Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
1
Replies

limiting bandwith QOS

go.missoum
Level 1
Level 1

‎07-19-2015 09:07 AM - edited ‎03-01-2019 02:54 PM

Bonjour

actually we have two isp uplink an (20mbs)  FTTx  and (20mbs) ADSL in the same router the  first one is dedicated to VPN IPSEQ  and the second for internet, 

ADSL bandwith is full, and there is plenty inbound BW on FTTX

i want to dedicate 15mbs from FTTx to internet traffic for the headquarter user only (using a subletting) without disturbing the VPN users

this is a draft

 

class-map match-all trafic
 match access-group 118

policy-map trafic
 class trafic
  police 15728500 1966080 conform-action transmit  exceed-action drop

 

access-list 118 permit ip any host ip@proxy

 

int gi0/0 FTTx

service-policy input trafic

 

int g0/1 ADSL

int g0/2 LAN

 

thank's for help

 

 

 

 

 

 

 

 

Labels:
0 Helpful
1 Reply 1

Martin Hruby
Level 1
Level 1

‎07-31-2015 02:19 AM

Hello

You can go and apply inbound web traffic policing on the user facing interface and then apply an outbound shaping policy on the interface facing the Internet. For example:

First create and ACL to match IPSec traffic and another to match web traffic
ip access-list extended ACL_IPSEC_TRAFFIC
 permit esp any any
 permit udp any any eq isakmp non500-isakmp
 permit udp any eq isakmp non500-isakmp any

ip access-list extended ACL_WEB_TRAFFIC
 permit udp any any eq domain
 permit tcp any any eq www
 permit tcp any any eq 443

 

Next using MQC syntax create class-maps for the different traffic types:

class-map match-all C_WEB
 match access-group name ACL_WEB_TRAFFIC

class-map match-all C_IPSEC
 match access-group name ACL_IPSEC_TRAFFIC

 

Next create a policy-map to limit inbound web traffic to 15 Mbps:

policy-map P_INBOUND_POLICING
 class C_WEB
   police cir 15000000
     conform-action transmit
     exceed-action drop

 

Then create another policy to make bandwidth guarantees on the outgoing interface (facing the Internet) - in case of congestion we guarantee 5 Mbps for IPSec traffic and 15 Mbps for Internet traffic. For Internet traffic we also apply DSCP-based RED since most of it is TCP traffic, to prevent congestion from occuring.

policy-map P_OUTBOUND_CBWFQ
 class C_IPSEC
   bandwidth 5000
 class C_WEB
   bandwidth 15000
   random-detect dscp-based

 

Finally we nest the queuing policy in an outbound shaping policy to smooth the spikes and conform to the 20 Mbps traffic rate limit. Then we apply the outbound shaping policy on the Internet facing interface:

policy-map P_OUTBOUND_SHAPING
 class class-default
   shape average 20000000
   service-policy P_OUTBOUND_CBWFQ

interface GigabitEthernet0/0
 description Lan facing interface
 service-policy input P_INBOUND_POLICING

interface GigabitEthernet0/1
 description Internet facing interface
 service-policy output P_OUTBOUND_SHAPING

 

Verify the configuration using show policy-map interface GigabitEthernet0/1

Hope this helps.

Best regards,
Martin

0 Helpful
Customers Also Viewed These Support Documents