DisclaimerThe Author of this

utawakevou · ‎03-18-2014

I need help in modifying the current policy map on one onf our internet router. We have a 1mb lease line and this internet link is used only for incoming connections to some services we host and used by some of our external stakeholders like VPN etc. My current policy-map as follows:

policy-map VPN_PRIORITY
class RESTRICTED
shape average 500000
class PREFERRED
bandwidth 100
class OFFICE_VPN_ENDPOINTS
priority 650
class class-default
set dscp default
shape average 700000

I need to modfy this so I can give gurantee bandwidth to say 700KB or 800KB to a certain conection when its needed. Have already create an extended ACL and the class-policy.

Any help rendered will be very much apprecaited

Joseph W. Doherty · ‎03-19-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Is the port running at 1 Mbps too? If so, for egress you shouldn't need to use shapers. Just allocate for a bandwidth guarantee, per class.

If the port is running faster than 1 Mbps, then you use a parent policy to shape for your 1 Mbps and a child policy guarantees the class bandwidth (i.e. the child policy would be similar to the policy with port running at 1 Mbps.).

For ingress, you cannot really guarantee bandwidths. You can police some traffic trying to leave bandwidth for other traffic, but since the policer is downstream of the 1 Mbps link, such policed traffic can exceed the policed limits before it's actually policed.

Also for ingress bandwidth, for something like ingress TCP, you can shape outbound ACKs, which will help regulate ingress TCP bandwidth usage, but it's very imprecise.

utawakevou · ‎03-19-2014

I beleive the ports are running at 1Mbps as the configuration done here with WAN (using serial port) and LAN (fastethernet) I can see bandwidth statement of 1000 so I assume these ports are setup to 1Mbps. My request is whether I can just add in another class on the current policy map and give bandwith of 700Kb to 800Kb whenever the connection gets established with the sender and the reciever (already create an ACL on this)

Joseph W. Doherty · ‎03-19-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

My request is whether I can just add in another class on the current policy map and give bandwith of 700Kb to 800Kb whenever the connection gets established with the sender and the reciever (already create an ACL on this)

Unable to say. Don't know what IOS you're using (CBWFQ features change between pre-HQF and HQF) nor where and how you're using the policy.

Normally, CBWFQ won't allow you to over allocate available bandwidth. You've defined 100K for PREFERRED class and 650K for your OFFICE_VPN_ENDPOINTS class but your RESTRICTED and class-default don't define bandwidth usage (I don't think shaper defines class reservation). Also don't know, since you're not positive, how much bandwidth the policy "thinks" it's working with.

QoS Help