Showing results for 
Search instead for 
Did you mean: 

What is the best way to throttle FTP traffic on an ATM PVC


We have been trying to implement an MQC policy to throttle FTP traffic on ATM PVC's.  Our basic requirement has been to allow Interactive traffic (HTTP, telnet, etc) to be able to burst to line rate.  We would like to limit FTP traffic to approx. 30% of the port speed if there is congestion occuring.  We initially tried to utilize the bandwidth percent, but that only gave us a minimum.  It did not set any maximum utilization thresholds during congestion.  I thought about utilizing the priority percent for FTP, but I believe that the priority command should only be utilized for traffic requiring low latency.  Since FTP is batch, that's probably not a good idea.

What we currently have implemented is policing, where we give Interactive traffic 80% of the port speed.  FTP is put in the default class at this time.  I need some recomendations to limit FTP to a percentage value (30%) during periods of congestion.  What we currently have implemented is not limiting the FTP's and our latency measurements are showing the latency spikes when the FTP's are occuring.  Below is a sample of what we have tried to implement.  The sample is for a 3 meg port ATM configuration.  The policy is applied on the outbound of the ATM PVC:

class-map match-any MNGMT_APPS
match access-group name MNGMT_APPS
class-map match-any BGP_TRAFFIC
match access-group name BGP_TRAFFIC
class-map match-any INTERACTIVE
match access-group name INTERACTIVE
class-map match-any ALL_TRAFFIC
match access-group name ALL_TRAFFIC
policy-map QOS2xT1
  police cir 8000
    exceed-action transmit
  police cir 8000
    exceed-action transmit
  police cir 2457000
    exceed-action transmit
policy-map QOS_PARENT2xT1
  police cir 3072000
    exceed-action transmit
  service-policy QOS2xT1
class class-default
  queue-limit 128
ip access-list extended ALL_TRAFFIC
permit ip any any
ip access-list extended BGP_TRAFFIC
permit tcp any any eq bgp
permit tcp any eq bgp any
ip access-list extended INTERACTIVE
deny   tcp any any eq ftp
deny   tcp any any eq ftp-data
deny   tcp any eq ftp any
deny   tcp any eq ftp-data any
permit ip any any
ip access-list extended MNGMT_APPS
permit udp any any eq tacacs
permit tcp any any eq 22
permit udp any eq tacacs any
permit tcp any eq 22 any

1 Reply 1

Giuseppe Larosa
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

Hello Tschlosser,

if  your exceed action is tramsit  you have simply built traffic counters for each traffic class!

On the other hand, if the exceed-action were drop you could be not able to setup the BGP session for example.

the scheduler solution is the right one because it has elasticity in using resources.

policing is too rigid to be useful in this scenario.

You could use a parent policy that shapes at a specified rate all traffic and that invokes a child policy that is a CBWFQ.

You could think to shape outbound FTP traffic in addition to use CBWFQ  adding a shaping on that specific class of child policy


see  command reference for shape command in policy map context

Hope  to  help


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: