05-14-2008 02:43 PM - edited 03-05-2019 10:59 PM
In the context of a small hosting company we have a 7206VXR, a WS-3524-XL switch, and customers connected to access ports on the switch. I'd like to provide customerA on port Fa0/1 1mbpsx1mbps, customerB on port Fa0/2 3mbpsx3mbps etc.
Right now I'm running dot1q vlans over a trunk port from the switch to the router where I am doing basic rate-limit input and rate-limit output. However this doesn't scale well especially when considering redundancy, VRRP etc. So I'm looking to do all the rate limiting on the access switch.
I realize i can do input policing on the access port (upload from the customer perspective) but i'm not sure how to limit the customers donwload. Do i need a switch that does egress policing or can i ingress police a vlan, even on the trunk port?
Any ideas are welcome
Chris
05-14-2008 03:07 PM
However this doesn't scale well especially when considering redundancy, VRRP etc.
Can you elaborate?
So I'm looking to do all the rate limiting on the access switch.
Not pretty on a switch, specially on the 3500 Series.
__
Edison.
05-14-2008 03:43 PM
To elaborate on the scalability, if i have redundant gateways (7206s running VRRP) I'll need to duplicate all the rate-limiting configuration to both routers. If i can place the rate limiting on the switch then all I have to configure is the vlan and IP. Agreed, it is only 2 more lines per VLAN, but i'm trying to keep it as minimal as possible.
If it's a real hassle with the 3500s then I guess keeping it on the 7206 is the way to go. I'm open to any architectural suggestions. Perhaps it's best to get a fast L3 distribution switch and connect each of the 3500s to it.
05-14-2008 06:35 PM
Perhaps it's best to get a fast L3 distribution switch and connect each of the 3500s to it.
If you want to avoid work duplication (i.e. your 7200VXR design), then that's the best approach.
However, I don't see a big deal on having the exact rate-limiting configuration on both routers.
__
Edison.
05-15-2008 07:11 AM
Edison, thanks for the rapid replies. For argument's sake, let's say in another case i cannot do per-vlan rate-limiting on a router. Is the 3500 capable of per-vlan rate-limiting on a trunk port? In other words could i limit all of customerA's ports including their vlan on the trunk port to 1mbps in and out, while also limiting all of customerB's ports to 3mbps in and out? If the 3550 can't do it, any idea what can? Thanks again.
-Chris
05-15-2008 08:06 AM
Please take a moment and read this article on how policing (a.k.a rate-limiting) is done on the SVI in order to achieve per-vlan policing in the 3560.
HTH,
__
Edison.
05-22-2008 02:32 PM
Edison,
Thanks again. I see this doc is for the 3560. The correlating doc for the 3750 says it only does ingress policing. I cannot find any mention of SVI QoS on the 3750. I _really_ need a switch that i can hang a bunch of subnets off of, each in a separate VLAN, that I can rate limit traffic into and out of the VLAN and let the switch do the L3 routing. See attached Visio. ANY SUGGESTIONS are welcome...i've been struggling with this for a while....
05-22-2008 02:52 PM
This link:
explains how to configure ingress policing with MQC and egress bandwidth limiting per interface (SRR).
I'm afraid those are the only features available in the box for QoS.
For more extensive QoS, a router would be the best choice here.
__
Edison.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: