traffic shaping w/ router as a transparent bridge

Unanswered Question
Nov 16th, 2007
User Badges:

Ive got some issues with traffic shaping, I assume Im just missing

something silly but cant seem to find the issue. Im hoping some kind

person can point out the obvious


Ive reviewed: Configuring Generic Traffic Shaping


http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt4/qcfgts.htm#wp1001057

... as well as ...

http://www.velocityreviews.com/forums/t30137-using-a-cisco-router-as-a-throttling-bridge.html

http://www.velocityreviews.com/forums/t35922-rate-limit-question.html

http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/82d477e610269a13/7e8a1f7a26eabee3?lnk=st&q=cisco+traffic+shape+group#7e8a1f7a26eabee3


Heres my network layout:

see attached if this ascii diagram is messed up in the post


hh1 (10.0.0.3 ) |

(0017.0830.cb00) |

|

h2(10.0.0.4)------ |- (f0/0) r1 (e1/0) --(10.0.0.1) r2 - inet

|

h2 (10.0.0.5) -----|



i need to shape in and out bound traffic for various hosts

independantly (ie h1, h2, h3). i also need to do this with a bridge

since i dont want to create any more confusion than needed by fooling

with more subnets, consuming extra addresses, or nat. i have a spare

router (r1) which is:


bw_throttle>sh ver

Cisco Internetwork Operating System Software

IOS (tm) 3600 Software (C3620-IS-M), Version 12.3(17), RELEASE

SOFTWARE (fc2)


and has the following relevant config:


no ip routing

!

interface FastEthernet0/0

no ip address

traffic-shape group 1 500000 18000 18000 1000

traffic-shape group 700 500000 18000 18000 1000

bridge-group 1

!

interface Ethernet1/0

no ip address

traffic-shape group 1 500000 18000 18000 1000

traffic-shape group 700 500000 18000 18000 1000

bridge-group 1

!

access-list 1 permit 10.0.0.3

access-list 700 permit 0017.0830.cb00

!

bridge 1 protocol ieee


this doesn't shape traffic to the expected 500kbps for h1; the only

way i can seem to shape any traffic is with something like the

following on both interfaces


traffic-shape rate 500000 18000 18000 1000


unfortunately this is not what i need; i instead need to shape traffic

for specific hosts, preferably specifiying those hosts by ip address,

not mac address, but at this point ill take whatever i can get



perhaps i just cant do what im trying to pull off? since im trying to

make a router act as a layer 2 device and shape traffic based on layer

3 addresses. perhaps thats not a possibility?




Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
m.brentlinger Tue, 11/20/2007 - 09:41
User Badges:

Ive not gotten any help with doing this with cisco equipment... though

ive moved on to doing it with BSD


Building a transparent traffic-shaping bridge

http://www.cardus.com/2007/09/24/building-a-transparent-traffic-shaping-bridge/

http://www.openbsd.org/faq/faq4.html


There was a bit more to building the openbsd box, but with some help

from the following I figured it out

http://www.openbsd.org/faq/pf/queueing.html

http://insecure.ucdavis.edu/openbsd/openbsd-4-0-firewall


Things not in the guide were I had to add pftop...

# pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/4.2/packages/i386/pftop-0.6.tgz

and to see queue info once you run pftop you have to use the left and

right arrow keys


I also had to find info on how to change and reapply rules


Configure rules for pf:

write your rules and save them in pf.test

To test your rules type:

# pfctl -nf /etc/pf.test

When you are confident that you want to apply the rules type:

# cp pf.conf pf.old && cp pf.test pf.conf

To load your rules type:

# pfctl -f /etc/pf.conf


Hope that helpls someone. If ayone figures out how to do it with something better

or with cisco equipment id love to know how.

Actions

This Discussion