cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
256
Views
0
Helpful
5
Replies

Restricting Bandwidth

snooter
Level 1
Level 1

I'm looking to restrict a particular service/IP's (matched by ACL) to a specified chunk of bandwidth.

I've found before that police will do this, but only partially. I think I found that police will hold an ACL matched service to it's max bandwidth, but then it will either drop the packets that are over the limit or dish them off to the fair-queue.

I'd like to restrict the ACL matched service to it's specified max bandwidth, and for anytyhing over that it will keep it in its own queue till the bandwidth free's up on it's policy and then pass the packets.

Anyone know if this is possible?

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

Hi

I think the closest thing to what you want is to use traffic shaping rather than policing. Have a look at this document which explains the difference between the two. Please come back if you have further questions.

http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800a3a25.shtml

HTH

Jon

Thanks for the reply.

You're right, shapping does sound like the right thing for us, but, when I click on the link there to "configure traffic-shapping" the comands are:

Router(config-pmap-c)# police bps burst-normal burst-max conform-action action exceed-action action violate-action action

The options for exceed-action and violate-action do not keep the packets in their respected queue. It reassigns a precidence, QoS group, or dscp value. Even if I set it to the lowest presidense or least important dscp value, it still gets dished into the first in/first out queue and it utilizes the bandwidth just the same.

Traffic-shapping only applies to the interface, which would be the entire set of bandwidth I have. I don't want to mess with the QoS I already have setup for our time sensitive info, I just don't want this traffic that's matched by ACL to cut into the time sensitive traffic in anyway. The ACL matched info needs to remain in it's own queue no matter what.

So...

I'm thinking I may need another interface connected to it's own private data link, then use policy-based routing and just seperate it based on service/source/destination.

Joseph W. Doherty
Hall of Fame
Hall of Fame

What you're describing might be accomplished with CBWFQ.

You can define a class to have a minimum amount of bandwidth when there's congestion from other traffic, but the class will use excess available bandwidth. If the minimum provides less bandwidth than the class is attempting to use, it will queue within that class.

e.g.

class-map ftp

match protocol ftp

policy-map T1

class ftp

bandwidth percentage 50 (can also use absolute values)

If ftp wants 25% of the T1, it shouldn't queue. If ftp want 50% of the T1, it also shouldn't queue.

If ftp wants 75% of the T1, and the additional 25% is available, it shouldn't queue. If there is no excess available, the extra 25% ftp should queue. If there is some excess available, is will obtain some, and will queue what it couldn't obtain.

You can also define the queue allocation for the ftp class and whether WRED should be used for drop management.

snooter
Level 1
Level 1

what about this crazy idea.. if it's possible. Creating a third subinterface (already have two) and configuring it with the traffic-shape? it'd still hit the default route for outbound..

here's my config, do you thinka third interface would work for this? say, some 192.168 address and just use ACL's to match the source and route it to the 192.168 interface... Possible? (in the config below, our data network is the 10. and the voice is th 172 - the replications data is coming from a 10.10.1.x address)

!

interface FastEthernet0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

speed auto

no cdp enable

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 10.10.1.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

no cdp enable

!

interface FastEthernet0/0.172

encapsulation dot1Q 172

ip address 172.16.1.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

no cdp enable

!

ip route 0.0.0.0 0.0.0.0 Serial1/0

Thought you wanted to use excess bandwidth?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: