Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2961
Views
15
Helpful
3
Replies

Shaping the Traffic to Limit the Bandwidth toward ISP

Go to solution
MUHAMMAD TAYYAB MUNIR
Level 1
Level 1

‎07-13-2017 06:49 AM - edited ‎03-05-2019 08:50 AM

Hello,

We are planning the deploy shaping to limit the traffic toward the ISP,  and we have a gig interface which is connected to Cisco 7609 ----> ISP.

I would like to limit the traffic 250Mbps (anything above gets queued and dropped). The ISP is not limiting the traffic if it is Oversubscribed they will charge us lots of money.

So I'm preparing the configuration and required your comment on it.

The connection between my router and the ISP is a gig interface.

I ended up doing this:

Class-map ratelimit-250M

match any

Policy-map ratelimit-250M

Match class ratelimit-250M

Shape average 250000000

Exit

Interface range gi9/10-11

Service-policy input ratelimit-250M

Service-policy output ratelimit-250M

Please share your thoughts and findings if I'm missing anything.

Any other recommendations?

Anything I can do to help with the output drops? I thought the shaping would help.

*** Please rate all helpful responses and mark solutions***
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MUHAMMAD TAYYAB MUNIR
Level 1
Level 1
In response to willwetherman

‎10-08-2017 10:53 PM

Hi Willwetherman,

 

Thank you for the reply and as you said shaping doesn't support on module "WS-F6700-DFC3C" so apply policying on the interface as following;

 

class-map match-all ratelimit-250M
match any 
!
policy-map ratelimit-250M
class ratelimit-250M
police cir 249000000 conform-action transmit exceed-action drop 
!
interface GigabitEthernetx/x
description *** ISP-A primary ***
service-policy output ratelimit-250M
end

 

Outputs:

 

PE-7609-XXX-01-01#show policy-map interface gigabitEthernet 9/10 
GigabitEthernet9/10

Service-policy output: ratelimit-250M

class-map: ratelimit-250M (match-all)
Match: any 
police :
249000000 bps 7781000 limit 7781000 extended limit
Earl in slot 2 :   
13300416905062 bytes
30 second offered rate 238846008 bps
aggregate-forwarded 13286855706230 bytes action: transmit
exceeded 13561198832 bytes action: drop
aggregate-forward 231175584 bps exceed 0 bps 
Earl in slot 5 :
43098277 bytes
30 second offered rate 376 bps
aggregate-forwarded 43098277 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 488 bps exceed 0 bps 
Earl in slot 9 :
471225530 bytes
30 second offered rate 3904 bps
aggregate-forwarded 471225530 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 3688 bps exceed 0 bps

Class-map: class-default (match-any) 
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: any 

 

Question 1: we limit the bandwidth 250M but strange thing last night we can see the graph of our monitoring tool which shows traffic hits 300M, How it could possible?

 

 

 

Question 2: What is Earl Means and we have applied the policy in module 9 so what is the link with module 2, 5,

  1. Module 2 is WS-X6704-10GE connected with MPLS Core
  2. Module 5 is the Sup engine.

 

If we want to see the drop traffic which Earl we have to look.

 

Thank you in advance.

*** Please rate all helpful responses and mark solutions***

View solution in original post

3 Replies 3

Go to solution
willwetherman
Spotlight
Spotlight

‎07-13-2017 08:11 AM

Hi Muhammad,

 

This is the config that I typically use for outbound traffic shaping to my ISPs

 

policy-map parent

 class class-default

   shape average 250000000

!

interface GigabitEthernetX/X

 service-policy output parent

 

A couple of notes:

 

1) You can match all traffic under class-default instead of creating a dedicated class-map that matches any traffic.

2) I don’t think the 7609 supports inbound traffic shaping so your input service-policy may not work. This shouldn’t be an issue as you only want prevent egress traffic towards your ISP from exceeding your CIR.

3) Some devices don’t count L2 overhead so I typically reduce the shaped rate by 10% to take L2 overheads into consideration. Example config below. You will need to monitor this and adjust if required.

policy-map parent

 class class-default

   shape average 225000000 900000

A certain level of output drops will be normal and TCP traffic will adjust its transmission rate to compensate. You could look at increasing the depth of the shaping queue to reduce drops however this will increase latency which will have an impact if you run latency sensitive applications over your internet connection. Another option is to use a nested CBWFQ policy to provide minimum bandwidth guarantees and reduce drops for specific applications.

I hope that this helps

Go to solution
MUHAMMAD TAYYAB MUNIR
Level 1
Level 1
In response to willwetherman

‎10-08-2017 10:53 PM

Hi Willwetherman,

 

Thank you for the reply and as you said shaping doesn't support on module "WS-F6700-DFC3C" so apply policying on the interface as following;

 

class-map match-all ratelimit-250M
match any 
!
policy-map ratelimit-250M
class ratelimit-250M
police cir 249000000 conform-action transmit exceed-action drop 
!
interface GigabitEthernetx/x
description *** ISP-A primary ***
service-policy output ratelimit-250M
end

 

Outputs:

 

PE-7609-XXX-01-01#show policy-map interface gigabitEthernet 9/10 
GigabitEthernet9/10

Service-policy output: ratelimit-250M

class-map: ratelimit-250M (match-all)
Match: any 
police :
249000000 bps 7781000 limit 7781000 extended limit
Earl in slot 2 :   
13300416905062 bytes
30 second offered rate 238846008 bps
aggregate-forwarded 13286855706230 bytes action: transmit
exceeded 13561198832 bytes action: drop
aggregate-forward 231175584 bps exceed 0 bps 
Earl in slot 5 :
43098277 bytes
30 second offered rate 376 bps
aggregate-forwarded 43098277 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 488 bps exceed 0 bps 
Earl in slot 9 :
471225530 bytes
30 second offered rate 3904 bps
aggregate-forwarded 471225530 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 3688 bps exceed 0 bps

Class-map: class-default (match-any) 
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: any 

 

Question 1: we limit the bandwidth 250M but strange thing last night we can see the graph of our monitoring tool which shows traffic hits 300M, How it could possible?

 

 

 

Question 2: What is Earl Means and we have applied the policy in module 9 so what is the link with module 2, 5,

  1. Module 2 is WS-X6704-10GE connected with MPLS Core
  2. Module 5 is the Sup engine.

 

If we want to see the drop traffic which Earl we have to look.

 

Thank you in advance.

*** Please rate all helpful responses and mark solutions***

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎10-09-2017 05:54 AM

As you've discovered, a 7600 doesn't normally support shaping (and exception would be if using a FlexWAN card). 7600 is a bit weak in other QoS feature too.

Assuming you want to deal with congestion better than globally policing, you might consider putting a router in-line between the 7600 and ISP. (NB: another option might be to use a small switch with better QoS support. The 3560/3750 supported port shaping with 4 egress queues, so the 3560-CX might too, but I'm unsure.)
0 Helpful
Customers Also Viewed These Support Documents