×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Rate-limit seems to not work

Unanswered Question
Oct 24th, 2013
User Badges:

When we use Aspera, it maxes out our bandwidth and we cannot do anything else while the download is going on.


3220ASA1# sh conn add 192.168.0.105 prot udp

110 in use, 509 most used

UDP outside 153.7.233.153:33001 inside 192.168.0.105:60064, idle 0:00:00, bytes 573048376, flags -


I want to rate-limit the UDP port 33001 that aspera uses, here is that part of my config. I applied the QoS to both the inside and outside interface for port 33001.


ASA Version 8.6(1)

access-list outside_mpc extended permit udp any any eq 33001

access-list inside_mpc_1 extended permit udp any any eq 33001

!

class-map inside-class

match access-list inside_mpc_1

class-map outside-class

match access-list outside_mpc

!

policy-map outside-policy

class outside-class

  police input 100000 1500

  police output 100000 1500

policy-map inside-policy

class httptraffic

  inspect http http_inspection_policy

class inside-class

  police input 100000 1500

  police output 100000 1500

!

service-policy outside-policy interface outside

service-policy inside-policy interface inside


Do I have this wrong? The ASDM is still showing traffic as much higher than the 100kbps I want to limit to.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Julio Carvajal Thu, 10/24/2013 - 13:41
User Badges:
  • Purple, 4500 points or more

Hello Dru,


I would actually do it like this


policy-map outside-policy

class outside-class

  police output 100000 1500


policy-map inside-policy

class httptraffic

  inspect http http_inspection_policy

class inside-class

  police input 100000 1500



Then I would apply the service-policy and then do clear local-host


Let me know how it goes


Regards,


Jcarvaja

Dru Goradia Thu, 10/24/2013 - 17:14
User Badges:

After speaking with TAC we were able to police the traffic internally but as it's UDP the source server just kept throwing the packets at us, maxing out the bandwith. I was told that the only workaround is to get the ISP to limit it.

Julio Carvajal Thu, 10/24/2013 - 18:22
User Badges:
  • Purple, 4500 points or more

Hello Dru,


What do U mean?


Who is the one that innitiates the connection, the server on the inside of an outside user???


Did u Try what I suggested?


Regards,

Todd Kelly Tue, 04/19/2016 - 14:09
User Badges:

Having the same issues. Did the recommendation from Julio help you? I would like to know if this has resolved your issue.


Thanks.


Todd

Actions

This Discussion

Related Content