Solved: provision bandwidth with QoS

alex goshtaei · ‎12-22-2008

Hi ALL,

there are 3 different companies share one 2811 router and there is 5.0 Mbps in WAN connection. We'd like to provision bandwidth between these three companies. I know with the QoS, we can define bandwith based on ACL. is there any document that describe this solution?

thanks

Alex

archari · ‎12-22-2008

yep.. you can have an independent input service policy.

match the ACL based on destination address and apply it in the input direction

e.g.

access-list 111 permit ip any host publicip1

class-map traffictocompany1

match ip address 111

policy-map inboundqos

class traffictocompany1

police cir kbps

interface serial x/y

service-policy input inboundqos

The input and output policies are independent of each other so you can do both simultaneously

View solution in original post

archari · ‎12-22-2008

Pulling this off a post I recently posted :-)

1st make 3 ACL to match your source ip's

access-list 101 permit ip x.x.x.x y.y.y.y any

where (x.x.x.x is the subnet for company1)

access-list 102 permit ip a.a.a.a b.b.b.b any

a.a.a.a is subnet for company2

access-list 103 permit ip m.m.m.m n.n.n.n any

m.m.m.m is subnet for company3

2nd make a class map to match the ACL

class-map company1class

match access-group 101

class-map company2class

match access-group 102

class-map company3class

match access-group 103

3rd make a policy-map to match the class above with the QoS you want to give it

policy-map percompany

class company1class

bandwidth 512

class company2class

bandwidth 1024

class company3class

bandwidth 2048

4th attach the policy-map to the outgoing interface pointing to the SP (WAN)

interface serial x/y

service-policy output percompany

Instead of matching the source IP address, you can also use match input interface ;-) all of them are hanging off different interfaces

Note: I dint divide bandwidth equally. You can do that if that is the intent

alex goshtaei · ‎12-22-2008

Thanks for your reply,

How about incoming traffic from internet to the router? can we do the same method. the router has three different public IP addresses.

thanks

archari · ‎12-22-2008

yep.. you can have an independent input service policy.

match the ACL based on destination address and apply it in the input direction

e.g.

access-list 111 permit ip any host publicip1

class-map traffictocompany1

match ip address 111

policy-map inboundqos

class traffictocompany1

police cir kbps

interface serial x/y

service-policy input inboundqos

The input and output policies are independent of each other so you can do both simultaneously

Joseph W. Doherty · ‎12-22-2008

Athough Arvind's second post shows what you can do inbound, the results will not be the same as outbound. The first major difference is, outbound you have different class queues which should obtain a minimum amount of specified bandwidth when there's congestion. Inbound, the classes will cap the amount of bandwidth used. The biggest different between these two approaches is an outbound class, unless also shaped or policed, can use additional excess available bandwidth; inbound the class will never be allowed to use more than its policed cap even if the bandwidth is available.

The second major difference, for inbound, although your policiers will restrict the amount of bandwidth forwarded by your router, they may not have any effect upon inbound traffic utilization (e.g. most non-TCP traffic) or if they do (e.g. TCP traffic), the traffic might burst on the link before it gets to the policer.

The best method to regulate inbound is on the other side of the link's outbound. Next best, at least with TCP traffic, is regulation of the outbound ACKs and/or manipulation of receiver advertised receive window values. Neither of these methods, I believe, supported by Cisco devices.