From: Chris Lewis (chrlewiscsco@gmail.com)
Date: Sun Mar 05 2006 - 11:58:46 GMT-3
Guys,
I think there are a couple of misrepresentations on this thread.
First, the concept of Tc in policing algorithms is different to that in
shaping algorithms. Unlike shaping algorithms, which calculate things at
regular intervals, policing calculations are driven by packet arrival times.
Although referring to the two rate policer, the description at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123tcr/123tqr
/qos_o1gt.htm#wp1084420
of
tokens being added to the bucket when packets arrive is still valid for a
one rate system.
Talking just about a sungle bucket system (like the rate-limit command), the
CIR defines the rate that will be achieved over time, one does not enable
the policer to continually police at a higher rate by defining a Bc value.
Bc is just the depth of the bucket used for the policing algorithm. It is
not an extra amount of traffic that can be continually sent. If the traffic
coming in is much lower than the CIR, the bucket will fill with tokens, once
the bucket is full, tokens are discarded. The effect this has is to allow
the policer to temporarily transmit at a rate (key here is temporarily)
higher than CIR until the bucket is empty. So one has to build up credit
first in order to do this, one cannot transmit indefinitely at a
rate greater than CIR. Be in a single bucket system means you can borrow
agaainst future allocation of tokens, meaning the token bucket can go
negative for a while (negative amount of tokens in the bucket), again
thought, it does not imply a continuous rate.
The values recommended for Bc in policiing are just general rules of thumb
and do not relate to round trip times (how could you apply a general rule
for that, it varies so much!). The 1.5 seconds of burst for the token bucket
depth is just a typical value, tuning it to another value depends on the
profile of hte traffic, a more steady stream needs less, a more uneven
stream may require more.
I have not seen the question, but from what I see the configuration shown
would not meet the requirements to limit to 500K, it would limit to 496K. To
limit to 500K would require use of MQC police, which can limit to exactly
500K. The classification could use the same ACL, just call that in a class
map and police to 500000 in a policy-map, as shown in the policy-map
interface output below.
Router1(config-if)#do sho policy-map int
Serial3/0
Service-policy output: test
Class-map: class-default (match-any)
1 packets, 24 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
police:
cir 500000 bps, bc 15625 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps
On 3/4/06, PANDI MOORTHY <moorthypandi@gmail.com> wrote:
>
> Excellent, thank you.
>
> Regards.
> Pandi
>
>
> On 3/5/06, Reinhold Fischer <Reinhold.Fischer@gmx.net> wrote:
> >
> > Hi Pandi,
> >
> > i came across the following statement in the book 'IP Quality of
> Service'
> > (Ciscopress, Page 38):
> >
> > <cite>
> > - Rate (bps) should be in increments of 8 Kbps, and the lowest value
> > allowed for conformed and extended burst size is 8000 bytes.
> > - The minimum value of BC size is Rate (bps) divided by 2000. It should
> be
> > at least 8000 bytes.
> > - The BE is always equal to or greater than the BC value.
> > </cite>
> >
> > According to the calculation the BC value would be: 500000 / 2000 = 250
> >
> > So i would choose the recommended minimum value of 8000 bytes for BC and
> > twice the size for BE:
> >
> > access-list 100 permit tcp any any syn
> > access-list 100 deny ip any any
> > int e0/0
> > rate-limit output access-group 100 496000 8000 16000 conform-action
> > transmit exceed-action drop
> >
> >
> > There is another formula on cco on this URL:
> >
> >
> >
>
>
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_q_and_a_item09186a00
> 800cdfab.shtml#policing
> >
> > http://tinyurl.com/ouvcf
> >
> > which you can use to calculate the BC/BE values. This formula assumes
> > a typical round-trip-time of 1.5 seconds and therefore the results
> > for BC/BE produce higher numbers.
> > When using this formula the BC value would be 93750 and the BE value
> > would be 187500.
> >
> >
> > hope this helps and is not too confusing :-)
> >
> > regards
> >
> > Reinhold
> >
> >
> > On Sun, Mar 05, 2006 at 12:36:02AM +0800, PANDI MOORTHY wrote:
> > > Hi
> > >
> > > The question is to limit the TCP sync traffic to 500kbps which is out
> > from
> > > the Ethernet interface.
> > >
> > > So I have to use the rate-limit command to achieve this, one thing
> still
> > I
> > > can't figure out is choosing the value for burst-normal and burst-max,
> > > Anyone please advice me on this?
> > >
> > > Regards.
> > > Pandi
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:38 GMT-3