07-08-2008 11:32 AM - edited 03-03-2019 10:38 PM
Please advice!!!
Here is the network diagram:
T3--> Router A ---> ASA firewall ---> Router B ---> Switch
We want to create one subnet for customer only internet access, but we would like to limite the outbound/inboud traffic by 512K. We don't have any third party programs to manage it. Are there any ways we can make in the Cisco equipments so we can only allow 512K bandwidth for customers?
07-08-2008 12:02 PM
you can do thaffic shaping on RouterB or policing on ASA
07-08-2008 12:04 PM
Hello Ken,
the answer is yes for the outbound direction only.
once that your customers have an IP subnet you can use the modular QoS to provide this
You can use a shaper that will delay packets if overcoming (exceeding ) the BW limit.
You could also use a policer but in this case exceeding packets are usually dropped so this is much more aggressive.
Take in account that usually more bandwidth is used in the downstream inbound direction that is under the control of your internet ISP.
So an outgoing limit of 128 kbps could help in reducing BW used in inbound.
A good starting point is the following link
http://www.cisco.com/en/US/docs/ios/12_3/featlist/qos_vcg.html
for class based shaping
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfcbshp.html#wp1003081
let's suppose this customer subnet is 10.33.34.0/24
access-list 133 permit 10.33.34.0 0.0.0.255 any
class-map customer-traffic
match ip address 133
policy-map shape_customer_outbound
class customer-traffic
shape average 128000 16000
let's suppose that gi0/0 is the outgoing interface of the internal router connecting to ASA
int gi0/0
service-policy
shape_customer_outbound out
of course you may need to tune this !
hope to help
Giuseppe
07-08-2008 12:08 PM
Hello,
two mistyping I did
access-list 133 permit ip 10.33.34.0 0.0.0.255 any
int gi0/0
service-policy out shape_customer_outbound
hope to help
Giuseppe
07-08-2008 12:22 PM
Hi Giuseppe,
Thank you so much for help! Is there any way we can set the policy in ASA to manage the inbound traffic? like configure the interface in ASA, which is connected to the router B.
thanks,
Ken
07-08-2008 12:32 PM
Hi Giuseppe,
Woops, Here is our real network diagram:
T3--> Router A ---> ASA firewall ---> Router B ---> the cloud ISP ---> Router C---> Switch
The new subnet will be created in the router C. I believe all the configuration you provided will be applied in the router C, can I configure the router B to manage inbound traffic even though router B and C need to join to the AT&T cloud?
thanks,
Ken
07-09-2008 05:32 AM
any better solutions? Please advice!
07-09-2008 08:27 AM
Ken,
what really counts is how much bandwidth is used on the T3 WAN link by the customer subnet users.
Unfortunately, only the ISP can control the amount of BW used in the downstream direction. So policing or shaping on the ASA can be done but does not avoid the BW usage on T3.
You can apply the policy map on RouterB interface to ASA, IP addresses don't change at every router hop (if you don't do NAT and before NAT).
Instead, if you want to save BW on the cloud between Router B and Router C I agree that you should apply the shaper on RouterC. You can also try to do something on RouterB to RouterC interface, too.
You have an ISP (AT & T)providing you a service to connect router B and router C.
These QoS features don't disturb your routing configuration to/from the ISP cloud.
List your requirements and then you can make the best choice.
What do you want to control T3 BW usage and/or RB to RC BW usage ? this is the question.
hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: