Committed Access Rate (CAR) is used to rate limit traffic. In this example, all ICMP traffic that exceeds the defined level will be dropped. This will prevent an ICMP flood attack from saturating the link.
CAR definition: Rate limiting is one mechanism to use to allow a network to run in a degraded
manner, but remain up when it is receiving a stream of Denial of Service (DoS) attack packets as well actual network traffic. Rate limiting can be achieved in a number of methods using Cisco IOS® software. Namely, through Committed Access Rate (CAR), Traffic Shaping, and both Shaping and Policing through Modular Quality of Service Command Line Interface (QoS CLI).
Here is how the extended burst capability works. If a packet arrives and needs to borrow n number of tokens because the token bucket contains fewer tokens than its packet size requires, then CAR compares the following two values:
- o Extended burst parameter value
- o Compounded debt. Compounded debt is computed as the sum over all ai.
– I indicates the ith packet that attempts to borrow tokens since the last time a packet was dropped.
– A indicates the actual debt value of the flow after packet i is sent. Actual
- debt is simply a count of how many tokens the flow has currently borrowed.
If the compounded debt is greater than the extended burst value, CAR’s exceed action takes effect. After a packet is dropped, the compounded debt is effectively set to 0. CAR will compute a new compounded debt value equal to the actual debt for the next packet that needs to borrow tokens.
If the actual debt is greater than the extended limit, all packets will be dropped until the actual debt is reduced through accumulation of tokens in the token bucket.
In an effort to minimize the risks associated from DOS and ICMP flooding attacks, the following is configured on the serial interface of a router:
rate-limit input access-group 111 128000 400 400 conform-action transmit exceed-action drop
access-list 111 permit icmp any any
How to calculate Burst-Normal and Burst-Max(Normally)
Burst-Normal = configured rate * 1/8 * 1.5 seconds (1/8 for convert bit to byte)
Burst-Max = Burst-normal * 2
For Example
rate-limit output 496000 93000 186000 conform-action transmit exceed-action drop
Reference: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart4/qcpolts.htm
The www.ipBalance.com runs by a volunteer group with IT professionals and experts at least over 25 years of experience developing and troubleshooting IT in general. ipBalance.com is a free online resource that offers IT tutorials, tools, product reviews, and other resources to help you and your need.
