Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14073
Views
21
Helpful
18
Replies

How to rate-limit different IP's entering/leaving an Interface?

asaykao73
Level 1
Level 1

‎05-07-2009 04:09 PM - edited ‎03-01-2019 02:12 PM

Hi There,

We are an ISP and have an interconnect with say Provider A. Customers of ours use Provider A for layer 2 and us for Layer 3 (IP/Internet).

Customer #1 to #100 --- (10Mb) --> Provider A ---> ISP ---> Internet

We'd like to rate limit some customers to 2mb/sec (in/out) on our end because at present they have a 10mb/sec connection coming from Provider A.

The config we use to peer with Provider A is this:

interface GigabitEthernet0/1.120

description Interconnect with Provider A

bandwidth 400000

encapsulation dot1Q 120

ip address A.B.C.1 255.255.255.252

Customers of ours are simply routed out through this interface like so:

Customer #1:

ip route W.X.Y.Z. 255.255.255.255 A.B.C.2

Customer #2:

ip route J.K.L.M 255.255.255.255 A.B.C.2

Is there a way to rate limit both these customers without needing to create a separate class map for each like so:

class-map match-all CUSTOMER-1-2MB

match access-group name ACL-CUSTOMER-1

class-map match-all CUSTOMER-2-2MB

match access-group name ACL-CUSTOMER-2

!

policy-map POLICY-RATE-LIMIT

class CUSTOMER-1-2MB

police 2000000 375000 750000

class CUSTOMER-2-2MB

police 2000000 375000 750000

!

interface GigabitEthernet0/1.120

service-policy input POLICY-RATE-LIMIT

service-policy output POLICY-RATE-LIMIT

I've done this in the lab and I know it works, so Customer #1 ends up with 2mb/sec and Customer #2 gets 2mb/sec too.

But in production, I'm talking about 100's of customers which we simply route out of this interface. I can't imagine having to configure 100's of class maps and policy maps for each customer to rate limit them to 2mb/sec like in the config above.

Is there a better way to do this on the router???

Thanks.

Andy

Labels:
0 Helpful
18 Replies 18

n-magbade
Level 1
Level 1
In response to asaykao73

‎09-23-2009 07:40 AM

Would the police statement be different if you have say 2mb download and 1mb upload

0 Helpful

asaykao73
Level 1
Level 1
In response to n-magbade

‎09-23-2009 04:53 PM

Yes you will need a separate service policy for the input and output on your interface.

Eg:

interface GigabitEthernet0/1.120

service-policy input MY-POLICY-1MB

service-policy output MY-POLICY-2MB

Cheers.

Andy

0 Helpful

chrmar
Level 1
Level 1
In response to asaykao73

‎10-14-2009 10:11 PM

ISG has several options for doing this in an elegant fashion. See "Configuring ISG Policies for Regulating Network Access." Policing can be applied either per user, or per traffic class. Additionally it can be done via locally configured service-profile, aaa user profile or aaa service profile.

If you require some basic configuration for ISG (not easy to divine from the documentation), I can provide this.

0 Helpful

Safar Safarov
Level 1
Level 1

‎08-06-2012 01:14 PM

Hi Andy,

did you find any better way how to do this? I have around 60 customers and it's really a pain to manage them in the way described (policy per customer).

Regards,

Safar.

0 Helpful
Customers Also Viewed These Support Documents