Cisco CAR traffic control policy (1)

There are many types of applications on the network. To ensure the good operation of the main applications, traffic control must be performed on the network. Network Traffic control methods are not exactly the same for network equipment manufacturers. In addition to the Cisco CAR's guaranteed access rate), there are also Rich-QoS of NEC and CBQ of HiPER, of course, Cisco) has the widest application of CAR traffic control policies. This article will introduce the traffic control policy of a CAR router like Cisco, and introduce representative products of Cisco with the CAR traffic control function later.

1. What is a CAR?

The CAR is short for the Committed Access Rate, which means the guaranteed Access Rate. It is a sub-function of QoS in Cisco IOS software and is newly added from v12.0. Its

There are two main functions: 1) restrict the inbound and outbound traffic rates of a port or subport (subinterface) according to a certain standard ceiling; 2) classify traffic, different QoS priorities are defined.

Note: The CAR can only work on the IP package, but cannot limit non-IP traffic. In addition, a CAR can only be used on a vro or vswitch that supports switch between CEF and Cisco Express Forward. CAR cannot be used either of the following interfaces:

* Fast EtherChannel interface

* Tunnel Interface

* PRI interface

The working principle of CAR can be seen as the combination of packet classification and access rate limiting. The workflow can be shown in Figure 1.

Figure 1

This process consists of three steps. The first step of Traffic Matching is to first identify from the data stream the data packet type that the user wants to control its Traffic, also known as "interested" Traffic type ). You can use the following methods to identify traffic:

* All IP traffic, so that all IP traffic can adopt a unified traffic control policy.

* Based on the IP prefix, this method is defined by rate-limit access list.

* QoS group.

* MAC address, which is defined by rate-limit access list.

* IP access listIP ACL, IP address access control list), which can be defined through a standard or extended access control list.

After identifying the data packet type that the user wants to control the traffic, the second step is to measure the traffic ). CAR uses a token bucket mechanism to measure traffic, as shown in figure 2.

Figure 2

The token in the figure can be seen as the interest traffic identified by traffic matching in the first step. The data packet of this traffic enters a bucket. The depth of this bucket is defined by the user. After entering the token bucket, exit the bucket at the desired traffic rate and execute the next conform action ). Here, for the actual traffic rate difference, we can see that there are two situations:

1) The actual traffic is less than or equal to the desired rate. Obviously, the actual rate at which the token leaves the bucket is the same as the actual rate at which it comes. The bucket can be seen as empty. The traffic does not exceed the expected value.

2) The actual traffic exceeds the expected rate. In this way, the rate at which the token enters the bucket is faster than the rate at which it leaves the bucket. In this way, the token will fill the bucket within a period of time, and the coming token will overflow (excess) the bucket, the CAR generally discards the IP address prefix or changes the priority of the token ). This ensures that the data traffic rate is within the desired value defined by the user.

Ii. how to configure a CAR

Generally, the CAR is suitable for deploying on the edge of the network. Our general practice is to deploy the CAR on the border router. To configure a CAR, you can select the preceding five traffic types identification methods. The most common method is the "IP access listIP ACL, IP Address access Control List)" method.

You can use the standard "ip access list" command to determine which IP traffic data requires a rate-limit rate limit ), you can also use the extended "ip access list" to determine which ip protocol traffic types, such as HTTP and FTP, require rate-limit. For example, if we want to limit the speed at which users can browse webpages on the Intranet, we can use the following access list to define the traffic:

Access-list 101 permit tcp any eq www any

It is worth noting that "any eq www any" should be configured, instead of "any eq www ". Because the main traffic to be restricted here is not the source port number of the request traffic sent to the http server), the destination port number is 80 ), instead, the http server receives the user's request and sends the webpage content traffic to the user. The source port number is 80, and the destination port number is the initiator's port number ), if you do not pay attention to this details, you cannot effectively limit the download traffic.