08-25-2014 08:04 AM - edited 03-04-2019 11:36 PM
Hi Experts,
I have a request to setup aggregated traffic policing on a Cisco ASR 1001 router for multiple networks within a router.
Lets say I have a router with several subinterfaces:
interface GigabitEthernet0/2
description WAN
ip address x.x.x.x x.x.x.x
interface GigabitEthernet0/1.70
description Lan_1
encapsulation dot1Q 70
ip address 192.168.55.1 255.255.255.0
interface GigabitEthernet0/1.80
description LAN_2
encapsulation dot1Q 80
ip address 192.168.56.1 255.255.255.0
interface GigabitEthernet0/1.90
description Servers
encapsulation dot1Q 90
ip address 172.16.10.1 255.255.255.0
I have a WAN link 100Mbit/s and I need to police traffic, so that I have 30Mbit/s for servers (GigabitEthernet0/1.90) and the rest 70Mbit I want to share between Interface Lan_1 and LAN_2. The Idea is that I need 70Mbit/s equally shared between two interfaces, so that I have fair policing on both iunterfaces. What is the best way to achieve this?
Many Thanks
Solved! Go to Solution.
09-01-2014 01:15 PM
Hello
try this:
ip access-list extended SRVS_acl
permit ip 172.16.10.0 0.0.0.255 any
ip access-list extended LAN1_acl
permit ip 192.168.55.0 0.0.0.255 any
ip access-list extended LAN2_acl
permit ip 192.168.56.0 0.0.0.255 any
class-map match-all SRVS_CM
match access-group name SRVS_acl
class-map match-all LAN_1_CM
match access-group name LAN1_acl
class-map match-all LAN_2_CM
match access-group name LAN2_acl
policy-map SRVS_PM
class SRVS_CM
police 30720000 conform-action set-prec-transmit 1
exceed-action drop
policy-map LAN_1_PM
class LAN_1_CM
police cir 3584000 pir 71680000
conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0
violate-action drop
policy-map LAN_2_PM
class LAN_2_CM
police cir 3584000 pir 71680000
conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0
violate-action drop
policy-map WAN_CHILD
class SRVS_CM
priority 30720
class LAN_1_CM
shape peak 35840000
class LAN_2_CM
shape peak 35840000
class class-default
fair-queue
policy-map WAN_PARENT
class class-default
shape average 102400000
service-policy WAN_CHILD
int GigabitEthernet0/2
bandwidth 102400
service-policy output WAN_PARENT
res
Paul
08-25-2014 12:57 PM
Hello
The below configuration is a possible option, Its provides policing inbound from the clients interfaces and LLQ priority queung on the wan interface for the servers and shaping values from LAN1 & 2 traffic is set to 35MB.each.
Notice nothing is defined for the default class, however i am on the understanding this is given by default 1% of Hqos implementations.
Maybe others on here could review to verify any problems with this post and share their thoughts?
ip access-list extended SRVS_acl
permit ip 172.16.10.0 0.0.0.255 any
ip access-list extended LAN1_acl
permit ip 192.168.55.0 0.0.0.255 any
ip access-list extended LAN2_acl
permit ip 192.168.56.0 0.0.0.255 any
class-map match-all SRVS_CM
match access-group name SRVS_acl
class-map match-all LAN_1_CM
match access-group name LAN1_acl
class-map match-all LAN_2_CM
match access-group name LAN2_acl
policy-map SRVS_PM
class SRVS_CM
police 30720000 conform-action transmit exceed-action drop
policy-map LAN_2_PM
class LAN_2_CM
police 35840000 conform-action transmit
policy-map LAN_1_PM
class LAN_1_CM
police 35840000 conform-action transmit
interface GigabitEthernet0/1.70
service-policy input LAN_1_PM
interface GigabitEthernet0/1.90
service-policy input SRVS_PM
interface GigabitEthernet0/1.80
service-policy input LAN_2_PM
policy-map WAN_CHILD
class SRVS_CM
priority 30720
class LAN_1_CM
shape average 35840000
class LAN_2_CM
shape average 35840000
class class-default
fair-queue
policy-map WAN_PARENT
class class-default
shape average 102400000
service-policy WAN_CHILD
int GigabitEthernet0/2
bandwidth 102400
service-policy output WAN_PARENT
res
Paul
09-01-2014 10:17 AM
Hi Paul,
Appreciate your input. I have already set it up and everything works as expected. Quick question though. Is it possible to setup that way so that when WAN interface is not fully utilized to let LAN2 to utilize the rest of the WAN interface bandwidth. For example, lets say for the moment in time servers are utilizing 15Mbit/s, LAN1 20Mbit so in total WAN interface has 65Mbit/s bandwidth left. Can LAN2 utilize these 65Mbit and when servers start utilizing full 30Mbit, LAN2 will reduce 15Mbit/s. In other words, I dont want intrfaces LAN1, LAN2, Servers hard coded shapers/policers but have 30Mbit/s, 35Mbit/s and 35Mbit/s bandwith prioritisied. I know it sounds weird and I am asking it the way I see it but just wanted to discuss it with Cisco Expert.
Many Thanks
Parves
09-01-2014 01:15 PM
Hello
try this:
ip access-list extended SRVS_acl
permit ip 172.16.10.0 0.0.0.255 any
ip access-list extended LAN1_acl
permit ip 192.168.55.0 0.0.0.255 any
ip access-list extended LAN2_acl
permit ip 192.168.56.0 0.0.0.255 any
class-map match-all SRVS_CM
match access-group name SRVS_acl
class-map match-all LAN_1_CM
match access-group name LAN1_acl
class-map match-all LAN_2_CM
match access-group name LAN2_acl
policy-map SRVS_PM
class SRVS_CM
police 30720000 conform-action set-prec-transmit 1
exceed-action drop
policy-map LAN_1_PM
class LAN_1_CM
police cir 3584000 pir 71680000
conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0
violate-action drop
policy-map LAN_2_PM
class LAN_2_CM
police cir 3584000 pir 71680000
conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0
violate-action drop
policy-map WAN_CHILD
class SRVS_CM
priority 30720
class LAN_1_CM
shape peak 35840000
class LAN_2_CM
shape peak 35840000
class class-default
fair-queue
policy-map WAN_PARENT
class class-default
shape average 102400000
service-policy WAN_CHILD
int GigabitEthernet0/2
bandwidth 102400
service-policy output WAN_PARENT
res
Paul
09-02-2014 06:35 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Are you really sure you need to police your traffic? (Or do you need minimum bandwidth guarantees?)
This policing needed for ingress, egress or both?
Is your WAN link (physically) running at 100 Mbps?
09-02-2014 01:53 PM
Hi Joseph,
My WAN link is 1Gbit/s. I need policing both for ingress an egress. As I stated in my previous comment I need interface LAN2 to utilize the rest of the bandwidth if my WAN link is not fully utilized but when for example servers start utilizing 30Mbit/s and LAN1 35Mbit/s interface LAN2 should give up the bandwidth it was using. For example I have server interface utilizing 15Mbit/s, LAN1 utilizing 20Mbit/s so I have 65Mbit/s left out of 100Mbit/s, so I want LAN2 interface to utilize these 65 megs but once servers start to demand 30Mbit/s and LAN1 35Mbit/s, LAN2 should give up the 30Mbits/s it was utilizing and not exceed 35Mbit/s. To be honest QOS is not my best friend and I am starting to dig deeper into QOS but from my point of view it can be achieved by policing the traffic, please correct me if I am wrong.
Thanks
Parves
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: