Limit Bandwidth on VPN tunnel on Cisco ASA

Answered Question
May 5th, 2010

Hi there,

I've a site to site VPN tunnel create with customer from local office. I'm concerned that the traffic on the tunnel in impacting the Internet bandwidth for the whole office. Is it possible to rate limit the bandwidth on the VPN tunnel. I've attached a configuration that shows the ASA configuration at the local office.

Any help would be much appreciate. I've looked at QoS mapping but finding it hard to make sense of it.

Many thanks,

Regards,

Michael.

I have this problem too.
0 votes
Correct Answer by coto.fusionet about 3 years 11 months ago

The QoS features supported on ASA are:
Policing, LLQ and Traffic Shaping

To prevent individual flows from hogging the network bandwidth, you can limit the maximum bandwidth used per flow (using Policing)
Policing is a way of ensuring that no traffic exceeds the maximum rate (in bits/second) that you configure,
thus ensuring that no one traffic flow or class can take over the entire resource.
When traffic exceeds the maximum rate, the ASA drops the excess traffic. Policing also sets the largest single burst of traffic allowed.

Example of Police options:
hostname(config-pmap)# class policing_map_name
hostname(config-pmap-c)# police {output | input} conform-rate [conform-burst]
[conform-action [drop | transmit]] [exceed-action [drop | transmit]]

i.e


hostname(config)# class-map policing-class
hostname(config-cmap)# match any
hostname(config-cmap)# policy-map QoS_policy
hostname(config-pmap)# class police_class
hostname(config-pmap-c)# police output 56000 10500

The configuration depends based on ''what'' do you want to limit the bandwitdh.

Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
michaelnolan Wed, 05/05/2010 - 09:07

Thanks Federico,

I was mainly wondering how it would fit into my configuration. Could you provide me a sample configuration that would work.

Correct Answer
coto.fusionet Wed, 05/05/2010 - 09:39

The QoS features supported on ASA are:
Policing, LLQ and Traffic Shaping

To prevent individual flows from hogging the network bandwidth, you can limit the maximum bandwidth used per flow (using Policing)
Policing is a way of ensuring that no traffic exceeds the maximum rate (in bits/second) that you configure,
thus ensuring that no one traffic flow or class can take over the entire resource.
When traffic exceeds the maximum rate, the ASA drops the excess traffic. Policing also sets the largest single burst of traffic allowed.

Example of Police options:
hostname(config-pmap)# class policing_map_name
hostname(config-pmap-c)# police {output | input} conform-rate [conform-burst]
[conform-action [drop | transmit]] [exceed-action [drop | transmit]]

i.e


hostname(config)# class-map policing-class
hostname(config-cmap)# match any
hostname(config-cmap)# policy-map QoS_policy
hostname(config-pmap)# class police_class
hostname(config-pmap-c)# police output 56000 10500

The configuration depends based on ''what'' do you want to limit the bandwitdh.

Federico.

Actions

Login or Register to take actions

This Discussion

Posted May 5, 2010 at 8:57 AM
Stats:
Replies:4 Avg. Rating:5
Views:5664 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard