QOS using CBWFQ - Configuration Posted with Live Scenario's (High Priority)

Unanswered Question
Jul 23rd, 2007

Hello All,

I have implemented the below Configuration on my Internet Router. My Setup is, I have a Internet Link of 10 Mbps Capacity.

I have to split the 10 Mbps as: 6 Mbps Backup VPN over Internet to Europe and 4 Mbps for Internet Usage.

This QOS is designed in such a way like, during Backup VPN Link is Active the 6 Mbps VPN can expand upto 8+ Mbps more based on Peak incoming and outgoing traffic and whereas rest ot the availaible bandwidth for Internet usage.

During Primary MPLS is Up and no usage of Backup VPN Link over Internet, the Internet Usage should be limited to 4 Mbps only at any point of time. ie., in every situation atleast i will have a dedicated Backup VPN of 6 Mbps availaible.

I have seen the Utilization of Internet has crossed more than 4 Mbps for Week # 729. As i know this operates on QOS using CBWFQ concept which uses Token Bucket Algorithm. The Traffic more than 4 Mbps is just an Burst Traffic but i would like to clearly understand why this is happening for entire Week (for long Hrs).


IS my CONFIGURATION is designed as per my REQUIREMENT ?

Please see the COnfiguration and provide me a clear explanation. Thanks in Advance for Help.

Utilization Values: (as per MRTG)

Max In: 5028.6 kb/s (50.3%) Average In: 1824.9 kb/s (18.2%) Current In: 3951.6 kb/s (39.5%)

Max Out: 1652.2 kb/s (16.5%) Average Out: 354.5 kb/s (3.5%) Current Out: 684.8 kb/s (6.8%)

ACL required:

access-list 120 permit ip host <ip_address> host <ip_address>

!! ACL 120 identifying VPN Traffic

access-list 121 permit ip any any

!! ACL 121 identifying non ? VPN Traffic

QOS Configuration:

class-map match-all VPN_BACKUP

match access-group 120

policy-map QOS_CHENNAI


bandwidth 8000

class class-default


Apply the Policy to the Interface:

interface FastEthernet0/1

speed 10


service-policy output QOS_CHENNAI

!!inside Interface of Internet Router - connected to DMZ Switch

Apply Rate-Limit ( i.e., CAR) to the Interface:

interface FastEthernet0/0

!!outside Interface of Internet Rouer - connected to Service provider

rate-limit input access-group 120 8000000 1000000 1000000 conform-action transmit exceed-action drop

!! VPN backup limited to 8Mb

rate-limit input access-group 121 4000000 500000 500000 conform-action transmit exceed-action drop

!! Internet traffic limited to 4Mb

Best Regards,

Guru Prasad R

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Fraser Reid Mon, 07/23/2007 - 23:16

Internet traffic is going over 4mb because there is a burst rate also configured

I would have this a little differently done and make the VPN traffic

Priority percent 60

then everything else as class default.

But from the way you have this I noted the following -

CAR limiting in total is over 10mb this will not work as well as expected.

Give VPN CAR 6mb then burstable to 8mb and not as shown a static 8mb.

Any other suggestions from other forum members ?

bellocarico Tue, 07/24/2007 - 01:06

If you use the bandwidth percentage, remember to set the interface command "bandwidth" otherwhise as this is a fastethernet port, the IOS thinks to be at 100Mb and not 10Mb.



This Discussion