Per IP qos

josephschung · ‎01-26-2010

Dear Sir,

We have one web server connected to a port on 2960/3560 switch. There are two web sites on the server. Each wet site has his own IP. We want to configure qos and let web site 1 has 5M and web site 2 has 3M of bandwidth. Is it possible with service policy?

Thanks

Mohamed Sobair · ‎01-26-2010

Hi,

Yes its possible using Policing or Shaping, please look into the bellow (Policing) example:

lets assume website 1 has the ip address of 1.1.1.1

let assume website 2 has the ip address of 2.2.2.2

class-map match-any website1

match access-group 100

class-map match-any website2

match access-group 101

access-list 100 permit ip host 1.1.1.1 any

access-list 101 permit ip host 2.2.2.2 any

policy-map website

class website1

police 5 Mbps

class website2

police 3 Mbps

interface X (outbound Interface)

service-policy output website

HTH

Mohamed

Edison Ortiz · ‎01-26-2010

No, it's not possible with a service-policy on the hardware that you have.

Policers are only supported on ingress

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swqos.html#wp1426834

If you want to limit egress bandwidth, your only option is srr-queue bandwidth limit

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swqos.html#wp1253412

Regards

Edison

josephschung · ‎01-26-2010

I see. If I want to control the out going web traffic only, Mohamed's example is good enough.

But for controlling traffic from both direction, we will need to user SRR. But, we have two IPs from the same interface. Can SRR be applied 5M and 3M to indivdual IP respectively? Do you have an example Edison?

Thanks.

Edison Ortiz · ‎01-27-2010

As I stated, you can't police egress traffic on the hardware at hand - thus the example provided by Mohamed won't work.
You can police traffic on ingress with MQC as the switch supports such feature.

The documentation provides an example on how to implement bandwith limits with srr-queue bandwidth limit.

The limit is imposed globally on the port and can't be applied per-traffic class or flow.

http://www.cisco.com/en/US/partner/switches/lan/catalyst3750/software/release/12.2_50_se/command/reference/cli3.html#wp1947391

Florin Barhala · ‎05-22-2012

Hi guys,

Do you have any idea how I can achieve QoS per IP?

I have a router doing NAT for 192.168.0.0/24 and one ISP.

I want to police all the network members so no user would exceed 300KB/s or 2.4Mbps. From what I know:

class-map match-any LAN

match access-group 100

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

policy-map local_lan

class LAN

police 2400000

interface Fa0/0 (local Interface)

service-policy input local_lan

Will this work per IP or it will limit ALL users up to 2.4 Mbps?

Tagir Temirgaliyev · ‎05-22-2012

this will limit ALL users up to 2.4 Mbps

policy-map Shape

class class-default

shape average 2400000

random-detect

interface Fa0/0 (local Interface)

service-policy input Shape

yours too

and of course you can limit per user but you need access-list for each and class map for each

Florin Barhala · ‎05-22-2012

Hi mate,

Thanks for the input; hope I will be able to test this couple of weeks from now on real hardware.