Re: Limit internet traffic on 2600 router

rlimer · ‎02-15-2005

I am new to Cisco and have very basic knowledge in this area. What I have is a Cisco 2600 router with a full T1. The router is connecting to a PIX 515 which is connected to a proxy server which all clients go through to access the internet. My problem is that the T1 gets maxed out every day and I cannot pinpoint the culprit. I have several 3750 and 3com switches which the clients connect to. I can see the traffic on the 3750s but cannot tell which is legitimate www traffic and which is not. If the culprit is on the 3com switches I can't see anything at all since they are dumb switches. I heard there is a way to limit the flow of traffic coming from the PIX to the router on a per session basis. Can anyone help me understand how to do this.

Thanks!

smif101 · ‎02-15-2005

Your problem sounds more like actual legitimate traffic is being used. If it only happens at certain points of the day then it is probably just user traffic. The best way to find out is to use a protocol analyser. How many users are there in this network? Is it only web applications being run or is there some server-server traffic across the WAN too?

If it is only web traffic going across then just let everyone fight out the bandwidth, but if you need some type of voice, video or specialized server traffic to get through then you can setup some type of queuing.

rlimer · ‎02-15-2005

We have about 400 users and the average usage is between 40,000 - 60,000bps down. It can happen at any time during the day and sometimes half a day. It is only web traffic there is no WAN or VPN traffic on this T1. I would let them fight it out but I am getting several complaints about speed from high level users. I would like to try to limit the amount of bandwidth each user gets on the T1 to ensure that everyone gets their fair share without squeezing others out.

rstanaford · ‎02-15-2005

I'm not sure there is anything you can do on the router side of things. Four hundred users sharing a T1? That's less than 4kb/s per user. Now, given the "bursty" nature of HTTP (web) traffic, that shouldn't be a problem.

However, if even one user is running a P2P client like Gnutella or is streaming music or video, then that is different. I agree with what was stated above. You need to get a sample of the data during a time of congestion to see what's going on.

Good luck,

-Richard

vnirmal112 · ‎02-16-2005

Hi,

First of all ensure all the vulnerable ports are closed.Also,go through the PIX Firewall Logs and Identify if there are any unwanted traffic in the Network.If so,please block them based on priority.

Hope the Ethernet Interface of the Router and Outside Interface (Public) are connected to a separate Switch.

As said earlier,based on the hits on the Firewall Log, u can identify the traffic and assign priority accordingly.

Nirmal.

olorunloba · ‎02-16-2005

I would start by enabling Network Based Application Recognition (NBAR). NBAR requires CEF to work. This will allow you to know the traffic types that are congesting the link.

Also, you could enable netflow switching. By checking the netflow caches, you can determine which IP address are congesting the link.

The above information can be used to configure QoS policies, such as to limit traffic for a particular ip address or traffic type, as you seem appropriate.