Control unwanted traffic on your Cisco router with CAR

by David "Davis CCIE, MCSE+I, SCSA" | Jan 18, 2007 10:02:00 PM

Tags: NETWORKING, Network technology, David Davis CCIE, MCSE+I, SCSA, Cisco Router, Cisco Systems Inc., router, Committed access rate, access control list, Cisco Routers and Management Newsletter

Takeaway: If you're sick of unnecessary traffic clogging up your network, you don't have to take it anymore. You can manage that unwanted traffic using committed access rate (CAR)—or "rate limiting." David Davis tells you how in this edition of Cisco Routers and Switches.

Committed access rate (CAR)—or "rate limiting"—is a method for managing unwanted traffic on your network and making sure it doesn't affect important traffic. For example, if someone is downloading a lot of Web traffic from a Web site, he or she could preclude necessary traffic from getting through—and potentially make the production servers inaccessible over the network. Let's discuss how you can use CAR to prevent such an event.

You can only use CAR with IP traffic—it doesn't work for non-IP traffic. To use CAR, you must enable CEF on your routers. (For more information, check out "Get better performance with Cisco Express Forwarding (CEF).")

Essentially, CAR controls the bandwidth of a certain type of traffic, and an access control list (ACL) defines which traffic it controls. Once you've created the ACL, you can set CAR to enforce a bandwidth rate on that traffic in either an INBOUND or OUTBOUND direction, according to the interface on which you applied CAR.

CAR can be very useful as a basic QoS function. For example, let's say you have a production application at a remote location across a 128-Kb WAN connection. The application works fine until, one day, a new employee gets a PC, a Web browser, and Internet access.

When in use, that single Web browser slows down the entire remote production network by downloading Web pages and documents over the 128-Kb connection. So how can you prevent the Web browsing from taking over the WAN connection and slowing down the production application?

There are many QoS functions on a Cisco router, and there are many third-party applications and appliances that can help solve this problem. However, the simplest solution to this problem costs nothing—and only takes about two minutes to implement using the Cisco IOS and CAR.

Using CAR requires two simple steps:

1. Create an ACL to define the traffic you want to rate limit.
2. Use the rate-limit command, referencing the ACL on your interface closest to the source of the traffic, referencing the proper direction, and referencing the proper bandwidth amounts.

To return to our example, let's say you have a headquarters location that provides the Internet access for this single PC across the WAN. Even if browsing the Web is a necessary business function, it's negatively affecting the performance of the production application on the remote network.

Let's look at how you can use to control this Web traffic. First, define the traffic you want to rate limit on the headquarters' router. Here's an example:

HQ-Router(config)# access-list 120 permit tcp any eq www host 
  10.200.200.200

In this example, the remote PC has an IP address of 10.200.200.200. So, we're saying that the source server could be any Web server serving Web pages on port 80.

Next, use the rate-limit command on the interface. Here's an example:

HQ-Router(config)# interface Serial0/0
HQ-Router(config-if)# rate-limit output access-group 120 50000 
  10000 20000 conform-action transmit exceed-action drop

This applies the rate limit to the interface, referencing ACL 120. We applied it in the outbound direction because we applied it on the headquarters router (not the remote router). That's because we want to prevent unwanted Web traffic from going across the WAN to the remote site—we don't want to wait until the traffic arrives there before slowing it down.

50000, 10000, 20000 represents the normal bits per second (bps) for this traffic (i.e., 50000 bps or about 50 Kb), the normal burst size for the traffic (i.e., 10000 or about 10 Kb), and the maximum burst size for the traffic (i.e., 20000 or about 20 Kb). The traffic must conform to these numbers in order for the router to transmit it (as specified by conform-action transmit). If the traffic exceeds those bandwidth settings, the router will drop it (as specified by exceed-action drop).

Configuring these settings on the headquarters' router on the Serial0/0 interface (i.e., the interface that goes to the remote location) limits the extraneous Web traffic to consuming less than 50 Kb of the 128-Kb circuit used for the production application.

While you can use CAR in a variety of situations, keep in mind that CAR only limits what you tell it to limit with the ACL. In addition, the CAR bandwidth settings you reference limit all traffic referenced in the ACL.

For more information, see Cisco's rate-limit command documentation, Cisco's Configuring Committed Access Rate documentation, and Cisco's "Using CAR During DOS Attacks."

Miss a column?

Check out the Cisco Routers and Switches Archive, and catch up on David Davis' most recent columns.

Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!

David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.

Print/View all Posts Comments on this article

burst-normal , max..murilo.coutinho@...  | 01/22/07

RE: Control unwanted traffic on your Cisco router with CARcobaugh.harvey@...  | 11/02/07