- Classification Overview
- IPv6 Quality of Service
- Configuring Committed Access Rate
- IPv6 QoS: MQC Packet Marking/Remarking
- Marking Network Traffic
- QoS Tunnel Marking for GRE Tunnels
- IPv6 QoS: MQC Packet Classification
- Classifying Network Traffic
- Class-Based Ethernet CoS Matching and Marking
- Quality of Service for VPNs
Contents
- Configuring Committed Access Rate
- Finding Feature Information
- Committed Access Rate Configuration Task List
- IP Precedence or MAC Address
- IP Access List
- Configuring CAR and DCAR for All IP Traffic
- Configuring CAR and DCAR Policies
- Configuring a Class-Based DCAR Policy
- Monitoring CAR and DCAR
- CAR and DCAR Configuration Examples
- Example Subrate IP Services
- Example Input and Output Rate Limiting on an Interface
- Example Rate Limiting in an IXP
- Example Rate Limiting by Access List
Configuring Committed Access Rate
This module describes the tasks for configuring committed access rate (CAR) and distributed CAR (DCAR).
 Note | In Cisco IOS Release 12.2 SR, CAR is not supported on the Cisco 7600 series router. |
For complete conceptual information about these features, see the "Classification Overview"module and the "Policing and Shaping Overview" module.
For a complete description of the CAR commands in this module, see the Cisco IOS Quality of Service Solutions Command Reference. To locate documentation of other commands that appear in this module, use the command reference master index or search online.
Note | CAR and DCAR can only be used with IP traffic. Non-IP traffic is not rate limited. CAR and DCAR can be configured on an interface or subinterface. However, CAR and DCAR are not supported on the Fast EtherChannel, tunnel, or PRI interfaces, nor on any interface that does not support Cisco Express Forwarding (CEF). CEF must be enabled on the interface before you configure CAR or DCAR. CAR is not supported for Internetwork Packet Exchange (IPX) packets. |
- Finding Feature Information
- Committed Access Rate Configuration Task List
- Configuring CAR and DCAR for All IP Traffic
- Configuring CAR and DCAR Policies
- Configuring a Class-Based DCAR Policy
- Monitoring CAR and DCAR
- CAR and DCAR Configuration Examples
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Committed Access Rate Configuration Task List
The CAR and DCAR services limit the input or output transmission rate on an interface or subinterface based on a flexible set of criteria. CAR is often configured on interfaces at the edge of a network to limit traffic into or out of the network.
CAR can rate limit traffic based on certain matching criteria, such as incoming interface, IP precedence, or IP access list. You configure the actions that CAR will take when traffic conforms to or exceeds the rate limit.
You can set CAR rate policies that are associated with one of the following:
- All IP traffic
- IP precedence
- MAC address
- IP access list, both standard and extended. Matching to IP access lists is more processor-intensive than matching based on other criteria.
Each interface can have multiple CAR policies, corresponding to different types of traffic. For example, low priority traffic may be limited to a lower rate than high-priority traffic. With multiple rate policies, the router examines each policy in the order entered until the packet matches. If a match is not found, the default action is to send.
The rate policies can be independent; each rate policy deals with a different type of traffic. Alternatively, rate policies can be cascading; a packet can be compared to multiple different rate policies in succession. You can configure up to 100 rate policies on a subinterface.
Note | Because of the linear search for the matching rate-limit statement, the CPU load increases with the number of rate policies. |
Basic CAR and DCAR functionality requires that the following criteria be defined:
- Packet direction, incoming or outgoing.
- An average rate, determined by a long-term average of the transmission rate. Traffic that falls under this rate will always conform.
- A normal burst size, which determines how large traffic bursts can be before some traffic is considered to exceed the rate limit.
- An excess burst size (Be). Traffic that falls between the normal burst size and the Excess Burst size exceeds the rate limit with a probability that increases as the burst size increases. CAR propagates bursts. It does no smoothing or shaping of traffic.
|
Keyword |
Description |
|---|---|
|
continue |
Evaluates the next rate-limit command. |
|
drop |
Drops the packet. |
|
set-prec-continue new-prec |
Sets the IP Precedence and evaluates the next rate-limit command. |
|
set-prec-transmit new-prec |
Sets the IP Precedence and sends the packet. |
|
transmit |
Sends the packet. |
IP Precedence or MAC Address
Use the access-list rate-limit command to classify packets using either IP Precedence or MAC addresses. You can then apply CAR policies using the rate-limit command to individual rate-limited access lists. Packets with different IP precedences or MAC addresses are treated differently by the CAR service. See the section Example Rate Limiting in an IXP for an example of how to configure a CAR policy using MAC addresses.
IP Access List
Use the access-list command to define CAR policy based on an access list. The acl-index argument is an access list number. Use a number from 1 to 99 to classify packets by precedence or precedence mask. Use a number from 100 to 199 to classify by MAC address.
Note | If an access list is not present, the rate-limit command will act as if no access list is defined and all traffic will be rate limited accordingly. |
When you configure DCAR on Cisco 7000 series routers with RSP7000 or Cisco 7500 series routers with a VIP2-40 or greater interface processor, you can classify packets by group, to allow you to partition your network into multiple priority levels or classes of service. This classification is achieved by setting IP precedences based on different criteria for use by other QoS features such as Weighted Random Early Detection (WRED) or weighted fair queueing (WFQ).
Configuring CAR and DCAR for All IP Traffic
1. Router(config)# interfaceinterface-type interface-number
2. Router(config-if)# rate-limit {input | output} bps burst-normal burst-max conform-action action exceed-action action
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | Router(config)# interfaceinterface-type interface-number |
Specifies the interface or subinterface. This command puts the router in interface configuration mode. |
| Step 2 | Router(config-if)# rate-limit {input | output} bps burst-normal burst-max conform-action action exceed-action action |
Specifies a basic CAR policy for allConfiguring CAR and DCAR for All IP Trafficef"> Table 1 for a description of conform and exceed action keywords. |
Configuring CAR and DCAR Policies
1. Router(config-if)# interface interface-type interface-number
2. Router(config-if)# rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action action exceed-action action
3. Router(config-if) exit
4. Router(config)# access-list rate-limit acl-index {precedence | mac-address| mask prec-mask}
DETAILED STEPS
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 | Router(config-if)# interface interface-type interface-number |
Specifies the interface or subinterface. This command puts the router in interface configuration mode. | ||
| Step 2 | Router(config-if)# rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action action exceed-action action |
Specifies the rate policy for each particular class of traffic. See Configuring CAR and DCAR Policies for a description of the rate-limit command action keywords. Repeat this command for each different class of traffic. | ||
| Step 3 | Router(config-if) exit |
(Optional) Returns to global configuration mode.
| ||
| Step 4 | Router(config)# access-list rate-limit acl-index {precedence | mac-address| mask prec-mask} |
(Optional) Specifies a rate-limited access list. Repeat this command if you wish to specify a new access list. | ||
| Step 5 | Do one of the following: |
(Optional) Specifies a standard or extended access list. Repeat this command to further configure the access list or specify a new access list. |
Configuring a Class-Based DCAR Policy
1. Router(config-if)# interface interface-type interface-number
2. Router(config-if)# rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action action exceed-action action
3. Router(config-if)# random-detect precedence precedence min-threshold max-threshold mark-prob-denominator
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | Router(config-if)# interface interface-type interface-number |
Specifies the interface or subinterface. This command puts the router in interface configuration mode. |
| Step 2 | Router(config-if)# rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action action exceed-action action |
Specifies the rate policy for each particular class of traffic. See Configuring a Class-Based DCAR Policy for a description of the rate-limit command action keywords. Repeat this command for each different class of traffic. |
| Step 3 | Router(config-if)# random-detect precedence precedence min-threshold max-threshold mark-prob-denominator |
Configures WRED and specifies parameters for packets with specific IP Precedence. |
| Step 4 | Do one of the following: |
(Optional) Specifies a standard or extended access list. Repeat this command to further configure the access list or specify a new access list. |
Monitoring CAR and DCAR
|
Command |
Purpose |
|---|---|
Router# show access-lists
|
Displays the contents of current IP and rate-limited access lists. |
Router# show access-lists rate-limit [access-list-number] |
Displays information about rate-limited access lists. |
Router# show interfaces [interface-type interface-number] rate-limit |
Displays information about an interface configured for CAR. |
CAR and DCAR Configuration Examples
- Example Subrate IP Services
- Example Input and Output Rate Limiting on an Interface
- Example Rate Limiting in an IXP
- Example Rate Limiting by Access List
Example Subrate IP Services
The following example illustrates how to configure a basic CAR policy that allows all IP traffic. In the example, the network operator delivers a physical T3 link to the customer, but offers a less expensive 15 Mbps subrate service. The customer pays only for the subrate bandwidth, which can be upgraded with additional access bandwidth based on demand. The CAR policy limits the traffic rate available to the customer and delivered to the network to the agreed upon rate limit, plus the ability to temporarily burst over the limit.
interface hssi 0/0/0 rate-limit output 15000000 2812500 5625000 conform-action transmit exceed-action drop ip address 10.1.0.9 255.255.255.0
Example Input and Output Rate Limiting on an Interface
In this example, a customer is connected to an Internet service provider (ISP) by a T3 link. The ISP wants to rate limit transmissions from the customer to 15 Mbps of the 45 Mbps. In addition, the customer is allowed to send bursts of 2,812,500 bytes. All packets exceeding this limit are dropped. The following commands are configured on the High-Speed Serial Interface (HSSI) of the ISP connected to the customer:
interface Hssi0/0/0 description 45Mbps to R1 rate-limit input 15000000 2812500 2812500 conform-action transmit exceed-action drop ip address 200.200.14.250 255.255.255.252 rate-limit output 15000000 2812500 2812500 conform-action transmit exceed-action drop
The following sample output shows how to verify the configuration and monitor CAR statistics using the show interfaces rate-limit command:
Router# show interfaces hssi 0/0/0 rate-limit Hssi0/0/0 45Mbps to R1 Input matches: all traffic params: 15000000 bps, 2812500 limit, 2812500 extended limit conformed 8 packets, 428 bytes; action: transmit exceeded 0 packets, 0 bytes; action: drop last packet: 8680ms ago, current burst: 0 bytes last cleared 00:03:59 ago, conformed 0 bps, exceeded 0 bps Output matches: all traffic params: 15000000 bps, 2812500 limit, 2812500 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: drop last packet: 8680ms ago, current burst: 0 bytes last cleared 00:03:59 ago, conformed 0 bps, exceeded 0 bps
Example Rate Limiting in an IXP
The following example uses rate limiting to control traffic in an Internet Exchange Point (IXP). Because an IXP comprises many neighbors around an FDDI ring, MAC address rate-limited access lists are used to control traffic from a particular ISP. Traffic from one ISP (at MAC address 00e0.34b0.7777) is compared to a rate limit of 80 Mbps of the 100 Mbps available on the FDDI connection. Traffic that conforms to this rate is sent. Nonconforming traffic is dropped.
interface Fddi2/1/0 rate-limit input access-group rate-limit 100 80000000 15000000 30000000 conform-action transmit exceed-action drop ip address 200.200.6.1 255.255.255.0 ! access-list rate-limit 100 00e0.34b0.7777
The following sample output shows how to verify the configuration and monitor the CAR statistics using the show interfaces rate-limit command:
Router# show interfaces fddi2/1/0 rate-limit Fddi2/1/0 Input matches: access-group rate-limit 100 params: 800000000 bps, 15000000 limit, 30000000 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: drop last packet: 4737508ms ago, current burst: 0 bytes last cleared 01:05:47 ago, conformed 0 bps, exceeded 0 bps
Example Rate Limiting by Access List
The following example shows how CAR can be used to limit the rate by application to ensure capacity for other traffic including mission-critical applications:
- All World Wide Web traffic is sent. However, the IP precedence for Web traffic that conforms to the first rate policy is set to 5. For nonconforming Web traffic, the IP precedence is set to 0 (best effort).
- File Transfer Protocol (FTP) traffic is sent with an IP precedence of 5 if it conforms to the second rate policy. If the FTP traffic exceeds the rate policy, it is dropped.
- Any remaining traffic is limited to 8 Mbps, with a normal burst size of 15,000 bytes and an Excess Burst size of 30,000 bytes. Traffic that conforms is sent with an IP precedence of 5. Traffic that does not conform is dropped.
The figure below illustrates the configuration. Notice that two access lists are created to classify the Web and FTP traffic so that they can be handled separately by CAR.
Router LEFT Configuration
interface Hssi0/0/0 description 45Mbps to R2 rate-limit output access-group 101 20000000 3750000 7500000 conform-action set-prec- transmit 5 exceed-action set-prec-transmit 0 rate-limit output access-group 102 10000000 1875000 3750000 conform-action set-prec-transmit 5 exceed-action drop rate-limit output 8000000 1500000 3000000 conform-action set-prec-transmit 5 exceed-action drop ip address 10.1.0.9 255.255.255.0 ! access-list 101 permit tcp any any eq www access-list 102 permit tcp any any eq ftp
The following sample output shows how to verify the configuration and monitor CAR statistics using the show interfaces rate-limit command:
Router# show interfaces hssi 0/0/0 rate-limit Hssi0/0/0 45Mbps to R2 Input matches: access-group 101 params: 20000000 bps, 3750000 limit, 7500000 extended limit conformed 3 packets, 189 bytes; action: set-prec-transmit 5 exceeded 0 packets, 0 bytes; action: set-prec-transmit 0 last packet: 309100ms ago, current burst: 0 bytes last cleared 00:08:00 ago, conformed 0 bps, exceeded 0 bps matches: access-group 102 params: 10000000 bps, 1875000 limit, 3750000 extended limit conformed 0 packets, 0 bytes; action: set-prec-transmit 5 exceeded 0 packets, 0 bytes; action: drop last packet: 19522612ms ago, current burst: 0 bytes last cleared 00:07:18 ago, conformed 0 bps, exceeded 0 bps matches: all traffic params: 8000000 bps, 1500000 limit, 3000000 extended limit conformed 5 packets, 315 bytes; action: set-prec-transmit 5 exceeded 0 packets, 0 bytes; action: drop last packet: 9632ms ago, current burst: 0 bytes last cleared 00:05:43 ago, conformed 0 bps, exceeded 0 bps