Policy-map is wasting my BANDWIDTH

anas.abdullkarim · ‎11-11-2020

hello , i have asr1006 and i used it for PPPOE server for user

For example

500 users is connected to router via PPPOE

and they have all of them downloading file

and i config when user connected he get Policy-map

Policy Map user

Class class-default

police cir 100000 bc 3125

conform-action transmit

exceed-action drop

so if all of them downloading in same time

they traffic must be 500Mbps ,

but i see they input interface is have 700Mbps traffic And PRTG of my ISP Is read 700Mbps

why ? and all of users has policy-map and they traffic speed is limited to 1Mbps?

maybe they have dropped and the Send request to internet and internet replay to them so the traffic is has more of 500Mbps

how to limit user and when he have drop he must can’t send more upload packet

* i use radus to set policy name when user connect

* ii need to limit user a thought not just out or in

so if he have downloading 1mbps he can’t send more request to internet and that will save my traffic

Georg Pauwen · ‎11-11-2020

Hello,

how do you have this set up, is this a test lab ? How do you simulate 500 users downloading files at exactly the same time ?

anas.abdullkarim · ‎11-12-2020

hello we are ISP , now i have my Router with 1000 real user is online ..

But i give you small example to understand my issue ,

another example

1000 real user is online , and all of them has policy-map 1Mbps

but i can see they traffic more of 800Mbps or 900Mbps , and is imposable all of them downloading download same ,

what i mean ,i need to policy-map user for thought traffic not two policy - upload/Download

My analysis is all user have 1Mbps Download limited , but when user downloading and use all his traffic (1m) he have another policy-map for upload so he can send more request for example (browsing) , his request will get replay from internet to my router , and my router will drop this packer because user have use all of 1mbps , but the packet already delivery to my router and this wasting my BANDWIDTH

Joseph W. Doherty · ‎11-12-2020

Where are you measuring the aggregate bandwidth usage?

If, for example, as an ingress policy on an interface, ingress could exceed the policing limits, as the traffic enters the interfaces, but shouldn't exceed the aggregate as forwarded to the egress interface(s).

If, the other hand, you have this as an egress policy, on an interface, then I would expect that interface not to exceed the aggregate unless there's other egress bandwidth not subject to the policy.

anas.abdullkarim · ‎11-12-2020

Hello, thanks for reply

let me give me your details,

my router has two interface

ten 0/0/0 is connect with my ISP

Ten 0/1/0 is has vlans with pppoe to my user's

so interface ten 0/0/0 is input my service

all user's in Ten 0/1/0 has limited with 1Mbps policy-map

but in peak-time traffic, for 500 user's has traffic more of 700Mbps

interface ten 0/0/0 input: 700Mbps
interface Ten0 / 1/0 Ouput : 700Mbps

how that ? and all user's is have limit traffic with 1Mbps

so if they are all of them downloading files in same time (and that's imposable) the Will not exceed 500Mbps , but the real traffic from my ISP is 700Mbps

Joseph W. Doherty · ‎11-12-2020

Again, what interface(s) and what direction(s) (i.e. in or out or both) is policy assigned?

anas.abdullkarim · ‎11-12-2020

Policy Map user
  Class class-default
   police cir 100000 bc 3125
     conform-action transmit
      exceed-action drop


bba-group pppoe PPPOE-DEFAULT
 virtual-template 101
 sessions per-vc limit 1
 sessions per-mac limit 1
 sessions per-vlan limit 10000 inner 10000
 sessions auto cleanup


interface Virtual-Template100
 description POOL-QINQ
 mtu 1492
 ip unnumbered Loopback0
 ip nat inside
 ip tcp adjust-mss 1440
 keepalive 15
 ppp mtu adaptive
 ppp authentication chap ms-chap ms-chap-v2 eap pap
 ppp ipcp dns 8.8.8.8 8.8.4.4
 ppp timeout retry 9
 ppp timeout authentication 20
 ppp timeout idle 172800 either
end

interface TenGigabitEthernet0/1/0
 description ISP-IN
 ip address 94.X.X.X 255.255.255.128
 ip nat outside
end

interface TenGigabitEthernet0/1/0.20
 description USER
 encapsulation dot1Q 913 second-dot1q any
 pppoe enable group PPPOE-QINQ
end

anas.abdullkarim · ‎11-12-2020

Type: PPPoE, UID: 9317, State: authen, Identity: adminsaad@o2
IPv4 Address: 10.121.20.139
Session Up-time: 2d20h   , Last Changed: 2d20h
Interface: Virtual-Access1.7748
Switch-ID: 34067519

Policy information:
  Context 7FE3FF8300D8: Handle 90020080
  AAA_id 0003F65B: Flow_handle 0
  Authentication status: authen

Classifiers:
Class-id    Dir   Packets    Bytes                  Pri.  Definition
0           In    71395279   7947823856             0    Match Any
1           Out   126300009  154445884464           0    Match Any

Features:

QoS Policy Map:
Class-id    Dir   Policy Name   Source
0           Out          user            Peruser

IP Config:
M=Mandatory, T=Tag, Mp=Mandatory pool
Flags  Peer IP Address                  Pool Name             Interface
       0.0.0.0                          subscriber2           [None]
       ::                               [None]                [None]

Absolute Timeout:
Class-id   Timeout Value    Time Remaining       Source
0          2741505          4w0d                 Peruser

Idle Timeout:
Class-id   Dir  Timeout value   Idle-Time            Source
0          In   172800          00:00:02             Virtual-Template100
1          Out  172800          00:00:02             Virtual-Template100

Configuration Sources:
Type  Active Time  AAA Service ID  Name
USR   2d20h        -               Peruser
INT   2d20h        -               Virtual-Template100

--------------------------------------------------

anas.abdullkarim · ‎11-12-2020

Type: PPPoE, UID: 9317, State: authen, Identity: adminsaad@o2
IPv4 Address: 10.121.20.139
Session Up-time: 2d20h   , Last Changed: 2d20h
Interface: Virtual-Access1.7748
Switch-ID: 34067519

Policy information:
  Context 7FE3FF8300D8: Handle 90020080
  AAA_id 0003F65B: Flow_handle 0
  Authentication status: authen

Classifiers:
Class-id    Dir   Packets    Bytes                  Pri.  Definition
0           In    71395279   7947823856             0    Match Any
1           Out   126300009  154445884464           0    Match Any

Features:

QoS Policy Map:
Class-id    Dir   Policy Name   Source
0           Out          user            Peruser

IP Config:
M=Mandatory, T=Tag, Mp=Mandatory pool
Flags  Peer IP Address                  Pool Name             Interface
       0.0.0.0                          subscriber2           [None]
       ::                               [None]                [None]

Absolute Timeout:
Class-id   Timeout Value    Time Remaining       Source
0          2741505          4w0d                 Peruser

Idle Timeout:
Class-id   Dir  Timeout value   Idle-Time            Source
0          In   172800          00:00:02             Virtual-Template100
1          Out  172800          00:00:02             Virtual-Template100

Configuration Sources:
Type  Active Time  AAA Service ID  Name
USR   2d20h        -               Peruser
INT   2d20h        -               Virtual-Template100

--------------------------------------------------

  Service-policy output: ussr

    Class-map: class-default (match-any)
      14559817 packets, 2670943646 bytes
      30 second offered rate 18000 bps, drop rate 0000 bps
      Match: any
      police:
          cir 10000000 bps, bc 2500000 bytes
        conformed 14515097 packets, 2569676143 bytes; actions:
          transmit
        exceeded 75791 packets, 105166670 bytes; actions:
          drop
        conformed 18000 bps, exceeded 0000 bps

Georg Pauwen · ‎11-13-2020

Hello,

looking at your output:

Class-map: class-default (match-any)
14559817 packets, 2670943646 bytes
30 second offered rate 18000 bps, drop rate 0000 bps
Match: any
police:
cir 10000000 bps, bc 2500000 bytes
conformed 14515097 packets, 2569676143 bytes; actions:
transmit
exceeded 75791 packets, 105166670 bytes; actions:
drop
conformed 18000 bps, exceeded 0000 bps

--> cir 10000000 bps equals 10Mbps, not 1Mbps

anas.abdullkarim · ‎11-13-2020

hello , thanks for replay, yes in config i was open 10Mbps in night time

but i mean in peak-time traffic i give user1' 1Mpbs

Policy Map user

  Class class-default

   police cir 100000 bc 3125

     conform-action transmit

      exceed-action drop

but the are using more than expected traffic

Georg Pauwen · ‎11-13-2020

Hello,

Policy Map user

Class class-default

police cir 100000 bc 3125

conform-action transmit

exceed-action drop

I think the value is in bits per second, so you need to add a '0' for one Mbit. 100000 means 0.1 Mbit.

anas.abdullkarim · ‎11-13-2020

hello ,thanks for reply

don't care about some text error

i mean when use limit

Policy Map user

Class class-default

police cir 1000000 bc 3125

conform-action transmit

exceed-action drop

for 500 user'

the in interface traffic is going to more of 500Mbps (600 or 700 )

so how that's and all user's has limit traffic for 1Mbps

any idea how to limit use for throughput not just upload or download
so if he download file with speed 1Mbps
he can't upload file in same time