Home arrow QoS arrow QoS General arrow CAR(Committed Access Rate) ?

Google Translation


Advertisements


Who's Online

CAR(Committed Access Rate) ? PDF Print E-mail
Written by Chris   

Committed Access Rate (CAR) is used to rate limit traffic. In this example, all ICMP traffic that exceeds the defined level will be dropped. This will prevent an ICMP flood attack from saturating the link.

CAR definition: Rate limiting is one mechanism to use to allow a network to run in a degraded manner, but remain up when it is receiving a stream of Denial of Service (DoS) attack packets as well actual network traffic. Rate limiting can be achieved in a number of methods using Cisco IOS® software. Namely, through Committed Access Rate (CAR), Traffic Shaping, and both Shaping and Policing through Modular Quality of Service Command Line Interface (QoS CLI).
Here is how the extended burst capability works. If a packet arrives and needs to borrow n number of tokens because the token bucket contains fewer tokens than its packet size requires, then CAR compares the following two values:
  • Extended burst parameter value
  • Compounded debt. Compounded debt is computed as the sum over all ai.
    • i indicates the ith packet that attempts to borrow tokens since the last time a packet was dropped.
    • o a indicates the actual debt value of the flow after packet i is sent. Actual

  • debt is simply a count of how many tokens the flow has currently borrowed.
If the compounded debt is greater than the extended burst value, CAR's exceed action takes effect. After a packet is dropped, the compounded debt is effectively set to 0. CAR will compute a new compounded debt value equal to the actual debt for the next packet that needs to borrow tokens.
If the actual debt is greater than the extended limit, all packets will be dropped until the actual debt is reduced through accumulation of tokens in the token bucket.

In an effort to minimize the risks associated from DOS and ICMP flooding attacks, the following is configured on the serial interface of a router:


interface serial 1/0
rate-limit input access-group 111 128000 400 400 conform-action transmit exceed-action drop
access-list 111 permit icmp any any



Reference: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart4/qcpolts.htm


Please share this article with ;
Reddit!Del.icio.us!Google!Live!Facebook!Slashdot!Netscape!Technorati!StumbleUpon!Spurl!Wists!Simpy!Newsvine!Blinklist!Fark!Yahoo!Netvouz!RawSugar!Ma.gnolia!Squidoo!Free social bookmarking plugins and extensions for Joomla! websites!
 
< Prev   Next >
[ Back ]

Sponsored Links


Sponsor II


What's your IP?

You are connecting to this site from: 38.103.63.16