just create two policing

sead · ‎02-27-2017

I have a branch router with two WAN connections with different BW of 5Mbps and 2Mbps. The 2Mbps line is used as backup.

I want to put a percentage-based Policy of 80% on the interface that connects to the branch LAN, that limits a specific class of traffic.

For the moment I have the service-policy input to the LAN interface with police cir 4000000, but when my primary WAN connection is down the secondary line get congested.

Please help me with a policy map that works on both cases.

Thanks

Dennis Mink · ‎02-27-2017

Why dont you configure it as an output policy, so cir 5000000 to the primary link and 2000000 to the secondary??

cheers

Please remember to rate useful posts, by clicking on the stars below.

sead · ‎02-27-2017

Dennis the traffic that I want to limit is from a range of IPs in my LAN so I used access-list.

So I can't put the policy on the WAN interfaces. The configuration is:

class-map match-any Sys

match access-group 100

policy-map WAN

class Sys

police cir 4000000

conform-action transmit

exceed-action drop

violate-action drop

access-list 100 permit ip x.x.x.x 0.0.0.255 any

Thanks

Joseph W. Doherty · ‎02-28-2017

So I can't put the policy on the WAN interfaces.

Sorry, could you further explain why you think not?

BTW, if you device support embedded event scripts, you could have a script amend your policer's value with link up/down, however what Dennis was asking would probably be a much easier approach.

sead · ‎04-28-2017

Joseph I have a E1-to-Ethernet converter connected to my WAN Fast-Ethernet interface.

If I put my policy outside my WAN interface, would happen that the policy will be removed during the conversion from Ethernet to E1?

Joseph W. Doherty · ‎04-28-2017

I might misunderstand, by if you policy is on the router's interface, and you're making changes external to the device, other they seeing the interface bounce, it wouldn't know the bandwidth changed if you place an E1 in-line.

If, however, IPs changed, or CDP sees a change, you probably could use a EEM script to reconfigure, on-the-fly.

Dennis Mink · ‎02-28-2017

just create two policing queues:

for interface1:

policy-map pm-10m-out

class class-default

shape average 10000000 ß--variable

policy-map pm-queue-mark-out

class cm-prec-4-5-out

priority percent 33

class cm-prec-3-out

bandwidth percent 5

class cm-prec-2-out

bandwidth percent 27

class cm-prec-1-out

bandwidth percent 5

class class-default

fair-queue

policy-map pm-shape-queue-out1

description *** Shape and Queue ***

class class-default

shape average 10000000 <-------variable

service-policy pm-queue-mark-out

for interface2:

policy-map pm-10m-out

class class-default

shape average 50000000 ß--variable

policy-map pm-queue-mark-out

class cm-prec-4-5-out

priority percent 33

class cm-prec-3-out

bandwidth percent 5

class cm-prec-2-out

bandwidth percent 27

class cm-prec-1-out

bandwidth percent 5

class class-default

fair-queue

policy-map pm-shape-queue-out

description *** Shape and Queue ***

class class-default

shape average 10000000 <-------variable

service-policy pm-queue-mark-out

The apply each policy to its respective WAN interface as follows:

interface 1

service-policy output pm-shape-queue1-out

interface 2

service-policy output pm-shape-queue2-out

Please remember to rate useful posts, by clicking on the stars below.

sead · ‎03-01-2017

Dennis I will try this even I have only two classes, one that needs max 80% of bandwidth and the other the rest.

@Joseph I will try EEM in a lab because I like this solution too :)

QoS policing when output BW changes