cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1124
Views
4
Helpful
6
Replies

Data download throttling with QoS

erik.doss
Level 1
Level 1

I need to throttle all HTTP and HTTPS traffic to 50% of the available bandwidth on a 3MB PVC I am using for internet access. The problem I am having now is that when anyone does a large download IE an update from Microsoft etc, it hogs up just about all avalaible bandwidth. What I would like to do is drop all http and https traffic when the when it hits the 50% threshhold. I need to have available bandwidth for other applications such as VPN, webmail etc. What is the best practice to make this happen? I have the follwing pllicy maps but they don't seem to be working:

policy-map INET_WAN

class WBST

set ip dscp af11

class PORT_80

police rate percent 50

exceed-action drop

class p2p

drop

class class-default

fair-queue

policy-map HTTP_WAN_IN

class PORT_80

police rate percent 50

exceed-action drop

class p2p

drop

class WBST

set ip dscp af11

INET_WAN is for all outbound traffic and HTTP_WAN_IN is for all inbound traffic on the 3MB ATM PVC subinterface.

Thanks for any help!

6 Replies 6

Joseph W. Doherty
Hall of Fame
Hall of Fame

What's the physical port that's providing the 3 Mbps.

Inbound can be difficult to regulate downstream of the bottleneck. Ideally you would want to control egress on both sides of the 3 Mbps. This isn't possible?

BTW, you mention controlling both HTTP and HTTPs, since you didn't post the class maps, class PORT_80 is a match-any for both HTTP and HTTPS?

The physical interface is an ATM interface, with two sub-interfaces, one for public traffic and the other for private.

And yes, the class maps are set to only HTTP and HTTPS protocols.

These is my sub-interface config:

interface ATM1/0.2 point-to-point

description PUBLIC

bandwidth 3000000

ip address *********************

ip access-group 120 in

ip access-group 120 out

pvc 1/32

vbr-nrt 3000 3000

encapsulation aal5snap

service-policy input HTTP_WAN_IN

service-policy output INET_WAN

What does the show policy-map interface command present for the policer bandwidths?

Have you tried "bandwidth 3000" rather than "bandwidth 3000000"?

I made a few changes on the bandwidth statement. Here is the requested show policy-map interface command:

ATM1/0.2: VC 1/32 -

Service-policy input: HTTP_WAN_IN

Class-map: PORT_80 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol http

Match: protocol secure-http

police:

rate 50 %

rate 1500000 bps, burst 46875 bytes

conformed 0 packets, 0 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

drop

conformed 0 bps, exceed 0 bps

Class-map: WBST (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group 2

QoS Set

dscp af11

Packets marked 0

Class-map: p2p (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol fasttrack file-transfer "*"

Match: protocol gnutella file-transfer "*"

Match: protocol bittorrent

Match: protocol skype

Match: protocol kazaa2 file-transfer "*"

Match: protocol edonkey

Match: protocol napster

Match: protocol irc

Match: protocol winmx

Class-map: class-default (match-any)

1490 packets, 441573 bytes

5 minute offered rate 4000 bps, drop rate 0 bps

Match: any

Service-policy output: INET_WAN

Class-map: WBST (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group 2

QoS Set

dscp af11

Packets marked 0

Class-map: PORT_80 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol http

Match: protocol secure-http

police:

rate 50 %

rate 1500000 bps, burst 46875 bytes

conformed 0 packets, 0 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

drop

conformed 0 bps, exceed 0 bps

Class-map: p2p (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol fasttrack file-transfer "*"

Match: protocol gnutella file-transfer "*"

Match: protocol bittorrent

Match: protocol skype

Match: protocol kazaa2 file-transfer "*"

Match: protocol edonkey

Match: protocol napster

Match: protocol irc

Match: protocol winmx

Class-map: class-default (match-any)

1502 packets, 286072 bytes

5 minute offered rate 5000 bps, drop rate 0 bps

Match: any

Queueing

Flow Based Fair Queueing

Maximum Number of Hashed Queues 128

(total queued/total drops/no-buffer drops) 0/0/0

Your policer bandwidths look good, i.e.:

police:

rate 50 %

rate 1500000 bps

but you're using a match-all when you need to use match-any in some of your class-maps.

Also, just as an aside, unless you're using it for something else, you're not going to drop based on DSCP value.

For that to be effective, I believe you have to add "random-detect dscp-based".

Also, as Joseph stated, ingress QoS on a WAN link is, for most applications, pointless. Your ISP has already throttled down the traffic, and it is being delivered to you in an organized fashion anyway (which is somewhat the point of QoS). So unless you really need it, it's pretty much just wasting CPU cycles.

Just my $.02

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: