Re: QOS Police Bandwidth sharing

BornJames · ‎08-07-2022

Hi,

I am trying to split the internet connection for 2 networks and everything works fine.

However I would like to make sure that if network 1 is not using all of the allocated bandwidth it is available to the network 2 and vise versa

class-map match-all acl1-network
match access-group name network1
class-map match-all acl2-network
match access-group name network2

policy-map Internet-acl1-network
class cl1-network
police rate percent 40
policy-map Internet-acl2-network
class acl2-network
police rate percent 60
policy-map Parent
class acl1-network
police 100000000
service-policy Internet-acl1-network
class acl2-network
police 100000000
service-policy Internet-acl2-network

Thank you.

balaji.bandi · ‎08-08-2022

Try below example : ( based on the bandwidth you have split in to 2, and when other subnet not using, other will use rest of the bandwidth best effort basis)

https://community.cisco.com/t5/routing/limiting-bandwidth-on-cisco-router-possible-1800-series/td-p/1460602

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

BornJames · ‎08-08-2022

nah it would not work, "Cannot attach queuing-based child policy to a non-queuing based class" when attaching it to an interface

Joseph W. Doherty · ‎08-08-2022

"However I would like to make sure that if network 1 is not using all of the allocated bandwidth it is available to the network 2 and vise versa"

Generally, when using CBWFQ bandwidth classes, that's the default. However, as your policies have policers which limit bandwidth consumption, even if available from other class(s). Further, notice you police one child class as 30% and the other at 60%; are you also trying for unequal bandwidth allocations? Also, your structure of a parent and child polices is unusual, could you clarify your overall QoS objectives?

BornJames · ‎08-08-2022

yeh, it is a bit unusual.

but what I want to achieve is to split bandwidth between 2 networks 40% and 60% but if all of the available bandwidth is not used by one network make it available to the other one.

Joseph W. Doherty · ‎08-08-2022

Ok, that's actually simple. Assuming your have full interface bandwidth, you'll want something like:

class-map match-all acl1-network
match access-group name network1
class-map match-all acl2-network
match access-group name network2

policy-map Sample
class acl1-network
bandwidth percent 40 ! or 20, 2 - 40:60, 20:30, 2:3, all same sharing ratios
class acl2-network
bandwidth percent 60 ! or 30, 3 - 40:60, 20:30, 2:3, all same sharing ratios

interface e0 !ISP egress
service-policy out Sample

If your egress interface has a bandwidth cap that's less than the interface's, then you have something like:

policy-map Sample
class class-default
shape average # !your cap limit, in bps (you may need to set around 15% slower than cap to account for L2 overhead)
service-policy SampleChild

policy-map SampleChild
class acl1-network
bandwidth percent 40 ! or 20, 2 - 40:60, 20:30, 2:3, all same sharing ratios
class acl2-network
bandwidth percent 60 ! or 30, 3 - 40:60, 20:30, 2:3, all same sharing ratios

interface e0 !egress
service-policy out Sample

BornJames · ‎08-15-2022

shaping doenst work when having vlan interfaces especially on "service-policy input Sample"

it has to be police.

what about

class acl1-network

police rate percent 40% peak-rate percent 100

class acl2-network

police rate percent 60% peak-rate percent 100

would this work ?

Joseph W. Doherty · ‎08-16-2022

Ah, my oops, I assumed you were using a router. You're using a switch? If so, switch's QoS feature support, generally, is much weaker that what a router supports. Some of the older switches did support some form of shaping, but not using CBWFQ syntax.

BTW, also sorry you didn't understand shaping, or class queuing, cannot be used for ingress, as it queues, i.e. it needs to be applied to egress (which is why my example's service policy had "out").

To your last post's question, "would this work ?", the answer is no if you still wish to accomplish what you noted in you OP, i.e. "However I would like to make sure that if network 1 is not using all of the allocated bandwidth it is available to the network 2 and vise versa". Your policers would ALWAYS restrict each of the two networks to the defined amount of policed bandwidth.

What's the actual device and its IOS version?

What's interface usage, i.e. for traffic going to/from Internet?

BornJames · ‎08-21-2022

no, you are correct this is a router, however it has vlans and tunnels and it is not working for these 2 networks, I can make it work for one network (which is tunnel) and only upload, download wont work when i put it onto the other physical port on the inside(outside to the other network)

Doesnt work at all for the other network as i am not even seeing any traffic ( for the second network i have allow any any just for a test)

however with police everything works fine(I can see matches when running "sh police-map int), the only issue I have is that I want to make sure if the bandwidth is not used by one network it can be used by the other one.

Georg Pauwen · ‎08-22-2022

Hello,

can you post the output of:

sh ver

sh run

Joseph W. Doherty · ‎08-22-2022

". . . the only issue I have is that I want to make sure if the bandwidth is not used by one network it can be used by the other one."

Well, usually by default, within CBWFQ classes, unused bandwidth is available to other classes. However, when using policers, policed traffic will always be limited by policed limits.

For example given a policy such as (NB syntax might be incorrect):

policy-map example

class notpoliced

bandwidth percent 10

class policed

bandwidth percent 10

policed 50 percent

In the above, the policed class could never use more than 50%, and is guaranteed a minimum of 10%. The notpoliced class is also guaranteed a minimum of 10%, but depending on unused bandwidth, by other classes, it could use as much as 100%.