cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1727
Views
0
Helpful
10
Replies

Rate policing

Safar Safarov
Level 1
Level 1

Hello,

we have two departments each department is in it's own subnet. Config as follows:

class-map match-any RTLMT-Dept

match access-group name Dept1

match access-group name Dept2

!

policy-map RATE-LIMIT

class RTLMT-Dept

   police 6000000 1125000 2250000

     conform-action transmit

     exceed-action drop

     violate-action drop

!

interface GigabitEthernet0/0

ip address 10.0.0.1 255.255.255.252

duplex auto

speed auto

no cdp enable

service-policy input RATE-LIMIT

!

ip access-list extended Dept1

permit ip any 10.1.0.0 0.0.0.255

ip access-list extended Dept2

permit ip any 10.2.0.0 0.0.0.255

Total internet speed provided by ISP is 12 Mbps.

So will these Depts share 6 Mbps or every Dept will have their speed of 6 Mbps?

Thanks.

1 Accepted Solution

Accepted Solutions

Sergey Fer
Level 1
Level 1

Their joined incoming traffic will be restricted up to 6 Mbps. For every Dept to have it's own 6M you need to create two classes and police each class.

View solution in original post

10 Replies 10

Sergey Fer
Level 1
Level 1

Their joined incoming traffic will be restricted up to 6 Mbps. For every Dept to have it's own 6M you need to create two classes and police each class.

Sergey,

in case of having more than 100 Depts any easy way to accomlish the task?

Disclaimer


The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

Safar Safarov wrote:

Sergey,

in case of having more than 100 Depts any easy way to accomlish the task?

Depends on your underlying requirements, but some switches, like the 6500, support (micro) flow or user (ubrl) policing.

Joseph,

Let's say, I have 100 Mbps ingress internet traffic to my router and I would like to police it among 100 users limiting each user to 1 Mbps. But creation of 100 classes to accomplish that seems to me a little bit strange. Therefore I'm looking for a way how to do that with the less administrative effort.

BR,

Safar.

Disclaimer


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Let's say, I have 100 Mbps ingress internet traffic to my router and I would like to police it among 100 users limiting each user to 1 Mbps. But creation of 100 classes to accomplish that seems to me a little bit strange. Therefore I'm looking for a way how to do that with the less administrative effort.

That's the major feature of per flow or per user policing, you don't define and manage 100 classes.  You apply a special policer on an aggregate path that's able to distinguish and enforce policing per flow or per user.

Did you search for micro-flow and/or ubrl policing on Cisco's main web site?

Yes I found some articles, all with reference to Cisco® Catalyst® 6500/Cisco 7600 Series Supervisor Engine 720. It seems to me there is no way to apply it on Cisco 2900/3900 Series ISR...

Disclaimer


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Safar Safarov wrote:

Yes I found some articles, all with reference to Cisco® Catalyst® 6500/Cisco 7600 Series Supervisor Engine 720. It seems to me there is no way to apply it on Cisco 2900/3900 Series ISR...

Correct, which is why I initially noted "some switches, like the 6500".  Feature is unavailable, I believe, on any ISR.

If your platform is an ISR, then you're stuck with using a large number of classes, or depending on what you really need to accomplish, perhaps a different approach to manage congestion.

Yes I see. Would it be the same in the case if I purchase ASR instead of ISR?

Aug 18, 2012 7:28 AM                             (in response to Safar Safarov)

Rate policing

Disclaimer


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Safar Safarov wrote:

Yes I see. Would it be the same in the case if I purchase ASR instead of ISR?

Not sure as I haven't worked QoS on those and they run IOS XE.  I suspect they don't, but don't quote me.

Okay. Then I think will go for 7600 Series.

Thanks for your help.

Review Cisco Networking for a $25 gift card