02-26-2011 08:05 AM - edited 03-06-2019 03:46 PM
Hi all,
I was wondering if someone would be kind enough to give me some advice and guidance on an issue I am currently dealing with.
Scenario:
We currently have a 10MB Internet line serving our users Internet, as well as production services such as streaming, web serving, FTP, etc. With the increase in Internet activity we are finding that our production services are being slowed down by increased user activity on the Internet pipe.
Possible solutions:
We have set up internet monitoring services, etc but we are not aloud to restrict access (except the obvious malicious sites). I have been looking at implementing Class-Based Weighted Fair Queueing to prioritise the production service traffic above any other in times of conjestion, as to not hinder the service. Is anyone able to provide me with any hints/tips/advice on implementing this, such as would I allocate for example 80% of the bandwidth to the production service traffic and 20% to all other traffic??
I have got the following config example from another web site:
Example CBWFQ configuration:
access-list 100 permit udp any any range 16384 32000
access-list 100 permit tcp any any eq 1720
access-list 101 permit tcp any any eq 80
access-list 102 permit tcp any any eq 23
!
class-map voice
match access-group 100
! --- Traffic that matches ACL 100 is
classified as class voice
class-map www
match access-group 101
! --- Traffic that matches ACL 101 is
classified as class www
class-map telnet
match access-group 102
! --- Traffic that matches ACL 102 is
classified as class telnet
policy-map cbwfq-policy
class voice
bandwidth 40
class www
bandwidth 15
class telnet
bandwidth 15
class class-default
fair-queue
interface serial 2/0
bandwith 128
service-policy output cbwfq-policy
! --- Apply the service-policy to interface
Any help with this would be much appreciated.
Thanks very much
02-26-2011 08:30 AM
Well of course first you need to know what traffic is on your network and decide how much you want to reserve for each. FTP traffic consumes all the bandwidth it can take but it is critical? Is it FTP uloading from user to a server on the ineternet of vice versa? Do you need voice? Streaming is usually from the internet to your users. Is your line 10mb symetrical? Is your upstream bandwidth saturated or only your downstream bandwidth. What service do your servers provide? Won't most of this be from users on the internet connecting to your servers? So most of the traffic will be upstream from your servers to the users, but of course the users peticions will be downstream, so we need to know if its http, https etc.
As far as the example goes it's ok, but you need to make one more suitable to your needs and that requires monitoring the line adn knowing what is flowing over it. You might want to reserver 80% for production but maybe you only need 50%. I hope you are ready for users to start complaining about "slow internet access"....
If you can provide more detailed information on bandwidth usage, protocols, services etc, it would be useful.
Regards,
Ian
02-26-2011 08:40 AM
Hi Ian,
Many thanks for your reply. Sorry, I didnt provide much detail. Basically, we are a multimedia company so we upload FTP files from production output machines to a server on the Internet. Also we stream our radio station output from the stations at some of our other sites across the MPLS out the same internet pipe. Also another need is to ensure that the web serving traffic is given priority over a user downloading or uploading a video to YouTube. The Internet is a 10MB laesed line to our ISP so would be 10MB up and 10MB down. We are looking at increasing the capasity on this line as well to resolve the issue.
Thanks again!
02-26-2011 11:39 AM
Well you know your network better than me but here's a suggestion:
Limit FTP to 40%.
Limit streaming to 30%.
Server traffic to 15%
Rest: 15%
But like I say, you should monitor fist. Do you really need 4mb FTP reserved all day? Is radio streaming using 3mb? Maybe 1.5mb for server traffic isn't enough?
Then it's just a case of creating the access-lists for each class and applying them:
access-list 100 permit tcp any any range 20 21 #ftp
access-list 101 permit tcp any any eq 80 #server traffic
access-list 101 permit tcp any any eq 443 #server traffic
access-list 102 permit udp any any eq
!
class-map ftp
match access-group 100
! --- Traffic that matches ACL 100 is
classified as class ftp
class-map server
match access-group 101
! --- Traffic that matches ACL 101 is
classified as class server
class-map radio
match access-group 102
! --- Traffic that matches ACL 102 is
classified as class streaming
policy-map cbwfq-policy
class ftp
bandwidth 40
class server
bandwidth 15
class streaming
bandwidth 30
class class-default
fair-queue ---> includes all user traffic not classifed above (and all other traffic not classified).
interface serial 2/0
bandwith 10000 ---> expressed in kbps
service-policy output cbwfq-policy
This is a very simple config. You might want to delve deeper and prioritise some traffic using the priority command (usually for voice but you can use for your radio traffic for example). Here's a good explanation:
http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080103eae.shtml
You can go MUCH deeper with shaping and policing but depends how much you want to read
HTH,
Ian
02-28-2011 01:07 PM
Hi Ian,
I really appreciate your help on this. I think like you say I will monitor the traffic but mainly it is the streaming that obviously needs priority on the line. So will implement with that first and see how it goes!
Once again your help is much appreciated.
Cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide