06-17-2009 08:14 AM - edited 03-04-2019 05:09 AM
Hi, I have to limit WWW Syn packet to 500Kbs. I am confused by CIR, be & be has been choosen like following --
access-list 192 permit tcp any any eq www sync
int f0/1
rate-limit output access-group 192 496000 4000 4000 conform-action permit exceed-action drop
06-17-2009 09:45 AM
The recommended be values are 2 x the CIR - otherwise you run the risk of global sync.
HTH>
06-17-2009 10:48 PM
Hi Rupesh,
Don't forget the following:
496000 means cir in bits per second (bps).
4000 means bc and be in BYTES.
For rate limiting the recommended values for bc and be are the following:
bc = (1.5 x cir)/8
be = 2 x bc
This would mean the following recommended configuration for the rate limit command:
rate-limit output access-group 192 496000 93000 186000 conform-action permit exceed-action drop
Cheers:
Istvan
06-18-2009 12:31 AM
1. At first, I have requested for 500kbs, they why CIR is 496kbs ?
2. Bc will CIRx125ms, which is not 93000 ?
3. Why be = 2x bc
06-18-2009 03:37 AM
Hi Rupesh,
The following link will give some more explanations on rate-limiting and the recommended settings for bc and be.
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpolsh.html#wp1000920
Cheers:
Istvan
06-18-2009 06:45 AM
BTW, I wonder whether your requirement might be better provided by something like the "TCP Intercept" feature.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide