Cisco Cisco IOS Software Release 12.0(2a)T1 Guide De Dépannage
For WWW, here is the traffic mix:
For every 5k file that you download from the web farm, the web farm receives 560 bytes, as shown here:
80 bytes [SYN, ACK]
•
400 bytes [320 byte HTTP structure, 2 ACKs]
•
80 bytes [FIN, ACK]
•
Assume that the ratio between egress traffic from the web farm and ingress traffic from the web farm is10:1.
The amount of traffic that makes up SYN packets is 120:1.
The amount of traffic that makes up SYN packets is 120:1.
If you have an OC3 Link, you limit the TCP SYN packets rate to 155 mbps / 120 == 1.3 mbps.
On the ingress interface at the web farm router, configure:
rate−limit input access−group 105 1300000 256000 256000 conform−action transmit
exceed−action drop
The TCP SYN packet rate gets smaller as the length of your TCP sessions get longer.
users −−−− { ISP } −−− MP3/FTP Farm
MP3 files tend to be 4 to 5 mgbps in size on an average. Download of a 4 mgbps file generates ingress traffic
that amounts to 3160 bytes:
that amounts to 3160 bytes:
80 bytes [SYN, ACK]
•
3000 bytes [ACKs + FTP get]
•
80 bytes [FIN, ACK]
•
The rate of TCP SYNs to egress traffic is 155 mbps / 120000 == 1.3 kbps.
Configure:
rate−limit input access−group 105 1300 1200 1200 conform−action transmit
exceed−action drop
How Do I Know if I Restrict too Many SYN Packets?
If you know your usual connection rate on your servers, you can compare the figures before and after you
enable CAR. The comparison helps you identify the occurrence of a drop in your connection rate. If you find
a drop in the rate, increment your CAR parameters to permit more sessions.
enable CAR. The comparison helps you identify the occurrence of a drop in your connection rate. If you find
a drop in the rate, increment your CAR parameters to permit more sessions.
Check whether users are able to establish TCP sessions easily. If your CAR limits are too restrictive, users
need to make multiple attempts to establish a TCP session.
need to make multiple attempts to establish a TCP session.
Can I Enable CAR on a Gigabit Switch Router (GSR)?
Yes. Engine 0 and Engine 1 line cards support CAR. Cisco IOS Software Release 11.2(14)GS2 and later
provide CAR support. The performance impact of CAR depends on the number of CAR rules you apply.
provide CAR support. The performance impact of CAR depends on the number of CAR rules you apply.
The performance impact is also greater on Engine 1 line cards than on Engine 0 line cards. If you want to
enable CAR on Engine 0 line cards, you must be aware of Cisco bug ID CSCdp80432 (registered customers
only) . If you want to enable CAR to rate−limit multicast traffic, ensure that Cisco bug ID CSCdp32913
(registered customers only) does not affect you. Cisco bug ID CSCdm56071 (registered customers only) is
enable CAR on Engine 0 line cards, you must be aware of Cisco bug ID CSCdp80432 (registered customers
only) . If you want to enable CAR to rate−limit multicast traffic, ensure that Cisco bug ID CSCdp32913
(registered customers only) does not affect you. Cisco bug ID CSCdm56071 (registered customers only) is