Ciscocommittedaccessrate (CAR) promised access rate

I. CAR overview CAR is the most widely used method in the Cisco environment. It marks data packets at the network edge Entry and Exit. CAR can implement one of the two functions. Function 1: speed limit; function 2: sets classified data packets by using IP priority and QOS groups; 2. Syntax: rate-limit {input | output} [access-group [ra

I. CAR overview CAR is the most widely used method in the Cisco environment. It marks data packets at the network edge Entry and Exit. CAR can implement one of the two functions. Function 1: speed limit; function 2: sets classified data packets by using IP priority and QOS groups; 2. Syntax: rate-limit {input | output} [access-group [ra

1. CAR Overview

CAR is the most widely used method in Cisco environments. It marks data packets at the network edge Entry and Exit. CAR can implement one of the two functions.

Function 1:SpeedRestrictions;

Function 2: sets classified data packets by using IP priority and QOS groups;

Ii. Syntax:

Rate-limit{Input|Output}[Access-group[Rate-limit]Acl-index]Bps burst-normal burst-max Conform-action Action Exceed-action Action

Input	Apply CAR to the data packets entering the interface
Output	Applies this CAR traffic policy to packets sent on this interface.
Access-group	(Optional) Applies this CAR traffic policy to the specified access list.
Rate-limit	(Optional) The access list is a rate-limit access list.
Acl-index	(Optional) Access list number.
Bps	AverageSpeed, In bps
Burst-normal	Normal burst size in bytes. The minimum value is bps pided by 2000.
Burst-max	Excess burst size in bytes.
Conform-action	ForSpeedTo take action
Action	Action to take on packets. Specify one of the following keywords: Continue-Continue: if more CAR statements exist, the data table will be processed. Drop-Discard data packets Set-prec-continueNew-prec-Set priority and continue Set-prec-transmitNew-prec-Set priority and transfer Transmit-Transmit this packet
Exceed-action	ExceedsSpeedAction taken

Iii. Limitations of CAR

• CAR only affects IP traffic, not IP trafficSpeedThere are no restrictions or tags.
• CAR does not support Fast EtherChannel, Tunnel, and isdn pri interfaces.
• It does not support frame relay BECN or FECN.
• Need to enable CEF

Iv. Configuration example

Router (config )#Interface Hssi0/0/0

! AnySpeedWww traffic less than 20 MB, normal burst less than 24 MB, excess burst less than 32 MB, set IP priority to 5, set IP priority to 0 for www traffic exceeding the rules (maximum effort to transfer)

router(config-if)# rate-limit input access-group 101 20000000 24000 32000    conform-action set-prec-transmit 5 exceed-action set-prec-transmit 0 

! FTP traffic less than 10 MB, normal burst less than 24 MB, excess burst less than 32 MB, set IP priority to 5, FTP traffic exceeding 10 MB is discarded

router(config-if)# rate-limit input access-group 102 10000000 24000 32000    conform-action set-prec-transmit 5 exceed-action drop 

! For other traffic less than 8 Mbps, normal burst less than 16 MB, and excess burst less than 24 MB, set the IP priority to 5, normal burst to 16000 bytes, and excess burst to 24000 bytes, discarded for more than 8 Mbps,

router(config-if)# rate-limit input 8000000 16000 24000 conform-action    set-prec-transmit 5 exceed-action drop 

router(config-if)# ip address 200.200.14.250 255.255.255.252 

! 101AccessControl List match any www traffic, 102AccessControl List matching arbitrary FTP traffic

router(config-if)# access-list 101 permit tcp any any eq www 

router(config-if)# access-list 102 permit tcp any any eq ftp

Iv. CAR Operation Mechanism

CAR can be seen as a combination of Packet Classification and traffic control. The workflow can be pointed out from:

The first step of Traffic Matching is to first identify the Traffic of interest from the data stream. The "interest" traffic refers to the data packet type that the user wants to control the traffic. You can use the following methods to identify traffic:

(1) All IP traffic, so that all IP traffic can adopt a unified traffic control policy.

(2) Based on the IP prefix, this method is defined by rate-limit access list.

(3) QoS grouping

(4) MAC address, which is defined by rate-limit access list.

(5) IP access list, which can be defined by standard or extended access list.

Step 2: traffic measurement ). CAR uses a token bucket mechanism to measure traffic. See:

The token in the figure can be seen as the interest traffic identified in the first step. The data packet of this traffic enters a bucket, and the depth of this bucket is defined by the user, after entering the token bucketSpeed(This trafficSpeedNot the actual traffic of this typeSpeedBut the user wants this type of trafficSpeed(Upper limit) to exit the bucket and execute the next operation (conform action ). Here, for actual trafficSpeedYou can see that there are two situations:

(1) The actual traffic is less than or equal to the user's expectationSpeedIn this way, it is obvious that the token actually leaves the bucketSpeedAndSpeedSimilarly, the bucket can be considered as empty. The traffic does not exceed the expected value.

(2) The actual traffic exceeds the user's expectationSpeed. In this way, the token enters the bucket'sSpeedTheSpeedFast. In this way, the token will fill the bucket within a period of time, and the coming token will overflow (excess) the bucket, then the CAR takes the corresponding action (generally discard or change its IP prefix to change the priority of the token ). This ensures data traffic.SpeedIt must be within the desired value defined by the user.

Ii. how to configure a CAR

Generally, the CAR is suitable for deploying on the edge of the network. Our general practice is to deploy the CAR on the sub-Gateway Router. CAR Configuration mainly includes the following parts:

1. Determine the traffic type of "interest" mainly through the following methods:

(1) All IP traffic

(2) IP prefix-based

(3) QoS-based grouping

(4) MAC address-based

(5) standard or extended IP access list

Generally, the fifth method is most commonly used. You can use the standard ip access list to determine which operations are performed.Access(Access). You can also use the extended IP access list to determine the traffic rate-limit.Access(Access. For example, if we want to limit the speed at which users can browse webpages on the Intranet, we can use the following access list to define the traffic:

Access-list 101 permit tcp any eq www any

It is worth noting that the configuration should be configured with any eq www any instead of any eq www. Because the main traffic is not the request sent by the user to the http server (the source port number of this type of request traffic is random, and the destination port number is 80 ), the traffic sent by the http server to the webpage after receiving the user's request (the source port number of this traffic is 80, and the destination port number is the initiator's port number ), if you do not pay attention to this small detail, you cannot effectively limit the download traffic.

2. Configure rate-limit on the corresponding Port:

The general statement is:

Interface X

Rate-limit {input | output} [access-group number] bps burst-normal burst-max conform-action exceed-action

The command is interpreted as follows:

Interface: the port you want to control traffic. It can be an Ethernet port or a serial port. However, different types of interfaces are different in the input output below.

Input | output: You want to limit the Input or output traffic. For example, if the network port is configured, the traffic is output. If the port is configured on the serial port, the traffic is input.

Access-group number: number is the access list number of the traffic defined by the user using access list.

Bps: the user wants this trafficSpeedMaximum, in bps.

Burst-normal and burst-max: the size of the token bucket. Generally, these values are 32000, and, depending on the bps value.

Conform-action: InSpeedThe processing policy that limits the following traffic.

Exceed-action: exceedsSpeedThe processing policy of the restricted traffic.

Action: processing policy, including the following:

Transmit: Transmission

Drop: discard

Set precedence and transmit: Modify priority and transmit

Set QoS group and transmit: route the traffic to a QoS group for transmission.

Continue: no action. check whether there are traffic matching and processing policies in the next rate-limit command. If not, transmit

Set precedence and continue: Modify the priority and then continue

Set QoS group and continue: insert QoS group and then continue

Note that multiple rate-limit commands can be configured in an interface. If the action contains a continue, the next rate-limit command is executed sequentially, if a traffic is not discarded by a rate-limit command after the continue, it will be transmitted. A port can have up to 20 rate-limit commands.

In this example, the corresponding configuration is as follows:

Interface e0

Rate-limit output access-group 101 128000 16000 16000 conform-action transmit exceed-action drop

Here we define the downloaded traffic at 128 Kbps, And the token bucket is 16000 bytes in size. If the token bucket is set to be too small (such as 4000 ),SpeedWill appear not smooth enough.

3. How to check whether the CAR works on the corresponding port?

Run the show interface XX rate-limit command to check the actual effect of the CAR on port XX, as shown in the following example:

Fddi2/1/0

Input

Matches: access-group 101

Params: 80000000 bps, 72000 limit, 72000 extended limit

Conformed 0 packets, 0 bytes; action: set-prec-transmit 5

Exceeded 0 packets, 0 bytes; action: set-prec-transmit 0

Last packet: 4738036 ms ago, current burst: 0 bytes

Last cleared 01:02:05 ago, conformed 0 bps, exceeded 0 bps

Matches: all traffic

Params: 50000000 bps, 64000 limit, 64000 extended limit

Conformed 0 packets, 0 bytes; action: set-prec-transmit 5

Exceeded 0 packets, 0 bytes; action: set-prec-transmit 0

Last packet: 4738036 ms ago, current burst: 0 bytes

Last cleared 01:00:22 ago, conformed 0 bps, exceeded 0 bps

Output

Matches: all traffic

Params: 80000000 bps, 80000 limit, 80000 extended limit

Conformed 0 packets, 0 bytes; action: transmit

Exceeded 0 packets, 0 bytes; action: drop

Last packet: 4809528 ms ago, current burst: 0 bytes

Last cleared 00:59:42 ago, conformed 0 bps, exceeded 0 bps

Here we will explain the result of show interface rate-limit.

Matches indicates the traffic matching rule configured for the interface. Multiple matches indicates that the interface is configured with multiple rate-limit commands and Multiple matching rules. The following params indicates the parameters defined by the rule, and xxx bps indicates the settings.SpeedValue. limit and extended limit indicate the capacity of the token bucket. Conformed x packets, y bytes indicatesSpeedThe number of packages and the number of characters in the limit. action indicates the processing method for the compliant package. exceeded x packets indicates that the number of packets exceedsSpeedThe number of packages and the number of nodes. action is the processing method. The following last packet indicates how long the latest incoming data packet arrived. The current burst indicates the data size in the current token bucket, and the last cleared indicates the time from the last stenographer to the present, conform x bps RepresentationSpeedActual traffic of packets within the limitSpeed, Exceed y bps indicates thatSpeed.

We can use this command to check the actual effect of CAR configuration. If we find that there is no conform traffic, it is generally because the traffic matching rule settings are incorrect, or the input output on the interface is set incorrectly.