Solved: Re: NAT & Rate-limiting

navnsing · ‎08-26-2010

Hi All,

Needed your expert suggestions on the following setup.

We have a 12MB Metro E link from ISP to support a event in a hotel housing about 600~users to access Internet.

1) There are 3 conf rooms in the hotel and we would be configuring a VLAN each for these conf romms, and a separate Vlan for Demo room.

2) ISP is providing us 30 pulic IPs out of which 10 would be used by the users. Can the remaining 20 be used to NAT (PAT)to a DHCP pool on a 7206 router? or 1 Public IP is enough for Natting to the DHCP pool? The router here would be the DHCP server.

3) Demo room require 5Mb of dedicated bandwidth all the time. Can we allow max 7MB traffic for all conf rooms, this would ensure that the Demo room gets 5Mb all the time. Can we achieve this through CAR? or any traffic shaping is required? Please suggest.

Appreciate your inputs.

Cheers
Navneet

kyukim · ‎08-26-2010

Hi,

1. 1 public IP address is enough for PAT. 1 public IP address PAT can support over 65k connections.

With more than 2 IP address PAT pool, NAT will consume all available TCP/UDP ports on first public IP then move to next public IP in pool.

So, 1 IP address should be enough unless there are more than 65k tcp/upd sessions from your users.

2. Yes you can do that using MQC.

Create a class-map with ACL matching Demo room and use bandwidth command to guarantee 7MBPS for this class.

BW is better than CAR as CAR will make other room to use only 5 mbps always although Demo room is not using any BW.

BW will make sure Deom room get 7 mbps if Demo room needs it but allow other room to use up to 12 mbps if Demo room is not using it.

for example, your demo room is 10.1.1.0/24

class-map cl-demo

match ip address 101

policy-map pm-test

class cl-demo

bandwidth 7000

access-list 101 permit ip 10.1.1.0 0.0.0.255 any

KK

View solution in original post

navnsing · ‎08-26-2010

Appreciate if somone replies to this post.

Thanks

Navneet

kyukim · ‎08-26-2010

Hi,

1. 1 public IP address is enough for PAT. 1 public IP address PAT can support over 65k connections.

With more than 2 IP address PAT pool, NAT will consume all available TCP/UDP ports on first public IP then move to next public IP in pool.

So, 1 IP address should be enough unless there are more than 65k tcp/upd sessions from your users.

2. Yes you can do that using MQC.

Create a class-map with ACL matching Demo room and use bandwidth command to guarantee 7MBPS for this class.

BW is better than CAR as CAR will make other room to use only 5 mbps always although Demo room is not using any BW.

BW will make sure Deom room get 7 mbps if Demo room needs it but allow other room to use up to 12 mbps if Demo room is not using it.

for example, your demo room is 10.1.1.0/24

class-map cl-demo

match ip address 101

policy-map pm-test

class cl-demo

bandwidth 7000

access-list 101 permit ip 10.1.1.0 0.0.0.255 any

KK

navnsing · ‎08-26-2010

Hi KK,

Thanks for your reply !! looks more clearer now .. Is there any way I can simulate the 7Mb traffic and test this out?

Cheers

Navneet

kyukim · ‎08-26-2010

Hi,

You can easily create 7Mbps traffic with ping.

ping 5.5.5.5 size 18024 rep 10000

R3#sh int e0/0 | i rate

Queueing strategy: fifo

30 second input rate 7340000 bits/sec, 648 packets/sec

30 second output rate 7478000 bits/sec, 1243 packets/sec

You can change size to lower no and change load 30 uner interface then sh int to check exact rate.

KK.