Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Traffic policing question on Cisco ASR 1001

Hi Experts,

I have a request to setup aggregated traffic policing on a Cisco ASR 1001 router for multiple networks within a router.

Lets say I have a router with several subinterfaces:

interface GigabitEthernet0/2
 description WAN
 ip address x.x.x.x x.x.x.x

interface GigabitEthernet0/1.70
 description Lan_1
 encapsulation dot1Q 70
 ip address 192.168.55.1 255.255.255.0

interface GigabitEthernet0/1.80
 description LAN_2
 encapsulation dot1Q 80
 ip address 192.168.56.1 255.255.255.0

interface GigabitEthernet0/1.90
 description Servers
 encapsulation dot1Q 90
 ip address 172.16.10.1 255.255.255.0

I have a WAN link 100Mbit/s and I need to police traffic, so that I have 30Mbit/s for servers (GigabitEthernet0/1.90) and the rest 70Mbit I want to share between Interface Lan_1 and LAN_2. The Idea is that I need 70Mbit/s equally shared between two interfaces, so that I have fair policing on both iunterfaces. What is the best way to achieve this?

Many Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Hellotry this: ip access-list

Hello

try this:

 

ip access-list extended SRVS_acl
 permit ip 172.16.10.0 0.0.0.255 any

ip access-list extended LAN1_acl
 permit ip 192.168.55.0 0.0.0.255 any

ip access-list extended LAN2_acl
 permit ip 192.168.56.0 0.0.0.255 any


class-map match-all SRVS_CM
 match access-group name SRVS_acl

class-map match-all LAN_1_CM
 match access-group name  LAN1_acl

class-map match-all LAN_2_CM
 match access-group name LAN2_acl

policy-map SRVS_PM
class SRVS_CM
police 30720000 conform-action set-prec-transmit 1
exceed-action drop

policy-map LAN_1_PM
class LAN_1_CM
police cir 3584000 pir 71680000
conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0

violate-action drop

policy-map LAN_2_PM
 class LAN_2_CM
police cir 3584000 pir 71680000
conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0

violate-action drop

policy-map WAN_CHILD
 class SRVS_CM
  priority 30720

 class LAN_1_CM
  shape peak 35840000

 class LAN_2_CM
  shape peak 35840000

 class class-default
  fair-queue

policy-map WAN_PARENT
 class class-default
  shape average 102400000
  service-policy WAN_CHILD

int  GigabitEthernet0/2
bandwidth 102400
service-policy output WAN_PARENT

 

 

res

Paul

Please don't forget to rate any posts that have been helpful. Thanks.
5 REPLIES

Hello The below configuration

Hello

The below configuration is a possible option, Its provides policing inbound from the clients interfaces and LLQ priority queung on the wan interface for the servers and  shaping values from LAN1 & 2 traffic is set to 35MB.each.

Notice nothing is defined for the default class, however i am on the understanding this is given by default 1% of Hqos implementations.

 

Maybe others on here could review to verify any problems with this post and share their thoughts?


ip access-list extended SRVS_acl
 permit ip 172.16.10.0 0.0.0.255 any

ip access-list extended LAN1_acl
 permit ip 192.168.55.0 0.0.0.255 any

ip access-list extended LAN2_acl
 permit ip 192.168.56.0 0.0.0.255 any


class-map match-all SRVS_CM
 match access-group name SRVS_acl

class-map match-all LAN_1_CM
 match access-group name  LAN1_acl

class-map match-all LAN_2_CM
 match access-group name LAN2_acl


policy-map SRVS_PM
 class SRVS_CM
    police 30720000 conform-action transmit exceed-action drop

policy-map LAN_2_PM
 class LAN_2_CM
    police 35840000 conform-action transmit 

policy-map LAN_1_PM
 class LAN_1_CM
    police 35840000 conform-action transmit 


interface GigabitEthernet0/1.70
service-policy input LAN_1_PM

interface GigabitEthernet0/1.90
 service-policy input SRVS_PM

interface GigabitEthernet0/1.80
 service-policy input LAN_2_PM


policy-map WAN_CHILD
 class SRVS_CM
  priority 30720

 class LAN_1_CM
  shape average 35840000

 class LAN_2_CM
  shape average 35840000

 class class-default
  fair-queue

policy-map WAN_PARENT
 class class-default
  shape average 102400000
  service-policy WAN_CHILD

int  GigabitEthernet0/2
bandwidth 102400
service-policy output WAN_PARENT

 

res

Paul

 

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

Hi Paul, Appreciate your

Hi Paul,

 

Appreciate your input. I have already set it up and everything works as expected. Quick question though. Is it possible to setup that way so that when WAN interface is not fully utilized to let LAN2 to utilize the rest of the WAN interface bandwidth. For example, lets say for the moment  in time servers are utilizing 15Mbit/s, LAN1 20Mbit so in total WAN interface has 65Mbit/s bandwidth left. Can LAN2 utilize these 65Mbit and when servers start utilizing full 30Mbit, LAN2 will reduce 15Mbit/s. In other words, I dont want  intrfaces LAN1, LAN2, Servers hard coded shapers/policers but have 30Mbit/s, 35Mbit/s and 35Mbit/s bandwith prioritisied.  I know it sounds weird and I am asking it the way I see it but just wanted to discuss it with Cisco Expert.

 

Many Thanks

Parves

Hellotry this: ip access-list

Hello

try this:

 

ip access-list extended SRVS_acl
 permit ip 172.16.10.0 0.0.0.255 any

ip access-list extended LAN1_acl
 permit ip 192.168.55.0 0.0.0.255 any

ip access-list extended LAN2_acl
 permit ip 192.168.56.0 0.0.0.255 any


class-map match-all SRVS_CM
 match access-group name SRVS_acl

class-map match-all LAN_1_CM
 match access-group name  LAN1_acl

class-map match-all LAN_2_CM
 match access-group name LAN2_acl

policy-map SRVS_PM
class SRVS_CM
police 30720000 conform-action set-prec-transmit 1
exceed-action drop

policy-map LAN_1_PM
class LAN_1_CM
police cir 3584000 pir 71680000
conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0

violate-action drop

policy-map LAN_2_PM
 class LAN_2_CM
police cir 3584000 pir 71680000
conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0

violate-action drop

policy-map WAN_CHILD
 class SRVS_CM
  priority 30720

 class LAN_1_CM
  shape peak 35840000

 class LAN_2_CM
  shape peak 35840000

 class class-default
  fair-queue

policy-map WAN_PARENT
 class class-default
  shape average 102400000
  service-policy WAN_CHILD

int  GigabitEthernet0/2
bandwidth 102400
service-policy output WAN_PARENT

 

 

res

Paul

Please don't forget to rate any posts that have been helpful. Thanks.
Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Are you really sure you need to police your traffic?  (Or do you need minimum bandwidth guarantees?)

This policing needed for ingress, egress or both?

Is your WAN link (physically) running at 100 Mbps?

New Member

Hi Joseph, My WAN link is

Hi Joseph,

 

My WAN link is 1Gbit/s. I need policing both for ingress an egress. As I stated in my previous comment I need interface LAN2 to utilize the rest of the bandwidth if my WAN link is not fully utilized but when  for example servers start utilizing 30Mbit/s and LAN1 35Mbit/s interface LAN2 should give up the bandwidth it was using. For example I have server interface utilizing 15Mbit/s, LAN1 utilizing 20Mbit/s so I have 65Mbit/s left out of 100Mbit/s, so I want LAN2 interface to utilize these 65 megs but once servers start to demand 30Mbit/s and LAN1 35Mbit/s, LAN2 should give up the 30Mbits/s it was utilizing and not exceed 35Mbit/s. To be honest QOS is not my best friend and I am starting to dig deeper into QOS but from my point of view it can be achieved by policing the traffic, please correct me if I am wrong.

 

Thanks

Parves

708
Views
0
Helpful
5
Replies
CreatePlease to create content