03-22-2013 02:03 PM - edited 03-04-2019 07:22 PM
So my main office has a 20Mbps WAN connection that goes to 10 sites. One of the sites only has a T1 so 1.544Mbps. I have WAN accelerators in place and they work very well 95% of the time. But every once in a while, someone will search a network drive and max out bandwidth and make latency horrible. Or someone will recreate their profile and re-download their entire exchange mail box again maxing out bandwidth and making latency horribly high. The users at this site have a local Internet connection, and only come across the WAN for 3 things: SAP, e-mail, and file servers.
Is it possible to gaurantee SAP 512Kbps, gaurantee email 512Kbps, and gaurantee anything else 512Kbps, but not send more than 1544kbps to this one site, and not limit bandwidth for anything else anywhere else on the WAN. It would be fine if the rest of the WAN could only use 18.5Mbps, but not necessary.
access-list 101 permit ip host SAP-server x.x.x.x w.w.w.w ## SAP to subnet
access-list 102 permit ip host email-server x.x.x.x w.w.w.w ## Email to subnet
access-list 103 deny ip host SAP-server x.x.x.x w.w.w.w
access-list 103 deny ip host email-server x.x.x.x w.w.w.w
access-list 103 permit ip host any x.x.x.x w.w.w.w ## All other to subnet
class-map site-SAP
match access-group 101
class-map site-email
match access-group 102
class-map site-other
match access-group 103
policy-map site
class site-sap
bandwidth 514
class site-email
bandwidth 514
class site-other
bandwidth 514
exit
# Now, here is where I get confused... If I specify "Police 1544000 ..." am I going to kill all other WAN traffic? If I specify "Police 20000000 ..." will it completely void the policy because bandwidth would have to be at 18.5Mbps or above for it to ever be used? Or do I need another class-map for all other site's traffic?
policy-map WAN
class class-default
police ???????? conform-action transmit exceed-action drop
service-policy site
exit
# also not completely sure if this goes on "int gi0/1" or the sub-interface that has the IP address "int gi0/1.900
int gi0/1.900
service-policy output WAN
# Or should I set this policy on the router at the site as a recieve policy?
Solved! Go to Solution.
03-25-2013 05:16 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Okay, if all traffic is flowing out the subinterface, then you just need to match the traffic you want to shape.
e.g.
access-list 101 permit ip any x.x.x.x w.w.w.w
class-map siteX
match access-group 101
policy-map siteX
class SiteX
shape average 1500000
fair-queue
int g0/1.900
service-policy output siteX
03-22-2013 06:03 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
The WAN accelerator might make this a bit complicated. Many "hide" traffic flows within some of kind of special encapsulation between WAN accelerators. I.e. depending on the WAN accelerator implementation, a QoS policy might see all traffic as one flow. (I'm assuming your router is downstream of the accelerator. If upstream, then you don't know actual volume of traffic being actually transmitted.)
Normally the solution is to shape all the aggregate traffic to the site. If you need further differentiate traffic handlying, a subordinate policy is used. (Note: often FQ or WFQ avoids the need for specific traffic classes.)
E.g.
policy-map siteX
class class-default
shape average 1500000
fair-queue
int g0/1.900
service-policy output siteX
Oops, I've revised above assuming subinterface will be only have traffic for remote site.
03-25-2013 07:58 AM
The subinterface has traffic for all remote sites, it is a single 20Mbps circuit with traffic destined for all locations. The router is down stream from the WAN accelerator, but it is still able to see the traffic.
03-25-2013 05:16 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Okay, if all traffic is flowing out the subinterface, then you just need to match the traffic you want to shape.
e.g.
access-list 101 permit ip any x.x.x.x w.w.w.w
class-map siteX
match access-group 101
policy-map siteX
class SiteX
shape average 1500000
fair-queue
int g0/1.900
service-policy output siteX
03-27-2013 12:41 PM
I created multiple class maps and applied them all to the same policy. I could not use the Fair-queue, becuase it would not accept fair queue on the sub interface. However, it has made a huge difference in performance. Thanks for all the help!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: