Simple traffic shaping on border router

Unanswered Question
Mar 17th, 2008
User Badges:

I've got two 3845's, each with a DS-3, carrying two subnets on them for my border routers. Some simple traffic shaping was set on the two Gig interfaces to allow for bandwidth limiting. I.E.- i wanted to be able to put a cap on the amount of BW each port would use. Unfortunately, the policy is not actively working. A # of times recently, one interface has used up the entire DS-3.

Below are the pertinent command lines:

interface GigabitEthernet0/0

description ***Corporate Traffic***

ip address X.X.X.1

duplex full

speed 100

media-type rj45

traffic-shape group 151 15480000 15480000 15480000 1000


interface GigabitEthernet0/1

description ***Connection to ECOM***

ip address N.N.N.1

duplex full

speed 100

media-type rj45

traffic-shape group 161 30600000 30600000 30600000 1000


interface Serial1/0

description ***ISP CIRCUIT - DS-3***

ip address ....

dsu bandwidth 44210

traffic-shape group 150 15480000 15480000 15480000 1000

traffic-shape group 160 30600000 30600000 30600000 1000

access-list 150 remark *** Rate Limit Corporate Inbound ***

access-list 150 permit ip any X.X.X.0

access-list 151 remark *** Rate Limit Corporate Outbound ***

access-list 151 permit ip X.X.X.0 any

access-list 160 remark *** Rate Limit ECOMM Inbound ***

access-list 160 permit ip any N.N.N.0

access-list 161 remark *** Rate Limit ECOMM Oubound ***

access-list 161 permit ip N.N.N.0 any

Any advice?

Thanks in advance!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
paolo bevilacqua Mon, 03/17/2008 - 17:01
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member


it seems to me your acl are swapped around. try:

int s1/0

traffic-shape group 151 ..

And remove traffic-shape under lan interface, these don't make much sense as the traffic has reached the router already.

Joseph W. Doherty Mon, 03/17/2008 - 18:10
User Badges:
  • Super Bronze, 10000 points or more

Trying to throttle inbound bandwidth on the receiving router is very difficult. (Especially using shapers; policers would work a bit better, but you'll still see inbound bursting on the WAN link.)


For (WAN) outbound, you might want to consider allowing traffic to not be limited by the shaper if the other group isn't using its bandwidth (although maintain the 1:2 [15:30 Mbps] ratio when both want more). This can be accomplished using CBWFQ.


This Discussion