Ratelimiting Internet Bandwidth

Answered Question
Feb 8th, 2008
User Badges:

Hi

I have an internet link of 20 MB bandwidth.Can I configure such that a certain set of servers dont utilize more than 15 Mbps of the BW at any point of time and the remaining 5 Mbps available for a diffent set?I heard per port output ratelimiting will do the trick ...but how do i ratelimit traffic from specific source addresses?also how can it be achieved for inbound traffic?

Correct Answer by noxkrugger about 9 years 5 months ago

Yes, you can use MQC to do that:


1) Define class map to classify the packet based on application that you want


class-map server

match ip address 101


class-map class default



2) Define policy map to bind the policy into the class specified:


policy-map limitbandwidth

class server

police 15000000 comform-action transmit exceed-action drop


class class-default

fair-queue


3) Bind the policy map inbound to your outside interface facing internet.


interface fa x/x

service policy input limitbandwidth


4) Create access list to categorized the interesting traffic for class map.

Let say your Server IP are 10.0.0.1,10.0.0.2,10.0.0.0.3


access-list 101 permit ip any host 10.0.0.1

access-list 101 permit ip any host 10.0.0.2

access-list 101 permit ip any host 10.0.0.3





I think this can help.


Just my 20 cents.


Cheers.




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Edison Ortiz Fri, 02/08/2008 - 10:42
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

You can rate-limit source-specific traffic with Cisco Modular QoS CLI (MQC).


Please take a moment and have a read to this URL

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hqos_c/index.htm

in order to understand how Quality of Service works in IOS.


I recommend rate-limiting outbound traffic as inbound traffic (if rate-limited) has already consumed the bandwidth of the link, so what's the point?


HTH,

__



Edison.

Correct Answer
noxkrugger Sat, 02/09/2008 - 14:09
User Badges:

Yes, you can use MQC to do that:


1) Define class map to classify the packet based on application that you want


class-map server

match ip address 101


class-map class default



2) Define policy map to bind the policy into the class specified:


policy-map limitbandwidth

class server

police 15000000 comform-action transmit exceed-action drop


class class-default

fair-queue


3) Bind the policy map inbound to your outside interface facing internet.


interface fa x/x

service policy input limitbandwidth


4) Create access list to categorized the interesting traffic for class map.

Let say your Server IP are 10.0.0.1,10.0.0.2,10.0.0.0.3


access-list 101 permit ip any host 10.0.0.1

access-list 101 permit ip any host 10.0.0.2

access-list 101 permit ip any host 10.0.0.3





I think this can help.


Just my 20 cents.


Cheers.




Joseph W. Doherty Sun, 02/10/2008 - 17:40
User Badges:
  • Super Bronze, 10000 points or more

What Noxkrugger suggested will indeed limit bandwidth to your servers, but if you're trying to do this to allow/reserve 5 Mbps of your inbound WAN bandwidth for other traffic, you find it's often not very effective (a point I think Edison was trying to make). Usually to be effective, it needs to be applied outbound on the other side of the WAN link, i.e. before your physical bottleneck, not after.

sumesh_un Sun, 02/10/2008 - 22:42
User Badges:

So does it mean that ratelimiting needs to be applied on the ISP outbound interface as well as the customer outbound interfaces?

noxkrugger Mon, 02/11/2008 - 00:13
User Badges:

Exactly right, my suggestion is just to rate limit inbound as if ISP only provide "best effort" QOS. If you buy package that ISP can QOS your traffic (that means outbound to your Internet Router), then you can do MQC outbound of your outside interface.



royalblues Mon, 02/11/2008 - 03:48
User Badges:
  • Green, 3000 points or more

You can also look into products like packeteer / Riverbed which can intercept the TCP handshake and make sure the TCP window size never increases beyond a certain limit.


This would help in maintaining some sort of restriction for inbound traffic. Else as suggested above, the service provider needs to configure QoS at his end.


HTH

Narayan

Actions

This Discussion