09-04-2009 02:59 AM - edited 03-04-2019 05:56 AM
Please could you help.I need to mix up traffic shaping for both tcp protocols and ip protocols.My scenario is:
I have got a router that does traffic shaping using CBWFQ. find my configs attached.shaping is ok.All the 3 clients are dsl clients and they have a network behind the given ip addresses.The problem is, if one pc from a client eg 192.168.1.100 is downloading a file from the internet, everyone under that network cannot browse.Thus means all bandwidth will be used up for the file downloads.Web and ftp traffic will be affected for that network in particular.can i reserve bandwidth for www and ftp and how can i do it with my current configs.I tried adding this to my config but its not working
class-map web
match protocol http
match protocol ftp
match protocol secure-http
policy-map traffic-shaping
class web
shape average 128000
bandwidth 128
09-04-2009 03:30 AM
Yes you can do this - it means you are going to have to get veru creative with your class maps.
For example you could use several access-lists will be required, in your instance, instead of just using IP address, you should also use destination tcp ports e.q 80, 20-21, 443 or you can use policing and priority policies.
What is your ultimate goal here?
09-04-2009 03:48 AM
Thank you for the quick response.I have got a low speed wan link and would like to shape traffic so that clients don't abuse the bandwidth.Please can you explain further on how to mix up ip addresses and ports on my access lists such that www and ftp dont get affected with normal downloads.
09-04-2009 03:56 AM
Your likely issue is, trying to manage bandwidth downstream (". . . downloading a file from the internet . . .") of the congested link is difficult to impossible.
If you "know" a certain inbound traffic stream is causing issues, e.g. FTP, and if it uses TCP, you can police (not shape) its rate. You may find, though, you have to police (or rate limit) the such traffic at a lower rate than you desire to truly control its inbound bandwidth utilization.
PS:
For outbound, in many cases, a simple FQ implementation will keep a bandwidth demanding flow from adversely impacting your other flows.
09-04-2009 04:07 AM
are you saying we cannot manage bandwidth for downstream traffic?from they way i configured, it shows that traffic shaping is functional after typing this command: sh policy-map int f0/1.The only thing i want to do is to reserve bandwidth for ftp and www.
09-04-2009 04:19 AM
No - its practicially impossible to limit what people are D/L from the internet. QoS was not invented to limit traffic coming in - but traffic going out.
Example
PC1<>LAN1<>RT1<>WAN<>RT2<>LAN2<>PC2
to stop a PC1 from d/l a large file from PC2 and use all WAN bandwidth - you would QoS the connection from RT2 to the WAN limiting the traffic and vice versa.
In your instance you have
PC1<|
PC2<|>RT1<>Internet
PC3<|
QoS in this instance would be to limit the amount of traffic that the PC1/2/3 would be UPLOADING to the internet - not D/L, however if you have:-
PC1<|
PC2<|>RT1<>RT2<>Internet
PC3<|
You could implement a policy in the RT2 interface facing RT1 to limit the D/L from the internet.
Also rememeber you are applying QoS on a FA interface 100mbs - which means you will use 75% of that 75mbs available interface bw. If you have a 1mbs wan link.....how do you tell the router to use only 300kbs on a FA interface - you can't, because normal QoS is congenstion management (meaning full pipe usage) you MUST using Shaping & Policing.
09-04-2009 04:29 AM
i made a mistake, maybe.Iam implementing shaping and if you check my configs i posted, they indicate traffic shaping.the actual setup is like:
PC1<|
PC2<|>RT1<>RT2<>internet
PC3<|
RT1 is doing traffic shaping, outbound on the interface facing the PC's.all i want is to shape web traffic, otherwise if i guarantee 256k to PC2, iam getting that one, so my shaping is okey.i guess i made myself clear.
09-04-2009 04:39 AM
OK - things are getting clearer, but now you have to consider, FA0/0 on RT1 faces the LAN, and is the man layer3 interface for all comms on that network. By shaping going out - not only are you affecting all Internet traffic, but potentially all LAN inter-site traffic also.
To get the below working:-
class-map web
match protocol http
match protocol ftp
match protocol secure-http
policy-map traffic-shaping
class web
shape average 128000
bandwidth 128
Change class-map web to
class-map match-any web
match protocol http
match protocol ftp
match protocol secure-http
The default is to "match-all" = will never work with multiple protocol statements, as they must ALL match, which will never happen.
09-04-2009 05:48 PM
find the output of sh policy-map int command
Class-map: web (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol ftp
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol secure-http
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 277
Bandwidth 128 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
128000/128000 1984 7936 7936 62 992
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 0 0 0 0 no
it looks like no matches are found. but the other classes are working, that is:
Class-map: 256k-clients (match-any)
3542006 packets, 2805904757 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: access-group 100
2786602 packets, 2149435661 bytes
5 minute rate 1000 bps
Match: access-group 114
755404 packets, 656468250 bytes
5 minute rate 0 bps
Match: access-group 116
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 267
Bandwidth 256 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 2054229/1923513698
(depth/total drops/no-buffer drops) 0/0/0
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
256000/256000 1984 7936 7936 31 992
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 3509338 2765047394 1979081 1913716974 no
09-05-2009 12:19 AM
post your current config for review.
09-04-2009 06:32 AM
I believe Andrew has covered this, but "are you saying we cannot manage bandwidth for downstream traffic?", again, difficult to impossible. Traffic shaping on the LAN interface just controls the bandwidth utilization going to clients, not exactly the same as controlling the bandwidth utilization on your inbound Internet link, which is likely the problem. Ideally, you would want to manage egress on the other side of the Internet link, i.e. the ISP's router.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide