cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1444
Views
0
Helpful
5
Replies

Preventing Internet Links (Download) from being Fully Utilized.

eng.khaled.omar
Level 1
Level 1

Hi All,

We have one Cisco ASR router connected to two ISPs (Gi 1/0/1 and Gi 1/1/1), and connected to one Firewall from the LAN side (Gi 1/0/23), and 20 VLANs connected to the Firewall LAN interface, 10 VLANs can access Internet from the first ISP link (34Mbps) using PBR, and 10 VLANs can access Internet from the second ISP link (34Mbps) using PBR, and in case one Internet link has a tracking problem, traffic will be re-routed to the other ISP Internet link.

First, we need to prevent the 10 VLANs to consume the full bandwidth of the download of its Internet link.

Second, we need to prevent the 20 VLANs to consume the full bandwidth of the download when traffic is re-routed to the other ISP link.

Third, we need let the 10 VLANs use the 34Mbps download Internet link at normal case without fully utilizing the Internet link.

Best regards,

Khaled

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

First, we need to prevent the 10 VLANs to consume the full bandwidth of the download of its Internet link.

 

- you like to do this when both the links up and running ?

 

 

Second, we need to prevent the 20 VLANs to consume the full bandwidth of the download when traffic is re-routed to the other ISP link.

 -  I am onlythinking as soon as you failover apply the QoS policy for the VLAN 10 to be what % required to use ( so user can not complain about the speed, and it has working condition) when you doing fail over to VLAN 20 Link (same rule work when you fail over vlan 20 user subnet to VLAN side Internet)

 

Third, we need let the 10 VLANs use the 34Mbps download Internet link at normal case without fully utilizing the Internet link.

- this need more clarity (not full means you want to limit to 90% of link ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

- you like to do this when both the links up and running ?

Yes

- this need more clarity (not full means you want to limit to 90% of link ?

I mean can we use something like traffic shaping so traffic does not exceeds the 34M, and if so, traffic should be delayed, if yes, what should be the "Configuration"

 

Best Regards,

Khaled

Joseph W. Doherty
Hall of Fame
Hall of Fame

If you want to restrict amount of download bandwidth provided to your VLANs, that generally pretty easy to accomplish via policing or possibly shaping.

If you want to restrict amount of download bandwidth, your VLANs can pull across your actual ISP links, that can be difficult to accomplish.

Again, you can police, or possibly shape, but since you're doing such downstream of your ISP links, it usually doesn't work nearly as well if you can do the policing, or shaping, upstream of the link in question.

There used to be some 3rd party products, like Packeteer Packetshapers, that do about the most you could, downstream of the link whose bandwidth you wanted to manage, but unsure there's even any current products in this product category.

The alternative would be for the ISP allow you to specify how your bandwidth from them is to be managed, but other than most MPLS vendors, unlikely as typical ISP would provide any QoS support.

 

>> If you want to restrict amount of download bandwidth provided to your VLANs, that generally pretty easy to accomplish via policing or possibly shaping.

Could you please tell me how to do the configuration for the downstream traffic, and then on which interface should i apply the service policy?

BR,

Khaled

On any device, upon which all that VLAN's traffic passes on a particular, ingress or egress, police ingress for that traffic or police (possibly shape) that traffic.

E.g.:

(Internet) <> Rx <> SWy <> (VLAN#)

You might police on ingress on either router's or switch's interface facing Internet side or on egress police (possible shape [on router - switch's QoS support often less than a router's]) on either router's or switch's interface facing VLAN.

Again, this will strictly control bandwidth rate VLAN can obtain, but will not as strictly control bandwidth used from Internet.  Basically, some traffic may be dropped (or perhaps queued by shaper) before the VLAN obtains it.

Review Cisco Networking for a $25 gift card