cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3428
Views
9
Helpful
10
Replies

cisco 1841 - bandwidth control

ciscokalpesh
Level 1
Level 1

Hi,

We have serveral branch office projects that are linked to our Head Office with different communication links, like Point-to-Point, DSL (Data), Wimax etc. We want to configure a 1841 router as gateway at all our projects and limit the bandwidth at the source and give priority for some traffic as well. This is not a very good solution, but for the time being it is what we need to do !!!

We have some telephone lines (DID) and Citrix traffic which we want to priotise. Below is the configuration that i will configure. I am not sure whether this would work, particularly for the incoming and outgoing traffic ?


Configure the access-list as required. For the telephone DID lines, we have seperate network, so would just allow that. For Citrix i shall allow our server IPs. I want to gaurantee 512kbps for voice/citrix traffic. And rest 512kbps for other.

ip access-list extended 100
permit udp 10.1.253.0 0.0.0.240 any
permit udp any 10.1.253.0 0.0.0.240
permit tcp 10.1.253.0 0.0.0.240 any
permit tcp any 10.1.253.0 0.0.0.240
permit ip 10.1.253.0 0.0.0.240 any
permit ip any 10.1.253.0 0.0.0.240
permit tcp host 192.168.168.48 any eq 1494
permit tcp any host 192.168.168.48 eq 1494
permit tcp host 192.168.168.48 any eq 2598
permit tcp any host 192.168.168.48 eq 2598


interface FastEthernet0/0
description ETH-LAN
ip address 192.168.168.199 255.255.255.0

rate-limit input access-group 100 512000 512000 512000 conform-action set-prec-transmit 5 exceed-action set-prec-continue 0
rate-limit output access-group 100 512000 512000 512000 conform-action set-prec-transmit 5 exceed-action set-prec-continue 0
rate-limit input 1024000 8000 8000 conform-action transmit exceed-action drop
rate-limit output 1024000 8000 8000 conform-action transmit exceed-action drop
duplex auto
speed auto

Please guide whether there are any changes required or shall the above configuration work in such scenerio ?

Thanks in advance.

K

10 Replies 10

rizwanr74
Level 7
Level 7

Here is a sample config, which worked for me to cap the bandwidth based on source and destination. however you can also use NBAR in the class-map to identify traffic types and then import the class-map into the policy-map. 

Hope this help you.

--------------------------------------------------------------------------------------
Terminal-2651xm>enable
Terminal-2651xm#show run
Building configuration...

Current configuration : 2139 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Terminal-2651xm
!
boot-start-marker
boot system flash:c2600-advipservicesk9-mz.123-26.bin
boot-end-marker
!
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ip domain lookup
ip host r2 2033 1.1.1.1
ip host r3 2034 1.1.1.1
ip host r4 2035 1.1.1.1
ip host r5 2036 1.1.1.1
ip host r6 2037 1.1.1.1
ip host r7 2038 1.1.1.1
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
class-map match-any 250-kbit
  match access-group name NETWORK-10
class-map match-any 512-kbit
  match access-group name NETWORK-20
class-map match-any 1-Mbit
  match access-group name NETWORK-30
!
!
policy-map RIZ-POLICY
  class 250-kbit
   police cir 250000
     conform-action transmit
     exceed-action drop
  class 512-kbit
   police cir 500000
     conform-action transmit
     exceed-action drop
  class 1-Mbit
   police cir 1000000
     conform-action transmit
     exceed-action drop
!
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 10.10.10.2 255.255.255.252
ip nat inside
speed 100
full-duplex
service-policy input RIZ-POLICY
service-policy output RIZ-POLICY
!
ip nat inside source list NAT interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 10.0.0.0 255.0.0.0 10.10.10.1
!
no ip http server
no ip http secure-server
!
ip access-list extended NAT
permit ip 10.0.10.0 0.0.0.255 any
permit ip 10.0.20.0 0.0.0.255 any
permit ip 10.0.30.0 0.0.0.255 any
ip access-list extended NETWORK-10
permit ip 10.0.10.0 0.0.0.255 any
permit ip any 10.0.10.0 0.0.0.255
ip access-list extended NETWORK-20
permit ip 10.0.20.0 0.0.0.255 any
permit ip any 10.0.20.0 0.0.0.255
ip access-list extended NETWORK-30
permit ip 10.0.30.0 0.0.0.255 any
permit ip any 10.0.30.0 0.0.0.255
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
line 33 64
no exec
transport input all
line aux 0
line vty 0 4
login
!
!
end

Terminal-2651xm#
----------------------------------------------------------------------------------------

Hi,

Thanks for reply.

In you configuration, you have made class-maps with ACL to provide 250, 512 and 1024kbps bandwidth. Does that mean that the total bandwidth made available to them should be 250+512+1024 = 1786kbps approx. ?

Thanks,

K

To answer your question more specifically, if a user coming from network 10, yes they will only get 250-kbit, even if there is no congestion on the pipe because their bandwidth has been policed.

For network 20 bandwidth 500-kbit and network 30 bandwidth is one Mbit. 

Lets say a user coming from network 40, which does not have a specific policy mapped, that particular user will be put into default-class automatically, the default-class gives the user remaining all available bandwidth if there is a congestion on the pipe. 

Hypothetically lets say total available bandwidth 3Mbit, when a user comes from network 40, that particular user still be able to use all 3Mbit (assuming there is no traffic coming "to and from " network 10, 20 and 30) because that user is not mapped to policy, however when users from network 10,20 and 30 start utilizing their bandwidth capacity, the user from network 40 will only gets remaining available bandwidth which is 1250-kbit or 1.25 Mbit.

I hope this make sense.

Hi,

Thanks for receptive reply.

In your scenerio, if there are no users for network 20 and 30, yet the users of network 10 cannot use more than 250k bandwidth.

I want to configure such that if the allocated bandwidth is available then anyone can use it. Just that i will limit them to any maximum usage for their link.

Thanks again,

K

Hi,

My doubts are mostly clear, except below !

In the "rate-limit" command, if i want to limit to 512k, we get 3 options,

1) Bits per seconds (Here i will mention 512000 for 512kbps bandwidth)

2) Normal burst bytes (What this should be ? Same 512000 ?)

3) Maximum burst bytes (What this should be ?)

Please guide.

Thanks in advance.

K

Option two and three are used for traffic shaping. 

Option two: known as "Be" or Excess Burst Size.

Option three is "Bc" or Committed Burst Size. 

In simple English, how much of data you would allow to go above your allowable limit in the option two. 

In the option three, the point of limit how much your provider will allow you to push traffic above and beyond the CIR.

Hi,

Thanks for the explanation. It is clear now

I would set all these values as same ...

Thanks again,

K

It is not recommended to set all three value the same, if you choose to set the value for option two, you must have at least 15% higher value than in the option one, this is a rule of thumb.  Otherwise do not use option two and three at all.

Hi,

Thanks for clearing that. I will consider it. How about the option 3 ? any % that it should be kept minimum ?

Please reply.

Thanks,

K

Option 3, must be given by service provider.

Review Cisco Networking for a $25 gift card