10-10 Committed Access Rate (CAR)

Previous page
Table of content
Next page

  • CAR can be used to classify IP packets at the edge of a network.

  • CAR is also used for IP traffic policing to limit the rate of transmission on an interface.

  • Packets can be classified and rate-limited according to all IP traffic, IP Precedence, MAC address, or an IP access list.

  • Multiple CAR policies can be configured on a single interface to deal with different types of traffic.

Configuration

  1. (Optional) Define an IP access list to classify the traffic: 

     (global)  access-list   acc-list-number  {  permit   deny  }  source  [  mask  ]

    -OR- 

     (global)  access-list   acc-list-number  {  permit   deny  }  protocol source mask destination mask  [  precedence   precedence  ] [  tos   tos  ]

    A standard IP access list can be used to identify traffic by source address. An extended IP access list can be used to identify traffic by source and destination addresses, protocol, port number, IP Precedence (3 bits, 0 through 7), or Type of Service (ToS; whole byte) numbers .

  2. (Optional) Define a rate-limit access list to classify traffic according to IP Precedence or MAC address: 

     (global)  access-list rate-limit   acc-list-number  {  precedence   mac-address   mask   mask  }

    A rate limit access list is numbered acc-list-number (1 to 99 for IP Precedence and 100 to 199 for MAC addresses). IP Precedence values are given as precedence (0 to 7). A MAC address can be given as mac-address ( dotted - triplet hexadecimal format). If multiple IP Precedence bits should be matched in a single policy, use the mask (two hex characters ; a 1 bit matches and a 0 ignores). The mask should be based on the IP ToS byte: p2 p1 p0 t3 t2 t1 t0, where bits 7 to 5 are IP Precedence (p2 to p0), bits 4 to 1 are ToS (t3 to t0), and bit 0 is unused. Refer to Tables 10-1 and 10-2 for more information about the IP Precedence and ToS values.

  3. Define one or more CAR policies on an interface: 

     (interface)  rate-limit  {  input   output  } [  access-group  [  rate-limit  ]  acc-list-number  ]  bps burst-normal burst-max   conform-action   action   exceed-action   action

    Each rate-limit policy governs input or output traffic on the interface. The access-group keyword specifies an IP access list (standard 1 to 99 or extended 100 to 199) that is used to identify traffic for the policy. If the rate-limit keyword is used, a rate-limit access list is used (IP Precedence 1 to 99 or MAC address 100 to 199) instead.

    Matching traffic is rate-limited to an average bps (given in increments of 8000 bps), with a normal burst size of burst-normal (in bytes; the minimum is bps /2000) and a maximum burst size of burst-max (bytes). The conform-action keyword is used to define an action to take for traffic within the rate limit, and exceed-action defines an action to take for traffic that exceeds the rate limit. The action values can be continue (evaluate the next rate-limit command), drop (drop the packet), set-prec-continue new-prec (set the IP Precedence value to new-prec and evaluate the next rate-limit command), set-prec-transmit new-prec (set the IP Precedence value to new-prec and send the packet), or transmit (send the packet).

Committed Access Rate Example

CAR is configured to limit traffic as follows :

  • WWW traffic is limited to 128000 bps, with burst sizes of 24000 to 32000 bytes. Conforming traffic is forwarded, with the IP Precedence set to 3. Nonconforming traffic is also forwarded, but its IP Precedence is set to 0.

  • SMTP traffic is limited to 16000 bps, with burst sizes of 1000 to 2000 bytes. Conforming traffic is forwarded, with IP Precedence reset to 2. Nonconforming traffic is dropped to prevent large SMTP transmissions of spam e-mail.

  • Traffic with IP Precedence set to 5 is limited to 32000 bps, with burst sizes of 8000 to 12000 bytes. This type of traffic is always forwarded, keeping its original IP Precedence value.

  • All other traffic not identified is limited to 48000 bps, with burst sizes of 1000 to 2000 bytes. Conforming traffic is forwarded, with IP Precedence set to 0. Nonconforming traffic is dropped. 

  access-list 101 permit tcp any any eq www   access-list 102 permit tcp any any eq smtp   access-list rate-limit 1 5   interface serial 0/1   rate-limit output access-group 101 128000 24000 32000 conform-action   set-prec-transmit 3 exceed-action set-prec-transmit 0   rate-limit output access-group 102 16000 1000 2000 conform-action   set-prec-transmit 2 exceed-action drop   rate-limit output access-group rate-limit 1 32000 8000 12000 conform-action   transmit exceed-action transmit   rate-limit output 48000 1000 2000 conform-action set-prec-transmit 0   exceed-action drop

Previous page
Table of content
Next page
Cisco Field Manual[c] Router Configuration
Cisco Field Manual[c] Router Configuration
ISBN: 1587050242
EAN: N/A
Year: 2005
Pages: 185
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Inside Network Security Assessment: Guarding Your IT Infrastructure
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Introduction to 80x86 Assembly Language and Computer Architecture
Extending and Embedding PHP
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy