[c-nsp] rate-limit problem 7206VXR

Paul Stewart paul at paulstewart.org
Tue Jan 10 16:13:39 EST 2012


Thanks very much..

 

We did reboot it a few weeks back - we find we need to kick these boxes
about once a year or other weird stuff happens ;)

 

I missed the fact that it is only showing INPUT - good catch and I will
follow up on that.

 

Nothing has changed but we did migrate Radius platforms not too long ago and
starting to wonder if that's what is causing this.

 

Appreciate the "second set of eyes" ..

 

Paul

 

 

From: Tony [mailto:td_miles at yahoo.com] 
Sent: Tuesday, January 10, 2012 3:30 PM
To: Paul Stewart; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] rate-limit problem 7206VXR

 

Hi Paul,

 

Has anything changed on the box that might have caused it to cease
functioning ? Have you rebooted it (shouldn't need to, but just in case) ?

 

The output you've given below seems to only show an INPUT policer, is there
a corresponding output policer on the virtual interface ?

 

Have you tried configuring a policy-map on the 7206 and then apply that to
the interface with RADIUS attribute ?

 

 

regards,

Tony.

 

  _____  

From: Paul Stewart <paul at paulstewart.org>
To: cisco-nsp at puck.nether.net 
Sent: Wednesday, 11 January 2012 1:11 AM
Subject: [c-nsp] rate-limit problem 7206VXR

Hi there.



We have some 7206VXR's in place for BRAS functions.  They have functioned
very well for a number of years..



Recently (past couple of months it seems) we have discovered that
rate-limiting isn't working any longer - suddenly it seems.



Example customer (connected to DSLAM via ADSL2+):



acs1-con-mb#show interfaces virtual-access 1255 rate-limit

Virtual-Access1255

  Input

    matches: all traffic

      params:  512000 bps, 96000 limit, 192000 extended limit

    conformed 101157 packets, 9467316 bytes; action: transmit

      exceeded 199 packets, 271225 bytes; action: drop

      last packet: 0ms ago, current burst: 134 bytes

      last cleared 00:04:35 ago, conformed 275160 bps, exceeded 7882 bps





This user should be limited to 512Kb/s pretty much (not including short term
burst etc).  The above output would seem to indicate that they are getting
conformed (with action: transmit) until they hit the exceed limit (with
action:drop).



The problem is that this user in this example is able to download at 18Mb/s
with no problems despite the above rate-limit being applied.. I'm trying to
figure this out and it's driving me nuts ;)



Radius snippet for this test user (me) looks like this:



        Cisco-AVPair = "lcp:interface-config#1=rate-limit input 512000 96000
192000 conform-action transmit exceed-action drop",

        Cisco-AVPair = "lcp:interface-config#2=rate-limit output 512000
96000 192000 conform-action transmit exceed-action drop"



7206VXR-NPE1G running 12.2(33)SRD3 . no changes in a couple of years to the
box.



Thanks for any input,



Paul







_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/





More information about the cisco-nsp mailing list