Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
0
Helpful
3
Replies

Traffic shaping

Mmiselo
Level 1
Level 1

‎07-04-2016 01:24 AM - edited ‎03-05-2019 04:21 AM

Good day, we have a client that we connect to via an IPsec tunnel. We would like to run a sequence of tests whereby we gradually limit the available bandwidth for the this client, e.g. 1.5MB, 1MB, 512k, 256k and determine what bandwidth we require. This should only be done on traffic for this particular client and we don't want to affect other connections for other clients.

We use: Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M7, RELEASE SOFTWARE (fc2).

Regards

Nelson

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎07-04-2016 11:07 PM

Something like the below to limit egress bandwidth.  If you want to limit it both ways then apply it to the egress of the other interface for the traffic flow as well.

access-list 101 permit ip host a.b.c.d any
access-list 101 permit ip any host a.b.c.d

class-map match-any client
  match access-group 101

policy-map client-test
  class client
    shape average 512k

interface gig a/b
 service-policy output client-test
0 Helpful

Mmiselo
Level 1
Level 1
In response to Philip D'Ath

‎07-13-2016 05:29 AM

Good day,

The above is working fine where there is no IPSec tunnel, thanks a lot!

This is what I'm getting for traffic that's going thought the tunnel.

#show policy-map interface
GigabitEthernet0/0

Service-policy output: client-test

Class-map: client (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group 101
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 512000, bc 2048, be 2048
target shape rate 512000

Class-map: class-default (match-any)
841 packets, 98305 bytes
5 minute offered rate 1000 bps, drop rate 0000 bps
Match: any

queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 841/98305
#

I have made the acl for shaping to be the same as that of the tunnel.

Is there a way I can shape traffic is going through the tunnel or I can only do that on the next device where there is not tunnel configured.?

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Mmiselo

‎07-13-2016 06:04 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

You usually have two possible approaches.  You can apply the policy Phillip provided to the tunnel interface.  Or, you use the statement pre-classify statement on the tunnel interface, and then use Phillip's QoS policy on the physical interface as it can then "see" the original packet's header info.

0 Helpful
Customers Also Viewed These Support Documents