Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Best Practice to Control Bandwidth utilization-Internet Link

CASE:- Users are downloading files using FTP, TFTP etc hence the bandwidth utilization of the link gets increased and other users gets affected.

Pls suggest way  at router level to restrict the bandwidth only for FTP traffic.so that other normal users shouldnt get affected.

1.0 Rate Limit

2.0 NAT

Link Bandwidth 10 Mb

8 REPLIES

Best Practice to Control Bandwidth utilization-Internet Link

Solution = QoS

New Member

Best Practice to Control Bandwidth utilization-Internet Link

Hi  Andrew, Can you please share with an example !!!

Best Practice to Control Bandwidth utilization-Internet Link

Super Bronze

Best Practice to Control Bandwidth utilization-Internet Link

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Do you control far side's egress?  If so, as Andrew notes, QoS should be able to solve.  If not, there are techniques and appliances that might, or might not, provide the solution.

Best Practice to Control Bandwidth utilization-Internet Link

Hi Nihit,

You can use ratelimit commands in order to control the bandwidth usage. This feature will drops the packet if bandwidth usage reached at some extend. And you can apply this feature to few of networks based on your rquirement.

Also you can restrict the FTP access in your global NAT.

So let me know which feature you want so that i can share the configuration step by step.

Please rate the helpfull posts.
Regards,
Naidu.

Super Bronze

Best Practice to Control Bandwidth utilization-Internet Link

Disclaimer

The Author of this posting offers the information contained within this    posting without consideration and with the reader's understanding that    there's no implied or expressed suitability or fitness for any  purpose.   Information provided is for informational purposes only and  should not be construed as rendering professional advice of any kind.  Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever  (including, without limitation, damages for loss of use, data or  profit) arising out of the use or inability to use the posting's  information even if Author has been advised of the possibility of such  damage.

Posting

Ratelimiting (or policing) will control bandwidth usage.  However, unless properly configured you'll often see your throughput much lower than expected if you don't allow for bursting.  For egress, shaping is another option.

For ingress, when you rate-limit, it does control the bandwidth downstream, but it may, or may not, have impact on the traffic upstream (i.e. your link inbound is still congested).  Some traffic will not slow its transmission rate regardless of drops, e.g. most UDP traffic.  Some traffic will slow, e.g. TCP traffic.  Even with traffic that does slow its rate when drops are detected, it may burst above the configured rate, i.e. inbound link is still congested.

If you can control both sides of the link, generally on Cisco routers there's much you can do.  If fact, rather than limiting bandwidth to any application, such as FTP, I prefer to de-prioritize it, i.e. it can use all available bandwidth, but none currently being used by other traffic.

When you only control one side of the link, you can do "good stuff" outbound, but practically impossible to control inbound in all situations, especially with finesse.  For example, you could rate-limit inbound FTP to 1 Mbps.  Given FTP runs over TCP and leaving 9 Mbps for other traffic, FTP, when bursting (before it hits the rate-limiter), won't be too likely to adversely impact other traffic.  Of course, this also means FTP won't be able to use more than 1 Mbps even if 7 or 8 Mbps is currently not being used.

I've gone so far as to have even shaped returning ACKs on a router.  It works, but without precision since you can not tie the shaping to the actual inbound flow's bandwidth usage.

There are 3rd party appliances that also, I believe, regulate ACKs and spoof receiver's TCP RWIN, and they should work wonderfully for TCP based traffic, but just one high bandwidth consuming UDP flow puts it all to nothing.

New Member

Best Practice to Control Bandwidth utilization-Internet Link

So this means if ill  rate limit the  Forward traffic will i be able to control the utilization or the same needs to be applied in both ways

please find the sample config.

interface fa1/0

rate-limit output access-group 210 1024000 192000 384000 conform-action transmit exceed-action drop

ip access-list extended 210

permit tcp any any eq 21

Super Bronze

Best Practice to Control Bandwidth utilization-Internet Link

Disclaimer

The  Author of this posting offers the information contained within this     posting without consideration and with the reader's understanding  that    there's no implied or expressed suitability or fitness for any   purpose.   Information provided is for informational purposes only and   should not be construed as rendering professional advice of any kind.   Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever  (including,  without limitation, damages for loss of use, data or  profit) arising  out of the use or inability to use the posting's  information even if  Author has been advised of the possibility of such  damage.

Posting

What you've posted, I believe, will rate limit FTP to 1 Mbps as it egresses the f1/0 port.  You could also, I further believe, rate limit FTP to 1 Mbps as it ingresses your f1/0 port.

However, actual bandwidth demand for FTP can be higher before it hits the rate limiter.  (If it couldn't be higher, rate limiting would be pointless.)  If you're trying to preserve bandwidth for other traffic before it gets the limiter, you won't succeed 100%.

1455
Views
0
Helpful
8
Replies