05-07-2009 04:09 PM - edited 03-01-2019 02:12 PM
Hi There,
We are an ISP and have an interconnect with say Provider A. Customers of ours use Provider A for layer 2 and us for Layer 3 (IP/Internet).
Customer #1 to #100 --- (10Mb) --> Provider A ---> ISP ---> Internet
We'd like to rate limit some customers to 2mb/sec (in/out) on our end because at present they have a 10mb/sec connection coming from Provider A.
The config we use to peer with Provider A is this:
interface GigabitEthernet0/1.120
description Interconnect with Provider A
bandwidth 400000
encapsulation dot1Q 120
ip address A.B.C.1 255.255.255.252
Customers of ours are simply routed out through this interface like so:
Customer #1:
ip route W.X.Y.Z. 255.255.255.255 A.B.C.2
Customer #2:
ip route J.K.L.M 255.255.255.255 A.B.C.2
Is there a way to rate limit both these customers without needing to create a separate class map for each like so:
class-map match-all CUSTOMER-1-2MB
match access-group name ACL-CUSTOMER-1
class-map match-all CUSTOMER-2-2MB
match access-group name ACL-CUSTOMER-2
!
policy-map POLICY-RATE-LIMIT
class CUSTOMER-1-2MB
police 2000000 375000 750000
class CUSTOMER-2-2MB
police 2000000 375000 750000
!
interface GigabitEthernet0/1.120
service-policy input POLICY-RATE-LIMIT
service-policy output POLICY-RATE-LIMIT
I've done this in the lab and I know it works, so Customer #1 ends up with 2mb/sec and Customer #2 gets 2mb/sec too.
But in production, I'm talking about 100's of customers which we simply route out of this interface. I can't imagine having to configure 100's of class maps and policy maps for each customer to rate limit them to 2mb/sec like in the config above.
Is there a better way to do this on the router???
Thanks.
Andy
09-23-2009 07:40 AM
Would the police statement be different if you have say 2mb download and 1mb upload
09-23-2009 04:53 PM
Yes you will need a separate service policy for the input and output on your interface.
Eg:
interface GigabitEthernet0/1.120
service-policy input MY-POLICY-1MB
service-policy output MY-POLICY-2MB
Cheers.
Andy
10-14-2009 10:11 PM
ISG has several options for doing this in an elegant fashion. See "Configuring ISG Policies for Regulating Network Access." Policing can be applied either per user, or per traffic class. Additionally it can be done via locally configured service-profile, aaa user profile or aaa service profile.
If you require some basic configuration for ISG (not easy to divine from the documentation), I can provide this.
08-06-2012 01:14 PM
Hi Andy,
did you find any better way how to do this? I have around 60 customers and it's really a pain to manage them in the way described (policy per customer).
Regards,
Safar.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide