RE: about Cisco CAR syntax?

["SB CH" <chulmin2 () hotmail com>]

Thanks for your answer.

But CAR is a effective soluition against DoS or DDoS Attack so security 
related, I guess.

But when I see this document, the meaning is not same as you said. 
please confirm about this again.

http://www.cisco.com/warp/public/63/car_rate_limit_icmp.html

access−list 106 permit tcp any any syn
!−−− We are only interested in syn packets
interface <interface> <interface #>
rate&#8722;limit input access&#8722;group 106 64000 8000 8000 
conform&#8722;action transmit exceed&#8722;action drop

Note: We will rate limit to 64000 bps for all TCP Syn packets.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It say, 64000 instead of 64000+8000, right?
and then what is the meaning of the burst-normal-size?


Thanks in advance.


From: Joey Peloquin <jpelo1 () jcpenney com>
To: "'SB CH'" <chulmin2 () hotmail com>, security-basics () securityfocus com
Subject: RE: about Cisco CAR syntax?
Date: Fri, 21 Nov 2003 07:10:45 -0600

IMO, it's not a security-related question, but ...

Maximum allowable output would be 9000000 + 225000; average rate plus
extended burst rate.  The packet would be transmitted, unless its
compounded debt is greater than the extended burst rate.  Keep in mind
though, once bursts exceed the bucket size, some packets are randomly
dropped according to the weighted red algorithm, with the drop rate
increasing as the burst rate increases.

Joey Peloquin



-----Original Message-----
From: SB CH [ <mailto:chulmin2 () hotmail com> mailto:chulmin2 () hotmail com]
Sent: Wednesday, November 19, 2003 8:55 PM
To: security-basics () securityfocus com
Subject: about Cisco CAR syntax?


Hello, all.

I have one question about CAR(Committed Access Rate).
When I set like this,

rate-limit output 9000000 112000 225000 conform-action transmit
exceed-action drop

1. Whats is the allowed total output?
(1) 9000000
(2) 9000000 + 112000
(3) 9000000 + 112000 + 225000

2. if the bps of the output is 9000000 + 200000, the packet is transmit
or
drop?



Thanks in advance.

_________________________________________________________________
보다 빠르고 보기 편한 뉴스. 오늘의 화제는 MSN 뉴스에서 확인하세요.
 <http://www.msn.co.kr/news/> http://www.msn.co.kr/news/


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

_________________________________________________________________
전세계인이 함께하는 웹 메일 서비스인 MSN Hotmail을 만나 보세요.    
http://loginnet.passport.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&lc=1042 



---------------------------------------------------------------------------
----------------------------------------------------------------------------