Ps take a look to the attached topology,i have router-partner F0/0 assigned a public ip address to connect over Internet using ipsec to his location,now i need to limit the connection to just 16 Mbps,the customer has access to this cpe over the Internet so i Can't hard code the interface using the bandwidth command to 16Mpbs,is it possible to limit it to 16 mbps on my border coz the traffic pass via these border to the internet
depends on the Equiptment you have, but in general most Cisco Gear understands Traffice Shaping and Policing as part of QoS. So if you dig a litte into the documentation for your gear. You will get an Idea.
It is also depends if the interface on the Border router is used only by this customer.
In this case, you can just apply a traffic shaping or policing to shape or drop the traffic that exceeds the 16Mbps.
If the interface to the internet is also used by other customers (not displayed in the figure) you have to differentiate the traffic to this interface for every customer and then police or shape the traffic according to your requirments.
It should be noted that if you need to limit the traffic in both direction that only traffic policing can be applied to the inbound direction of the BR's interface.
Hope that helps,
You can use the next good link as reference for traffic policing
and the next for traffic shaping
I would recommend to use traffic shaping for the outbound traffic
Hope that helps
Hi Vasilis ,Hi patrick
the cpe of the partner isn't directly connected to our border , i give him connectivity to his location from my borders
your coustomer is connected to your switched infastructure? If you have switches there you can do the job on the first switch, with policing. Or must the job done on your border routers?
if you look here you find an idea for policing.
yes his connected to my infrastructure switching
can u pls post me a sample how to do it either on the border and the switch
May be something like this:
!!!! please test it some where safe and recalculate values: !!!!
This for you first switch where cpe is connected.
ip access-list to-cutomer
permit ip any host 192.168.0.1 (customer address)
ip access-list from-cutomer
permit ip host 192.168.0.1 (customer address) any
!class-map Class-to-Cutomermatch access-group name!to-cutomerclass-map Class-from-Cutomer
match access-group nameto-cutomer
!policy-map policy-to-customerclassClass-to-Cutomerpolice 16000000 8000 exceed-action dropexitexit
!policy-map policy-from-customerclassClass-from-Cutomerpolice 16000000 8000 exceed-action dropexitexit!interface GigabitEthernet1/0/20description Interface-pointing-to-Customerservice-policy input!policy-from-customerinterface GigabitEthernet1/0/1description Interface-pointing-border-1service-policy input!policy-to-customerinterface GigabitEthernet1/0/2description Interface-pointing-border-2service-policy input!policy-to-customer
Message was edited by: Patrick Marc Preuss
I would recommend to use traffic shaping for the outbound traffic instead of policing.
It uses the router buffers to delay the traffic instead of dropping the exceeded traffic.
For the inbound traffic you can apply only policing.
Hope that helps,
Hi Vasilis ,
Pls would you pls post a sample so that i can use it as reference!pls specify where it should be applied on the border or on the switching where the CPE is connected,its already mentioned by Mr.Patrick, thanks to him for his great input
what is ur recommendations ?Policing or shaping?
It depends on the switch...if this is multilayer switch and can support traffic shaping/policing I would recommend to apply the config to the SW.
In general, it is better to shape/police the traffic as close to the source as possible in order to not overwhelm your network with additional traffic.
Patric's example has taken into consideration only the traffic from customer to the internet.
You have also to shape or police the traffic from the internet to the customer. Moreover, if this interface is used only for this customer your configuration could be much more simple since you do not need the class- maps.
A possible config.
shape average 16000000
service-policy output INTERNET-TO-CUSTOMER
police 16000000 8000 exceed-action drop
service-policy input policy-from-customer
Hope that helps!
both direction should have be i i thought from (gi 1/0/20) and to (gi 1/0/1, gi 1/0/2) cutomer. when you have dual uplinks to your core from customer. maybe i missed it day was long:-) and should only be a starting point ...
and i aggree try to get the traffic as early as possible, confrom the traffic on the borders can be an idea.