Re: Throttle HTTP traffic

jarmentrout · ‎08-11-2005

I am trying to throttle all http traffic to a fixed rate (512K) and can't seem to make it work

rate-limit input access-group 101 512000 512000 512000 conform-action transmit exceed-action drop

access-list 101 permit tcp any any eq www

access-list 101 permit tcp any eq www any

also tried puting both input and output

I have two interfaces, S0/0 connected to T1, and E0/0 connected to PIX and rest of LAN

After making changes, do a bandwidth test and I am still receiving full t1 at 1.5megs. When using all available bandwidth it saturates the line and causes latency to go way high. I would like to throttle HTTP and FTP traffic to give a little breathing room for other types of traffic.

I am using a 3640 router.

Mark Turpin · ‎08-11-2005

On your T1 interface you are probably looking for something like this:

!

interface Serial0/0

ip address a.b.c.d 255.255.255.252

rate-limit input 512000 8196 8196 conform transmit exceed drop

!

That will police the inbound traffic (assuming that you're pulling content). If you're the one serving the content, reverse that to be an output in your rate-limit command.

Those 2nd and 3rd values are burst normal and burst max byte values, not bps values, so you don't need 512k, an 8k burst value is plenty.

Also, make sure you write your ACL with direction in mind. If you're pulling content (you have users surfing the web) then you want to write your ACL like this:

access-list 101 permit tcp any eq 80 any

access-list 101 permit tcp any eq 443 any

You won't need to change your ACL if you're the one serving the content - just change the rate-limit command.

-Mark

--
-Mark Turpin

jarmentrout · ‎08-12-2005

Made the changes on burst size and HTTP is working now. I am also trying to limit FTP traffic, but it seems that it uses random ports, so it will be difficult to identify this traffic. I trying using ftp and ftp-data protocol. Any other suggestions.