cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1997
Views
5
Helpful
9
Replies

Queueing and shaping physical and sub interfaces

dan.letkeman
Level 4
Level 4

Hello,

I have a scenario where I need to shape and queue traffic on a physical interface and as well on sub interfaces.  Here is what I currently have setup:

g0/1 - main interface for internet traffic

g0/0 main lan interface for most users, servers, etc.

g0/0.823 - 1st guest sub interface

g0/0.825 - 2nd guest sub interface

I currently have a parent / chile policy-map setup and working to shape the traffic on the sub interfaces and it works, for the most part.  I still have drops, but I'm assuming that the buffer cannot keep up on my router (2821).

What I want to do is shape traffic on the g0/0 interface but it won't allow me to do so if I already have shaping on a sub interface.  So Do I need to remove the service policy for the sub interface and do all my shaping based on the g0/0 interface instead? 

Is this the best practice for this type of design?  Or should I create a different sub interface for the main lan users/servers?  Should I be doing shaping on the lan interface in the output direction?

Not sure where to go from here other than trying every different type of scenario and finding one that works.

Thanks,
Dan.

1 Accepted Solution

Accepted Solutions

hey mate !

here`s the answers:


If I am applying an outbound  policy on G0/1 which is the interface connected to the internet, am I  not just shaping the "upload" traffic from the users?  The whole idea is  to shape and or police everyones download traffic so they don't hog the  whole pipe!

----> No, you are shaping the traffic in general to conform with ISP`s CIR.  So, download and or upload would be shaped.

For  example if I wanted to only allow the lan users to use 40mbps of the  50, and the guest users to use 3mbps of the 50 and my servers to use  3mbps of the 50 shaping outbound on the G0/1 doesn't seem like it will  work.

----> give it a try !  Another way to control your traffic would be having a child policy map matching the class maps separating the traffic with policing and wred thresholds.   Like... Lan user with a policing of 40 mgs, guest with 3 mgs, servers with 3 mgs....   and the PARENT policy map would be shaping everything to 50 mgs, just to conform to the ISP CIR rate.

hope his helps !

please, rate helpful posts !

Sorry for the confusion.  And I really appreciate the responses.

Dan.

View solution in original post

9 Replies 9

Latchum Naidu
VIP Alumni
VIP Alumni

Hi Dan,

You may need to remove the existing policy-map and create new one as per your need.


Please rate the helpfull posts.
Regards,
Naidu.

gfcisco31
Level 1
Level 1

Hello mate !

We usually shape the outbound traffic to conform with the contracted ISPs CIR (usually they do inbound policing on their end)

What i mean is, in your design i would just shape the traffic coming from users towards the INTERNET, so i would use an outbound policy map applied to my internet connections (your gig0/0)

something like

policy-map SHAPE

class class-default

shape average 1544000

You could also create another policy map (a child) with WRED thresholds based on dscp to avoid congestion, but than you need to classify/separate user`s traffic and apply the thresholds based on DSCP, usually packest comes from the lan already marked, or you could mark inbound in your sub interfaces the traffic.

I hope this clarifies a little bit..

Please rate the helpful posts

Ok, so this is where my confusion sets in. 

{internet} - - - G0/1 - Router - G0/0 - - - LAN Users (Outbound Policy - Based on ISP CIR 50mbps)

                                    |

                                    - - - G0/0.823 - - - GUEST Users (How to shape this to 3mbps?)

You said that you would shape the traffic coming from users towards the internet.  Wouldn't that imply an inbound policy-map?  But then you say you would use an outbound policy-map applied to G0/0, which would imply that you are shaping the Download traffic, towards the users from the internet....thats confusing to me.

Maybe I just have my terms mixed up....

What I was thinking is I would setup an outbound policy map on the LAN interface towards the users and shape the traffic based on our ISP's CIR.   But creating a child policy won't help me shape the traffic on the sub interface.  Or does the shaping command on the physical interface apply to all of them?  For example if I shape the physical interface to 50mbps how do I take 3mbps of that traffic and shape sub interface?

I also have a proxy server connected to a different interface on the router and I use route-maps to route the users on the lan to it first, and then it goes out to the internet.  I think this is also causing me some grief when it comes to shaping.  But thats another project...

Thanks,

Dan.

Hi mate...

one correction... the outbout shape policy map would be in the internet connection (gig0/1)  NOT gig0/0

So, you have a CIR of 50 mgs... you would have to shape 47 to the lan users and 3 mgs for the guest users. 

Based on a simple config, i would create the following:

CLASS-MAPS

class-map match-all GUEST

match access-group 2 ----> GUEST SOURCE ADD

class-map match-all LAN_USERS

match access-group 1 ----> LAN users SOURCE ADD

POLICY MAP

policy-map SHAPE_OUT_Gig0/1

class GUEST

  shape average 3000000 75000 0    ----> 0 to not allow exceed traffic

class LAN_USERS

  shape average 47000000 1175000 0 ----> 0 to not allow exceed traffic

---> in the gig0/1 int you apply:   

service-policy output SHAPE_OUT_Gig0/1

---->  One more thing about what u said:

"What I was thinking is I would setup an outbound policy map on the LAN  interface towards the users and shape the traffic based on our ISP's  CIR."

i think you should worry about users traffic LEAVING your network, to CONFORM with your ISP CIR, not with what COMES from the internet towards your users either guest or LAN subnet.

Not sure if i get exactly what ur requesting, but i hope this helps...

*PLease, rate useful posts.

Thank you for the quick reply!

Yes, this is the main thing that confuses me.  If I am applying an outbound policy on G0/1 which is the interface connected to the internet, am I not just shaping the "upload" traffic from the users?  The whole idea is to shape and or police everyones download traffic so they don't hog the whole pipe!

For example if I wanted to only allow the lan users to use 40mbps of the 50, and the guest users to use 3mbps of the 50 and my servers to use 3mbps of the 50 shaping outbound on the G0/1 doesn't seem like it will work.

Sorry for the confusion.  And I really appreciate the responses.

Dan.

hey mate !

here`s the answers:


If I am applying an outbound  policy on G0/1 which is the interface connected to the internet, am I  not just shaping the "upload" traffic from the users?  The whole idea is  to shape and or police everyones download traffic so they don't hog the  whole pipe!

----> No, you are shaping the traffic in general to conform with ISP`s CIR.  So, download and or upload would be shaped.

For  example if I wanted to only allow the lan users to use 40mbps of the  50, and the guest users to use 3mbps of the 50 and my servers to use  3mbps of the 50 shaping outbound on the G0/1 doesn't seem like it will  work.

----> give it a try !  Another way to control your traffic would be having a child policy map matching the class maps separating the traffic with policing and wred thresholds.   Like... Lan user with a policing of 40 mgs, guest with 3 mgs, servers with 3 mgs....   and the PARENT policy map would be shaping everything to 50 mgs, just to conform to the ISP CIR rate.

hope his helps !

please, rate helpful posts !

Sorry for the confusion.  And I really appreciate the responses.

Dan.

Thank you again and Yes I will give it a try....this clears a lot of things up for me.

Dan.

Ok, so I tried this, and just as I suspected placing and outbound policy does NOT shape traffic in general it ONLY shapes the outbound traffic.  Am I doing something wrong?

Relevant config:

policy-map g0/1-output-parent-1mbps

class class-default

  shape average 1000000 256000 128000

interface GigabitEthernet0/1

bandwidth 50000

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

service-policy output g0/1-output-parent-1mbps

end

Here is what the policy-map looks like when I am downloading an ISO file.  The download is going at about 7mbps.

router#show policy-map interface g0/1 output

GigabitEthernet0/1

  Service-policy output: g0/1-output-parent

    Class-map: class-default (match-any)

      35293 packets, 7409317 bytes

      5 minute offered rate 85000 bps, drop rate 0 bps

      Match: any

      Traffic Shaping

           Target/Average   Byte   Sustain   Excess    Interval  Increment

             Rate           Limit  bits/int  bits/int  (ms)      (bytes)

          1024000/1024000   48000  256000    128000    250       32000

        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping

        Active Depth                         Delayed   Delayed   Active

        -      0         14180     5493303   2692      3769845   no

Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(25d)

Dan.

gfcisco31
Level 1
Level 1

Hi mate.... Just doing a quick look right now but...

My though now is... U need to see the realtime throughtput, u wont get more than 1544 mb with this config (bc + be). What i am seeing here is the cumulative bytes in the class default.... The total usage during a time frame..

Talk to u again tomorrow

Merry Christmas!!!

Sent from Cisco Technical Support iPhone App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco