The SAN uses iSCSI to replicate data, so I just match those IPs for limiting the bandwidth. The variable is really the time of day. So during the day, I run at 50 Mbps for the SAN, then at night it drops to 25 Mbps while backup are running. The reason I was looking for capping the SAN bandwidth was that it will consume the entire link if it's not throttled back. When that happens, response time for users drops considerably.

I had originally thought of something along these lines, but not sure if it will work.

access-list 101 remark Match SAN traffic

access-list 101 permit ip host host

access-list 101 permit ip host host

!

access-list 102 remark Match Backup traffic

access-list 102 permit ip host host

access-list 102 permit ip host host

!

class-map match-all SAN-MirrorView-Traffic

match access-group 101

class-map match-all Backup-Traffic

match access-group 102

!

policy-map PM-Limit-SAN-MirrorView

class SAN-MirrorView-Traffic

bandwidth percent 30

class Backup-Traffic

bandwidth percent 60

class class-default

fair-queue

I believe you can build policy maps on timed based ACLs, but from what you describe, don't believe you need to.

Try something like this:

policy-map MetroEthernet85Mbps

class-default

!allow for Ethernet overhead

shape average 77000000

service-policy PM-Limit-SAN-MirrorView

policy-map PM-Limit-SAN-MirrorView

class SAN-MirrorView-Traffic

bandwidth percent 1

class Backup-Traffic

bandwidth percent 2

class class-default

fair-queue

interface FastEtherent x

service-policy output MetroEthernet85Mbps

BTW, SAN (and/or backups) using all the bandwidth should not adversely impact other traffic as long as it is treated with little queuing priority.

Thanks. Does the percent value matter? Or is it the just ratio of the numbers?

I had looked into the time-based ACLs too. Would something like this work? The ACLs 101 & 102 would have the time-ranges set match to their class-map names. If the time is outside of the time-range set for an ACL, does it just ignore the ACL?

class-map match-all SAN-Traffic-Day

match access-group 101

class-map match-all SAN-Traffic-Night

match access-group 102

!

policy-map PM-Limit-SAN-MirrorView

class SAN-Traffic-Night

bandwidth percent 30

class SAN-Traffic-Day

bandwidth percent 60

class class-default

fair-queue

The percentage matters as it sets ratios to other traffic. For example

class SAN-Traffic-Night

bandwidth percent 30

class SAN-Traffic-Day

bandwidth percent 60

class SAN-Traffic-Night

bandwidth percent 3

class SAN-Traffic-Day

bandwidth percent 6

class SAN-Traffic-Night

bandwidth percent 1

class SAN-Traffic-Day

bandwidth percent 2

All the above will set the same ratios relative to each other, but what's the ratio relative to class-default? (BTW, many platforms/IOSs won't accept bandwidth percents that sum more than 75% unless reservation changed.)

Yes, the time-based ACL tied to classes should work. Of course, the policy-map doesn't really realize you're only changing bandwidth allocations for time of day. I.e. you've allocated 90% when you intend (and will effectively obtain with time-based ACLs) 30% or 60%. This can become annoying when you want to explicitly allocate bandwidth to other defined classes.

PS:

If your available downstream bandwidth is less than the interface's, don't forget a parent policy shaper. Otherwise, you'll usually end up (FIFO) queuing at the next bottleneck without the bandwidth allocations you intended. (This could explain poor performance you've seen for other traffic when SAN not capped with shaper.)

Thanks for the info! I'll give the parent policy-map setup a shot and see how it works.