limit bw from a subnet to 256K and allow all other traffic to take the remaining

Answered Question
Feb 19th, 2010

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

Hello - object, limit bw from a subnet to 256K and allow all other traffic to take the remaining

Am I on the correct path? And, is this the most effective way to go about it?

access-list 1 permit 10.1.2.0 0.0.0.255 any

class-map police_me

match access-group 1

policy-map police_me_2_256k

class police_me

police 256 conform transmit exceed drop

int e0/0 (outbound interface to limit, traffic to limit comes in on a different interface, say e0/1)

service-policy output police_me_2_256k

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 9 months ago

atmpinniatm wrote:

Thank you - time to study up on the difference between policy and shaping

Put simply both policing and shaping have an upper limit beyond which they will not transmit the packet. Beyond this limit policing simply drops the packet whereas shaping buffers the additional packets until they can be sent.

This is why, as Paolo said, shaping gives a better performance from a user perspective.

Jon

Correct Answer by Paolo Bevilacqua about 6 years 9 months ago

Do not use policy. Use shaping.

Same effect but better performances for users.

Correct Answer by Edison Ortiz about 6 years 9 months ago

Yes, that configuration will provide a policer for the matched traffic.

Have you considered using CBWFQ for the matched traffic instead of policing the flows?

CBWFQ will only kick during congestion and it will allow the matched traffic to use more bandwidth than 256k during non-congestion.

access-list 1 permit 10.1.2.0 0.0.0.255 any

class-map police_me

match access-group 1

policy-map police_me_2_256k

class police_me

bandwidth 256

class class-default

bandwidth (remaining bandwidth).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Edison Ortiz Fri, 02/19/2010 - 11:17

Yes, that configuration will provide a policer for the matched traffic.

Have you considered using CBWFQ for the matched traffic instead of policing the flows?

CBWFQ will only kick during congestion and it will allow the matched traffic to use more bandwidth than 256k during non-congestion.

access-list 1 permit 10.1.2.0 0.0.0.255 any

class-map police_me

match access-group 1

policy-map police_me_2_256k

class police_me

bandwidth 256

class class-default

bandwidth (remaining bandwidth).

atmpinniatm Tue, 03/16/2010 - 05:05

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

Thank you. I want to put a hard limit of 256K on subnet X. i.e. it gets 256K and no more bandwidth – ever.

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

Thank you. I want to put a hard limit of 256K on subnet X. i.e. it gets 256K and no more bandwidth – ever.

Through research I thought I would have to use WRED to ‘early detect’ bandwidth exceeding 256k and drop it??

I thought CBWFQ would all a ‘free for all’ except in times of congestion??

Assume traffic to be policed comes in via g0/1

So – will this do it?

Access list xyz permit subnet_X to_any

Class-map 123

Match access-list xyz

Policy-map 256000_limit

Class 123

bandwidth 256

  random-detect

   police 256000 conform-action transmit  exceed-action drop  violate-action drop

??

Interface g0/0

Service-policy output 256000_limit

Correct Answer
Paolo Bevilacqua Tue, 03/16/2010 - 06:13

Do not use policy. Use shaping.

Same effect but better performances for users.

atmpinniatm Tue, 03/16/2010 - 06:42

Thank you - time to study up on the difference between policy and shaping

Correct Answer
Jon Marshall Tue, 03/16/2010 - 07:18

atmpinniatm wrote:

Thank you - time to study up on the difference between policy and shaping

Put simply both policing and shaping have an upper limit beyond which they will not transmit the packet. Beyond this limit policing simply drops the packet whereas shaping buffers the additional packets until they can be sent.

This is why, as Paolo said, shaping gives a better performance from a user perspective.

Jon

Paolo Bevilacqua Tue, 03/16/2010 - 08:42

The better performance is also from a circuit utilization perspective.

Because there are less TCP drops, hence less packet retransmissions and wasted BW.

Actions

This Discussion