cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1578
Views
0
Helpful
4
Replies

BW limiting for the Internet Proxy

Dipesh Patel
Level 2
Level 2

Dear Experts,

We have applied Policy-map for limiting the BW of our Proxy server up to 20 Mbps.

Internet Link BW = 80 Mbps.

Connectivity :

Internet Cloud ------ Internet CE router --------- Firewall -------- LAN ------- Proxy Server 

We have applied following configuration on WAN interface of Internet CE router :

class-map match-any CM-XYZ-PROXY
match access-group name XYZ-PROXY
!

policy-map PM-PROXY-LIMIT
class CM-XYZ-PROXY
    police 20000000 3750000 7500000 conform-action transmit  exceed-action drop  violate-action drop
!


interface GigabitEthernet0/1
description ***Tata Internet Link - WAN Interface - Outside ***
ip address 11.11.99.82 255.255.255.252
service-policy input PM-PROXY-LIMIT


ip access-list extended XYZ-PROXY
permit ip any host 11.11.117.14 time-range BUSSINESS

time-range BUSSINESS
periodic daily 8:00 to 18:00

But than also in BW utilization graph and Netflow report we can see that the BW for the said Proxy server is going beyong 20 Mbps.

e.g.

Graph.JPG

Is there any error in configuration?

Regards

4 Replies 4

Dipesh Patel
Level 2
Level 2

Pls reply.

Vivek Ganapathi
Level 4
Level 4

Hello Dipesh,

Looks to me like the BW report is overall. Your configuration looks ok. Being that your policing is class based, the ACL statement permits any traffic to that specified destination, but looks like the report is overall. There could be other traffic on that interface going without being policed.

Could you please issue show policy-map interface Gi 0/1 to see the conformed/exceed packets?

Regards

Vivek

The traffic seen in Graph is of only IP address in ACL but it's seen more than this.

Is there any issue ?

Regards

Hello Dipesh,

Are you filtering based on the source IP address while pulling the reports for that WAN facing interface? Also that source ip address is of Proxy server? Anyways

Try changing this to simply

policy-map PM-PROXY-LIMIT

class CM-XYZ-PROXY

    police 20000000 conform-action transmit exceed-action drop  

Thanks,

Vivek.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco