Bandwidth segregation (Help)

Unanswered Question
Feb 27th, 2009


Customer is having network topology like this,Customer is having 2 Mbps link from Service provider which is connected to PIX,Customer requirement is how can he alocate bandwidth to 3 Departments using current setup....

Note:One Department will require a 1 mbps bandwidth and remaining 2 teams will require 512 Kbps each.

Can we segregate the existing 2 Mbps using our existing H/w to meet this requirement?

Else what will be the cheapest option to do so?

Kindly suggest how to go ahead


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.8 (4 ratings)
Mohamed Sobair Sat, 02/28/2009 - 02:11


IF the Switches running enhabnced Image, then you can rate limit traffic based on :

1) src/des mac-addresses.


2) src/des Ip addresses.


3) Src/des TCP/UDP port numbers


Any combination of those.



bagvanliju Sat, 02/28/2009 - 02:22

Hi Mohamed,

Thanks for the reply,..would be helpfull if you can put some sample config for the same


bagvanliju Sat, 02/28/2009 - 03:28

Hi Mohammed,

Thanks for the update,Will check the same with customer on monday and let you know the status.


Joseph W. Doherty Sat, 02/28/2009 - 04:23

Using rate-limiters, as Mohamed suggests, you can indeed insure your 3 departments never obtain more effective bandwidth than they been allocated. However, there are several points you might want to be aware of.

First, for inbound (from Internet) traffic, the controls are downsteam of the actual "bottleneck" link. This means traffic headed for a particular department could congest the WAN link beyond its configured department bandwidth limit. There's no easy way to deal with this problem beyond controlling the other side of the WAN link.

TCP traffic, seeing drops, will tend to slow itself relative to your rate limiters, although it can and will often still burst above the rate limit value. Most non-TCP traffic will not respond to drops to slow itself, i.e. such traffic could completely fill your WAN link, inbound, even limited to 512 Kbps.

Outbound (to the Internet), the rate limiters will insure the bandwidth limitations you've configured. However, this also means any available bandwidth not being used by one department is unavailable to other departments. This is fine if you truly want to do this, but as an alternative, you can also configure proportional bandwidth sharing. This allows each department to obtain its "guaranteed" minimum bandwidth but allows it to obtain more if other departments aren't using their full allocation. (I'm not familar with the PIX, but 2950's WRR QoS features looks like it might support such an approach.)

Lastly, it's not uncommon to see rate limiters (or policers) slow TCP traffic slower than their bandwidth setting. If this happens, you often need to tune burst size.

bagvanliju Sat, 02/28/2009 - 04:50

Hi Joseph,

Thanks for the detailed explanation.Very informative,But little confused about this term"configure proportional bandwidth sharing"..would be helpfull if you can elabrate some more on this.


Joseph W. Doherty Sat, 02/28/2009 - 05:08

Well, you've described a WAN link with 2 Mbps that you want to split across 3 departments as 1 Mbps, 512 Kbps and 512 Kbps. Proportionally, this would be 50%, 25% and 25%. On a 2950, I believe, this then could be "translated" to WRR weights in the same 2:1:1 ratio.

bagvanliju Sat, 02/28/2009 - 05:13

Hi Joseph,

Wah..its clear now ...thanks a lot once again,will discuss with the customer on monday and revet back with the status


Joseph W. Doherty Sun, 03/01/2009 - 16:19

Oh, one important point I forgot to mention with proportional bandwidth sharing. You'll want to have some kind of "shaper" to match the downstream bandwidth. The later 2960 switches have a method to limit overall utilization of the interface but I didn't notice a similar feature in the 2950 reference.


This Discussion