Committed Access Rate CAR Configuration

CAR has more similarities than differences when compared to CB policing. Both perform policing on all traffic on either an interface or subinterface. Both can classify traffic to police a subset of traffic as well. Both use the same units when configuring policing parameters—bits per second for the policing rate, bytes for the normal and Be values, with the configured Be value actually representing Bc + Be.

CAR differs from CB policing regarding four main features. The most obvious is that CAR uses the rate-limit command, which is not part of the MQC set of commands. CAR also uses only two categories for actions—conform and exceed—as opposed to the three categories (conform, exceed, and violate) supported by CB policing. The most significant difference is that CAR has a feature called cascaded or nested rate-limit commands. Finally, CAR does not use MQC for configuration. Each of these differing features are covered in the example configurations.

Most QoS tools that classify packets operate with logic similar to ACLs in that, when a packet is matched, the action(s) related to that matched statement are taken. With all MQC features, such as CB marking, CBWFQ, CB policing, and CB shaping, after a particular class has been matched, the action associated with that class inside the policy map is performed. For instance, all MQC policy maps end with the class-default class, which matches all packets; however, packets may have matched an earlier class, so that a packet would never fall through to the class-default class.

With CAR, a single packet can match multiple statements. By doing so, you can actually police progressively more specific subsets of the traffic on the interface or subinterface. For example, you can create logic such as the following:

• Police all traffic on the interface at 500 kbps; but before sending this traffic on its way . . .

— Police all web traffic at 400 kbps.

— Police all FTP traffic at 150 kbps

— Police all VoIP traffic at 200 kbps.

In other words, you can police a larger group of traffic, but also prevent one particular subset of that group from taking over all the available bandwidth. In the preceding example (Example 5-12), web traffic can only take 400 kbps of the traffic, but the overall rate can be 500 kbps. This section ends with a configuration example that polices a larger set of traffic, and subsets of the larger set.

Table 5-23 lists the configuration commands used with CAR, and Table 5-24 lists the options for the actions to be taken when CAR decides a packet either conforms to or exceeds the traffic contract. Table 5-25 lists the CAR show commands.

Table 5-23 Configuration Command Reference for CAR

Table 5-23 lists the configuration commands used with CAR, and Table 5-24 lists the options for the actions to be taken when CAR decides a packet either conforms to or exceeds the traffic contract. Table 5-25 lists the CAR show commands.

Table 5-23 Configuration Command Reference for CAR

Command

Mode and Function

rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action conform-action exceed-action exceed-action

Interface mode; configures classification, marking, policing, and enables CAR on the interface

access-list rate-limit acl-index {precedence | mac-address | exp mask mask}

Global mode; creates a CAR ACL, which can match IP precedence, MAC addresses, and MPLS Experimental bits

Table 5-24 Options for Actions Taken with the rate-limit Command

Command

Mode and Function

continue

Evaluates the next rate-limit command

drop

Drops the packet

set-dscp-continue

Sets the differentiated services code point (DSCP) (0 to 63) and evaluates the next rate-limit command

set-dscp-transmit

Sends the DSCP and transmits the packet

set-mpls-exp-continue

Sets the MPLS Experimental bits (0 to 7) and evaluates the next rate-limit command

set-mpls-exp-transmit

Sets the MPLS Experimental bits (0 to 7) and sends the packet

set-prec-continue

Sets the IP precedence (0 to 7) and evaluates the next rate-limit command

set-prec-transmit

Sets the IP precedence (0 to 7) and sends the packet

set-qos-continue

Sets the QoS group ID (1 to 99) and evaluates the next rate-limit command

set-qos-transmit

Sets the QoS group ID (1 to 99) and sends the packet

transmit

Sends the packet

Table 5-25 Exec Command Reference for CAR

Command

Function

show interfaces [interface-type interface-number] rate-limit

Displays CAR statistics on the interface specified, or on all interfaces if the interface is not specified

show access-lists rate-limit [acl-index]

Lists information about the configuration of rate-limit ACLs

Like CB policing, you can use CAR to police all traffic entering or exiting an interface. In Example 5-13, router ISP-edge polices ingress traffic from an enterprise network. The criteria for the first CB policing example is as follows:

• All traffic policed at 96 kbps at ingress to the ISP-edge router.

• Bc of 1 second's worth of traffic is allowed.

• Be of 0.5 second's worth of traffic is allowed.

• Traffic that exceeds the contract is discarded.

• Traffic that conforms to the contract is forwarded with precedence reset to zero.

Figure 5-23 shows the network in which the configuration is applied, and Example 5-13 shows the configuration.

Figure 5-23 Example network for Policing Examples

PB Tents Enterprise Network

Figure 5-23 Example network for Policing Examples

Example 5-13 CB Policing at 96 kbps at ISP-edge Router

ISP-edge#show running-config

!Lines omitted for brevity interface Serial1/0 description connected to FRS port S1. Single PVC to R3. no ip address encapsulation frame-relay load-interval 30 no fair-queue clockrate 1300000

interface Serial1/0.1 point-to-point description point-point subint global DLCI 101, connected via PVC to DLCI 103 (R3) ip address 192.168.2.251 255.255.255.0

! note: the rate-limit command wraps around to a second line.

Example 5-13 CB Policing at 96 kbps at ISP-edge Router (Continued)

rate-limit input 96000 12000 18000 conform-action set-prec-transmit 0 exceed-action drop frame-relay interface-dlci 103

!Lines omitted for brevity

ISP-edge#show interfaces s 1/0.1 rate-limit

Serial1/0.1 point-point subint global DLCI 101, connected via PVC to DLCI 103 (R3) Input matches: all traffic params: 96000 bps, 12000 limit, 18000 extended limit conformed 2290 packets, 430018 bytes; action: set-prec-transmit 0 exceeded 230 packets, 67681 bytes; action: drop last packet: 0ms ago, current burst: 13428 bytes last cleared 00:02:16 ago, conformed 25000 bps, exceeded 3000 bps ISP-edge#

The configuration requires a single rate-limit command under serial 1/0.1 on router ISP-edge. All the parameters are typed in the single command line: rate-limit input 96000 12000 18000 conform-action set-prec-transmit 0 exceed-action drop. The rate of 96 kbps is listed with a Bc of 12,000 bytes, and a Be of 6000 bytes. (Remember, the burst-excess parameter of 18,000 is actually Bc + Be.)

The show interfaces s1/0.1 rate-limit command lists the operational statistics, including numbers of bytes and packets that conformed and exceeded the contract. Interestingly, the two measured rates (conform and exceed) over time do not total more than the policing rate; it appears that the preemptive discarding of packets with the debt process during Be processing is having some good effect. In this particular network, only three concurrent TCP connections were used to create traffic, so just a few packets lost would reduce the TCP windows, and reduce traffic quickly.

Example 5-14 exhibits how to classify traffic with CAR using rate-limit ACLs, and how to use CAR with cascaded rate-limit commands. To classify traffic, CAR requires the use of either a normal ACL, or a rate-limit ACL. A rate-limit ACL can match MPLS Experimental bits, IP precedence, or MAC address. For CAR to match other IP header fields, you must use an IP ACL. In Example 5-14, the CAR configuration meets the requirements of the example for cascaded statements mentioned in the introduction to this section, repeated in the following list.

• Police all traffic on the interface at 496 kbps; but before sending this traffic on its way . . .

— Police all web traffic at 400kbps.

— Police all FTP traffic at 160kbps

— Police all VoIP traffic at 200 kbps.

• Choose Bc and Be so that Bc has 1 second's worth of traffic, and Be provides no additional burst capability over Bc.

Example 5-14 shows the configuration.

Example 5-14 Cascaded CAR rate-limit Commands, with Subclassifications

Example 5-14 shows the configuration.

Example 5-14 Cascaded CAR rate-limit Commands, with Subclassifications

! Next

ACL matches all

web

traffic

Access

list 101 permit

tcp

any eq www

any

Access !

list 101 permit

tcp

any any eq

www

! Next !

ACL matches all

FTP

traffic

access

list 102 permit

tcp

any eq ftp

any

access

list 102 permit

tcp

any any eq

ftp

access

list 102 permit

tcp

any eq ftp

-data any

access !

list 102 permit

tcp

any any eq

ftp-data

! Next

ACL matches all

VoIP traffic

access i

list 103 permit

udp

any range

6384 32767 any

range 16384 32767

interface s 0/0

rate-limit input 496000 62000 62000 conform-action continue exceed-action drop

rate-limit input access-group 101 400000 50000 50000

conform-action transmit exceed-

action drop

rate-limit input access-group 102 160000 20000 20000

conform-action transmit exceed-

action drop

rate-limit input access-group 103 200000 25000 25000

conform-action transmit exceed-

action drop

The CAR configuration needs to refer to IP ACLs to classify the traffic, using three different IP ACLs in this case. ACL 101 matches all web traffic, ACL 102 matches all FTP traffic, and ACL 103 matches all VoIP traffic.

Under subinterface S1/0.1, four rate-limit commands are used. The first sets the rate for all traffic, dropping traffic that exceeds 496 kbps. However, the conform action is listed as "continue". This means that packets conforming to this statement are now compared to the next rate-limit statements, and when matching a statement, some other action is taken. For instance, web traffic matches the second rate-limit command, with a resulting action of either transmit or drop. VoIP traffic is actually compared with the next three rate-limit commands before matching the last rate-limit command. The following list characterizes the types of traffic, and which rate-limit commands they match, in the example.

• All traffic matches the first rate-limit command, and is either dropped or passed to the second rate-limit command.

• All web traffic matches the second rate-limit command, and is either transmitted or dropped.

• All FTP traffic matches the third rate-limit command, and is either transmitted or dropped.

• All VoIP traffic matches the fourth rate-limit command, and is either transmitted or dropped.

• All other traffic is transmitted, because it did not match any more rate-limit commands.

You also may have noticed that the policing rates used in this example did not exactly match the values in the original problem statement at the beginning of this section. For instance, originally the requirement stated 500 kbps for all traffic; the configuration uses 496 kbps. CAR requires that the policing rate be a multiple of 8000, so the requirements were adjusted accordingly.

Table 5-26 summarizes the CAR features, comparing them with CB policing.

Table 5-26 CAR and CB Policing Features Compared

Table 5-26 summarizes the CAR features, comparing them with CB policing.

Table 5-26 CAR and CB Policing Features Compared

Feature

CB Policing

CAR

Allows conform and exceed action categories

Yes

Yes

Allows violate action category

Yes

No

Polices either all traffic, or a subset through classification

Yes

Yes

Uses MQC for configuration

Yes

No

Allows nested or cascaded policing logic

No

Yes

Can be enabled per subinterface

Yes

Yes

Can be enabled per DLCI on multipoint subinterfaces

No

No

Can set ATM CLP bit

Yes

No

Can set FR DE bit

Yes

No

Advance SEO Techniques

Advance SEO Techniques

Turbocharge Your Traffic And Profits On Auto-Pilot. Would you like to watch visitors flood into your websites by the 1,000s, without expensive advertising or promotions? The fact is, there ARE people with websites doing exactly that right now. How is that possible, you ask? The answer is Advanced SEO Techniques.

Get My Free Ebook


Post a comment