2901 Router - Traffic shaping

brunstadnett · ‎06-16-2010

Hi all!

I have a Cisco CISCO2901/K9 router which I'm using as a Internet gateway.

The question: Is there any possibilities to control / shape the inbound traffic, so that I can reserve an amount of the bandwidth for a single VLAN?

I'm using a streaming solution on one VLAN, and the other VLAN is the public inside. I want to reserve bandwidth to the streaming VLAN.

TODD RIEMENSCHNEIDER · ‎06-16-2010

You should be able to use traffic policing to accomplish this. This is decent link that explains the difference between shaping and policing.

http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800a3a25.shtml

-Todd

brunstadnett · ‎06-17-2010

Hi Todd!

I've now read the document. It is only theory and not a practical config example.

Any one who has experience applying this in real life?

I need to guarantee the download speed (inbound) for a certain VLAN or a single host would also be sufficient.

Hitesh Vinzoda · ‎06-17-2010

access-list 101 permit ip
access-list 102 permit ip

class-map match-all 40MEGS
match access-group 102

class-map match-all 10MEGS
match access-group 101

policy-map POLICE
class 10MEGS
   police cir 10000000 bc 1875000 be 3750000
     conform-action transmit
     exceed-action drop

class 40MEGS
   police cir 40000000 bc 7500000 be 15000000
     conform-action transmit
     exceed-action drop

int gix/y

service-policy input POLICE

Verification

show policy-map interface gix/y

HTH

Hitesh Vinzoda

Pls rate useful posts

brunstadnett · ‎06-17-2010

The config you posted, is a policy. Will the "exceed-action drop" cause traffic drop or lag in connection, or will the source just resend the packet?

What will the "police cir 10000000 bc 1875000 be 3750000" values be, if I have a slower connection? How is the bc and be calculated?

Will the limited interface be able to use the full bandwidth when not in use by the prio int?

Shouldn't you apply the service-policy to the prio interface? Or is this defined by the ACL in the top? 101 is destination VLAN10 and 102 is destination VLAN20.

Hitesh Vinzoda · ‎06-17-2010

Hi,

As you can not do traffic shaping inbound on an interface, so other way we can police the traffic which is not critical or can be dropped if they exceeds the specified rate...

What will the "police cir 10000000 bc 1875000 be 3750000" values be, if I have a slower connection? How is the bc and be calculated?

cir is the rate at which you want to police or drop the traffic.. Bc is the committed burst and Be exceed burst...

there are values recommended by cisco for Be and Bc which are mentioned as below

Bc = configured rate * (1 byte)/(8 bits) * 1.5 seconds
Be = 2 * normal burst

e.g

you want to police some traffic at 512 kbps than Bc = 96000, Be= 192000

The traffic that you want to police should be identified by ACL

match ACL's in class-map

in policy map

call the class-map

and police the traffic at desired rate

apply the policy on the interface inbound

for other questions .. please rephrase it as im not able to understand what you meant to say

Will the limited interface be able to use the full bandwidth when not in use by the prio int?

Shouldn't you apply the service-policy to the prio interface? Or is this defined by the ACL in the top?

HTH

Hitesh Vinzoda

Pls rate useful posts

brunstadnett · ‎06-18-2010

Inside host that I want to prioritize: 10.0.0.10

Inside net that needs to be policed: 10.0.1.0

Outside interface 123.123.123.10

Could an ACL then be like this?

access-list 101 permit ip 10.0.0.10 0.0.0.255 123.123.123.10 0.0.0.255

access-list 102 permit ip 10.0.1.0 0.0.255.255 123.123.123.10 0.0.0.255

Hitesh Vinzoda · ‎06-18-2010

You want it to police when they coming in from the internet

so access-list would be for policing the traffic

access-list 101 permit ip any 10.0.1.0 0.0.0.255

HTH

Hitesh Vinzoda

Pls rate useful posts.