Restricting Bandwidth

Unanswered Question
Mar 19th, 2008
User Badges:

I'm looking to restrict a particular service/IP's (matched by ACL) to a specified chunk of bandwidth.


I've found before that police will do this, but only partially. I think I found that police will hold an ACL matched service to it's max bandwidth, but then it will either drop the packets that are over the limit or dish them off to the fair-queue.


I'd like to restrict the ACL matched service to it's specified max bandwidth, and for anytyhing over that it will keep it in its own queue till the bandwidth free's up on it's policy and then pass the packets.


Anyone know if this is possible?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 03/19/2008 - 11:24
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


I think the closest thing to what you want is to use traffic shaping rather than policing. Have a look at this document which explains the difference between the two. Please come back if you have further questions.


http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800a3a25.shtml


HTH


Jon

snooter Wed, 03/19/2008 - 11:53
User Badges:

Thanks for the reply.


You're right, shapping does sound like the right thing for us, but, when I click on the link there to "configure traffic-shapping" the comands are:


Router(config-pmap-c)# police bps burst-normal burst-max conform-action action exceed-action action violate-action action


The options for exceed-action and violate-action do not keep the packets in their respected queue. It reassigns a precidence, QoS group, or dscp value. Even if I set it to the lowest presidense or least important dscp value, it still gets dished into the first in/first out queue and it utilizes the bandwidth just the same.


Traffic-shapping only applies to the interface, which would be the entire set of bandwidth I have. I don't want to mess with the QoS I already have setup for our time sensitive info, I just don't want this traffic that's matched by ACL to cut into the time sensitive traffic in anyway. The ACL matched info needs to remain in it's own queue no matter what.


So...


I'm thinking I may need another interface connected to it's own private data link, then use policy-based routing and just seperate it based on service/source/destination.



Joseph W. Doherty Wed, 03/19/2008 - 11:52
User Badges:
  • Super Bronze, 10000 points or more

What you're describing might be accomplished with CBWFQ.


You can define a class to have a minimum amount of bandwidth when there's congestion from other traffic, but the class will use excess available bandwidth. If the minimum provides less bandwidth than the class is attempting to use, it will queue within that class.


e.g.


class-map ftp

match protocol ftp


policy-map T1

class ftp

bandwidth percentage 50 (can also use absolute values)


If ftp wants 25% of the T1, it shouldn't queue. If ftp want 50% of the T1, it also shouldn't queue.


If ftp wants 75% of the T1, and the additional 25% is available, it shouldn't queue. If there is no excess available, the extra 25% ftp should queue. If there is some excess available, is will obtain some, and will queue what it couldn't obtain.


You can also define the queue allocation for the ftp class and whether WRED should be used for drop management.

snooter Wed, 03/19/2008 - 12:59
User Badges:

what about this crazy idea.. if it's possible. Creating a third subinterface (already have two) and configuring it with the traffic-shape? it'd still hit the default route for outbound..


here's my config, do you thinka third interface would work for this? say, some 192.168 address and just use ACL's to match the source and route it to the 192.168 interface... Possible? (in the config below, our data network is the 10. and the voice is th 172 - the replications data is coming from a 10.10.1.x address)


!

interface FastEthernet0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

speed auto

no cdp enable

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 10.10.1.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

no cdp enable

!

interface FastEthernet0/0.172

encapsulation dot1Q 172

ip address 172.16.1.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

no cdp enable

!

ip route 0.0.0.0 0.0.0.0 Serial1/0

Joseph W. Doherty Wed, 03/19/2008 - 15:51
User Badges:
  • Super Bronze, 10000 points or more

Thought you wanted to use excess bandwidth?

Actions

This Discussion