What is the best way to throttle FTP traffic on an ATM PVC
We have been trying to implement an MQC policy to throttle FTP traffic on ATM PVC's. Our basic requirement has been to allow Interactive traffic (HTTP, telnet, etc) to be able to burst to line rate. We would like to limit FTP traffic to approx. 30% of the port speed if there is congestion occuring. We initially tried to utilize the bandwidth percent, but that only gave us a minimum. It did not set any maximum utilization thresholds during congestion. I thought about utilizing the priority percent for FTP, but I believe that the priority command should only be utilized for traffic requiring low latency. Since FTP is batch, that's probably not a good idea.
What we currently have implemented is policing, where we give Interactive traffic 80% of the port speed. FTP is put in the default class at this time. I need some recomendations to limit FTP to a percentage value (30%) during periods of congestion. What we currently have implemented is not limiting the FTP's and our latency measurements are showing the latency spikes when the FTP's are occuring. Below is a sample of what we have tried to implement. The sample is for a 3 meg port ATM configuration. The policy is applied on the outbound of the ATM PVC:
class-map match-any MNGMT_APPS match access-group name MNGMT_APPS class-map match-any BGP_TRAFFIC match access-group name BGP_TRAFFIC class-map match-any INTERACTIVE match access-group name INTERACTIVE class-map match-any ALL_TRAFFIC match access-group name ALL_TRAFFIC ! ! policy-map QOS2xT1 class BGP_TRAFFIC police cir 8000 exceed-action transmit class MNGMT_APPS police cir 8000 exceed-action transmit class INTERACTIVE police cir 2457000 exceed-action transmit policy-map QOS_PARENT2xT1 class ALL_TRAFFIC police cir 3072000 exceed-action transmit service-policy QOS2xT1 class class-default fair-queue queue-limit 128 ! ! ip access-list extended ALL_TRAFFIC permit ip any any ip access-list extended BGP_TRAFFIC permit tcp any any eq bgp permit tcp any eq bgp any ip access-list extended INTERACTIVE deny tcp any any eq ftp deny tcp any any eq ftp-data deny tcp any eq ftp any deny tcp any eq ftp-data any permit ip any any ! ip access-list extended MNGMT_APPS permit udp any any eq tacacs permit tcp any any eq 22 permit udp any eq tacacs any permit tcp any eq 22 any
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...