bandwidth shape or limit per subnet 2801

danletkeman · ‎06-06-2007

Hello,

I have a 2801 doing pbr routing by source ip to 4 different gateways.

interface FastEthernet0/0

description lan

bandwidth 100000

ip address 10.1.10.1 255.255.255.0

ip nat inside

ip route-cache flow

ip policy route-map inet

duplex auto

speed auto

!

interface FastEthernet0/1

description wan

bandwidth 14000

ip address 10.10.50.1 255.255.255.0

duplex auto

speed auto

!

ip classless

!

ip access-list extended dto

permit ip 192.168.18.0 0.0.0.255 any

ip access-list extended ees

permit ip 192.168.6.0 0.0.0.255 any

ip access-list extended ges

permit ip 192.168.4.0 0.0.0.255 any

ip access-list extended lis

permit ip 192.168.8.0 0.0.0.255 any

!

route-map inet permit 40

match ip address ges

set ip next-hop 10.10.50.103

!

route-map inet permit 60

match ip address ees

set ip next-hop 10.10.50.102

!

route-map inet permit 80

match ip address lis

set ip next-hop 10.10.50.101

!

route-map inet permit 180

match ip address dto

set ip next-hop 10.10.50.104

Each gateway is an ADSL line with 3mbit down and 384kbit up. The above is just an example of the pbr that is happening, there are more subnets than shown. I would like to setup bandwidth shaping or rate limiting so that one ip from one subnet will not hog the whole adsl line.

If someone could please provide an example of a policy map that I can apply to an interface so I can shape or limit the traffic. I have tried a few things but I can never get anything to rate limit or police.

Thanks,

Dan.

paolo bevilacqua · ‎06-06-2007

Hi Dan,

In practice, you can only limit and set fair share for the upload direction. To do this, you will need to traffic-shape output to be same speed as your DSL line, see this document:

http://cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800b2d29.shtml

The alternative is to place the ADSL interfaces directly in the router (HWIC-1ADSL), this would make all the above automatic.

For input, there isn't really much that you can do, because you do not control the upstream router, where the congestion occurs.

Hope this helps, please rate post if it does!

oschaul2 · ‎07-23-2010

This should work for you:

ip access-list extended dto
permit ip 192.168.18.0 0.0.0.255 any
ip access-list extended ees
permit ip 192.168.6.0 0.0.0.255 any
ip access-list extended ges
permit ip 192.168.4.0 0.0.0.255 any
ip access-list extended lis
permit ip 192.168.8.0 0.0.0.255 any

class-map match-any dto
match access-group name dto
class-map match-any ees
match access-group name ees
class-map match-any ges
match access-group name ges
class-map match-any lis
match access-group name lis

policy-map outwan
class dto
shape average 384000
class ees
shape average 384000
class ges
shape average 384000
class lis
shape average 384000
class class-default
fair-queue

interface FastEthernet0/1
description wan
bandwidth 14000
ip address 10.10.50.1 255.255.255.0
service-policy output outwan
duplex auto
speed auto