Solved: Internet bandwidth management using cisco devices

fahim · ‎07-18-2009

Hi all

I have a need to maintain an internal SLA with some of the clients that are sitting in our premises. They want reassurance that of the total 16MB leased internet link that we have to the cloud, a minimum of 4MB is assured to them at all times. I have a web gateway / proxy appliance that doesn't have such a functionality.

I also have ASA and 2800 routers at the edge. Can I do this using them in any way? What are my other 3rd party options?

Joseph W. Doherty · ‎07-20-2009

"When you define the class 'cust1', where do we pick the 'cust1' value from and the class contituents? "

That would be defined in a "class-map". Attributes you can match on are, depending on the platforms, an enhancement of ACLs (although ACLs can be part). Lots of information within the Cisco site - look for CBWFQ.

"Can I use my Windows Radius 802.1x (IAS) integratiion with my Router to define the AD groups within my router classes? "

Don't believe so, unless somehow you can AD groups tag packets. (Might be possible at the host level.)

"Unfortunately, the clients are spread much beyong the value of 4, they are about 50 and very dynamically changing within my AD groups."

As prior answer, AD relationship can be an issue. On issue of 50 groups, you can defined that many with CBWFQ (more actually), but the reason I noted 4, beyond 4 groups you can't guarantee all 50 groups might obtain 4 Mbps unless you have 50x that bandwidth. You might guarantee each group obtains an equal share of bandwidth.

View solution in original post

Joseph W. Doherty · ‎07-19-2009

I assume you have 4 or fewer internal customers, and if 4, there's no other bandwidth usage for "overhead" that would preclude your minimum bandwidth guarantee?

If you can easily identify the traffic per customer, a 2800 (powerful enough model to support 16 Mbps duplex) could use a CBWFQ policy to deliver part of such a guarantee (for outbound traffic).

e.g.

policy-map sample

class cust1

bandwidth 4000000

class cust2

bandwidth 4000000

class cust3

bandwidth 4000000

class cust4

bandwidth 4000000

You also need to change max reserved bandwidth on the outbound interface.

2800 can not provide what you've described, i.e. minimum 4 MB(bs), inbound.

I'm unfamilar with the ASAs, but suspect they might be unable to provide for your requirement.

As to 3rd party, products such as Packeteer's PacketShaper (and their competitors) might meet your requirement.

fahim · ‎07-19-2009

Thanks Joseph!

When you define the class 'cust1', where do we pick the 'cust1' value from and the class contituents?

Can I use my Windows Radius 802.1x (IAS) integratiion with my Router to define the AD groups within my router classes?

Unfortunately, the clients are spread much beyong the value of 4, they are about 50 and very dynamically changing within my AD groups.

Joseph W. Doherty · ‎07-20-2009

"When you define the class 'cust1', where do we pick the 'cust1' value from and the class contituents? "

That would be defined in a "class-map". Attributes you can match on are, depending on the platforms, an enhancement of ACLs (although ACLs can be part). Lots of information within the Cisco site - look for CBWFQ.

"Can I use my Windows Radius 802.1x (IAS) integratiion with my Router to define the AD groups within my router classes? "

Don't believe so, unless somehow you can AD groups tag packets. (Might be possible at the host level.)

"Unfortunately, the clients are spread much beyong the value of 4, they are about 50 and very dynamically changing within my AD groups."

As prior answer, AD relationship can be an issue. On issue of 50 groups, you can defined that many with CBWFQ (more actually), but the reason I noted 4, beyond 4 groups you can't guarantee all 50 groups might obtain 4 Mbps unless you have 50x that bandwidth. You might guarantee each group obtains an equal share of bandwidth.