Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

traffic shaping w/ router as a transparent bridge

Ive got some issues with traffic shaping, I assume Im just missing

something silly but cant seem to find the issue. Im hoping some kind

person can point out the obvious

Ive reviewed: Configuring Generic Traffic Shaping

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt4/qcfgts.htm#wp1001057

... as well as ...

http://www.velocityreviews.com/forums/t30137-using-a-cisco-router-as-a-throttling-bridge.html

http://www.velocityreviews.com/forums/t35922-rate-limit-question.html

http://groups.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/82d477e610269a13/7e8a1f7a26eabee3?lnk=st&q=cisco+traffic+shape+group#7e8a1f7a26eabee3

Heres my network layout:

see attached if this ascii diagram is messed up in the post

hh1 (10.0.0.3 ) |

(0017.0830.cb00) |

|

h2(10.0.0.4)------ |- (f0/0) r1 (e1/0) --(10.0.0.1) r2 - inet

|

h2 (10.0.0.5) -----|

i need to shape in and out bound traffic for various hosts

independantly (ie h1, h2, h3). i also need to do this with a bridge

since i dont want to create any more confusion than needed by fooling

with more subnets, consuming extra addresses, or nat. i have a spare

router (r1) which is:

bw_throttle>sh ver

Cisco Internetwork Operating System Software

IOS (tm) 3600 Software (C3620-IS-M), Version 12.3(17), RELEASE

SOFTWARE (fc2)

and has the following relevant config:

no ip routing

!

interface FastEthernet0/0

no ip address

traffic-shape group 1 500000 18000 18000 1000

traffic-shape group 700 500000 18000 18000 1000

bridge-group 1

!

interface Ethernet1/0

no ip address

traffic-shape group 1 500000 18000 18000 1000

traffic-shape group 700 500000 18000 18000 1000

bridge-group 1

!

access-list 1 permit 10.0.0.3

access-list 700 permit 0017.0830.cb00

!

bridge 1 protocol ieee

this doesn't shape traffic to the expected 500kbps for h1; the only

way i can seem to shape any traffic is with something like the

following on both interfaces

traffic-shape rate 500000 18000 18000 1000

unfortunately this is not what i need; i instead need to shape traffic

for specific hosts, preferably specifiying those hosts by ip address,

not mac address, but at this point ill take whatever i can get

perhaps i just cant do what im trying to pull off? since im trying to

make a router act as a layer 2 device and shape traffic based on layer

3 addresses. perhaps thats not a possibility?

1 REPLY
New Member

Re: traffic shaping w/ router as a transparent bridge

Ive not gotten any help with doing this with cisco equipment... though

ive moved on to doing it with BSD

Building a transparent traffic-shaping bridge

http://www.cardus.com/2007/09/24/building-a-transparent-traffic-shaping-bridge/

http://www.openbsd.org/faq/faq4.html

There was a bit more to building the openbsd box, but with some help

from the following I figured it out

http://www.openbsd.org/faq/pf/queueing.html

http://insecure.ucdavis.edu/openbsd/openbsd-4-0-firewall

Things not in the guide were I had to add pftop...

# pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/4.2/packages/i386/pftop-0.6.tgz

and to see queue info once you run pftop you have to use the left and

right arrow keys

I also had to find info on how to change and reapply rules

Configure rules for pf:

write your rules and save them in pf.test

To test your rules type:

# pfctl -nf /etc/pf.test

When you are confident that you want to apply the rules type:

# cp pf.conf pf.old && cp pf.test pf.conf

To load your rules type:

# pfctl -f /etc/pf.conf

Hope that helpls someone. If ayone figures out how to do it with something better

or with cisco equipment id love to know how.

613
Views
0
Helpful
1
Replies
CreatePlease login to create content