×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Rate policing

Answered Question
May 23rd, 2012
User Badges:

Hello,


we have two departments each department is in it's own subnet. Config as follows:


class-map match-any RTLMT-Dept

match access-group name Dept1

match access-group name Dept2

!

policy-map RATE-LIMIT

class RTLMT-Dept

   police 6000000 1125000 2250000

     conform-action transmit

     exceed-action drop

     violate-action drop

!

interface GigabitEthernet0/0

ip address 10.0.0.1 255.255.255.252

duplex auto

speed auto

no cdp enable

service-policy input RATE-LIMIT

!

ip access-list extended Dept1

permit ip any 10.1.0.0 0.0.0.255

ip access-list extended Dept2

permit ip any 10.2.0.0 0.0.0.255


Total internet speed provided by ISP is 12 Mbps.


So will these Depts share 6 Mbps or every Dept will have their speed of 6 Mbps?


Thanks.

Correct Answer by Sergey Fer about 5 years 2 months ago

Their joined incoming traffic will be restricted up to 6 Mbps. For every Dept to have it's own 6M you need to create two classes and police each class.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Sergey Fer Wed, 05/23/2012 - 11:25
User Badges:
  • Bronze, 100 points or more

Their joined incoming traffic will be restricted up to 6 Mbps. For every Dept to have it's own 6M you need to create two classes and police each class.

Safar Safarov Sat, 08/18/2012 - 03:57
User Badges:

Sergey,


in case of having more than 100 Depts any easy way to accomlish the task?

Joseph W. Doherty Sat, 08/18/2012 - 04:28
User Badges:
  • Super Bronze, 10000 points or more

Disclaimer


The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.


Liability Disclaimer


In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.


Posting


Safar Safarov wrote:


Sergey,


in case of having more than 100 Depts any easy way to accomlish the task?

Depends on your underlying requirements, but some switches, like the 6500, support (micro) flow or user (ubrl) policing.

Safar Safarov Sat, 08/18/2012 - 10:50
User Badges:

Joseph,


Let's say, I have 100 Mbps ingress internet traffic to my router and I would like to police it among 100 users limiting each user to 1 Mbps. But creation of 100 classes to accomplish that seems to me a little bit strange. Therefore I'm looking for a way how to do that with the less administrative effort.


BR,

Safar.

Joseph W. Doherty Sat, 08/18/2012 - 17:57
User Badges:
  • Super Bronze, 10000 points or more

Disclaimer


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.


Liability Disclaimer


In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.


Posting


Let's say, I have 100 Mbps ingress internet traffic to my router and I would like to police it among 100 users limiting each user to 1 Mbps. But creation of 100 classes to accomplish that seems to me a little bit strange. Therefore I'm looking for a way how to do that with the less administrative effort.

That's the major feature of per flow or per user policing, you don't define and manage 100 classes.  You apply a special policer on an aggregate path that's able to distinguish and enforce policing per flow or per user.


Did you search for micro-flow and/or ubrl policing on Cisco's main web site?

Safar Safarov Sun, 08/19/2012 - 03:11
User Badges:

Yes I found some articles, all with reference to Cisco® Catalyst® 6500/Cisco 7600 Series Supervisor Engine 720. It seems to me there is no way to apply it on Cisco 2900/3900 Series ISR...

Joseph W. Doherty Sun, 08/19/2012 - 04:03
User Badges:
  • Super Bronze, 10000 points or more

Disclaimer


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.


Liability Disclaimer


In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.


Posting


Safar Safarov wrote:


Yes I found some articles, all with reference to Cisco® Catalyst® 6500/Cisco 7600 Series Supervisor Engine 720. It seems to me there is no way to apply it on Cisco 2900/3900 Series ISR...

Correct, which is why I initially noted "some switches, like the 6500".  Feature is unavailable, I believe, on any ISR.


If your platform is an ISR, then you're stuck with using a large number of classes, or depending on what you really need to accomplish, perhaps a different approach to manage congestion.

Safar Safarov Sun, 08/19/2012 - 04:07
User Badges:

Yes I see. Would it be the same in the case if I purchase ASR instead of ISR?

Joseph W. Doherty Sun, 08/19/2012 - 04:51
User Badges:
  • Super Bronze, 10000 points or more
Aug 18, 2012 7:28 AM                             (in response to Safar Safarov)


Rate policing


Disclaimer


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.


Liability Disclaimer


In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.


Posting


Safar Safarov wrote:


Yes I see. Would it be the same in the case if I purchase ASR instead of ISR?

Not sure as I haven't worked QoS on those and they run IOS XE.  I suspect they don't, but don't quote me.

Safar Safarov Sun, 08/19/2012 - 10:40
User Badges:

Okay. Then I think will go for 7600 Series.


Thanks for your help.

Actions

This Discussion