Solved: Bandwidth priority by IP address.

Piotr Kowalczyk · ‎02-12-2013

I just wonder if there is simply way on Cisco 800 to set bandwidth priority for internal IP address. Basically I have server and would like to make sure, whatever comes to it or goes out has the highest priority and users won’t kill bandwidth for the server connection. Is any easy way to achieve this? I’ve tried to read documents about QoS but they are not very for me.

Thank you.

Joseph W. Doherty · ‎02-19-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Something like (NB: syntax not verified):

ip acesss-list extended NotServer

deny ip any host (Server's IP)

class-map match-any NotServer

match access-group NotServer

policy-map Sample

class NotServer

police #

interface F4

service-policy input Sample

View solution in original post

paolo bevilacqua · ‎02-15-2013

The best approach is that you give the job to a reputable consultant, or certified Cisco partner.

Joseph W. Doherty · ‎02-16-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

In general, it's often easy to prioritize egress traffic as you desire. Ingress traffic control is much more difficult to manage (ideally you manage ingress on the other side of the link's egress).

For example, for ingress you could rate limit non-server traffic but that doesn't always guarantee non-server traffic won't fill your ingress capacity, and even when it does, it's not dynamic (i.e. non-server traffic won't obtain bandwidth not being used by the server).

For best ingress traffic management, a 3rd party traffic shaping device would be the best option, but again, even they can't deal with every situation.

Assuming your 800 WAN connection is some inexpensive DSL/CABLE connection, assuming you cannot control other side's egress, the least expensive option might be to obtain another DSL/CABLE connection, i.e. one for users and one for the server. As 800 series often have a special WAN port, you might need another or you might upgrade to a higher level ISR that can manage two WAN ports equally.

Piotr Kowalczyk · ‎02-18-2013

Joseph,

Thank you for reply. Unfortunately ordering additional connection is not an option in my case. I’ve just wander, if prioritize is so difficult, maybe there is other solution which will help to achieve my goal - like minimum dedicated bandwidth. I want to make sure; there is always bandwidth available to connect to my server.

Joseph W. Doherty · ‎02-18-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Then you can try rate-limiting non-server ingress traffic. Again, not a sure thing, but probably better than nothing.

Piotr Kowalczyk · ‎02-18-2013

Hi Joseph,

Could you give me more details how to do this please?

Joseph W. Doherty · ‎02-19-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Something like (NB: syntax not verified):

ip acesss-list extended NotServer

deny ip any host (Server's IP)

class-map match-any NotServer

match access-group NotServer

policy-map Sample

class NotServer

police #

interface F4

service-policy input Sample

Piotr Kowalczyk · ‎02-19-2013

Thank you Joseph