Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco rate-limit question

Status
Not open for further replies.
epletsch

epletsch

Technical User
Aug 31, 2006
3
US
Hi all.

I consider myself fairly knowledgable with regards to Cisco gear and configuration. However, I've come across a problem here that has me stumped. Perhaps someone else will have some insight.

I have an interface on a Cisco 6500 that I'm trying to configure rate-limiting on. I configure the rate limiting per Cisco's documentation, but it doesn't seem to reduce the traffic at all.

I read in some posts that you should mess with the burst and extended burst values, so I tried reducing them some, but it still doesn't seem to make a difference.

Here's the configuration for the port in question. I'm trying to limit the rate to about 5.4 Mbps.

!Cisco config snippet
!
interface FastEthernet1/15
ip address x.x.x.x 255.255.255.0 secondary
ip address x.x.x.x 255.255.254.0
no ip redirects
rate-limit input 5400000 675000 1350000 conform-action transmit exceed-action drop
rate-limit output 5400000 675000 1350000 conform-action transmit exceed-action drop
load-interval 30
standby ip x.x.x.x
standby priority 110
standby preempt
!
!

As you can see from the show int, the traffic is running at about 100 Mbps

FastEthernet1/15 is up, line protocol is up (connected)
Hardware is C6k 100Mb 802.3, address is 000e.d6b4.c000 (bia 000e.d6b4.c000)
Description:
Internet address is x.x.x.x/23
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 25/255, rxload 251/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:03, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/90250/0 (size/max/drops/flushes); Total output drops: 388433
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 98605000 bits/sec, 10672 packets/sec
30 second output rate 9968000 bits/sec, 11226 packets/sec
L2 Switched: ucast: 3214140 pkt, 211776418 bytes - mcast: 548007 pkt, 48373276 bytes
L3 in Switched: ucast: 6168234012 pkt, 4017657896644 bytes - mcast: 0 pkt, 0 bytes mcast
L3 out Switched: ucast: 5654679877 pkt, 1232819797292 bytes mcast: 0 pkt, 0 bytes
6171981641 packets input, 4017818060973 bytes, 0 no buffer
Received 548262 broadcasts, 0 runts, 0 giants, 1160 throttles
1506 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
5675756553 packets output, 1234247194477 bytes, 0 underruns
178864 output errors, 1437665 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

And, as you can see from the rate-limit output, nothing is being limited

#sh int rate-limit
FastEthernet1/15
Input
matches: all traffic
params: 5400000 bps, 675000 limit, 1350000 extended limit
conformed 0 packets, 0 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
last packet: 3653372108ms ago, current burst: 0 bytes
last cleared 00:03:47 ago, conformed 0 bps, exceeded 0 bps
Output
matches: all traffic
params: 5400000 bps, 675000 limit, 1350000 extended limit
conformed 125 packets, 14838 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
last packet: 2392ms ago, current burst: 0 bytes
last cleared 00:03:45 ago, conformed 0 bps, exceeded 0 bps

Does anyone have any idea why the rate limiter is not working?

Thanks.
 
Sort by date Sort by votes
What Sup engine are you running ?

If you have a 720 have you looked at user based limit rating?


Another option is to create a QOS map and do a drop exceed.

class-map match-all LIMIT
match access-group 101

policy-map LIMIT

class LIMIT
bandwidth 5400000
police 5000000 5400000 exceed-action drop

access-list 101 permit any any

interface FastEthernet1/15
ip address x.x.x.x 255.255.255.0 secondary
ip address x.x.x.x 255.255.254.0
no ip redirects
service-policy output LIMIT
service-policy input LIMIT

HTH




Visit for free Cisco rack access.

CCNA, CCDA, CCNP, CCDP, CCIE R&S (Written), Net+, MCP, NCTS
 
Upvote 0 Downvote
We are running a SUP7203BXL.

In this case, I don't want to control the bandwidth of a particular server, subnet, or user. Rather, I'd like to limit the bandwidth for the entire port. So, user based rate limiting doesn't really apply.

Doing a QoS map with a drop exceed is another way to approach the problem. However, I would prefer to use the rate-limit function, as this is exactly what it is designed to do (at least that's my understanding anyway). A QoS map can ge used for this function, but if I'm limiting on several ports, I end up with a boat load of QOS maps. I'd rather stick to rate-limit.

The thing that baffles me is that as I look at the show int rate-limit output, it appears as though none of the packets are even being identified as "conformed". I have 100 Mbps of Input traffic and the ingress section of the rate-limit output says that it's been 42 days (3653372 seconds) since the last input packet. But it should match all traffic.

Has anyone seen this before? Does anyone see anything wrong with my configuration? Does anyone have an idea how I might get it to work using a rate-limit statement?

Thanks!
 
Upvote 0 Downvote
Do you not need to define which traffic you want to be limited via an access list.

Try doing this:

Code: 
router(config-if)#rate-limit input access-group 110 5400000 675000 1350000 conform-action transmit exceed-action drop
router(config-if)#rate-limit output access-group 110 5400000 675000 1350000 conform-action transmit exceed-action drop


Then define your access-list


router(config)#Access-list 101 permit ip any any
 
Upvote 0 Downvote
Whopps obvious problem with my config:

Code: 
router(config)#Access-list 101 permit ip any any
should be

Code: 
router(config)#Access-list 110 permit ip any any
 
Upvote 0 Downvote
The rate limit command is actually a legacy one, but I have a network sandpit at work with 6509's I loaded the steps you used above and it worked fine. I got a series of drops, Im wondering if it could be an IOS bug, have you tried using the bug tracker or raisin a TAC case?

Visit for free Cisco rack access.

CCNA, CCDA, CCNP, CCDP, CCIE R&S (Written), Net+, MCP, NCTS
 
Upvote 0 Downvote
gwildfire:

I've been reluctant to go the TAC route, but that may be what I need to do.

What version of IOS are you running? I'm on Version 12.2(17d)SXB10

Thanks,

Erich
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
237
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
607
nt8d09
nt8d09
CPM86
  • Locked
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
378
CPM86
CPM86
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
592
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
559
Jared R
Jared R

Part and Inventory Search

Sponsor

Back
Top