Solved: Limiting bandwidth to specific site on WAN

Natalie Ramirez · ‎03-22-2013

So my main office has a 20Mbps WAN connection that goes to 10 sites. One of the sites only has a T1 so 1.544Mbps. I have WAN accelerators in place and they work very well 95% of the time. But every once in a while, someone will search a network drive and max out bandwidth and make latency horrible. Or someone will recreate their profile and re-download their entire exchange mail box again maxing out bandwidth and making latency horribly high. The users at this site have a local Internet connection, and only come across the WAN for 3 things: SAP, e-mail, and file servers.

Is it possible to gaurantee SAP 512Kbps, gaurantee email 512Kbps, and gaurantee anything else 512Kbps, but not send more than 1544kbps to this one site, and not limit bandwidth for anything else anywhere else on the WAN. It would be fine if the rest of the WAN could only use 18.5Mbps, but not necessary.

access-list 101 permit ip host SAP-server x.x.x.x w.w.w.w ## SAP to subnet

access-list 102 permit ip host email-server x.x.x.x w.w.w.w ## Email to subnet

access-list 103 deny ip host SAP-server x.x.x.x w.w.w.w

access-list 103 deny ip host email-server x.x.x.x w.w.w.w

access-list 103 permit ip host any x.x.x.x w.w.w.w ## All other to subnet

class-map site-SAP

match access-group 101

class-map site-email

match access-group 102

class-map site-other

match access-group 103

policy-map site

class site-sap

bandwidth 514

class site-email

bandwidth 514

class site-other

bandwidth 514

exit

# Now, here is where I get confused... If I specify "Police 1544000 ..." am I going to kill all other WAN traffic? If I specify "Police 20000000 ..." will it completely void the policy because bandwidth would have to be at 18.5Mbps or above for it to ever be used? Or do I need another class-map for all other site's traffic?

policy-map WAN

class class-default

police ???????? conform-action transmit exceed-action drop

service-policy site

exit

# also not completely sure if this goes on "int gi0/1" or the sub-interface that has the IP address "int gi0/1.900

int gi0/1.900

service-policy output WAN

# Or should I set this policy on the router at the site as a recieve policy?

Joseph W. Doherty · ‎03-25-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Okay, if all traffic is flowing out the subinterface, then you just need to match the traffic you want to shape.

e.g.

access-list 101 permit ip any x.x.x.x w.w.w.w

class-map siteX

match access-group 101

policy-map siteX

class SiteX

shape average 1500000

fair-queue

int g0/1.900

service-policy output siteX

View solution in original post

Joseph W. Doherty · ‎03-22-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

The WAN accelerator might make this a bit complicated. Many "hide" traffic flows within some of kind of special encapsulation between WAN accelerators. I.e. depending on the WAN accelerator implementation, a QoS policy might see all traffic as one flow. (I'm assuming your router is downstream of the accelerator. If upstream, then you don't know actual volume of traffic being actually transmitted.)

Normally the solution is to shape all the aggregate traffic to the site. If you need further differentiate traffic handlying, a subordinate policy is used. (Note: often FQ or WFQ avoids the need for specific traffic classes.)

E.g.

policy-map siteX

class class-default

shape average 1500000

fair-queue

int g0/1.900

service-policy output siteX

Oops, I've revised above assuming subinterface will be only have traffic for remote site.

Natalie Ramirez · ‎03-25-2013

The subinterface has traffic for all remote sites, it is a single 20Mbps circuit with traffic destined for all locations. The router is down stream from the WAN accelerator, but it is still able to see the traffic.

Joseph W. Doherty · ‎03-25-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Okay, if all traffic is flowing out the subinterface, then you just need to match the traffic you want to shape.

e.g.

access-list 101 permit ip any x.x.x.x w.w.w.w

class-map siteX

match access-group 101

policy-map siteX

class SiteX

shape average 1500000

fair-queue

int g0/1.900

service-policy output siteX

Natalie Ramirez · ‎03-27-2013

I created multiple class maps and applied them all to the same policy. I could not use the Fair-queue, becuase it would not accept fair queue on the sub interface. However, it has made a huge difference in performance. Thanks for all the help!