Bandwidth policing with IPSLA

sharad1988 · ‎02-20-2014

Hi All,

I want to police internet traffic and do per ip bandwidth limiting, what can be the best method to acheive this ? Right now i am doing it by divding my public pool into small sections and then imposing limit by configuring "Access-lists with defined service policies (IP-SLA)" and its working fine.

This whole exercise has been done on 2 Cisco 3945E routers with IPBase-K9 image now my concerns are -

1. Can we do traffic policing on per ip basis (We have pool of /22) ? Is there any documented limit by cisco ?

2. Routers are taking load of 45 mbps BGP links as well, upto what extent this practise is recommended (in terms of routing,CPU and memory overhead) ?

3. 2 Cisco 3750x switch (stacked) with IPbase image are configured as distribution switch between routers and firewall, i am thinking of migrating whole set of policing to switch, is that recommended ?

4. What exactly CAR does and how i can exploit the same with my current hardware ?

Really looking for genuin advise, would be greatfull, Thanks in advance.

Sharad.

Vishesh Verma · ‎02-22-2014

Hi Sharad,

Check the following posts and documents -

Per IP QoS

https://supportforums.cisco.com/thread/2002044

And then there are features, User Based Rate-Limiting (platform specific) -

http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/prod_white_paper0900aecd803e5017.html

For CAR -

www.cisco.com/c/en/us/td/docs/ios/qos/configuration/guide/15_1/qos_15_1_book/polcing_shping_oview.html

"Access-lists with defined service policies (IP-SLA)" I have never heard of that.

-Vishesh