Hi GlennI agree to your point

burhanburhan · ‎07-06-2015

Hi,

I have 10 Mbps internet connection and have two subnets in my router (172.16.1.0 /24 and 172.16.2.0/24)

I want to limit 172.16.1.0/24 subnet to 4 Mbps. This subnet shouldn't pass this bandwidth. How can i do that with qos?

Vinit Jain · ‎07-06-2015

Yes, you can do that.

Topology:

Internet---------GW-RTR (QoS)-----------Switch

access-list 101 permit ip any a.a.a.a w.w.w.w ## Subnet A

access-list 102 permit ip any b.b.b.b w.w.w.w ## Subnet B


class-map subnet-a
match access-group 101

class-map subnet-b 
match access-group 102

policy-map subnets
class-map subnet-a
  bandwidth percent 40
class-map subnet-b
  bandwidth percent 60
exit

policy-map physical
class class-default
  police 10000000 conform-action transmit exceed-action drop
  service-policy subnets
exit

int fa0/1
service-policy output physical
exit

This is a sample config to achieve this

Hope this helps.

Vinit

Thanks
--Vinit

burhanburhan · ‎07-06-2015

Hi Vinit,

As far as i see, subnet B has 6 Mbps bandwidth, right ?

I want to Subnet A can't pass 4 Mbps, but subnet B can pass.

And exceed traffic will not be dropped.

Thanks,

Vinit Jain · ‎07-06-2015

i think in that case you can set the exceed action to transmit rather than drop.

Thanks
--Vinit

Glennmar Milliner · ‎07-07-2015

This is a great config example Vinit but there may be one small detail missing. The entire traffic is going to be restricted to the 10Mbps that you have specified under the the "physical" policy but both "subnet-a" and "subnet-b" will have access to the entire 10Mbps and not have the 4Mbps limit for the "subenet-a" class. This is because the "bandwidth" command guarantees the specified bandwidth in times of congestion but does not tell the router not to let it surpass the specified bandwidth. In other words you could see it as a minimum guaranteed at the time of congestion. It does not really restrain the traffic at all times like the "police" or "shape" commands would. If you want to restrain then you could leave the "bandwidth" command that you already have and try using "police 4000000 conform-action transmit exceed-action drop" under "class subnet-a". This will restrict "subnet-a" to 4Mbps at any given time and will guarantee 4Mbps as well at the time of congestion. As far as "subnet-b" goes it will be able to use up to 10Mbps if available and guarantee 6Mbps are the time of congestion.

NOTE: the "bandwidth" command in QoS kicks in when congestion is detected. If there isn't congestion on the link then QoS is not actively retraining traffic.

Vinit Jain · ‎07-07-2015

Hi Glenn

I agree to your point. This was just a sample config that could be tweeked around to make it more precise to the requirements. The policer can be configured for the class-maps as you suggested along with bandwidth command.

Thanks

Vinit

Thanks
--Vinit

burhanburhan · ‎07-08-2015

Hi Glenn,

So is it right final config as follow ?

access-list 101 permit ip any a.a.a.a w.w.w.w ## Subnet A

access-list 102 permit ip any b.b.b.b w.w.w.w ## Subnet B

class-map subnet-a
match access-group 101

class-map subnet-b
match access-group 102

policy-map subnets
class-map subnet-a
police 4000000 conform-action transmit exceed-action drop
class-map subnet-b
bandwidth percent 60
exit

policy-map physical
class class-default
police 10000000 conform-action transmit exceed-action drop
service-policy subnets
exit

int fa0/1
service-policy output physical
exit

Joseph W. Doherty · ‎07-08-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

"So is it right final config as follow ?"

I don't think so.

Normally hierarchal policies use shapers in the parent class to create congestion that pushes packets into the child policy. The proposed policy has a policer, which shouldn't queue traffic. If you just want to rate limit traffic to/from that one subnet, something like this should do the trick (assuming a router that supports CBWFQ):

access-list 101 permit ip any 172.16.1.0 0.0.0.255

access-list 101 permit ip 72.16.1.0 0.0.0.255 any

class-map subnet-to-ratelimit

match access-group 101

policy-map subnets

class-map subnet-to-ratelimit
police 4000000

int fa0/1
service-policy input subnets
service-policy output subnets

Glennmar Milliner · ‎07-08-2015

burhanburhan,

Try this as a config. If assigning 100% of the bandwidth does not work becasue of your IOS just try redusing the percentage that you are assigning by 1%. Some images conserves 1% of the bandwith for class-default.

access-list 101 permit ip any a.a.a.a w.w.w.w ## Subnet A
access-list 102 permit ip any b.b.b.b w.w.w.w ## Subnet B

class-map subnet-a
match access-group 101

class-map subnet-b
match access-group 102

policy-map subnets
class subnet-a
shape average 4000000
bandwidth percent 40
class subnet-b
bandwidth percent 60
exit

policy-map physical
class class-default
shape average 10000000
service-policy subnets
exit

int fa0/1
service-policy output physical

burhanburhan · ‎07-13-2015

Ok thanks a lot.

Joseph W. Doherty · ‎07-06-2015

What router and IOS version?

Qos Bandwidth Limit