NAT & Rate-limiting

Answered Question
Aug 26th, 2010
User Badges:

Hi All,


Needed your expert suggestions on the following setup.


We have a 12MB Metro E link from ISP to support a event in a hotel housing about 600~users to access Internet.


1) There are 3 conf rooms in the hotel and we would be configuring a VLAN each for these conf romms, and a separate Vlan for Demo room.


2) ISP is providing us 30 pulic IPs out of which 10 would be used by the users. Can the remaining 20 be used to NAT (PAT)to a DHCP pool on a 7206 router? or 1 Public IP is enough for Natting to the DHCP pool? The router here would be the DHCP server.


3) Demo room require 5Mb of dedicated bandwidth all the time. Can we allow max 7MB traffic for all conf rooms, this would ensure that the Demo room gets 5Mb all the time. Can we achieve this through CAR? or any traffic shaping is required? Please suggest.


Appreciate your inputs.



Cheers
Navneet

Correct Answer by kyukim about 6 years 11 months ago

Hi,

1. 1 public IP address is enough for PAT. 1 public IP address PAT can support over 65k connections.

   With more than 2 IP address PAT pool, NAT will consume all available TCP/UDP ports on first public IP then move to next public IP in pool.

   So, 1 IP address should be enough unless there are more than 65k tcp/upd sessions from your users.


2. Yes you can do that using MQC.

    Create a class-map with ACL matching Demo room and use bandwidth command to guarantee 7MBPS for this class.

    BW is better than CAR as CAR will make other room to use only 5 mbps always although Demo room is not using any BW.

    BW will make sure Deom room get 7 mbps if Demo room needs it but allow other room to use up to 12 mbps if Demo room is not using it.


    for example, your demo room is 10.1.1.0/24

    class-map cl-demo

      match ip address 101

    policy-map pm-test

      class cl-demo

         bandwidth 7000

    access-list 101 permit ip 10.1.1.0 0.0.0.255 any



KK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
navnsing Thu, 08/26/2010 - 08:47
User Badges:

Appreciate if somone replies to this post.



Thanks

Navneet

Correct Answer
kyukim Thu, 08/26/2010 - 10:32
User Badges:
  • Cisco Employee,

Hi,

1. 1 public IP address is enough for PAT. 1 public IP address PAT can support over 65k connections.

   With more than 2 IP address PAT pool, NAT will consume all available TCP/UDP ports on first public IP then move to next public IP in pool.

   So, 1 IP address should be enough unless there are more than 65k tcp/upd sessions from your users.


2. Yes you can do that using MQC.

    Create a class-map with ACL matching Demo room and use bandwidth command to guarantee 7MBPS for this class.

    BW is better than CAR as CAR will make other room to use only 5 mbps always although Demo room is not using any BW.

    BW will make sure Deom room get 7 mbps if Demo room needs it but allow other room to use up to 12 mbps if Demo room is not using it.


    for example, your demo room is 10.1.1.0/24

    class-map cl-demo

      match ip address 101

    policy-map pm-test

      class cl-demo

         bandwidth 7000

    access-list 101 permit ip 10.1.1.0 0.0.0.255 any



KK

navnsing Thu, 08/26/2010 - 12:13
User Badges:

Hi KK,


Thanks for your reply !! looks more clearer now .. Is there any way I can simulate the 7Mb traffic and test this out?



Cheers

Navneet

kyukim Thu, 08/26/2010 - 12:28
User Badges:
  • Cisco Employee,

Hi,

You can easily create 7Mbps traffic with ping.

ping 5.5.5.5 size 18024 rep 10000


R3#sh int e0/0 | i rate

  Queueing strategy: fifo

  30 second input rate 7340000 bits/sec, 648 packets/sec

  30 second output rate 7478000 bits/sec, 1243 packets/sec


You can change size to lower no and change load 30 uner interface then sh int to check exact rate.


KK.

Actions

This Discussion