Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1376
Views
0
Helpful
5
Replies

Cisco 7206VXR rate-limit not working

aijaz802
Level 1
Level 1

‎08-21-2013 02:55 AM - edited ‎03-04-2019 08:49 PM

Hi,

I've Cisco 7206 VXR with IOS "c7200p-advipservicesk9_li-mz.124-15.T3.bin". We have MPLS connections terminated with the VLANS on the fiber gig port. I've applied rate-limit for inbound/outgoing traffic not to exceed certain limit.

But, still I'm seeing traffic is going more than the applied limit.

Ex: This 8MB rate limit applied on subinterface

rate-limit input 8384000 12800 12800 conform-action transmit exceed-action drop

Does anyone has any idea?

Thanks,

Labels:
0 Helpful
5 Replies 5

Lei Tian
Cisco Employee
Cisco Employee

‎08-21-2013 04:49 AM

Hi,

What's the output of 'show interface rate-limit'? Instead of CAR, shaping is used more often on CE. Any reason you prefer CAR over shaping?

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

0 Helpful

aijaz802
Level 1
Level 1
In response to Lei Tian

‎08-21-2013 05:27 AM

Hi,

Thanks for the response. I want to restrict both inbound and outbound, thats the reason using the CAR.

The output is as below.

GigabitEthernet0/2.106 xxx Company 8Mbps

  Input

    matches: all traffic

      params:  8384000 bps, 4192 limit, 4192 extended limit

      conformed 3400147 packets, 344625643 bytes; action: transmit

      exceeded 509285 packets, 301767312 bytes; action: drop

      last packet: 4ms ago, current burst: 66 bytes

      last cleared 01:32:43 ago, conformed 495000 bps, exceeded 433000 bps

  Output

    matches: all traffic

      params:  8384000 bps, 4192 limit, 4192 extended limit

      conformed 2338356 packets, 483254441 bytes; action: transmit

      exceeded 257774 packets, 100000671 bytes; action: drop

      last packet: 8ms ago, current burst: 1518 bytes

      last cleared 01:31:34 ago, conformed 703000 bps, exceeded 145000 bps

0 Helpful

Lei Tian
Cisco Employee
Cisco Employee
In response to aijaz802

‎08-22-2013 03:24 AM

Hi,
Looks like the CAR is dropping exceed packets, why do you think it is not working?

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

0 Helpful

aijaz802
Level 1
Level 1
In response to Lei Tian

‎08-22-2013 04:37 AM

Hi,

Sometimes due to malware/virus activity there is lot of burst in the traffic which is recorded by the SNMP/MRTG monitors. Which is exceeding (going over 20MBPS) what is configured on the interface. Also the CPU usage was drastically increasing during the traffic floodings.

Ex: below see the exceeding value.

GigabitEthernet0/2.106 XXX Company 8Mbps

  Input

    matches: all traffic

      params:  8384000 bps, 4192 limit, 4192 extended limit

      conformed 31582020 packets, 4706M bytes; action: transmit

      exceeded 15257155 packets, 10113M bytes; action: drop

      last packet: 252ms ago, current burst: 0 bytes

      last cleared 20:16:59 ago, conformed 515000 bps, exceeded 1108000 bps

  Output

    matches: all traffic

      params:  8384000 bps, 4192 limit, 4192 extended limit

      conformed 16301291 packets, 2979M bytes; action: transmit

      exceeded 3877345 packets, 882109946 bytes; action: drop

      last packet: 376ms ago, current burst: 0 bytes

      last cleared 20:15:50 ago, conformed 326000 bps, exceeded 96000 bps

Is there any other way to stop this kind of flooding which is causing high cpu/mem and B/W utilization.

Thanks,

0 Helpful

Lei Tian
Cisco Employee
Cisco Employee
In response to aijaz802

‎08-23-2013 03:41 AM

Hi,

CAR is doing its job. You might want talk to the provider see what service they can provide to block the abnormal traffic rate on their end. If no luck, you can consider platform that can do inbound policing in hardware and can do CoPP to protect CPU.

HTH,

Lei Tian

0 Helpful
Customers Also Viewed These Support Documents
Top