-ID: <1297088190.29859.4.camel at abehat.dyn.net.rm.dk>
> Content-Type: text/plain; charset="UTF-8"
>
> Hi Manu,
>
> On Mon, 2011-02-07 at 15:09 +0100, Manu Chao wrote:
> > If IP TTL propagation is disabled in your MPLS Core with the no mpls
> > ip propagate-ttl command in global configuration mode, the TTL value
> > is not copied in the IP header and on your end to end traceroute.
>
> So you're saying it works as expected with "no mpls ip propagate-ttl"?
> That would be interesting.
>
> We currently use TTL propagation and we like it from a trouble shooting
> perspective. But we're also getting tired of people not able to
> interpret traceroutes, so we've thought about disabling it anyway.
>
> We've actually had a request where the users wanted us to "create a more
> direct route" because they saw "too many" hops in their traceroute. And
> I bet they're not willing to pay for a new stretch of glass...
>
> --
> Peter
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 7 Feb 2011 15:47:55 +0100
> From: "Daniel Dib" <daniel.dib at reaper.nu>
> To: "'Peter Rathlev'" <peter at rathlev.dk>, "'Manu Chao'"
> <linux.yahoo at gmail.com>
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] TTL not decrementing (MPLS, SXI, Sup720)
> Message-ID: <000001cbc6d6$0485ce10$0d916a30$@dib at reaper.nu>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On m?, feb 07, 2011 at 15:16:30, Peter Rathlev wrote:
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] TTL not decrementing (MPLS, SXI, Sup720)
> >
> > Hi Manu,
> >
> > On Mon, 2011-02-07 at 15:09 +0100, Manu Chao wrote:
> > > If IP TTL propagation is disabled in your MPLS Core with the no mpls
> > > ip propagate-ttl command in global configuration mode, the TTL value
> > > is not copied in the IP header and on your end to end traceroute.
> >
> > So you're saying it works as expected with "no mpls ip propagate-ttl"?
> > That would be interesting.
> >
> > We currently use TTL propagation and we like it from a trouble
> > shooting perspective. But we're also getting tired of people not able
> > to interpret traceroutes, so we've thought about disabling it anyway.
> >
> > We've actually had a request where the users wanted us to "create a
> > more direct route" because they saw "too many" hops in their
> > traceroute. And I bet they're not willing to pay for a new stretch of
> > glass...
> >
> > --
> > Peter
>
> You could disable it for forwarded packets and keep it for local packets
> for
> troubleshooting. Use no mpls ip propagate-ttl forwarded. This would let you
> do traceroutes from the devices but NMS stations etc would be affected
> which
> could be a disadvantage.
>
> /Daniel
>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 7 Feb 2011 15:53:45 +0000
> From: "Daniska, Tomas" <Tomas.Daniska at soitron.com>
> To: Jasper Koolschijn <jkoolschijn at routit.nl>
> Cc: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>, Kimaru
> Mansour <kmansour at routit.nl>
> Subject: Re: [c-nsp] NTP Server Recommendation?
> Message-ID:
> <CBF98C5E7EF3084AB46DD236C5EB8AA51623AB6A at SBTSEMBX01.soitron.as>
> Content-Type: text/plain; charset="us-ascii"
>
> Jasper,
>
> actually it's not NMEA, it's been a long time ago since I noticed the
> feature :)
>
> as per
>
>
> http://www.cisco.com/en/US/partner/docs/ios/12_2/configfun/command/reference/frf012.html#wp1123799
>
> two protocols are supported - Trimble Palisade and Telecom Solutions (and
> possibly other vendors talking those protocols)
>
>
> you'll find more searching cco for the 'ntp refclock' command, enjoy ;-)
>
>
>
> --
>
> deejay
>
>
> > -----Original Message-----
> > From: Jasper Koolschijn [mailto:jkoolschijn at routit.nl]
> > Sent: Monday, February 07, 2011 3:24 PM
> > To: Daniska, Tomas
> > Cc: Kimaru Mansour
> > Subject: RE: [c-nsp] NTP Server Recommendation?
> >
> > Hi Deejee,
> >
> > I have been looking al over the internet but other than the HDSPA card
> > for 3G networks is cant find an suitable IOS for NMEA Could you please
> > give me some directions on where to find this option.
> >
> > We sure would like to test the capability of the NMEA over the Cisco CPU
> > to get an perfect time on the network. Like an Stratum 2.
> >
> > Kind regards,
> >
> >
> > Jasper Koolschijn
> >
> > Technical Engineer
> > Core Networking
> > RoutIT BV
> > Maxwellstraat 51
> > 6716 BX Ede
> > Phone: +31 (0) 88 437 2636
> > Email: jasper at routit.nl
> > Visit us @ www.routit.nl
> >
> >
> > -----Oorspronkelijk bericht-----
> > Van: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > bounces at puck.nether.net] Namens Daniska, Tomas
> > Verzonden: maandag 7 februari 2011 10:21
> > Aan: Michael Vinogradsky
> > CC: cisco-nsp at puck.nether.net
> > Onderwerp: Re: [c-nsp] NTP Server Recommendation?
> >
> > some time ago i have noticed that IOS is to support NMEA over async
> > ports, so one can buy an inexpensive GPS receiver and gets a perfect
> > synchronized clock... but never managed to try it out myself
> >
> > --
> >
> > deejay
> >
> > > -----Original Message-----
> > > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > > bounces at puck.nether.net] On Behalf Of Michael Vinogradsky
> > > Sent: Sunday, February 06, 2011 6:27 PM
> > > To: Phil Mayers
> > > Cc: cisco-nsp at puck.nether.net
> > > Subject: Re: [c-nsp] NTP Server Recommendation?
> > >
> > > So 3 it will be. I'll probably go with cisco routers. I appreciate the
> > > feedback!
> > >
> > > On Feb 5, 2011, at 7:19 PM, "Phil Mayers" <p.mayers at imperial.ac.uk>
> > > wrote:
> > >
> > > > On 02/05/2011 11:32 PM, Michael Vinogradsky wrote:
> > > >> The design would be comprised of two redundant NTP server in
> > > >> separate geographic locations. The budget in the ballpark of two
> > 2800 routers.
> > > >> Precision is not that important.
> > > >
> > > > Two NTP servers is a bad number. If one malfunctions... how does a
> > > > client know which one to trust? Have at least 3.
> > > >
> > > > I would recommend ntpd on a Linux box or boxes. It will handle very
> > > high
> > > > numbers of NTP clients and is the reference implementation, with
> > > > very comprehensive config guides.
> > > >
> > > > Unless you have very specialist needs, it is unlikely you need a
> > > > local clock source; there are almost certainly good local tier1 NTP
> > > > servers you can sync to (pick at least 5; have each of your
> > > > at-least-3 local servers act as client to them, and peer to each
> > > > other) _______________________________________________
> > > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > >
> > > Confidentiality Notice: This e-mail message, including any
> > > attachments, is for the sole use of the intended recipient(s) and may
> > > contain confidential and privileged information. Any unauthorized
> > > review, use, disclosure or distribution is prohibited. If you are not
> > > the intended recipient, please contact the sender by reply e-mail and
> > > destroy all copies of the original message.
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> ------------------------------
>
> Message: 5
> Date: Mon, 07 Feb 2011 07:56:05 -0800
> From: Seth Mattinen <sethm at rollernet.us>
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Tool to Calculate Rate Limits
> Message-ID: <4D501615.5030400 at rollernet.us>
> Content-Type: text/plain; charset=UTF-8
>
> On 2/6/11 12:04 PM, Saku Ytti wrote:
> > On (2011-02-06 08:36 -0800), Seth Mattinen wrote:
> >
> >> normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds
> >> extended burst = 2 * normal burst
> >
> > I use same formulae, I'm having hard time imagining situation where you'd
> > want 1.5s worth of buffering, 150ms maybe.
> >
>
>
> I pulled it from a Cisco doc long ago and saved it.
>
> http://www.cisco.com/en/US/docs/ios/12_2/qos/command/reference/qrfcmd8.html
>
> Of course that's just Cisco's recommendation.
>
> ~Seth
>
>
> ------------------------------
>
> Message: 6
> Date: Mon, 7 Feb 2011 19:16:17 +0300
> From: Righa Shake <righa.shake at gmail.com>
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Rate Limiting on Cisco ASR1006
> Message-ID:
> <AANLkTiknLguLa9QRdc9BHowfOutrZ3px4rLdYoNPAM=1 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> How do you do rate limiting on cisco ASR1006?
> Am looking for the command but cant find it at interface level
>
> IOS Image asr1000rp2-advipservicesk9.03.01.00.S.150-1.S.bin.
>
> Regards,
> Shake
>
>
> ------------------------------
>
> Message: 7
> Date: Mon, 07 Feb 2011 17:21:53 +0100
> From: Piotr Wojciechowski <peper at peper.eu.org>
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Rate Limiting on Cisco ASR1006
> Message-ID: <iip671$3gn$1 at dough.gmane.org>
> Content-Type: text/plain; charset=ISO-8859-2
>
> On 2/7/11 5:16 PM, Righa Shake wrote:
> > How do you do rate limiting on cisco ASR1006?
> > Am looking for the command but cant find it at interface level
> >
>
> You can use policers
>
> Regards,
>
> --
> Piotr Wojciechowski (CCIE #25543) | "The trouble with being a god is
> http://ccieplayground.wordpress.com | that you've got no one to pray to"
> JID: peper at jabber.org | -- (Terry Pratchett, Small Gods)
>
>
>
>
> ------------------------------
>
> _______________________________________________
> cisco-nsp mailing list
> cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
>
> End of cisco-nsp Digest, Vol 99, Issue 22
> *****************************************
>
More information about the cisco-nsp
mailing list