Multiple VRFs for a Single Internet Access line

Unanswered Question
Nov 5th, 2008

Currently we have several VRFs accessing single line of internet of 34-Mbps.

How can we distribute evenly the internet access, in the config (Router7609-s + FWSM separated per vlan/per vrf)?

Do we need the other device which can do distribution? any other suggestion

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hasmurizal Thu, 11/06/2008 - 00:05

done already. But how each vrf will get the internet access equally?

Do i need to change the queue, policy-map for qos or what? please advice.

tcordier Thu, 11/06/2008 - 02:22

As far as I know there is no VRF-aware QoS which would allow to apply a single QoS policy directly to VRFs. You will need to configure standard QoS. In your situation, I would suggest a configuration like this:

FIRST STEP : MARKING

class-map INTERNET

match protocol http

match protocol ftp

etc.

-> here you define what is "Internet traffic"

policy-map INTERNET_MARKING_VRF1

class INTERNET

police 1000000

conform-action set-dscp-transmit 41

exceed-action set-dscp-transmit 11

-> here you define the amount of fair raffic for each VRF. You need to create a policy for each VRF (unless all get the same). In the example all Internet traffic up to 1MB is makred with DSCP 41 and transmitted. Any

additional Internet traffic is marked with DSCP 11 and also transmitted.

The DSCP values are random, you could choose any other value, or IP precedence, as long as the conforming and exceeding traffic is marked differently.

interface FastEthernet xx

service-policy input INTERNET_MARKING_VRF1

-> here you apply the policy assigned to a VRF (i.e. to each VRF aka end-customer).

SECOND STEP : POLICING

class-map CONFORM

match dscp 41

class-map EXCEED

match dscp 11

-> create two classes: fair Internet traffic (conform) and the rest.

policy-map INTERNET_POLICING

class CONFORM

bandwidth 99%

class EXCEED

bandwidth 1%

-> fair traffic gets 99% of the Internet bandwidth. Unfair traffic has to compete

for the remaining 1%.

interface serial xy

service-policy output INTERNET_POLICING

-> applies the policy to the WAN interface

This configuration provides fairness between VRFs as each VRF can send Internet traffic up to the contraced amount and be sure it is transmitted (this requires of course that bandwidth is available: the sum of all policed bandwidths in step 1 is smaller or equal than 99% of your available Internet bandwidth. Note that 99% as specified in the

policy-map translates to 99% of 75% of the actual interface bandwidth).

Next to fairness it also allows individual VRFs to send more traffic in times when

additional bandwidth is available because one or some other VRFs send less than their

contracted bandwith. Bandwidth is not wasted.

Please consult http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_4/qos_12_4_book.html for more options and more details. You will need to add additional configuration for other Internet traffic (not http, or ftp) or non-Internet traffic (such as your routing protocols for instance).

HTH, Thomas

Actions

This Discussion