12-22-2011 01:01 PM - edited 03-07-2019 04:01 AM
Hello,
I have a scenario where I need to shape and queue traffic on a physical interface and as well on sub interfaces. Here is what I currently have setup:
g0/1 - main interface for internet traffic
g0/0 main lan interface for most users, servers, etc.
g0/0.823 - 1st guest sub interface
g0/0.825 - 2nd guest sub interface
I currently have a parent / chile policy-map setup and working to shape the traffic on the sub interfaces and it works, for the most part. I still have drops, but I'm assuming that the buffer cannot keep up on my router (2821).
What I want to do is shape traffic on the g0/0 interface but it won't allow me to do so if I already have shaping on a sub interface. So Do I need to remove the service policy for the sub interface and do all my shaping based on the g0/0 interface instead?
Is this the best practice for this type of design? Or should I create a different sub interface for the main lan users/servers? Should I be doing shaping on the lan interface in the output direction?
Not sure where to go from here other than trying every different type of scenario and finding one that works.
Thanks,
Dan.
Solved! Go to Solution.
12-24-2011 10:49 AM
hey mate !
here`s the answers:
If I am applying an outbound policy on G0/1 which is the interface connected to the internet, am I not just shaping the "upload" traffic from the users? The whole idea is to shape and or police everyones download traffic so they don't hog the whole pipe!
----> No, you are shaping the traffic in general to conform with ISP`s CIR. So, download and or upload would be shaped.
For example if I wanted to only allow the lan users to use 40mbps of the 50, and the guest users to use 3mbps of the 50 and my servers to use 3mbps of the 50 shaping outbound on the G0/1 doesn't seem like it will work.
----> give it a try ! Another way to control your traffic would be having a child policy map matching the class maps separating the traffic with policing and wred thresholds. Like... Lan user with a policing of 40 mgs, guest with 3 mgs, servers with 3 mgs.... and the PARENT policy map would be shaping everything to 50 mgs, just to conform to the ISP CIR rate.
hope his helps !
please, rate helpful posts !
Sorry for the confusion. And I really appreciate the responses.
Dan.
12-23-2011 05:33 AM
Hi Dan,
You may need to remove the existing policy-map and create new one as per your need.
Please rate the helpfull posts.
Regards,
Naidu.
12-24-2011 09:22 AM
Hello mate !
We usually shape the outbound traffic to conform with the contracted ISPs CIR (usually they do inbound policing on their end)
What i mean is, in your design i would just shape the traffic coming from users towards the INTERNET, so i would use an outbound policy map applied to my internet connections (your gig0/0)
something like
policy-map SHAPE
class class-default
shape average 1544000
You could also create another policy map (a child) with WRED thresholds based on dscp to avoid congestion, but than you need to classify/separate user`s traffic and apply the thresholds based on DSCP, usually packest comes from the lan already marked, or you could mark inbound in your sub interfaces the traffic.
I hope this clarifies a little bit..
Please rate the helpful posts
12-24-2011 09:48 AM
Ok, so this is where my confusion sets in.
{internet} - - - G0/1 - Router - G0/0 - - - LAN Users (Outbound Policy - Based on ISP CIR 50mbps)
|
- - - G0/0.823 - - - GUEST Users (How to shape this to 3mbps?)
You said that you would shape the traffic coming from users towards the internet. Wouldn't that imply an inbound policy-map? But then you say you would use an outbound policy-map applied to G0/0, which would imply that you are shaping the Download traffic, towards the users from the internet....thats confusing to me.
Maybe I just have my terms mixed up....
What I was thinking is I would setup an outbound policy map on the LAN interface towards the users and shape the traffic based on our ISP's CIR. But creating a child policy won't help me shape the traffic on the sub interface. Or does the shaping command on the physical interface apply to all of them? For example if I shape the physical interface to 50mbps how do I take 3mbps of that traffic and shape sub interface?
I also have a proxy server connected to a different interface on the router and I use route-maps to route the users on the lan to it first, and then it goes out to the internet. I think this is also causing me some grief when it comes to shaping. But thats another project...
Thanks,
Dan.
12-24-2011 10:22 AM
Hi mate...
one correction... the outbout shape policy map would be in the internet connection (gig0/1) NOT gig0/0
So, you have a CIR of 50 mgs... you would have to shape 47 to the lan users and 3 mgs for the guest users.
Based on a simple config, i would create the following:
CLASS-MAPS
class-map match-all GUEST
match access-group 2 ----> GUEST SOURCE ADD
class-map match-all LAN_USERS
match access-group 1 ----> LAN users SOURCE ADD
POLICY MAP
policy-map SHAPE_OUT_Gig0/1
class GUEST
shape average 3000000 75000 0 ----> 0 to not allow exceed traffic
class LAN_USERS
shape average 47000000 1175000 0 ----> 0 to not allow exceed traffic
---> in the gig0/1 int you apply:
service-policy output SHAPE_OUT_Gig0/1
----> One more thing about what u said:
"What I was thinking is I would setup an outbound policy map on the LAN interface towards the users and shape the traffic based on our ISP's CIR."
i think you should worry about users traffic LEAVING your network, to CONFORM with your ISP CIR, not with what COMES from the internet towards your users either guest or LAN subnet.
Not sure if i get exactly what ur requesting, but i hope this helps...
*PLease, rate useful posts.
12-24-2011 10:34 AM
Thank you for the quick reply!
Yes, this is the main thing that confuses me. If I am applying an outbound policy on G0/1 which is the interface connected to the internet, am I not just shaping the "upload" traffic from the users? The whole idea is to shape and or police everyones download traffic so they don't hog the whole pipe!
For example if I wanted to only allow the lan users to use 40mbps of the 50, and the guest users to use 3mbps of the 50 and my servers to use 3mbps of the 50 shaping outbound on the G0/1 doesn't seem like it will work.
Sorry for the confusion. And I really appreciate the responses.
Dan.
12-24-2011 10:49 AM
hey mate !
here`s the answers:
If I am applying an outbound policy on G0/1 which is the interface connected to the internet, am I not just shaping the "upload" traffic from the users? The whole idea is to shape and or police everyones download traffic so they don't hog the whole pipe!
----> No, you are shaping the traffic in general to conform with ISP`s CIR. So, download and or upload would be shaped.
For example if I wanted to only allow the lan users to use 40mbps of the 50, and the guest users to use 3mbps of the 50 and my servers to use 3mbps of the 50 shaping outbound on the G0/1 doesn't seem like it will work.
----> give it a try ! Another way to control your traffic would be having a child policy map matching the class maps separating the traffic with policing and wred thresholds. Like... Lan user with a policing of 40 mgs, guest with 3 mgs, servers with 3 mgs.... and the PARENT policy map would be shaping everything to 50 mgs, just to conform to the ISP CIR rate.
hope his helps !
please, rate helpful posts !
Sorry for the confusion. And I really appreciate the responses.
Dan.
12-24-2011 10:51 AM
Thank you again and Yes I will give it a try....this clears a lot of things up for me.
Dan.
12-24-2011 11:14 AM
Ok, so I tried this, and just as I suspected placing and outbound policy does NOT shape traffic in general it ONLY shapes the outbound traffic. Am I doing something wrong?
Relevant config:
policy-map g0/1-output-parent-1mbps
class class-default
shape average 1000000 256000 128000
interface GigabitEthernet0/1
bandwidth 50000
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
service-policy output g0/1-output-parent-1mbps
end
Here is what the policy-map looks like when I am downloading an ISO file. The download is going at about 7mbps.
router#show policy-map interface g0/1 output
GigabitEthernet0/1
Service-policy output: g0/1-output-parent
Class-map: class-default (match-any)
35293 packets, 7409317 bytes
5 minute offered rate 85000 bps, drop rate 0 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
1024000/1024000 48000 256000 128000 250 32000
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 14180 5493303 2692 3769845 no
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(25d)
Dan.
12-24-2011 04:34 PM
Hi mate.... Just doing a quick look right now but...
My though now is... U need to see the realtime throughtput, u wont get more than 1544 mb with this config (bc + be). What i am seeing here is the cumulative bytes in the class default.... The total usage during a time frame..
Talk to u again tomorrow
Merry Christmas!!!
Sent from Cisco Technical Support iPhone App
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: