Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Bandwidth

Hi

If I have a VPN as a backup link over a 10Mbps ISP Cloud, is there anyway to tell the VPN that it is only allowed to take 2Mbps?

6 REPLIES
Gold

Re: VPN Bandwidth

In other words you need QoS (traffic shape for IPSEC)

try following document

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns109/networking_solutions_white_paper09186a00801890f7.shtml

M.

Hope that helps rate if it does

New Member

Re: VPN Bandwidth

Thanks for that but... this document seems to say that you can use QOS to reserve at least 2Mbps over the 10Mbps link. My question is can you constrain IPSec to using only 2Mbps?

Gav

New Member

Re: VPN Bandwidth

If this VPN is terminating on VPN concentrator then it's quit easy. Even if it will terminate on any device then also it should possible. Please give me more idea about the setup.

Thanks,

Mustafa

New Member

Re: VPN Bandwidth

No such luck having a nice toy like a VPN Concentrator!! The VPN is terminating on a Cisco Router. The setup is basically 2 cisco routers connected directly to the internet via a 3550 switch (one router in Dublin one in London). I want the 2 routers to use a % of the avilable bandwith so that it does not impact on normal internet access.

New Member

Re: VPN Bandwidth

You might have to adjust it but I think this is what you are looking for. This is a child nested map which contains your IPsec policer at 2 megs. The parent "QOS-OUTPUT" shapes and will actually limit your outbound bandwidth to exactly 10megs. You may have to tweak it a little. I like this method as you can use %s in your class which is relative to your max bandwidth of the parent class.

class-map match-any IPSEC

match access-group name IPSEC

!

policy-map QOS-CLASS

class IPSEC

police rate 2000000 bps burst 2000 bytes

conform-action transmit

exceed-action drop

queue-limit 30

!

policy-map QOS-OUTPUT

class class-default

shape average 10000000 1000

service-policy QOS-CLASS

!

interface Ethernet1

description OUTSIDE

service-policy output QOS-OUTPUT

!

ip access-list extended IPSEC

permit udp any any eq 500

permit udp any any eq 4500

permit esp any any

!

New Member

Re: VPN Bandwidth

Thanks for this posting... I have a few questions

what does this mean?

police rate 2000000 bps burst 2000 bytes

and what does this mean?

shape average 10000000 1000

If the Internet connection is 10Mbps do I set the police rate to 10,485,760 bps

the maximum bandwith I would like to make avilable is 8Mbps 8,388,608 bps

Thanks for your help... I am very interested in totally understanding the configuration options and how I can tweak them.

141
Views
0
Helpful
6
Replies
CreatePlease login to create content