Limit Bandwidth By IP - Cisco 3825

Unanswered Question
Aug 18th, 2009
User Badges:

Hello Everyone,


We have a Cisco 3825 router. I would like to limit the bandwidth for three IP addresses.


60.203.x.1 - LAN (no limit)

60.203.x.2 - Web Server (3mb limit)

60.203.x.3 - FTP Server (3mb limit)

60.203.x.4 - Mail Server (3mb limit)


I found the following config. Is this the best way to approach this? Does this add a lot of overhead to the router? How would I do this config for the three IP addresses?


Thanks in advance.


--------

access-list 101 permit ip any 60.203.x.2 255.255.255.248


class-map match-any RESTRICTED

description Web Server

match access-group 101


policy-map BANDWIDTH-RESTRICTED

class RESTRICTED

police 3000000 30000 exceed-action drop


int GigabitEthernet0/0

service-policy output BANDWIDTH-RESTRICTED

--------


Here is our current config:


version 12.4

no service pad

!

!

card type t3 1

!

!

no aaa new-model

no ip source-route

ip cef

!

multilink bundle-name authenticated

!

!

controller T3 1/0

clock source line

cablelength 10

!

!

interface GigabitEthernet0/0

ip address 60.203.x.x 255.255.255.248

no ip redirects

no ip proxy-arp

duplex full

speed auto

media-type rj45

ntp disable

!

!

interface Serial1/0

ip address 201.x.x.x 255.255.255.252

no ip redirects

no ip proxy-arp

encapsulation ppp

no ip mroute-cache

load-interval 30

ntp disable

scramble

no cdp enable

!

!

no ip forward-protocol nd

no ip forward-protocol udp

!

ip route 0.0.0.0 0.0.0.0 201.x.x.x

!

!

no cdp run

!

control-plane

!

scheduler allocate 30000 1000

!

end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joseph W. Doherty Tue, 08/18/2009 - 12:49
User Badges:
  • Super Bronze, 10000 points or more

" Is this the best way to approach this?"


Probably not. You're limiting all 3 hosts aggregate to 3 Mbps, but did you want to limit each to 3 Mbps?


Also, the policy is only applied in the output direction on the gig interface, what about the reverse direction?


Further, it's not clear what's actually trying to be accomplished. If the issue bandwidth consumption on the serial link? If so, policing after the traffic has crossed the link (inbound) doesn't give precise results. If it's a question of about outbound bandwidth on the serial link, CBWFQ with bandwidth allocations might be a better choice.


"Does this add a lot of overhead to the router?"


Policing generally doesn't.


"How would I do this config for the three IP addresses? "


You could use an ACL and class map for each host.


e.g.


access-list 102 permit ip any host 60.203.x.2

access-list 103 permit ip any host 60.203.x.3

access-list 104 permit ip any host 60.203.x.4


class-map match-any RESTRICTED1

description Web Server

match access-group 102

class-map match-any RESTRICTED2

description FTP Server

match access-group 103

class-map match-any RESTRICTED3

description Mail Server

match access-group 104


policy-map BANDWIDTH-RESTRICTED

class RESTRICTED1

police 3000000 30000 exceed-action drop

class RESTRICTED2

police 3000000 30000 exceed-action drop

class RESTRICTED3

police 3000000 30000 exceed-action drop


iPhrankie Tue, 08/18/2009 - 13:48
User Badges:

We have a 21mbs DS3 connection. Our LAN, web server, FTP server and mail server use this DS3 connection.


I'm trying to prevent our web and FTP server from using up all the bandwidth. I would like the web server, FTP server and mail server to each have a maximum of 3mbs of bandwidth. In peak conditions this would leave 12mbs available for our LAN connection.


Is the config you provided a good way of doing this? Thanks.

Joseph W. Doherty Tue, 08/18/2009 - 15:40
User Badges:
  • Super Bronze, 10000 points or more

"Is the config you provided a good way of doing this?"


It wouldn't be my first choice.


Is your concern about inbound, outbound or both directions utilization of the serial link?


Do you control the router on the other side of the serial link?

iPhrankie Tue, 08/18/2009 - 15:59
User Badges:

My main concern is outbound.


We don't. This is a internet facing router.

Joseph W. Doherty Tue, 08/18/2009 - 16:41
User Badges:
  • Super Bronze, 10000 points or more

For outbound, I would suggest your first try FQ for all traffic.


e.g.


policy-map anExample


or


policy-map anExample


class class-default

fair-queue


int serial 1/0

service-policy output anExample


If that isn't enough (and it might be vs. a default FIFO on a high speed serial), you can further extend the CBWFQ policy. You could weight traffic types (or per source server) differently (somewhat effective if the FQ is actually WFQ - many platforms IOSs are) or you can break the servers into other classes and adjust their class parameters.

Actions

This Discussion