bandwidth rate limiting

Answered Question
Sep 7th, 2008

hi,

i have 4mb bandwidth, i have ftp server inside my network with public ip x.x.x.x, remote users are complaining slow ftp access. i want to reserve 1 mb of the bandwidth for FTP and remaining for other protocols. how is that possible.

Thanks

I have this problem too.
0 votes
Correct Answer by satish_zanjurne about 8 years 3 months ago

Hi,

I will suggest not to rate limit, as it will drop the traffic exceeding the limit.

Instead use CBWFQ & assign 1 Mbps.

Try & apply config , i have posted & see the results.

HTH..rate if helpful..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
satish_zanjurne Sun, 09/07/2008 - 23:30

hi,

see below configuration..

-----------------------------------------

class-map match-any ftp-traffic

match protocol ftp

policy-map ftp-traffic-allocation

class ftp-traffic

bandwidth 1000

int serial 0/0

description****WAN interface/outside interface***

service-policy outtput ftp-traffic-allocation

HTH..rate if helpful..

itdsmartnet Sun, 09/07/2008 - 23:54

Thanks for your reply.but if my remaining bandwidth which is 3mb is idle, i want to use that bandwidth for ftp too. i have applied this configuration before.

access-list 122 permit tcp any any eq ftp

rate-limit input access-group 122 1024000 2048000 4096000 confirm-action transmit exceed action drop.

is it correct or not.

thanks

Correct Answer
satish_zanjurne Mon, 09/08/2008 - 00:11

Hi,

I will suggest not to rate limit, as it will drop the traffic exceeding the limit.

Instead use CBWFQ & assign 1 Mbps.

Try & apply config , i have posted & see the results.

HTH..rate if helpful..

itdsmartnet Mon, 09/08/2008 - 00:41

hi,

Thanks, i have applied it and seems to be working properly. my config is as follow.

class-map match-any ftp-traffic

match protocol ftp

class-map match-any nbar-discovery

match protocol fasttrack

match protocol bittorrent

match protocol edonkey

match protocol gnutella

match protocol winmx

match protocol napster

!

!

policy-map blocking_P2P

class nbar-discovery

bandwidth percent 1

class ftp-traffic

bandwidth percent 25

i also want to block these peer2peer applications. i want them to have only 1 percent of the available bandwidth in any case, either total available bandwidth is free, peer2peer application will only use 1 percent.

Thanks

satish_zanjurne Mon, 09/08/2008 - 02:04

Hi,

You can rate limit/police the peer2peer applications traffic to 1 percent.

Keep FTP policy as it is, as you have configured.

HTH..rate if helpful..

Joseph W. Doherty Mon, 09/08/2008 - 02:36

From your:

policy-map blocking_P2P

class nbar-discovery

bandwidth percent 1

police (or shape) ###

class ftp-traffic

bandwidth percent 25

BTW:

To best manage bandwidth, you need to apply QoS outbound policies at both ends of your link. You can also apply both an inbound and outbound policy at one end of the link, but often not as effective. If you're unable to manage traffic bandwidth in both directions, you might not see the all benefit you hope. For instance, your outside clients, using FTP, whether using "get"s or "put"s, there's the return ACKs that need guaranteed bandwidth too. (ACKs need much, much less bandwidth, but if there's not enough bandwidth, the overall FTP flow will be degraded.)

itdsmartnet Mon, 09/08/2008 - 02:48

hi,

i have configured this way.

class-map match-any ftp-traffic

match protocol ftp

class-map match-any nbar-discovery

match protocol fasttrack

match protocol bittorrent

match protocol edonkey

match protocol gnutella

match protocol winmx

match protocol napster

!

!

policy-map blocking_P2P

class nbar-discovery

police cir percent 1

conform-action transmit

exceed-action drop

class ftp-traffic

bandwidth percent 25

is right or not. I want my client using peer2peer applications will only use 1 percent of the available bandwidth not more than that and fTP client will use min. 25 percent.

plz help me

thanks

Joseph W. Doherty Mon, 09/08/2008 - 03:04

Yes, your "police" statement should accomplish the restriction you desire for the peer2peer applications. (Believe using % within the police statement only available on some of the most recent IOSs.)

BTW:

If FQ is active within class-default, your FTP traffic might not obtain the minimal 25%.

itdsmartnet Mon, 09/08/2008 - 03:23

how can i verify that FQ is active within class-default. should i disable it or not. i have 3845 router.

Thanks

Joseph W. Doherty Mon, 09/08/2008 - 03:33

I believe its active by default, since class-default is still present when not explicitly defined. However, you can define it (NB: you don't need to define a class-map), and if you use a bandwidth statement within it, it will then use a FIFO queue.

PS:

As you're limiting "bad" traffic, you might also just try FQ for all other traffic, including FTP. This might be done by just removing the FTP class, or in addition, defining the class-default class with an explicit FQ within it.

e.g.

class class-default

fair-queue

satish_zanjurne Mon, 09/08/2008 - 03:44

By default class-default is applied with WFQ.

So if you are not configuring it , it would be given the best effort treatment.

So even if you don't touch the class-default, it should not create problem for FTP traffic.

Correct me if i am wrong..

HTH..rate if helpful..

Joseph W. Doherty Mon, 09/08/2008 - 04:07

The issue with class-default and FQ, most platforms provide the bandwidth reservations by using weights applied to the queues for the class. On most platforms, class-default's FQ can make for n flows and they compete with other class queues, i.e. each class-default flow becomes its own class for scheduling output packets.

There's a Cisco paper that explains, but I'm running late and need to leave, so and don't have the time to search for it (sorry).

Joseph W. Doherty Tue, 09/09/2008 - 04:33

Found the information I had in mind, in the document Understanding the max-reserved-bandwidth Command on ATM PVCs, found here: http://www.cisco.com/en/US/tech/tk39/tk48/technologies_tech_note09186a00800fe2c1.shtml

This paper, although oriented for reserved bandwidth and ATM PVCs, discusses how class-default FQ is scheduled on 7500 and non-7500 router platforms.

Read the information in the section "Understand Platform Differences" (at the bottom of the document).

My understanding is, if there is more than one bandwidth demanding flow within class-default FQ for non-7500 routers, they will distort the bandwidth reservations for the other CBWFQ defined classes.

Actions

This Discussion