cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2697
Views
0
Helpful
8
Replies

Best Practice to Control Bandwidth utilization-Internet Link

nihit-tandon
Level 1
Level 1

CASE:- Users are downloading files using FTP, TFTP etc hence the bandwidth utilization of the link gets increased and other users gets affected.

Pls suggest way  at router level to restrict the bandwidth only for FTP traffic.so that other normal users shouldnt get affected.

1.0 Rate Limit

2.0 NAT

Link Bandwidth 10 Mb

8 Replies 8

andrew.prince
Level 10
Level 10

Solution = QoS

Hi  Andrew, Can you please share with an example !!!

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Do you control far side's egress?  If so, as Andrew notes, QoS should be able to solve.  If not, there are techniques and appliances that might, or might not, provide the solution.

Hi Nihit,

You can use ratelimit commands in order to control the bandwidth usage. This feature will drops the packet if bandwidth usage reached at some extend. And you can apply this feature to few of networks based on your rquirement.

Also you can restrict the FTP access in your global NAT.

So let me know which feature you want so that i can share the configuration step by step.

Please rate the helpfull posts.
Regards,
Naidu.

Disclaimer

The Author of this posting offers the information contained within this    posting without consideration and with the reader's understanding that    there's no implied or expressed suitability or fitness for any  purpose.   Information provided is for informational purposes only and  should not be construed as rendering professional advice of any kind.  Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever  (including, without limitation, damages for loss of use, data or  profit) arising out of the use or inability to use the posting's  information even if Author has been advised of the possibility of such  damage.

Posting

Ratelimiting (or policing) will control bandwidth usage.  However, unless properly configured you'll often see your throughput much lower than expected if you don't allow for bursting.  For egress, shaping is another option.

For ingress, when you rate-limit, it does control the bandwidth downstream, but it may, or may not, have impact on the traffic upstream (i.e. your link inbound is still congested).  Some traffic will not slow its transmission rate regardless of drops, e.g. most UDP traffic.  Some traffic will slow, e.g. TCP traffic.  Even with traffic that does slow its rate when drops are detected, it may burst above the configured rate, i.e. inbound link is still congested.

If you can control both sides of the link, generally on Cisco routers there's much you can do.  If fact, rather than limiting bandwidth to any application, such as FTP, I prefer to de-prioritize it, i.e. it can use all available bandwidth, but none currently being used by other traffic.

When you only control one side of the link, you can do "good stuff" outbound, but practically impossible to control inbound in all situations, especially with finesse.  For example, you could rate-limit inbound FTP to 1 Mbps.  Given FTP runs over TCP and leaving 9 Mbps for other traffic, FTP, when bursting (before it hits the rate-limiter), won't be too likely to adversely impact other traffic.  Of course, this also means FTP won't be able to use more than 1 Mbps even if 7 or 8 Mbps is currently not being used.

I've gone so far as to have even shaped returning ACKs on a router.  It works, but without precision since you can not tie the shaping to the actual inbound flow's bandwidth usage.

There are 3rd party appliances that also, I believe, regulate ACKs and spoof receiver's TCP RWIN, and they should work wonderfully for TCP based traffic, but just one high bandwidth consuming UDP flow puts it all to nothing.

So this means if ill  rate limit the  Forward traffic will i be able to control the utilization or the same needs to be applied in both ways

please find the sample config.

interface fa1/0

rate-limit output access-group 210 1024000 192000 384000 conform-action transmit exceed-action drop

ip access-list extended 210

permit tcp any any eq 21

Disclaimer

The  Author of this posting offers the information contained within this     posting without consideration and with the reader's understanding  that    there's no implied or expressed suitability or fitness for any   purpose.   Information provided is for informational purposes only and   should not be construed as rendering professional advice of any kind.   Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever  (including,  without limitation, damages for loss of use, data or  profit) arising  out of the use or inability to use the posting's  information even if  Author has been advised of the possibility of such  damage.

Posting

What you've posted, I believe, will rate limit FTP to 1 Mbps as it egresses the f1/0 port.  You could also, I further believe, rate limit FTP to 1 Mbps as it ingresses your f1/0 port.

However, actual bandwidth demand for FTP can be higher before it hits the rate limiter.  (If it couldn't be higher, rate limiting would be pointless.)  If you're trying to preserve bandwidth for other traffic before it gets the limiter, you won't succeed 100%.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco