cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
636
Views
5
Helpful
7
Replies

Internet Traffic

kzhen
Level 1
Level 1

Please advice!!!

Here is the network diagram:

T3--> Router A ---> ASA firewall ---> Router B ---> Switch

We want to create one subnet for customer only internet access, but we would like to limite the outbound/inboud traffic by 512K. We don't have any third party programs to manage it. Are there any ways we can make in the Cisco equipments so we can only allow 512K bandwidth for customers?

7 Replies 7

a.alekseev
Level 7
Level 7

you can do thaffic shaping on RouterB or policing on ASA

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Ken,

the answer is yes for the outbound direction only.

once that your customers have an IP subnet you can use the modular QoS to provide this

You can use a shaper that will delay packets if overcoming (exceeding ) the BW limit.

You could also use a policer but in this case exceeding packets are usually dropped so this is much more aggressive.

Take in account that usually more bandwidth is used in the downstream inbound direction that is under the control of your internet ISP.

So an outgoing limit of 128 kbps could help in reducing BW used in inbound.

A good starting point is the following link

http://www.cisco.com/en/US/docs/ios/12_3/featlist/qos_vcg.html

for class based shaping

http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfcbshp.html#wp1003081

let's suppose this customer subnet is 10.33.34.0/24

access-list 133 permit 10.33.34.0 0.0.0.255 any

class-map customer-traffic

match ip address 133

policy-map shape_customer_outbound

class customer-traffic

shape average 128000 16000

let's suppose that gi0/0 is the outgoing interface of the internal router connecting to ASA

int gi0/0

service-policy

shape_customer_outbound out

of course you may need to tune this !

hope to help

Giuseppe

Hello,

two mistyping I did

access-list 133 permit ip 10.33.34.0 0.0.0.255 any

int gi0/0

service-policy out shape_customer_outbound

hope to help

Giuseppe

Hi Giuseppe,

Thank you so much for help! Is there any way we can set the policy in ASA to manage the inbound traffic? like configure the interface in ASA, which is connected to the router B.

thanks,

Ken

Hi Giuseppe,

Woops, Here is our real network diagram:

T3--> Router A ---> ASA firewall ---> Router B ---> the cloud ISP ---> Router C---> Switch

The new subnet will be created in the router C. I believe all the configuration you provided will be applied in the router C, can I configure the router B to manage inbound traffic even though router B and C need to join to the AT&T cloud?

thanks,

Ken

any better solutions? Please advice!

Ken,

what really counts is how much bandwidth is used on the T3 WAN link by the customer subnet users.

Unfortunately, only the ISP can control the amount of BW used in the downstream direction. So policing or shaping on the ASA can be done but does not avoid the BW usage on T3.

You can apply the policy map on RouterB interface to ASA, IP addresses don't change at every router hop (if you don't do NAT and before NAT).

Instead, if you want to save BW on the cloud between Router B and Router C I agree that you should apply the shaper on RouterC. You can also try to do something on RouterB to RouterC interface, too.

You have an ISP (AT & T)providing you a service to connect router B and router C.

These QoS features don't disturb your routing configuration to/from the ISP cloud.

List your requirements and then you can make the best choice.

What do you want to control T3 BW usage and/or RB to RC BW usage ? this is the question.

hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: