Model of asa for response rate limit
Hi , i'm new , just registered
I need to know what kind of cisco asa i should buy for my company, i need to use response rate limit , for limit dns requestes on my dns server.
If you' can helm me, i'll be very gratefull..
Recent versions of ISC BIND can rate-limit their responses themselves; Cisco ASA software can police packet flow rates but it's not their primary function. If the only thing you want is rate-limiting, I wouldn't bother with the ASA. If you need actual firewall, NAT, or IPS functionality, the ASA becomes useful.
To size an ASA, you'd need to know what kind of traffic rates you need to support, and what kind of inspections you plan to do. Cisco has some published packet and throughput data at e.g.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-700608.html
In my own experience, simple firewall configurations and test traffic will at least meet and often exceed Cisco's guidance.
Personally, I'm using ASA 5525-x devices to support ~350 users on gigabit fiber uplinks averaging about 6kps, mixed sizes with good results. With the older 5520's I was dropping packets during peak traffic surges to full line rates.
-- Jim Leinweber, WI State Lab of Hygiene
Similar Messages
-
SGE2000 QoS: Ingress Rate Limit BUG ?
I buyed a new unit of SGE2000. Thirst I changed firmware to newest one (3.0.0.18) so I do not know what firmware was installed before.
The problem is that it is not posssible to change Ingress Rate Limit to value lower than 3500...
Hardware Version
00.00.01
Software Version
3.0.0.18
Boot Version
2.0.0.03
Manual says:
Ingress Rate Limit — Defines the amount of bandwidth assigned to the interface.
For FE ports, the rate is 62 - 100,000 Kbps.
For GE ports, the rate is 62 - 1,000,000 Kbps
====
Default value for Ingress Rate Limit field is 3500, while I change it to eg. 512 the combobox is opening with warning information:
"Entered value in highlighted field must be an Integer. Range 3500...1000000"
"Committed Information Rate (CIR)" field allow to put a value down to 64, so it is ok.
Should I downgrade firmware to v3.0.0.17 ?
Any help appreciated.My appologies for the lack of reply here. I checked with the PM for the product and they asked me if there is a case open with the Small Business Support Center (SBSC) on this issue. Have you had a case open on this yet? If not can I ask you to log a case and then respond back to this postig with the case number please? It seems this is a bug so the product team will need to process the fix for this via the standard problem identification/case reporting process.
Thanks in advance! -
Rate-limit for some MAC on aironet 1231
Hello!
I need to set rate-limit for some mac addresses on access point aironet 1231.Is it possible?
If no, what ios or devices can do it?
Thanks.No there is no option for rate-limit in Aironet but in controller, Rate-limiting is applicable to all traffic destined to the CPU from either direction (wireless or wired). Cisco recommends that you always run the controller with the default config advanced rate enable command in effect in order to rate-limit traffic to the controller and protect against denial-of-service (DoS) attacks. You can use the config advanced rate disable command to stop rate-limiting of Internet Control Message Protocol (ICMP) echo responses for testing purposes.
-
ASA rate limit certain websites
Hello,
Is there a way with the ASA to rate limit certain websites? Match using regex but rate limit only those matches?
For example if I wanted to rate limit youtube, could I match youtube in a regex statement and then inspect http and only rate limit youtube and not the rest of the http traffic?
When I set the rate limit it allways seems to rate-limit whatever I am inspecting, eg http in general.
Or should I look at doing this on my router instead?
Thanks,
Dan.Dan,
OK - I forwarded that particular example as the way I look at it, it tells me:-
1) How to configrure RegEx
2) How to configure a specific URL to perform an action (it just happens in this example it's a block action)
3) Assign it to a class map
Once you have it in a class map, you are almost there - in theory (I have not tried this) but since you will have a class map, you should be able to assign it to a QoS policy map, rate limiting the amount of traffic?
See the below example of a QoS Rate Limit
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml
Andrew. -
Service-Policy Or Bandwidth Rate Limit for IP
Hii Netpros,
Is this possible to configure the Service Policy(for Bandwidth) or Bandwidth Rate Limit for Single IP. For eg: If we want to configure the Service Policy(for Bandwidth) or Bandwidth Rate Limit of 2Mb for only IP " 10.10.10.3" on network i.e the Host or device which is configured with this IP can access upto 2Mb only.
Actual Network :- We need this to configure this for wireless customers, Actually we have created one Vlan 2 (IP:- 10.10.10.1/29 @ our end router) , 10.10.10.2 on Basestation wiresss device (Vlan 2 allowed on this wireless device) and this wireless device is working as point to multipoint wireless. i.e 2 or more then 2 wireless customers or last mile will connect to this basestation wireless. Wireless customer-1 is 10.10.10.3 (2Mb bandwidth) and Wireless Customer-2 10.10.10.4 (512Kb).
Hence we require to limit the bandwidth for this 2 wireless customers having different bandwidth. how to acheive & control bandwidth @ our end router for them. please suggest.
ThanksThis topic is probably better suited in another Infrastructure forum, but I suppose it depends on which features are supported by your Cisco hardware and software. This doc discusses a variety of options:
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpolsh.html
For example, with the older CAR (committed access rate) approach:
interface FastEthernet5/0
rate-limit input access-group 101 20000000 [normal burst size] [excess burst size] conform-action transmit exceed-action drop
rate-limit input access-group 102 5120000 [normal burst size] [excess burst size] conform-action transmit exceed-action drop
access-list 101 permit ip 10.10.10.3 0.0.0.0
access-list 102 permit ip 10.10.10.4 0.0.0.0
You can observe CAR in action with "show interfaces fa5/0 rate-limit" for example. -
Rate Limit for Envelope Senders for sender?
I need to setup a temporary Rate Limit exception for delivery failures. The rate limit error that I'm getting is:
System is rate limiting Envelope Sender <> due to high volume of messages
What entry can I put in the Address List exception list that will allow e-mails with null senders to be excluded? $null?
JasonFeature Request?
-
Bandwidth Management(Rate Limit) Using QoS Policies
Hello,
I need some advice. We have an ASA 5525 running version 8.6(1)2 and a 10 MG pipe. I have execs that want to limit bandwidth on users for stuff like youtube, stream media, and downloads. I found the article on ‘Bandwidth Management(Rate Limit) Using QoS Policies’ so it appears our firewall can do what we want. I’m not a cisco person. My knowledge is limited when it comes to configuration – that’s why we have SmartNet :). The advice I need is what to ask for, so to speak, when I put a case in. Can bandwidth be limited on end users and/or can they limit the ‘bandwidth rate limit’ to just youtube, steaming media, and downloads? If so, what should the limit be? and I’m assume this would be for ‘incoming’ traffic only? we’re running into some bandwidth hogs – usually youtube and/or streaming media. We have a Barracuda web filter which we’ve used to block and monitor activity but I simply do not have time to babysit this all day. I should also mention we do have critical data running up and down the pipe; such as credit card processing, DB replication between in house DB and hosted website, TPCx and EDI, FTP, and such that we don’t want restricted.
Need input please,
Thanks,
DHello,
That's a question that you as the network admin of that organization could answer.
How much traffic for business purposes must travel via HTTP/HTTPS?
How much bandwith are you willing to provide to this 2 protocols?
Those are the kind of answers you need to answer before setting the number
Regards
Remember to rate all of the helpful posts, Just click the 5 stars at the left of each post
Julio -
Hi,
My network infrastructure as simple as following:
LAN(edge switches 3560).......>Aggregator switch(3750)........>Firewall(ASA 5510)........>Router.......>Internet
I define 3 wireless VLANs with 3 SSIDs on the Aggregator switch(3750):
1. one SSID for company employees.
2. one SSID for wireless IP phones.
3. one SSID for company guest which access only internet.
And the wireless APs connected to the LAN(edge switches) direct with trunks.
My question is how to apply a rate limit for SSID for company guest to access internet with B.W. of 128kbps only.
I tried policy map to be applied on the aggregator switch(3750) on the VLAN interface, but, it is not working.
So, any suggested help, please.Hi Ahmed:
With autonomous APs, rate limiting isn't possible. All the autonomous APs support is QoS and that's pretty iffy. At the core of the issue, you're dealing with radio waves and which ones arrive at the radio first, and who was prevented from talking because someone else was talking. Dealing with these QoS and traffic shaping/policing issues are really tough with wireless because the transmission medium itself is unreliable.
The "Configuring QoS" chapter of the autonomous AP configuration guide
http://tools.cisco.com/squish/5aCf1
will show you how you can map priority tagging to an SSID so that in that path from radio receiver to outbound on the fastethernet interface toward the rest of the network, you can control which SSID's packets get up into the network first, but the reverse path is a different story. Because the wireless medium is half-duplex acknowledged, you can have a high priority packet out there on the radio interface trying to be beamed out to the client, and if the client isn't sending their ACK or what have you, it's going to sit and retry until its 63 retries are done before it gets out of the way to let the next high priority packet have a turn at getting transmitted out.
Once the traffic gets past the edge switch, the fact that it was at one time wireless is irrelevant. You should look at it as a general "rate limiting one VLAN's traffic over another" and check with the routing protocols or traffic shaping folks.
Sincerely,
Rollin Kibbe
Network Management Systems Team -
3750X rate-limit (QoS)
Hello,
I'm trying to configure a rate-limit in a 3750X but I'm not seeing any result...
These are my configurations:
RF#show run
Building configuration...
Current configuration : 23410 bytes
! Last configuration change at 08:53:35 UTC Sun Mar 14 1993
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RF
boot-start-marker
boot-end-marker
no aaa new-model
switch 1 provision ws-c3750x-48p
system mtu routing 1500
ip routing
ip domain-name erf.carco.com.mx
rep admin vlan 100
mls qos
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 2
vlan 4
vlan 6
vlan 8
vlan 10
vlan 20
vlan 21
vlan 22
vlan 23
vlan 25
vlan 26
vlan 30
vlan 50
vlan 53
vlan 70
vlan 81
vlan 91
vlan 92
vlan 93
vlan 95
vlan 96
vlan 99
vlan 100
vlan 102
vlan 110
vlan 122
vlan 129
vlan 200
vlan 213
vlan 227
vlan 333
vlan 357
vlan 417
vlan 444
vlan 500
vlan 502
vlan 555
vlan 700
vlan 712
vlan 910
vlan 911
vlan 951
vlan 1105
vlan 1508
vlan 1830
vlan 1870
vlan 1890
vlan 1891
vlan 1892
class-map match-any test
match access-group 100
policy-map test
class test
police 150000000 512000 exceed-action drop
interface Loopback0
ip address 10.20.40.106 255.255.255.0
interface Port-channel22
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
bandwidth 10000000
rep segment 10
interface Port-channel24
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
bandwidth 10000000
rep segment 10
interface FastEthernet0
no ip address
no ip route-cache
shutdown
interface GigabitEthernet1/0/1
interface GigabitEthernet1/0/2
interface GigabitEthernet1/0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,10,50,53,60,70,91-93,95,96,99,100,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
no logging event link-status
shutdown
speed 1000
duplex full
interface GigabitEthernet1/0/4
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,8,10,20,50,53,70,91-93,95,96,99,100,110,213
switchport trunk allowed vlan add 227,500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
speed 1000
duplex full
interface GigabitEthernet1/0/5
interface GigabitEthernet1/0/6
interface GigabitEthernet1/0/7
interface GigabitEthernet1/0/8
interface GigabitEthernet1/0/9
interface GigabitEthernet1/0/10
switchport access vlan 91
switchport mode access
logging event link-status
interface GigabitEthernet1/0/11
interface GigabitEthernet1/0/12
interface GigabitEthernet1/0/13
interface GigabitEthernet1/0/14
interface GigabitEthernet1/0/15
switchport access vlan 91
switchport mode access
logging event link-status
interface GigabitEthernet1/0/16
interface GigabitEthernet1/0/17
interface GigabitEthernet1/0/18
interface GigabitEthernet1/0/19
interface GigabitEthernet1/0/20
switchport access vlan 91
switchport mode access
logging event link-status
interface GigabitEthernet1/0/21
interface GigabitEthernet1/0/22
interface GigabitEthernet1/0/23
interface GigabitEthernet1/0/24
interface GigabitEthernet1/0/25
switchport access vlan 910
switchport mode access
interface GigabitEthernet1/0/26
interface GigabitEthernet1/0/27
interface GigabitEthernet1/0/28
interface GigabitEthernet1/0/29
interface GigabitEthernet1/0/30
interface GigabitEthernet1/0/31
interface GigabitEthernet1/0/32
interface GigabitEthernet1/0/33
interface GigabitEthernet1/0/34
interface GigabitEthernet1/0/35
interface GigabitEthernet1/0/36
interface GigabitEthernet1/0/37
no switchport
bandwidth 150000
ip address 10.20.103.13 255.255.255.252
rate-limit output access-group 100 24000000 3000000 3000000 conform-action transmit exceed-action drop
logging event link-status
interface GigabitEthernet1/0/38
interface GigabitEthernet1/0/39
interface GigabitEthernet1/0/40
interface GigabitEthernet1/0/41
interface GigabitEthernet1/0/42
interface GigabitEthernet1/0/43
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
bandwidth 10000000
channel-group 24 mode on
interface GigabitEthernet1/0/44
interface GigabitEthernet1/0/45
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,10,50,53,60,70,91-93,95,96,99,100,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
interface GigabitEthernet1/0/46
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,10,50,53,60,70,91-93,95,96,99,100,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
interface GigabitEthernet1/0/47
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
bandwidth 10000000
channel-group 22 mode on
interface GigabitEthernet1/0/48
switchport trunk encapsulation dot1q
switchport trunk native vlan 6
switchport trunk allowed vlan 2,7,10,20,50,53,70,91-93,95,96,99,100,110,213
switchport trunk allowed vlan add 227,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
logging event link-status
shutdown
interface GigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,8,10,20,50,53,60,70,91-93,95,96,99,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
interface GigabitEthernet1/1/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport trunk allowed vlan 2,8,10,20,50,53,60,70,91-93,95,96,99,110,213,227
switchport trunk allowed vlan add 500,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
shutdown
interface GigabitEthernet1/1/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 6
switchport trunk allowed vlan 2,6,8,10,20,50,53,70,91-93,95,96,99,100,110,213
switchport trunk allowed vlan add 227,700,910,911,951,1830,1870,1890-1892
logging event link-status
shutdown
interface GigabitEthernet1/1/4
switchport trunk encapsulation dot1q
switchport trunk native vlan 6
switchport trunk allowed vlan 2,6,8,10,20,50,53,70,91-93,95,96,99,100,110,213
switchport trunk allowed vlan add 227,700,910,911,951,1830,1870,1890-1892
switchport mode trunk
logging event link-status
shutdown
interface TenGigabitEthernet1/1/1
interface TenGigabitEthernet1/1/2
interface Vlan1
no ip address
shutdown
interface Vlan6
description ***LANERF**
ip address 10.20.6.106 255.255.255.0
no ip redirects
interface Vlan23
description < TRANSITO MUR >
no ip address
no ip redirects
interface Vlan100
description < VLAN MAN >
ip address 10.20.100.106 255.255.255.0
no ip redirects
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 032368342B2F0F
ip ospf dead-interval minimal hello-multiplier 4
router ospf 1
router-id 10.20.40.106
auto-cost reference-bandwidth 100000
area 0.0.0.0 authentication message-digest
area 1.80.1.1 authentication message-digest
redistribute connected subnets
redistribute static subnets
passive-interface default
no passive-interface Vlan23
no passive-interface Vlan100
no passive-interface GigabitEthernet1/0/37
network 10.20.6.0 0.0.0.0 area 0.0.0.0
network 10.20.40.106 0.0.0.0 area 0.0.0.0
network 10.20.91.6 0.0.0.0 area 0.0.0.0
network 10.20.100.106 0.0.0.0 area 0.0.0.0
default-information originate
ip http server
ip http secure-server
access-list 100 permit ip 10.50.80.0 0.0.0.255 10.80.80.0 0.0.0.255
access-list 100 permit ip 10.80.80.0 0.0.0.255 10.50.80.0 0.0.0.255
snmp-server community ASComRO RO
line con 0
line vty 0 4
login
line vty 5 15
login
event manager applet track_qos_down authorization bypass
event syslog pattern "TRACKING-5-STATE: 15 ip sla 15 reachability Up->Down"
action 1 cli command "enable"
action 2 cli command "configure terminal"
action 3 cli command "interface giga1/0/37"
action 4 cli command "rate-limit output access-group 100 400000000 50000000 50000000 conform-action transmit exceed-action drop"
action 5 cli command "end"
event manager applet track_qos_up authorization bypass
event syslog pattern "TRACKING-5-STATE: 15 ip sla 15 reachability Down->Up"
action 1 cli command "enable"
action 2 cli command "configure terminal"
action 3 cli command "interface giga1/0/37"
action 4 cli command "no rate-limit output access-group 100 400000000 50000000 50000000 conform-action transmit exceed-action drop"
action 5 cli command "end"
end
ERF#
ERF#show mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled
ERF#show mls qos inter gigabitEthernet 1/0/37
GigabitEthernet1/0/37
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none
qos mode: port-based
When I apply the command I'm seeing a gauge using a 3rd party but I'm not seeing that the traffic will be truncated @ 50Mbps.
Any thoughts???Hi
Bandwidth commands allocates the particular amount of bandwidth you mention or configure over there.
Basically you have the liberty to configure upto 75% of the available interface bandwidth to different classes.
most widelys used with CBWFQ technique..
so while configuring up the same better to watch out for the exact bandwidth value keyed in on the interface to have your alloocation work properly.
policing basically used for limiting the traffic or to control the bursts by dropping them or marking them with different ip precedence or DSCP values.
its very much similar to the rate-limit command applied on the interface level which again uses token bucket system either single or dual based on the configuration parameters.
for more info on above mentioned clis do check these links..
http://www.cisco.com/en/US/tech/tk543/tk545/tsd_technology_support_protocol_home.html
http://www.cisco.com/en/US/tech/tk543/tk544/tsd_technology_support_protocol_home.html
regds -
ICMP unreacheble, rate-limit
Hi !
I'm currently working on projet of network hardening.
Based on Cisco security best pratice, I see it's recommand to rate limit genaration of ICMP unreachable message to prevent DoS attack. (according to document : http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a0080825564.pdf page 74)
On Catalyst 6509 run IOS 12.2(17r)SX5 I see to possible way to rate-limit ICMP messages if mls QoS is running.
1- mls rate-limit unicast ip ICMP unreachable acl-drop 100 10 (enable by default, according to document : http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a0080825564.pdf page 74)
mls rate-limit unicast ip ICMP unreachable no-route 100 10
2- ip ICMP rate-limit unreachable <millisecond> (500 ms is default parameters, which permit 2 paquets per seconds, also enable by default if I'm base on : http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml, ACL for IOS section)
Which one of those command have precedence over the other one ?
Which one is better over the other one ?
With the mls rate-limit option, we have the possibility to check default parameter with : "show mls rate-limit" command is exist equivalent for : "ip ICMP rate-limit unreachable"
We have also Catalyst 3550 switches, on which we have to rate-limit genaration of ICMP unreachable message for same reason as 6509. I understand the :"ip ICMP rate-limit unreachable" command is my only option "under "mls " the only option I have is QoS or aclmerge. Under thoses parameter I have no way to rate-limit ICMP message generation....
I have check in running-configuration I did not find any reference to ICMP rate-limit command, I hope this is active like explain in document http://www.cisco.com/warp/public/707/cisco-sn-20030125-worm.shtml, ACL for IOS section, (Version 12.2(44)SE3) but I would like to be able to confirm if any show command exist to confirm this.
thanks a lot !Hello Marcus,
On the ASA as you are already aware we only have the choice of modifying the ICMP unreachable rate,
With the IOS the rate-limit for ICMP unreachable replies will be rate limited to one every 500ms
use:
show ip icmp rate-limit
Besides that I have not seen any other information that you could customize.
Regards -
Hi, I have someone who is worried about denial-of-service attacks. They have 11 vm's that share a connection and want to set it up so that there is a maximum amount of traffic allowed to hit each vm, so if there is a DDoS attack it will only affect that one VM instead of all the VM's on the same connection. What is the best way to go about this from the ASA? This is behind a 5515 with asa code version 8.6. Is there a way to rate-limit by ip address? Thanks!
The feature is called traffic policing. Basically, what you should do is this:
1. Define traffic to each server by using corresponding ACLs
2. Define class map for each server
3. Define policy map or use global policy to apply policing.
Example:
server 1 has ip 10.0.0.1 and provides http access from the outside
server 2 has ip 10.0.0.2 and provides https access from the outside
1.
access-list SERVER_1_TRAFFIC permit tcp any host 10.0.0.1 eq 80
access-list SERVER_2_TRAFFIC permit tcp any host 10.0.0.2 eq 443
2.
class-map SERVER1
match access-list SERVER_1_TRAFFIC
class-map SERVER2
match access-list SERVER_2_TRAFFIC
3.
policy-map global_policy
class SERVER1
police input 100000 (bps) 10000 (bps)
police output .....
class SERVER2
police input 200000 (bps) 10000 (bps)
police output .....
Here's the guide:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/conns_qos.html#wp1065257 -
Dynamic ARP inspection rate limit issues with Windows Vista Systems
Good Day to everybody.
I had implemented DHCP Snooping & Dynamic ARP inspection feature to mitigate ARP spoofing attacks to one of customer location where we have mix of Windows vista & XP systems. By default DAI feature rate limit ARP packets on un-trusted ports to 15 Packets per second. With this value I was facing some issue to access file shares where port will go in error-disabled state due to ARP broadcast from system was crossing 15 PPS limit of DAI. For the same, I had increased the DAI limit to 64 & after that we had not facing this problem from windows XP systems, but windows vista systems are still giving problem. Also this probem is very random in nature & not all the windows Vista system will face same issue even though they are accessing same file share & are configured with same DAI rate limit.
That's why I am not able to figure out baseline values for DAI rate limits. I had already search microsoft documentation for limiting this ARP broadcast from Windows Vista system, but no luck.
Is there any way to find out correct settings for this DAI packet rate limiting in Windows Vista enviorement ?Hello bensyseng,
check out this thread.
As topmahof said already it could correlate with a wrong Intel driver.
Follow @LenovoForums on Twitter! Try the forum search, before first posting: Forum Search Option
Please insert your type, model (not S/N) number and used OS in your posts.
I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.
English Community Deutsche Community Comunidad en Español -
Can I use this phone in Germany with a *local* SIM card for local rates if I get Verizon to unlock it or do I have to wait for the ever-elusive upgrade for this to be possible?
I have been with Verizon since 2006, my original HTC Incredible has been eligible for an upgrade since April, and I was planning to stay with Verizon since I'm overall happy with the service. However, this uncertainty about being able to use the phone globally (and specifically in Germany) with local SIM cards has me considering other carriers for the first time, who have not crippled their phones in this way. In particular AT&T I guess. I don't understand why Verizon would choose to limit their phone like this.
I would like to stay with Verizon, but I'm not going to wait indefinitely for a required update -- unless someone authoritative can tell me that I am able to use this phone with a local SIM card with local rates in German right now. That would make me very happy .. otherwise, I guess it's time to check out the Galaxy on the other carriers.
ps: I have searched the web, and this forum for related posting w/o the answer for this specific question about unlock helping with Germany.Hmm .. thanks for the info, I was afraid of that .. I'v really been wanting to upgrade my phone for a few months now ... and the S III seems like the best phone right now, but not without that feature. I would rather stick with Verizon though but I am looking at the other carriers because of this.
Also just found out that FM radio isn't available on the North American versions of the phone .. too bad, my DInc has it, and it helps limit data usage (and presumably uses less power than streaming, plus not all stations stream). It's not a required feature for me, but it was a nice option to have.. -
Time Out Error while waiting for response from DB Procedure
Hi Gurus,
We are encountering a problem in our production environment. The system is implemented using AIA foundation pack 2.5 on SOA suite 10.1.3.4.
We have a BPEL process A which calls an ESB Service which inturn calls BPEL Process B. In process B, we have a DB procedure call which waits for a response from
a DB procedure. The procedure doesn't reply on time and Process B remains in waiting state to get the response from DB Procedure wherein Process A errors out by showing as "Timed Out Error".
This issue is intermittent and we have already increased transaction-time outs in transaction-manager.xml to 7200 and ejb-orion-jar.xml to 3600.
When we encountered this problem, we found out that there are too many connections open and when we bounced the server, everything was restored to nornal but as it is a production env. we can't do it over and over again.
We have 2 nodes each having max connections as 100 and min. as 0.
Is there a limit to max no. of connections or can we do something in DB side to ensure that it doesn't happen again ?
Please suggest.
Thanks,
Vikas ManchandaHi Anuj,
I don't think it is a problem with connection reaching to max numbers because this issue is coming on very intermittent basis.we don't have any other processes using
the same connection pool and this issue is coming even when there is no load on the server. This is recent trace from the production environment. Also i don't have any thing called "abandoned-connection-pool" in my data-sources.xml.
<2011-07-07 13:09:16,101> <ERROR> <default.collaxa.cube> <BaseCubeSessionBean::logError> Error while invoking bean "delivery": Waiting for response has timed out. The conversation id is null. Please check the process instance for detail.
com.oracle.bpel.client.delivery.ReceiveTimeOutException: Waiting for response has timed out. The conversation id is null. Please check the process instance for detail.
at com.collaxa.cube.ejb.impl.DeliveryBean.request(DeliveryBean.java:109)
at sun.reflect.GeneratedMethodAccessor113.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:592)
at com.evermind.server.ejb.interceptor.joinpoint.EJBJoinPointImpl.invoke(EJBJoinPointImpl.java:35)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.JAASInterceptor$1.run(JAASInterceptor.java:31)
at com.evermind.server.ThreadState.runAs(ThreadState.java:693)
at com.evermind.server.ejb.interceptor.system.JAASInterceptor.invoke(JAASInterceptor.java:34)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.TxRequiredInterceptor.invoke(TxRequiredInterceptor.java:50)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.interceptor.system.DMSInterceptor.invoke(DMSInterceptor.java:52)
at com.evermind.server.ejb.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:119)
at com.evermind.server.ejb.InvocationContextPool.invoke(InvocationContextPool.java:55)
at com.evermind.server.ejb.StatelessSessionEJBObject.OC4J_invokeMethod(StatelessSessionEJBObject.java:87)
at DeliveryBean_RemoteProxy_4bin6i8.request(Unknown Source)
at com.collaxa.cube.ws.soap.oc4j.SOAPRequestProvider.processNormalOperation(SOAPRequestProvider.java:451)
at com.collaxa.cube.ws.soap.oc4j.SOAPRequestProvider.processBPELMessage(SOAPRequestProvider.java:274)
at com.collaxa.cube.ws.soap.oc4j.SOAPRequestProvider.processMessage(SOAPRequestProvider.java:120)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doEndpointProcessing(ProviderProcessor.java:956)
at oracle.j2ee.ws.server.WebServiceProcessor.invokeEndpointImplementation(WebServiceProcessor.java:349)
at oracle.j2ee.ws.server.provider.ProviderProcessor.doRequestProcessing(ProviderProcessor.java:466)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:114)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:96)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:194)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
at oracle.security.jazn.oc4j.JAZNFilter$1.run(JAZNFilter.java:400)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:414)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:623)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:370)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:871)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:313)
at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:199)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
Caused by: com.oracle.bpel.client.delivery.ReceiveTimeOutException: Waiting for response has timed out. The conversation id is null. Please check the process instance for detail.
at com.collaxa.cube.engine.delivery.DeliveryHandler.initialRequestAnyType(DeliveryHandler.java:576)
at com.collaxa.cube.engine.delivery.DeliveryHandler.initialRequest(DeliveryHandler.java:465)
at com.collaxa.cube.engine.delivery.DeliveryHandler.request(DeliveryHandler.java:134)
at com.collaxa.cube.ejb.impl.DeliveryBean.request(DeliveryBean.java)
Please suggest.
Thanks,
Vikas Manchanda -
Bandwidth Rate-Limit -w- WWR-Queue
How would one convert a layer-2 port's "switchport rate-limit" bandwidth statement, on a 6509 -w- WS-X6748-SFP ports, to a routed/layer-3 "wrr-queue" bandwidth statement policy? Basically trying to hard-core the port's speed to 20MB. Current/tested layer-2 port bandwidth setting:
rate-limit input 20000000 5000 5000 conform-action transmit exceed-action drop
rate-limit output 20000000 5000 5000 conform-action transmit exceed-action drop
Got lost in how to use/configure all WRR's four queues... just need to limit the port's bandwidth to 20MB. Any suggestions would be appreciated.
Thanks, Kevin1) Enabled QoS globally...
2960(config)#mls qos
2) Configure an ACL to define the matched traffic...
2960(config)#access-list 111 permit ip any any
3) Configure a class map for the matched traffic...
2960(config)#class-map traffic
2960(config-cmap)#match access 111
4) Configure a policy-map to define action...
2960(config)#policy-map Control
2960(config-pmap)#class traffic
2960(config-pmap-c)#police 10000000 8000 exceed-action drop
5) Attached the policy-map to the interface.
a) Example
-In this case, I'll attach the policy map to port_1....
2960(config)#int fa0/1
2960(config-if)#service-policy input Control
>>>>>> This will rate-limit traffic coming from the PC
Maybe you are looking for
-
Can not update my system and not able to repair disk
I havn't used my macbook pro for about a year, and recently I need to travel to another place and need it with me. I see in AppStore that there is an update for my ios, I downloaded it, and run the install. however, when updating my system. I run int
-
XI message Interface as webservice
Hi, How can XI be used to publish Message Interface as a web service? Mustafa
-
I have stored 5 value in option box like 1,2,3,4,5 ,by default 5 is selected I change the value 5 into 3, Now I want when i refresh the page the value displayed is 3 not 5 . How it possible. plz help me soon
-
OGIS_GEOMETRY_COLUMNS
Does anyone know if the MDSYS.OGIS_GEOMETRY_COLUMNS is ever checked by any of the MDSYS.SDO_Geometry or MDSYS.ST_Geometry functions? I am mostly interested in knowing if there is any reason I should be populating this table if I create an SDO or ST g
-
Engine and NSMAdmin client refuse to install/work on DC
Hi, I have a strange problem setting up Storage Manager 3.0.3 at a customer. The customer has a server 2008 R2 64 bit DC especially for IDM purposes (IDM Remote Loader, Exchange tools for creating mailboxes and also intended to be the Storage Manager