Want to throttle bandwidth on specific tcp ports using a 2811
I am working on vmware vsphere replicaiton and this does not have any bandwidth management in it at all. However between our production site and DR site we have a Cisco 2811 router and the WAN is 40 meg for the lan and 16 meg for the voice / voip system dr.
If I do not throttle the vsphere replication, it will use all of the 40 meg constantly as I have monitored using cacti bandwidth graphs of this interface. I would like it to use as much bandwidth that is available, however I want other types of traffic to take priority such as the end users at this branch office file and print, ssh, web surfing, https, voip, microsoft lync, etc...
vSphere replication uses the following tcp ports:
Port 31031 for initial replication
Port 44046 for on-going replication
Is there an easy way to create a policy-map or something to match on those port numbers (either direction) to give it a lower priority whereas it will use whatever bandwidth it can, but set it aside if other ports / traffic are more in demand?
This is what we have right now as far as class and policy maps. The WAN is tied to FIFTYMEG but limited to 40 because any more than that and Verizon squashes it and we have bandwidth all over the place. Verizon insists nothing is wrong, but it works at 40 meg so that explains that. The TENMEG is because we have a small site of a few people that have a 10 meg wan connection with Verizon.
class-map match-any RT match dscp ef match dscp af41 match dscp cs3 ! ! policy-map QOS50 class RT priority 10000 set cos 2 policy-map FIFTYMEG class class-default shape average 40000000 set cos 0 service-policy QOS50 policy-map QOS10 class RT priority 2000 set cos 2 policy-map TENMEG class class-default shape average 10000000 set cos 0 service-policy QOS10 policy-map QOS16 class RT priority 10000 set cos 2 policy-map SIXTEENMEG class class-default shape average 16000000 set cos 0 service-policy QOS16
Here is the sub interface that connects to the site that I want to replicate to:
interface FastEthernet0/1 description VZ FE CONNECTION no ip address duplex full speed 100 ! interface FastEthernet0/1.296 description 50MEG TO DR encapsulation dot1Q 296 ip address 192.168.100.1 255.255.255.0 service-policy output FIFTYMEG !
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
You're on the right path. You want to shape for available bandwidth and then use a subordinate policy to treat any shaped congestion.
Your subordinate policies already have a class for RT, using LLQ, so you just need match your replication traffic and place it into one class, with a low bandwidth allocation (perhaps even minimum possible) and also I would suggest explicitly defining class-default so you can explicitly define bandwidth for it or use FQ. (NB: if you use FQ, in pre-HQF QoS, you won't be able to define bandwidth for class-default, so be careful how much bandwidth you allocate to the replication class.)
If the replication traffic can be identified by the ports you've noted, you write an ACL to match against those and then have your class-map use that ACL.
BTW, regarding the Verizon providing 50 Mbps, but you seem to need 40 Mbps, that's because (I believe) many shapers don't account for L2 overhead, but Verizon does. Often I've found you need to shape at least 10 to 15% slower than the nominal bandwidth. Your 20% is in the ballpark. Unfortunately, L2 overhead, as a percentage, varies per packet size. To insure you're okay with something like VoIP, you need to shape more toward worst case overhead. (You might want to make also reduce your shape values for your 10 and 16 Mbps caps.)
(NB: I would guess you see this issue on your 50 Mbps link because your replication routinely will fill to capacity.)
Also BTW, what's the CPU loading of your 2811 look like? My experience has been they top out at about 40 Mbps aggregate.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...