Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to apply a command on a schedule basis.

I want to apply rate-limit or service-policy to an interface at 00.00 and to revert back at 07.00 everyday.

What are possible solutions?

Thank you.

9 REPLIES
Hall of Fame Super Bronze

Re: How to apply a command on a schedule basis.

Tim,

Depending upon the IOS you are using, you can implement Cisco IOS EEM as a solution:

http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home.html

With that said, I don't recommend making changes in the config on routers as a routine. You can run into issues during a config change that can cause a router to reload.

Depending on the requirements, you can also look into Time-Based ACLs.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#timebasedtimerange

HTH,

__

Edison.

New Member

Re: How to apply a command on a schedule basis.

Yes!!! Thank you. Time based ACL. Here is the result:

time-range NIGHT

periodic daily 00:00 to 06:59

!

access-list 150 remark This is to rate-limit almost everybody during NIGHT

access-list 150 deny ip host 192.168.11.212 any

access-list 150 deny ip any host 192.168.11.212

access-list 150 deny ip host 192.168.11.210 any

access-list 150 deny ip any host 192.168.11.210

access-list 150 deny ip 192.168.99.0 0.0.0.255 192.168.11.0 0.0.0.255

access-list 150 deny ip 192.168.11.0 0.0.0.255 192.168.99.0 0.0.0.255

access-list 150 deny ip 192.168.16.0 0.0.0.255 192.168.11.0 0.0.0.255

access-list 150 deny ip 192.168.11.0 0.0.0.255 192.168.16.0 0.0.0.255

access-list 150 deny ip 192.168.16.0 0.0.0.255 192.168.12.0 0.0.0.255

access-list 150 deny ip 192.168.12.0 0.0.0.255 192.168.16.0 0.0.0.255

access-list 150 deny ip host 192.168.11.203 any

access-list 150 deny ip any host 192.168.11.203

access-list 150 deny ip host 192.168.11.42 any

access-list 150 deny ip any host 192.168.11.42

access-list 150 permit ip any any time-range NIGHT

!

interface Vlan3

description INSIDE

ip address 172.16.11.2 255.255.255.0

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly

rate-limit input access-group 150 128000 24000 24000 conform-action transmit exceed-action drop

rate-limit output access-group 150 128000 24000 24000 conform-action transmit exceed-action drop

Anyway I still can not understand 24000 24000 - these numbers. I know the recommendation - (128k*1.5)/8 but it does not work. Why?

Thank you anyway.

Hall of Fame Super Bronze

Re: How to apply a command on a schedule basis.

Those numbers are the committed burst and exceeded burst values reflected in bytes.

What do you mean it does not work?

__

Edison.

Please rate helpful posts

New Member

Re: How to apply a command on a schedule basis.

I mean this - For example:

I want to rate-limit everybody to 128 Kbit/s. When I am checking interface traffic load with rate-limit applied - I see that is really "rate-limited", but not to 128 Kbit/s - it is limited to 196-384 Kbit/s - Why?. I am monitoring with IPSwitchGold and Advent Net Netflow. Can you please explain what this "burst rates" mean in real life? Is there any way to rate limit to REALLY xx Kbit/s?

Thank you.

Hall of Fame Super Bronze

Re: How to apply a command on a schedule basis.

What's the model of the device in question and IOS version?

BTW, I want to correct my previous reply.

Those numbers reflect 'burst normal' and 'burst max' (you will learn to love QoS and how similar the command variables are, NOT :)).

http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_q1.html#wp1015612

New Member

Re: How to apply a command on a schedule basis.

Right now - C3845. But I saw the same issue on every device (C1[7,8]xx-C2[6,8,9]XX-C3[7,8]XX) worked with. I will try to read documentation again.

Hall of Fame Super Bronze

Re: How to apply a command on a schedule basis.

Apply the rate-limit on the physical port instead of the logical interface.

Software rate-limiters will try to average the limit down to the specified value but hard to obtain on the multitude of traffic flows and patterns.

You can also look into using the police command with MQC instead of the legacy rate-limit command.

HTH,

__

Edison.

New Member

Re: How to apply a command on a schedule basis.

Thank you Edison.

I will use MQC a bit later. But first I want to understand why I do not have a result with CAR.

(I want to rate-limit to 64 Kbit/s but I see that traffic load is "floating" from 100 Kbit/s to 300 Kbit/s). Why.

Here are my questions:

1. If I will place rate limit to physical NAT outside interface - will it work? I am not sure that that acl #150 will work - it classifies nat inside hosts and "tunneled" networks from other regions. What do you think?

2. You advice me to avoid applying rate-limit to logical interfaces - is it from your experience or it is recommended by documentation? I know that if I am applying rate-limit to Dialer interface - it is not working. Till this moment I thought that it is not working because of incorrect burst-rates. It will never work there? I should replace it to physical interface.

2. I am very sorry, but I still can not understand rate-limit burst numbers? What are they? How can I find out (calculate or monitor and then apply) them? Please show me the logic.

P.S. I have a rate-limit on another VLAN interface:

interface Vlan4

description Wi-Fi For Guests

ip address 192.168.254.1 255.255.255.0

ip nat inside

ip virtual-reassembly

rate-limit input access-group 140 128000 24000 24000 conform-action transmit exceed-action drop

rate-limit output access-group 140 128000 24000 24000 conform-action transmit exceed-action drop

And it is working as I want: traffic does not exceed 128 Kbit/s.

Why this is not working:

interface Vlan3

description INSIDE; PIX.KM4.RU

ip address 172.16.11.2 255.255.255.0

ip nat inside

ip virtual-reassembly

rate-limit input access-group 150 64000 12000 12000 conform-action transmit exceed-action drop

rate-limit output access-group 150 64000 12000 12000 conform-action transmit exceed-action drop

Thank you.

Hall of Fame Super Bronze

Re: How to apply a command on a schedule basis.

rate-limit is a legacy command but it should still work per your configuration.

After taking a closer look, you may want to verify the ACL 150 encompasses all traffic traversing that interface.

You can determine this by applying a rate-limit to all traffic (not just traffic within the 150 ACL) and see if the throughput is policed to 64kbps. If it's policed to 64kbps, then you need to troubleshoot your ACL.

As for the burst calculation, the recommended formula was illustrated in the link I posted previously for the rate-limit command.

__

Edison.

174
Views
5
Helpful
9
Replies