CAR stands for Committed Access Rate. It sets an upper limit on the inbound or outbound traffic rate of a port or sub-port, classifies traffic, and assigns different QoS priorities. It only works on IP packets and cannot handle non-IP traffic.
1. To control traffic, we must first classify and identify data packets, then apply traffic control. For the packet types to be controlled, the rate limiter uses the token bucket algorithm to manage bandwidth utilization of traffic flows. When each incoming frame arrives, its length is added to the token bucket. Every 0.25 milliseconds, the CIR (or the average rate-limiting value) is subtracted from the token bucket.
2. The rate limiter allows traffic rates to burst beyond the average rate by a certain amount. The amount between the token bucket’s growth and the burst value (in bytes) is the allowed effective burst, also known as in-profile traffic. When the token bucket size exceeds the burst value, the rate limiter considers the traffic excessive. When traffic exceeds the maximum burst value and reaches the PIR, the rate limiter considers it a violation; this type of traffic is called out-of-profile traffic.
3. CAR is typically configured on the network’s edge routers. Configuring CAR mainly includes the following parts:
1. Determine the traffic type to be monitored, mainly through the following methods:
(1) Based on IP prefix, defined through rate-limit access lists.
(2) Based on QoS group.
(3) Based on MAC address.
(4) Based on standard or extended IP access lists.
2. Configure rate-limit on the corresponding port:
interface X rate-limit {input | output} [access-group number] bps burst-normal burst-max conform-action action exceed-action action.
(1) Interface: The port on which you want to control traffic. It can be an Ethernet or serial port, but different interface types have different selections for the input and output parameters below.
(2) Input/Output: Determines whether to limit input or output traffic. If configured on an Ethernet port, this traffic is output; if configured on a serial port, this traffic is input.
(3) conform-action: The processing policy for traffic below the rate limit; exceed-action: The processing policy for traffic exceeding the rate limit.
4. Besides limiting the rate of certain traffic, CAR can also be used to defend against DoS attacks, such as Smurf attacks, which flood the network with a large number of ICMP packets carrying illegal source addresses and consume network resources. We can protect the network by configuring CAR on the router to set an upper rate limit for ICMP packets.
After the above settings, we can limit the forwarding rate and size of ICMP packets to a certain extent, reducing damage to the network and hosts. The CAR rate-limiting strategy can only be used effectively in this