How to restrict bandwidth

Unanswered Question
Feb 14th, 2007

we have a very simple setup

L3 switch --> Pix firewall --> internet router (cisco 2801)---> ISP

We just have a default static route in L3 switch to point to pix so that all internet traffic gets routed to pix.

Now we have a bunch of users using various vpn clients to connect so that they can work in client's/partner environments. I just want that the total bandwidth consumed by such VPN traffic does not exceed 20% of total bandwidth. I want to restrict it for upload and download traffic both. I know all the destination VPN gateway IP addresses for such connections. Let me know what is best method to do it.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mheusinger Wed, 02/21/2007 - 07:58

Hi,

just a note: CBWFQ gives minimum bandwidth guarantees, but NO upper limit.

So the more appropriate feature to achieve your stated goals would be a shaper (or policer).

With shaping you define an upper bandwidth limit, excess traffic is queued. A policer would drop excess traffic and might not be appropriate in your case.

You could apply a shaper in each direction on your 2800. For configuration details have a look at "Policing and Shaping Overview" and consecutive chapters.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080465b25.html

Another idea (slightly modifying your stated requirements): why not using CBWFQ and give 80% minimum guarantee to all traffic except VPN? This way you would not impose an upper limit on VPN traffic, IF no other traffic needs to be served?

Hope this helps!

Regards, Martin

virenderj Wed, 02/21/2007 - 20:00

thanks a lot folks for your expert views. It would be great if someone can post a sample config to accompalish the shaping matching to either a percent of bandwidth or a fixed kbps.

Actions

This Discussion