cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1266
Views
0
Helpful
5
Replies

Rate limiting internet traffic on MPLS links

yvasanthk
Level 1
Level 1

Hi,

My organization has a network with many remote sites connected through Layer-2 MPLS.

The hub site is a Cisco 6500 and the remote sites are 3550 switches. The MPLS links to the remote sites are of 10Mbps.

There is no configuration w.r.t MPLS on the 3550 switches.

The hub site provides Internet service and the requirement is to limit the use of Internet (http, ftp) traffic from the remote sites to not more than 2Mbps (out of 10Mbps).

My understanding is that QoS has to be applied for the outgoing traffic on the 3550 Gigabit ethernet switch ports connecting to the MPLS network so that outgoing Internet traffic is rate limited to 2Mbps.

Two tasks:

1. Classify internet traffic (http, ftp etc..)

2. Rate limit

Is this correct? Would there be any issues with the Service Provider?

Any sample configurations? Pls help.

5 Replies 5

jbrunner007
Level 1
Level 1

if this is all layer 2 mpls, i believe you are using vpls or similar service offering (EoMpls?)

The traffic Qos shaping/policing can be configured on the 3550 remote location switches, inbound. It could be done on the 6500 with multiple classes, etc, but it would be more scalable to do it on the 3550's. The 3550 can classify and shape/police traffic per class, using the modular qos command line (mqc). I would use a nested policy to shape everything to 10mbps, then cut 2 mbps for http/ftp to 2mbps

such as,

class-map match-any internet

match protocol http

match protocol ftp

!

!

policy-map internet-shape

class internet

shape average 2000000

class class-default

fair-queue

policy-map internet-parent

class class-default

shape average 10000000

service-policy internet-shape

int vlan 301

service-policy output internet-parent

(this may not work on the vlan interface, you may need to place it on the port)

int f0/47

desc to lan client switch

service-policy output internet-parent

I'm sure you can also apply this policy to the outgoing traffic also.

Joe

Hi Joe,

Thanks for a detailed response. Yes, it is EoMPLS. The solution you gave is for the 3550 I guess. But, even with 12.2(25)SEE that is latest on CCO, I do not find "match protocol" and "shape" command on the 3550 switches.

Meanwhile, here is what I think is a solution.

Cisco6500---------MPLS Cloud-------Gi0/1-3550---------Internal LAN

Internal LAN 10.1.1.0 is on 3550 port Fa0/1. All Internet traffic has to go out of or come into Gi0/1 port on 3550.

----------------------------------------------------

mls qos

access-list 199 permit tcp 10.1.1.0 0.0.0.255 any eq 80

class-map INTERNET-CLASS

match access-group 199

policy-map INTERNET-POLICY

class INTERNET-CLASS

police 2000000 8000 exceed-action drop

interface Gi0/1

switchport mode access

service-policy input INTERNET-POLICY

-------------------------------------------------

Pls comment. Thanks.

I expected you read below doc. for the QoS for 3550.

http://www.cisco.com/en/US/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml

What I find the only problem as below, and the remaining commands show work (but I did not test it due to no equipment on hand).

class-map match-all INTERNET-CLASS

match access-group 199

Hope this helps.

Hi Jack,

Thanks for the doc. Yes, I read this page.

As there is no "match protocol" command, I believe the only way is to go for the "match access-group" command to classify the traffic.

I don't understand why you think the "match access-group" is a problem. Can you pls explain?

Here is the output on my switch:

3550#sh policy-map int gi1/0/1

GigabitEthernet1/0/1

Service-policy input: internet-traffic-policy

Class-map: internet-traffic-class (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group 199

Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

The other questions I have:

How to generate 2Mbps of traffic to check if my policy-map is working or not?

Also, should CEF be enabled on the switch/interface?

Thanks.

Sorry if I did not state it clear. What I check the command format and find it require a "match-all" parameter, so I assume there may be an issue. If it is working, just forget it.

You can use some free throughput test tool (e.g. QCheck) to connect a PC to this interface and another at antoher interface then run a tool call "iper" to generate the traffic at port 80. Check here :

http://www.ixiacom.com/products/performance_applications/pa_display.php?skey=pa_q_check

Or "Iperf" for similiar function.

http://dast.nlanr.net/Projects/Iperf/