RE: about Cisco CAR syntax?

[Joey Peloquin <jpelo1 () jcpenney com>]

> But CAR is a effective soluition against DoS or DDoS Attack so
security
> related, I guess.

Is this context, true, it is security related.

        Cisco recommends the following values for the normal and
extended burst parameters:
        normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds
        extended burst = 2 * normal burst [1]

[1]
cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide
_chapter09186a00800bd8ed.html#1000986

Joey Peloquin

-----Original Message-----
From: SB CH [mailto:chulmin2 () hotmail com]
Sent: Friday, November 21, 2003 8:07 PM
To: jpelo1 () jcpenney com; security-basics () securityfocus com
Subject: RE: about Cisco CAR syntax?


Thanks for your answer.

But CAR is a effective soluition against DoS or DDoS Attack so security
related, I guess.

But when I see this document, the meaning is not same as you said.
please confirm about this again.

http://www.cisco.com/warp/public/63/car_rate_limit_icmp.html

access−list 106 permit tcp any any syn !−−− We
are only interested in syn packets interface <interface> <interface #>
rate&#8722;limit input access&#8722;group 106 64000 8000 8000
conform&#8722;action transmit exceed&#8722;action drop

Note: We will rate limit to 64000 bps for all TCP Syn packets.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It say, 64000 instead of 64000+8000, right?
and then what is the meaning of the burst-normal-size?


Thanks in advance.


From: Joey Peloquin <jpelo1 () jcpenney com>
To: "'SB CH'" <chulmin2 () hotmail com>, security-basics () securityfocus com
Subject: RE: about Cisco CAR syntax?
Date: Fri, 21 Nov 2003 07:10:45 -0600

IMO, it's not a security-related question, but ...

Maximum allowable output would be 9000000 + 225000; average rate plus
extended burst rate.  The packet would be transmitted, unless its
compounded debt is greater than the extended burst rate.  Keep in mind
though, once bursts exceed the bucket size, some packets are randomly
dropped according to the weighted red algorithm, with the drop rate
increasing as the burst rate increases.

Joey Peloquin



-----Original Message-----
From: SB CH [ <mailto:chulmin2 () hotmail com> mailto:chulmin2 () hotmail com]
Sent: Wednesday, November 19, 2003 8:55 PM
To: security-basics () securityfocus com
Subject: about Cisco CAR syntax?


Hello, all.

I have one question about CAR(Committed Access Rate).
When I set like this,

rate-limit output 9000000 112000 225000 conform-action transmit exceed-
action drop

1. Whats is the allowed total output?
(1) 9000000
(2) 9000000 + 112000
(3) 9000000 + 112000 + 225000

2. if the bps of the output is 9000000 + 200000, the packet is transmit
or drop?



Thanks in advance.

_________________________________________________________________
보다 빠르고 보기 편한 뉴스. 오늘의 화제는 MSN 뉴스에서 확인하세요.
  <http://www.msn.co.kr/news/> http://www.msn.co.kr/news/


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----

The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any
review, dissemination, distribution or copying of this message
including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

_________________________________________________________________
전세계인이 함께하는 웹 메일 서비스인 MSN Hotmail을 만나 보세요.
http://loginnet.passport.com/login.srf?id=2&svc=mail&cbid$325&msppjph1&lc42

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
----------------------------------------------------------------------------