07-23-2007 10:21 PM - edited 03-03-2019 05:59 PM
Hello All,
I have implemented the below Configuration on my Internet Router. My Setup is, I have a Internet Link of 10 Mbps Capacity.
I have to split the 10 Mbps as: 6 Mbps Backup VPN over Internet to Europe and 4 Mbps for Internet Usage.
This QOS is designed in such a way like, during Backup VPN Link is Active the 6 Mbps VPN can expand upto 8+ Mbps more based on Peak incoming and outgoing traffic and whereas rest ot the availaible bandwidth for Internet usage.
During Primary MPLS is Up and no usage of Backup VPN Link over Internet, the Internet Usage should be limited to 4 Mbps only at any point of time. ie., in every situation atleast i will have a dedicated Backup VPN of 6 Mbps availaible.
I have seen the Utilization of Internet has crossed more than 4 Mbps for Week # 729. As i know this operates on QOS using CBWFQ concept which uses Token Bucket Algorithm. The Traffic more than 4 Mbps is just an Burst Traffic but i would like to clearly understand why this is happening for entire Week (for long Hrs).
HOW MY CONFIGURATION is WORKING ?
IS my CONFIGURATION is designed as per my REQUIREMENT ?
Please see the COnfiguration and provide me a clear explanation. Thanks in Advance for Help.
Utilization Values: (as per MRTG)
Max In: 5028.6 kb/s (50.3%) Average In: 1824.9 kb/s (18.2%) Current In: 3951.6 kb/s (39.5%)
Max Out: 1652.2 kb/s (16.5%) Average Out: 354.5 kb/s (3.5%) Current Out: 684.8 kb/s (6.8%)
ACL required:
access-list 120 permit ip host <ip_address> host <ip_address>
!! ACL 120 identifying VPN Traffic
access-list 121 permit ip any any
!! ACL 121 identifying non ? VPN Traffic
QOS Configuration:
class-map match-all VPN_BACKUP
match access-group 120
policy-map QOS_CHENNAI
class VPN_BACKUP
bandwidth 8000
class class-default
fair-queue
Apply the Policy to the Interface:
interface FastEthernet0/1
speed 10
full-duplex
service-policy output QOS_CHENNAI
!!inside Interface of Internet Router - connected to DMZ Switch
Apply Rate-Limit ( i.e., CAR) to the Interface:
interface FastEthernet0/0
!!outside Interface of Internet Rouer - connected to Service provider
rate-limit input access-group 120 8000000 1000000 1000000 conform-action transmit exceed-action drop
!! VPN backup limited to 8Mb
rate-limit input access-group 121 4000000 500000 500000 conform-action transmit exceed-action drop
!! Internet traffic limited to 4Mb
Best Regards,
Guru Prasad R
07-23-2007 11:16 PM
Internet traffic is going over 4mb because there is a burst rate also configured
I would have this a little differently done and make the VPN traffic
Priority percent 60
then everything else as class default.
But from the way you have this I noted the following -
CAR limiting in total is over 10mb this will not work as well as expected.
Give VPN CAR 6mb then burstable to 8mb and not as shown a static 8mb.
Any other suggestions from other forum members ?
07-24-2007 01:06 AM
If you use the bandwidth percentage, remember to set the interface command "bandwidth" otherwhise as this is a fastethernet port, the IOS thinks to be at 100Mb and not 10Mb.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide