Limit the bandwitch

Unanswered Question
Jun 23rd, 2008

Hi all,

I have a 2801 router.

I have a 34MB link from ISP plugged at my interface f0/1, but I would like to use only 12MB. Can I restrict the bandwitch on the router?

Thanks

Tauer

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.6 (6 ratings)
Loading.
Paolo Bevilacqua Mon, 06/23/2008 - 08:30

Under interface going to ISP, configure "traffic-shape rate 12000000". Do the same under interface connected internal things.

Note a 2801 properly configured should be able to handle a lot than more 12 mbps bidirectional.

Hope this helps, please rate post if it does!

Pravin Phadte Mon, 06/23/2008 - 08:29

Hi,

Rate-limit

confg t

int fa0/1

rate-limit input 12000000 1400000 1400000 conform-action transmit exceed-action drop

rate-limit output 12000000 1400000 1400000 conform-action transmit exceed-action drop

Hope this helps

Regards,

Pravin

Tauer Drumond Mon, 06/23/2008 - 08:32

Hi Pravin,

can you explain all the commands?

I also have a 2950 between the router and ISP. Can I restrict on it?

Paolo Bevilacqua Mon, 06/23/2008 - 08:35

The commands will do shaping on the traffic, you can check in the documentation.

On the switch there are "srr-rate" commands however I do reccomend you use the router exclusively to limit bandwidth, as it is more flexible. For example, you can limit all employees to 2 mbps, but the boss only has no limitation.

Pravin Phadte Mon, 06/23/2008 - 08:38

Hi,

The rate-limit will not work on 2950. For this there is one more commnad which helps but not as rate-limit.

"srr-queue"

Below is linkt to the doc which may help.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_44_se/configuration/guide/swqos.html

For rate limit commnad.

The 3 values are 1st one for

bps : -Average rate in bits per second. The value must be in increments of

8 kbps. It is measured in bits.

burst-normal:Normal burst size in bytes. The minimum value is bps divided by 2000.

burst-max: Excess burst size in bytes.

The above example is a rough figure but should work right for 12 Mb as requested.

Below is a link which explains more on rate-limit.

http://www.cisco.com/en/US/docs/ios/12_0/qos/command/reference/qrcmdr.html#wp1017761

Hope this helps

Regards,

Pravin

Paolo Bevilacqua Mon, 06/23/2008 - 08:32

I do not recommend to use rate limit as suggested above because it has adverse effects on tcp performances.

Pravin Phadte Mon, 06/23/2008 - 08:41

Hi paolo,

I have been using this in lot of sites and never found any performance issuie. I would also add that this were not for much cricital sites but still the router was running clean and also the interface with the limit on them.

If possible can you explain about the tcp performance issue ?

Regards,

Pravin

Paolo Bevilacqua Mon, 06/23/2008 - 08:52

With rate limit and no buffer, any bandwidth excess (normal burst) is cut abruptly and leads to retransmission, consequently waste of bandwidth, and it makes impossible for TCP to work properly. It is like having a WAN circuit without packet queuing (bad thing). This effect is largely documented in networking papers.

Traffic shaping instead buffers excess traffic ,to send it when possible.

You can compare with tcperf between the two options and see the difference.

Tauer Drumond Mon, 06/23/2008 - 10:51

So... Do u advice me to use "traffic-shape" instead "rate limit"? Or can I test both to see what fit better on my netowrk?

Paolo Bevilacqua Mon, 06/23/2008 - 10:57

As said above, I recommend traffic-shape. If you have proper equipment and time, you can of course test both methods.

As a recognition to those providing naswers, please rate useful posts!

Joseph W. Doherty Mon, 06/23/2008 - 18:41

I too would normally recommend a shaper over a policer, but that's more due to the fact that shapers often seem to implement WFQ where policers mimic single queue FIFO. Also, with policers, to really optimally use them, you need to understand how to tune the interval or burst sizes.

That said, there are situations where you'll be forced to use a policer. For instance, assume you want to have an aggregate bandwidth limit for multiple output interfaces, might be accomplished with an inbound interface policer (if only one inbound source interface) or with an aggregate policer (supported on some L3 switches).

In your case, the ideal might be an outbound shaper on both your router with the connection to the ISP, and on the ISP's outbound to you. (If the ISP won't limit bandwidth to you, then there's the question of why restrict it after you've already received if. If the ISP has tiered rates, restricting bandwidth after it's been delivered to you from the ISP is likely to have already been charged against your usage.)

Tauer Drumond Tue, 06/24/2008 - 04:09

Hi Joseph,

The main goal to restrit the bandwitch is that my router has many other links coming to him and the fastehternet is becoming full.

My organization bought a 34MB dedicate link, but the router will not support an aditional 34MB, it will only support 12MB.

So...ill try to do what you and the other guys said, to apply a shaper on outside and inside interface as well.

Thank for reply

Paolo Bevilacqua Tue, 06/24/2008 - 04:12

Oi, I wanted to come back to the fact you believe the 2801 supports only 12 MB, how did you arrived to this conclusion ?

Tauer Drumond Tue, 06/24/2008 - 04:29

Oi, Maybe im wrong but we have 4 link with differents clients: 2x34MB, 1x12MB, 1x8. This is equal 88M, and the router interface is 100MB. so, I have only 12MB to add.

Joseph W. Doherty Tue, 06/24/2008 - 04:49

A bit confusing, unless you have something like a WAN FastEthernet handoff, which actually delivers 100 Mbps capacity, and you're trying to partition the bandwidth between customers.

One issue to consider, even though a 2801 has FastEthernet interfaces, it doesn't really have the performance to sustain FastEthernet line rates. I believe there's a less of a performance requirement to police inbound vs. shape outbound, so this might be an instance where a policer might be better for your needs. Also, if possible, to also minimize performance required on your 2801, it would be best to control inbound traffic on far side device's outbound.

Paolo Bevilacqua Tue, 06/24/2008 - 05:03

One thing is that it's unlikely you can use 100 mbps interface a wire speed in a 2801.

Seems like you need to clarify better how your network is designed and why you got such a small router for so many fast links.

Tauer Drumond Tue, 06/24/2008 - 05:28

Hi,

sorry about confusing. Check the attachment.

I have 4 link from ISPs. And we bought a new one (34Mbps). If we calculate the result will be 122Mbps and the interface of router is a 100Mbps one.

Attachment: 
Pravin Phadte Tue, 06/24/2008 - 05:37

Hi,

Looking at the diagram makes me feel that there would be a bootleneck, conjestion, packet drop and high cpu utilization on the switch and the router.

Would still wait for some experts comments on this.

Regrads,

Pravin

Tauer Drumond Tue, 06/24/2008 - 05:43

Actually, I segment every external network on VLANS (on 2950) and subinterfaces at router. It helps me a little bit and dont have many problems with what you said above.

Anyway, my only trouble is not allow the sub-interface on router flow more than 12Mbps.

Thanks once more

Tauer

Pravin Phadte Tue, 06/24/2008 - 06:19

Hi,

I guess this is for inbound and outbound traffic limit which you are looking for.

It was pointed out well above about the rate limit and i was able to test it and had few latency in ping in rate-limit.

The below link has one more way where you can limit the BW. It says only "outbond".

I was not able to test this. It has one way of adding access-list for the traffic shape.

If you would like to test it not so sure what would be the result but you can apply the access-list for tcp any any and udp any any and apply it on interface with access-group in and out and check if it limits the bandwidth.

http://www.cisco.com/en/US/docs/ios/12_1/qos/configuration/guide/qcdgts.html

I a bit tuff for me to belive that the network is working fine without any errors in the above setup.

Anyways as long as it working fine its good.

Hope this helps.

regards,

Pravin

Paolo Bevilacqua Tue, 06/24/2008 - 10:54

Hi, what Joseph and I are telling you is that the 2801 will not be able to handle the 100 mbps in full duplex at or near wirespeed, so no matter of shaping or not, you need to upgrade to a bigger router. Your expensive circuits need a faster hardware to be used in full.

See attached document for performance guidelines on routers.

Tauer Drumond Tue, 06/24/2008 - 11:00

Hi, but is the way im thinking wrong?

Cause im just adding the values and getting a result: 34+34+12+8=88Mbps. If I add more 34Mbps, I think I'll have a problem, cause my fastethernet is a 100Mbps only.

Thanks once more.

Tauer

Paolo Bevilacqua Tue, 06/24/2008 - 11:18

You will have a problem anyway, because router performance is measure in packets per second (PPS).

Once you go above a certain number of PPS to hit the router, when the hardware is not fast enogu (the 2801 is not very fast), the router CPU will go very high, and packets will be dropped and things will work poorly. At that point, either if you shape or rate limit, that will not change anything, because the damage is done already.

You could then rate limit on the switch, but my suggestion is to get a faster router. Else, why did you took so many fast circuits ?

Pravin Phadte Tue, 06/24/2008 - 11:14

Hi,

Experts plz suggest for the best.

I got the above Generic Traffic Shaping (GTS) tested.

Connected 2 routers serial back 2 back.

Rouetr 1 config.

interface Serial0/0

bandwidth 16

ip address 20.1.1.1 255.255.255.0

ip access-group 101 in

ip access-group 101 out

encapsulation ppp

serial restart-delay 0

traffic-shape group 101 9000 1125 1125 1000

access-list 101 permit tcp any any

access-list 101 permit udp any any

access-list 101 permit ip any any

The BW is been set to 9 Kb since i would be testing on extended ping. Bandwidth command is put to check the rx and tx can be ignored.

I tried this also with 8000 since it was min and the results did not go above 8 K. Same i tried by chaing it to 9K and the results did not go above 9k

Attached is the logs.

regards,

Pravin

Attachment: 
Paolo Bevilacqua Tue, 06/24/2008 - 11:20

Hi, you cannot test with pings. You need proper traffic generators on both sides of the circuit. That is not very easy to do, but it is the only way to get valid results.

Pravin Phadte Tue, 06/24/2008 - 11:24

Hi,

Thats some prob i cant use it on my live network unless i have a request for some new. Well yes compared to rate limit there were no ping drops.

I totaly agree that its not the best way to test. Its the only option i had.

Anyone if someone gets it tested would help me.

Regards,

Pravin

Tauer Drumond Tue, 06/24/2008 - 11:35

Hi, p.bevilacqua

We have many fast circuits cause we have many clients interconected with us.

Anyway, I think the best thing to do would be to test all sugestion posted here. There are many ways to do like you all said, and its up to me to choice what will fit better on my network and will not cause bad impacts.

Thanks

Paolo Bevilacqua Tue, 06/24/2008 - 12:16

Hi Pravin, it's very good that you try to test things. In this case however, you can trust the advice, in general shaping is "better" than rate limiting.

Pravin Phadte Tue, 06/24/2008 - 22:38

Hi Paolo,

you can trust the advice, in general shaping is "better" than rate limiting.

YES not me everyone should.

I never came across any complains for rate limiting though that was a best solution. If you would have not pointed it out I would not tried any alternative solution.

Thanks A LOT.

Regards,

Pravin

Paolo Bevilacqua Wed, 06/25/2008 - 01:44

Hi Pravin,

the reason why you haven't got complains with rate limiting, is because generally speaking, users are not there sitting with a stopwatch measuring TCP performances, and you haven't given them the opportunity to try an alternative :)

Thanks for the appreciation and good luck.

foxbatreco Wed, 06/25/2008 - 02:21

Guys...it was a very informative discussion for me after i went thru the post until now.

The contention here with policer/shaper has taken turn here.I can say with definite that bevila's advice on shaping is fine enough.Even i have used policing/shaping in some pretty high bandwidth conditions and it seems during high levels of usage, policer drops the traffic causing lot of retransmissions,cos once the conformed crosses by, it works on the burst/excess rates and causes tcp traffic to sort of slowdown nefariously although not coming to a complete halt.

Shaper on the other hand enques and smoothens the bunch.

This was just my contribution to the post.No grudges to anyone.

Pls rate/mark if this helps!!

Tauer Drumond Thu, 06/26/2008 - 03:30

Hi all,

I just wanna say thank you about the help you gave to me. All opinions and experiences send were very helpfull.

Thank a lot once more.

Tauer

Actions

This Discussion