12-13-2013 01:33 AM - edited 03-07-2019 05:03 PM
I want to apply Qos on ftp traffic on cisco 6500. Ftp traffic should use only 512 kbps bandwidth. Please any one suggest how should i establish this and any study document will be welcome.
Thanks in advance
Solved! Go to Solution.
12-13-2013 02:57 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
You could use an ingress policy-map to identify FTP traffic and police it at 512 Kbps.
One nice feature of the 6500s, they support microflow policers, so you can police individual flows. (Very convenient on a trunk or VLAN interface.)
12-16-2013 03:15 AM
Hello
You haven't speechified if this is to be applied for a specific vlan or interface?
Below is a example of both:
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq ftp-data
class-map match-all FTP
match access-group 100
or
match protocol ftp
policy-map Police
class FTP
police 512000 conform-action transmit exceed-action drop
class class-default
police 8000000 conform-action transmit exceed-action drop
service-policy input Police
policy-map Police
interface xx
service-policy input Police
Lan/Trunks - nested policy
Class Traffic
match input interface x/x
Policy-map Traffic_pm
Class Traffic
police 8000000 conform-action transmit exceed-action drop
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq ftp-data
Class-map FTP
match access-group 100
or
match portocol ftp
Policy-map Police
class FTP
police 512000 conform-action transmit exceed-action drop
service-policy Traffic_pm
int vlan xxx
service-policy input Police
Int xxx ( trunk interfaces)
mls qos vlan based
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
12-13-2013 02:57 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
You could use an ingress policy-map to identify FTP traffic and police it at 512 Kbps.
One nice feature of the 6500s, they support microflow policers, so you can police individual flows. (Very convenient on a trunk or VLAN interface.)
12-15-2013 04:21 PM
I want to limit ftp traffic for 512 kpbs and other to 8 Mb/s . How do i match other traffic ?? I can create acl for ftp traffic but for others ?
thanks
12-16-2013 03:15 AM
Hello
You haven't speechified if this is to be applied for a specific vlan or interface?
Below is a example of both:
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq ftp-data
class-map match-all FTP
match access-group 100
or
match protocol ftp
policy-map Police
class FTP
police 512000 conform-action transmit exceed-action drop
class class-default
police 8000000 conform-action transmit exceed-action drop
service-policy input Police
policy-map Police
interface xx
service-policy input Police
Lan/Trunks - nested policy
Class Traffic
match input interface x/x
Policy-map Traffic_pm
Class Traffic
police 8000000 conform-action transmit exceed-action drop
access-list 100 permit tcp any any eq ftp
access-list 100 permit tcp any any eq ftp-data
Class-map FTP
match access-group 100
or
match portocol ftp
Policy-map Police
class FTP
police 512000 conform-action transmit exceed-action drop
service-policy Traffic_pm
int vlan xxx
service-policy input Police
Int xxx ( trunk interfaces)
mls qos vlan based
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
12-16-2013 04:00 AM
Hi paul,
thanks a lot for your reply. Your configuration really perfect. My scenario is as above. I have ftp server on Ubuntu 2 Pc 192.168.2.1/29 and window 2012-2 Pc 10.10.12.1/29 has ftp client. so window PC's ftp client uploads and downloads files from ubuntu ftp server . This traffic should be 512 kbps.so I want to apply qos for ftp and other traffic.
Please suggest me where should I apply Qos. Do i need to apply Vlan based qos or interface base qos. I think it should be Vlan based.
Thanks,
12-16-2013 05:02 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
You could apply the policy on the host interfaces, or you could apply to the VLAN interface for those hosts. If you apply to the VLAN interface, policing will apply to all traffic on the VLAN, and if you don't use the "flow" option, it would also limit the aggregate of all ports to your policed values.
BTW, IMO, a better approach to policing is traffic prioritization. Instead of limiting something like FTP traffic to 512 Kbps all the time, you can (sort of) guarantee it 512 Kbps when there's congestion, but when there's not congestion allow it to have additional bandwidth.
12-16-2013 05:18 AM
Hi Joseph,
Thanks for your reply. Then Please suggest me how should i implement your idea also that whenever no congestion, it should use remaining bandwidth ?
Thanks
12-16-2013 05:05 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
How would depend very much on the QoS features of the device. Even 6500 QoS features depend on line cards.
Most, but not all, Cisco switches support 4 egress queue which you can provide different bandwidth allocations. Such allocations usually provide a minimum, but more bandwidth might be used if its otherwise not being used.
For example, you might define four queues that one is a priority queue for real-time traffic; one is a foreground queue with a large bandwidth allocation (not that such traffic should be bandwidth intensive, but to insure high priority for dequeuing; one is a background queue with minimum bandwidth allocation (often where you might want to direct FTP); and the last is a middle allocation for everything else, i.e. your default.
Also on switches, traffic is often placed into a particular egress queue based on L2 CoS or L3 ToS. So, what this means, you'll want to mark your FTP traffic differently than your other traffic, perhaps with CoS 1 or DSCP CS1 or AF1x.
Cisco has some great guides on how to configure QoS for their different platforms although their 11 class model is often overly complex.
12-17-2013 06:20 AM
Hi,
It is not matching FTP traffic. It is talking class default police not FTP class.
Also, my cisco 6503 is not taking match protocol ftp line. so i am using match access-group 100.
i am using filzilla ftp server.
Thanks,
12-17-2013 06:30 AM
I am matching port 20 and 21 for ftp.
12-17-2013 08:10 AM
Hi,
I have solved my problem. I changed the ACL to match ftp traffic.
access-list 101 permit tcp any any eq 21
access-list 101 permit tcp any eq 20 any
Above ACL will match traffic.
Thanks,
12-17-2013 05:17 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Also, my cisco 6503 is not taking match protocol ftp line. so i am using match access-group 100.
Yes, match protocol isn't generally found on Cisco's L3 switches. What you did with the ACLs is the correct approach.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide