Committed Access Rate

CAR implements single-rate, two-color policing. As compared with that same option in CB Policing, CAR and CB Policing have many similarities. They both can police traffic either entering or exiting an interface or subinterface; they can both police subsets of that traffic based on classification logic; and they both set the rate in bps, with Bc and Be configured as a number of bytes.

CAR differs from CB Policing regarding four main features, as follows:

■ CAR uses the rate-limit command, which is not part of the MQC set of commands.

■ CAR has a feature called cascaded or nested rate-limit commands, which allows multiple rate-limit commands on an interface to process the same packet.

■ CAR does support Be; however, even in this case, it still supports only conform and exceed categories, and never supports a third (violate) category.

■ When CAR has a Be configured, the internal logic used to determine which packets conform and exceed differs as compared with CB Policing.

CAR puts most parameters on the rate-limit command, which is added under an interface or subinterface:

rate-limit {input I output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action conform-action exceed-action exceed-action

Example 14-12 shows an example CAR configuration for perspective. The criteria for the CAR configuration in Example 14-12 are as follows:

■ All traffic policed at 96 kbps at ingress to the ISP-edge router.

■ Bc of 1 second's worth of traffic is allowed.

■ Be of 0.5 second's worth of traffic is allowed.

■ Traffic that exceeds the contract is discarded.

■ Traffic that conforms to the contract is forwarded with Precedence reset to 0.

Example 14-12 CAR at 96 kbps at ISP-Edge Router

! The rate-limit command omits the access-group option, meaning that it has no matching ! parameters, so all packets are considered to match the command. The rest of the ! options simply match the requirements, interface Serial1/0.1 point-to-point ip address

! note: the rate-limit command wraps around to a second line, rate-limit input 96000 12000 18000 conform-action set-prec-transmit 0

exceed-action drop frame-relay interface-dlci 103

! The output below confirms the parameters, including matching all traffic. ISP-edge# show interfaces s 1/0.1 rate-limit Input matches: all traffic params: 96000 bps, 12000 limit, 18000 extended limit

Key Topic

Example 14-12 CAR at 96 kbps at ISP-Edge Router conformed 2290 packets, 430018 bytes; action: set-prec-transmit 0 exceeded 230 packets, 67681 bytes; action: drop last packet: 0ms ago, current burst: 13428 bytes last cleared 00:02:16 ago, conformed 25000 bps, exceeded 3000 bps

To classify traffic, CAR requires the use of either a normal ACL or a rate-limit ACL. A rate-limit ACL can match MPLS Experimental bits, IP Precedence, or MAC Address. For other fields, an IP ACL must be used. Example 14-13 shows an example in which CAR polices three different subsets of traffic using ACLs for matching the traffic, as well as limiting the overall traffic rate. The criteria for this example are as follows (Note that CAR allows only policing rates that are multiples of 8 kbps):

■ Police all traffic on the interface at 496 kbps; but before sending this traffic on its way

■ Police all web traffic at 400 kbps.

■ Police all FTP traffic at 160 kbps.

■ Police all VoIP traffic at 200 kbps.

■ Choose Bc and Be so that Bc has 1 second's worth of traffic, and Be provides no additional burst capability over Bc.

Example 14-13 Cascaded CAR rate-limit Commands, with Subclassifications

! ACL 101 matches all HTTP traffic

! ACL 102 matches all FTP traffic

! ACL 103 matches all VoIP traffic

interface s 0/0

rate-limit input 496000 62000 62000 conform-action



-action drop

rate-limit input access-group 101 400000 drop

50000 50000



transmit exceed


rate-limit input access-group 102 160000 drop

20000 20000



transmit exceed


rate-limit input access-group 103 200000 drop

25000 25000



transmit exceed


The CAR configuration refers to IP ACLs in order to classify the traffic, using three different IP ACLs in this case. ACL 101 matches all web traffic; ACL 102 matches all FTP traffic; and ACL 103 matches all VoIP traffic.

Under subinterface s1/0.1, four rate-limit commands are used. The first sets the rate for all traffic, dropping traffic that exceeds 496 kbps. However, the conform action is "continue." This means that packets conforming to this statement will be compared to the next rate-limit statements, and when matching a statement, some other action will be taken. For instance, web traffic matches the second rate-limit command, with a resulting action of either transmit or drop. VoIP traffic would be compared with the next three rate-limit commands before matching the last one. As a result, all traffic is limited to 496 kbps, and three particular subsets of traffic are prevented from taking all the bandwidth.

CB Policing can achieve the same effect of policing subsets of traffic by using nested policy maps.

Was this article helpful?

0 0

Post a comment