06-15-2011 06:10 AM - edited 03-04-2019 12:43 PM
CASE:- Users are downloading files using FTP, TFTP etc hence the bandwidth utilization of the link gets increased and other users gets affected.
Pls suggest way at router level to restrict the bandwidth only for FTP traffic.so that other normal users shouldnt get affected.
1.0 Rate Limit
2.0 NAT
Link Bandwidth 10 Mb
06-15-2011 07:16 AM
Solution = QoS
06-15-2011 10:08 AM
Hi Andrew, Can you please share with an example !!!
06-16-2011 02:07 AM
06-15-2011 08:03 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Do you control far side's egress? If so, as Andrew notes, QoS should be able to solve. If not, there are techniques and appliances that might, or might not, provide the solution.
06-16-2011 03:29 AM
Hi Nihit,
You can use ratelimit commands in order to control the bandwidth usage. This feature will drops the packet if bandwidth usage reached at some extend. And you can apply this feature to few of networks based on your rquirement.
Also you can restrict the FTP access in your global NAT.
So let me know which feature you want so that i can share the configuration step by step.
Please rate the helpfull posts.
Regards,
Naidu.
06-16-2011 09:52 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Ratelimiting (or policing) will control bandwidth usage. However, unless properly configured you'll often see your throughput much lower than expected if you don't allow for bursting. For egress, shaping is another option.
For ingress, when you rate-limit, it does control the bandwidth downstream, but it may, or may not, have impact on the traffic upstream (i.e. your link inbound is still congested). Some traffic will not slow its transmission rate regardless of drops, e.g. most UDP traffic. Some traffic will slow, e.g. TCP traffic. Even with traffic that does slow its rate when drops are detected, it may burst above the configured rate, i.e. inbound link is still congested.
If you can control both sides of the link, generally on Cisco routers there's much you can do. If fact, rather than limiting bandwidth to any application, such as FTP, I prefer to de-prioritize it, i.e. it can use all available bandwidth, but none currently being used by other traffic.
When you only control one side of the link, you can do "good stuff" outbound, but practically impossible to control inbound in all situations, especially with finesse. For example, you could rate-limit inbound FTP to 1 Mbps. Given FTP runs over TCP and leaving 9 Mbps for other traffic, FTP, when bursting (before it hits the rate-limiter), won't be too likely to adversely impact other traffic. Of course, this also means FTP won't be able to use more than 1 Mbps even if 7 or 8 Mbps is currently not being used.
I've gone so far as to have even shaped returning ACKs on a router. It works, but without precision since you can not tie the shaping to the actual inbound flow's bandwidth usage.
There are 3rd party appliances that also, I believe, regulate ACKs and spoof receiver's TCP RWIN, and they should work wonderfully for TCP based traffic, but just one high bandwidth consuming UDP flow puts it all to nothing.
06-17-2011 06:19 AM
So this means if ill rate limit the Forward traffic will i be able to control the utilization or the same needs to be applied in both ways
please find the sample config.
interface fa1/0
rate-limit output access-group 210 1024000 192000 384000 conform-action transmit exceed-action drop
ip access-list extended 210
permit tcp any any eq 21
06-17-2011 10:29 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
What you've posted, I believe, will rate limit FTP to 1 Mbps as it egresses the f1/0 port. You could also, I further believe, rate limit FTP to 1 Mbps as it ingresses your f1/0 port.
However, actual bandwidth demand for FTP can be higher before it hits the rate limiter. (If it couldn't be higher, rate limiting would be pointless.) If you're trying to preserve bandwidth for other traffic before it gets the limiter, you won't succeed 100%.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide