03-12-2008 09:08 AM - edited 03-03-2019 09:06 PM
Next week our company will be turning up a full rate DS3 and I am trying to figure out what is the best method to manage (limit) how much bandwidth a protocol can potentially use. Right out of the gate I want to only allow 15Mbps (in and out) of the circuit to be used (we are currently using an NxT1 (4 - T-1's) design), so the jump in bandwidth will be significant for us. I plan to use the rest of the circuits' bandwidth as we grow.
I really would like to control the amount of ingress traffic coming into us. I'm assuming that applying my access groups to the Internet facing interface is my best bet?
I have done quite a bit of reading up on CAR and it looks as if this could work for me, but is it the best method?
Below is a down and dirty rate-limiting config that I threw together.
rate-limit input access-group 109 3088000 16000 24000 conform-action set-prec-transmit 5 exceed-action transmit
rate-limit input access-group 110 7168000 24000 32000 conform-action transmit exceed-action drop
rate-limit input access-group 111 1544000 16000 24000 conform-action transmit exceed-action drop
rate-limit input access-group 112 1544000 16000 24000 conform-action transmit exceed-action drop
rate-limit input 3088000 16000 24000 conform-action transmit exceed-action drop
access-list 109 remark PrioritizeCorptraffic
access-list 109 permit esp any any
access-list 109 permit ip xx.xx.233.0 0.0.0.255 any
access-list 110 remark HTTP
access-list 110 permit tcp any eq www any
access-list 111 remark SMTP
access-list 111 permit tcp any eq smtp any
access-list 112 remark FTP
access-list 112 permit tcp any eq ftp any
Any input is greatly appreciated.
Thank you,
Brad Denham
03-13-2008 06:47 PM
You didn't mention the hardware platform, assuming a router, I would suggest using a shaper over a rate limiter. If you want to shape per protocol, this could be accomplished using shapers with CBWFQ classes. Define two shapers, set for output on both the internal and external facing interfaces.
PS:
The shaper for your inbound traffic (the one on the internal facing interface), will limit bandwidth to clients, but traffic will burst higher on the DS3.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide