Solved: limit bw from a subnet to 256K and allow all other traffic to take the remaining

atmpinniatm · ‎02-19-2010

Hello - object, limit bw from a subnet to 256K and allow all other traffic to take the remaining

Am I on the correct path? And, is this the most effective way to go about it?

access-list 1 permit 10.1.2.0 0.0.0.255 any

class-map police_me

match access-group 1

policy-map police_me_2_256k

class police_me

police 256 conform transmit exceed drop

int e0/0 (outbound interface to limit, traffic to limit comes in on a different interface, say e0/1)

service-policy output police_me_2_256k

Edison Ortiz · ‎02-19-2010

Yes, that configuration will provide a policer for the matched traffic.

Have you considered using CBWFQ for the matched traffic instead of policing the flows?

CBWFQ will only kick during congestion and it will allow the matched traffic to use more bandwidth than 256k during non-congestion.

access-list 1 permit 10.1.2.0 0.0.0.255 any

class-map police_me

match access-group 1

policy-map police_me_2_256k

class police_me

bandwidth 256

class class-default

bandwidth (remaining bandwidth).

View solution in original post

paolo bevilacqua · ‎03-16-2010

Do not use policy. Use shaping.

Same effect but better performances for users.

View solution in original post

Jon Marshall · ‎03-16-2010

atmpinniatm wrote:

Thank you - time to study up on the difference between policy and shaping

Put simply both policing and shaping have an upper limit beyond which they will not transmit the packet. Beyond this limit policing simply drops the packet whereas shaping buffers the additional packets until they can be sent.

This is why, as Paolo said, shaping gives a better performance from a user perspective.

Jon

View solution in original post

Edison Ortiz · ‎02-19-2010

Yes, that configuration will provide a policer for the matched traffic.

Have you considered using CBWFQ for the matched traffic instead of policing the flows?

CBWFQ will only kick during congestion and it will allow the matched traffic to use more bandwidth than 256k during non-congestion.

access-list 1 permit 10.1.2.0 0.0.0.255 any

class-map police_me

match access-group 1

policy-map police_me_2_256k

class police_me

bandwidth 256

class class-default

bandwidth (remaining bandwidth).

atmpinniatm · ‎03-16-2010

Thank you. I want to put a hard limit of 256K on subnet X. i.e. it gets 256K and no more bandwidth – ever.

Through research I thought I would have to use WRED to ‘early detect’ bandwidth exceeding 256k and drop it??

I thought CBWFQ would all a ‘free for all’ except in times of congestion??

Assume traffic to be policed comes in via g0/1

So – will this do it?

Access list xyz permit subnet_X to_any

Class-map 123

Match access-list xyz

Policy-map 256000_limit

Class 123

bandwidth 256

random-detect

police 256000 conform-action transmit exceed-action drop violate-action drop

??

Interface g0/0

Service-policy output 256000_limit

paolo bevilacqua · ‎03-16-2010

Do not use policy. Use shaping.

Same effect but better performances for users.

atmpinniatm · ‎03-16-2010

Thank you - time to study up on the difference between policy and shaping

Jon Marshall · ‎03-16-2010

atmpinniatm wrote:

Thank you - time to study up on the difference between policy and shaping

Put simply both policing and shaping have an upper limit beyond which they will not transmit the packet. Beyond this limit policing simply drops the packet whereas shaping buffers the additional packets until they can be sent.

This is why, as Paolo said, shaping gives a better performance from a user perspective.

Jon

paolo bevilacqua · ‎03-16-2010

The better performance is also from a circuit utilization perspective.

Because there are less TCP drops, hence less packet retransmissions and wasted BW.