Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2253
Views
0
Helpful
5
Replies

Traffic policing question on Cisco ASR 1001

Go to solution
Parves Ataev
Level 1
Level 1

‎08-25-2014 08:04 AM - edited ‎03-04-2019 11:36 PM

Hi Experts,

I have a request to setup aggregated traffic policing on a Cisco ASR 1001 router for multiple networks within a router.

Lets say I have a router with several subinterfaces:

interface GigabitEthernet0/2
 description WAN
 ip address x.x.x.x x.x.x.x

interface GigabitEthernet0/1.70
 description Lan_1
 encapsulation dot1Q 70
 ip address 192.168.55.1 255.255.255.0

interface GigabitEthernet0/1.80
 description LAN_2
 encapsulation dot1Q 80
 ip address 192.168.56.1 255.255.255.0

interface GigabitEthernet0/1.90
 description Servers
 encapsulation dot1Q 90
 ip address 172.16.10.1 255.255.255.0

I have a WAN link 100Mbit/s and I need to police traffic, so that I have 30Mbit/s for servers (GigabitEthernet0/1.90) and the rest 70Mbit I want to share between Interface Lan_1 and LAN_2. The Idea is that I need 70Mbit/s equally shared between two interfaces, so that I have fair policing on both iunterfaces. What is the best way to achieve this?

Many Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP
In response to Parves Ataev

‎09-01-2014 01:15 PM

Hello

try this:

 

ip access-list extended SRVS_acl
 permit ip 172.16.10.0 0.0.0.255 any

ip access-list extended LAN1_acl
 permit ip 192.168.55.0 0.0.0.255 any

ip access-list extended LAN2_acl
 permit ip 192.168.56.0 0.0.0.255 any


class-map match-all SRVS_CM
 match access-group name SRVS_acl

class-map match-all LAN_1_CM
 match access-group name  LAN1_acl

class-map match-all LAN_2_CM
 match access-group name LAN2_acl

policy-map SRVS_PM
class SRVS_CM
police 30720000 conform-action set-prec-transmit 1
exceed-action drop

policy-map LAN_1_PM
class LAN_1_CM
police cir 3584000 pir 71680000
conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0
violate-action drop

policy-map LAN_2_PM
 class LAN_2_CM
police cir 3584000 pir 71680000
conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0
violate-action drop

policy-map WAN_CHILD
 class SRVS_CM
  priority 30720

 class LAN_1_CM
  shape peak 35840000

 class LAN_2_CM
  shape peak 35840000

 class class-default
  fair-queue

policy-map WAN_PARENT
 class class-default
  shape average 102400000
  service-policy WAN_CHILD

int  GigabitEthernet0/2
bandwidth 102400
service-policy output WAN_PARENT

 

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
5 Replies 5

Go to solution
paul driver
VIP
VIP

‎08-25-2014 12:57 PM

Hello

The below configuration is a possible option, Its provides policing inbound from the clients interfaces and LLQ priority queung on the wan interface for the servers and  shaping values from LAN1 & 2 traffic is set to 35MB.each.

Notice nothing is defined for the default class, however i am on the understanding this is given by default 1% of Hqos implementations.

 

Maybe others on here could review to verify any problems with this post and share their thoughts?


ip access-list extended SRVS_acl
 permit ip 172.16.10.0 0.0.0.255 any

ip access-list extended LAN1_acl
 permit ip 192.168.55.0 0.0.0.255 any

ip access-list extended LAN2_acl
 permit ip 192.168.56.0 0.0.0.255 any


class-map match-all SRVS_CM
 match access-group name SRVS_acl

class-map match-all LAN_1_CM
 match access-group name  LAN1_acl

class-map match-all LAN_2_CM
 match access-group name LAN2_acl


policy-map SRVS_PM
 class SRVS_CM
    police 30720000 conform-action transmit exceed-action drop

policy-map LAN_2_PM
 class LAN_2_CM
    police 35840000 conform-action transmit 

policy-map LAN_1_PM
 class LAN_1_CM
    police 35840000 conform-action transmit 


interface GigabitEthernet0/1.70
service-policy input LAN_1_PM

interface GigabitEthernet0/1.90
 service-policy input SRVS_PM

interface GigabitEthernet0/1.80
 service-policy input LAN_2_PM


policy-map WAN_CHILD
 class SRVS_CM
  priority 30720

 class LAN_1_CM
  shape average 35840000

 class LAN_2_CM
  shape average 35840000

 class class-default
  fair-queue

policy-map WAN_PARENT
 class class-default
  shape average 102400000
  service-policy WAN_CHILD

int  GigabitEthernet0/2
bandwidth 102400
service-policy output WAN_PARENT

 

res

Paul

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Parves Ataev
Level 1
Level 1
In response to paul driver

‎09-01-2014 10:17 AM

Hi Paul,

 

Appreciate your input. I have already set it up and everything works as expected. Quick question though. Is it possible to setup that way so that when WAN interface is not fully utilized to let LAN2 to utilize the rest of the WAN interface bandwidth. For example, lets say for the moment  in time servers are utilizing 15Mbit/s, LAN1 20Mbit so in total WAN interface has 65Mbit/s bandwidth left. Can LAN2 utilize these 65Mbit and when servers start utilizing full 30Mbit, LAN2 will reduce 15Mbit/s. In other words, I dont want  intrfaces LAN1, LAN2, Servers hard coded shapers/policers but have 30Mbit/s, 35Mbit/s and 35Mbit/s bandwith prioritisied.  I know it sounds weird and I am asking it the way I see it but just wanted to discuss it with Cisco Expert.

 

Many Thanks

Parves

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Parves Ataev

‎09-01-2014 01:15 PM

Hello

try this:

 

ip access-list extended SRVS_acl
 permit ip 172.16.10.0 0.0.0.255 any

ip access-list extended LAN1_acl
 permit ip 192.168.55.0 0.0.0.255 any

ip access-list extended LAN2_acl
 permit ip 192.168.56.0 0.0.0.255 any


class-map match-all SRVS_CM
 match access-group name SRVS_acl

class-map match-all LAN_1_CM
 match access-group name  LAN1_acl

class-map match-all LAN_2_CM
 match access-group name LAN2_acl

policy-map SRVS_PM
class SRVS_CM
police 30720000 conform-action set-prec-transmit 1
exceed-action drop

policy-map LAN_1_PM
class LAN_1_CM
police cir 3584000 pir 71680000
conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0
violate-action drop

policy-map LAN_2_PM
 class LAN_2_CM
police cir 3584000 pir 71680000
conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0
violate-action drop

policy-map WAN_CHILD
 class SRVS_CM
  priority 30720

 class LAN_1_CM
  shape peak 35840000

 class LAN_2_CM
  shape peak 35840000

 class class-default
  fair-queue

policy-map WAN_PARENT
 class class-default
  shape average 102400000
  service-policy WAN_CHILD

int  GigabitEthernet0/2
bandwidth 102400
service-policy output WAN_PARENT

 

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-02-2014 06:35 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Are you really sure you need to police your traffic?  (Or do you need minimum bandwidth guarantees?)

This policing needed for ingress, egress or both?

Is your WAN link (physically) running at 100 Mbps?

0 Helpful

Go to solution
Parves Ataev
Level 1
Level 1
In response to Joseph W. Doherty

‎09-02-2014 01:53 PM

Hi Joseph,

 

My WAN link is 1Gbit/s. I need policing both for ingress an egress. As I stated in my previous comment I need interface LAN2 to utilize the rest of the bandwidth if my WAN link is not fully utilized but when  for example servers start utilizing 30Mbit/s and LAN1 35Mbit/s interface LAN2 should give up the bandwidth it was using. For example I have server interface utilizing 15Mbit/s, LAN1 utilizing 20Mbit/s so I have 65Mbit/s left out of 100Mbit/s, so I want LAN2 interface to utilize these 65 megs but once servers start to demand 30Mbit/s and LAN1 35Mbit/s, LAN2 should give up the 30Mbits/s it was utilizing and not exceed 35Mbit/s. To be honest QOS is not my best friend and I am starting to dig deeper into QOS but from my point of view it can be achieved by policing the traffic, please correct me if I am wrong.

 

Thanks

Parves

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card