12-15-2010 08:28 PM - edited 03-06-2019 02:34 PM
HI,
I have question for the traffic shaping with by Class-based shaping. Following is my envirnment setup
Example
Internal: 10.235.132.0/24
facing interface: FastEthernet 0/0
Limit in/out to 5Mbps
Dest address: 20.181.0.0 0.0.255.255
Dest address: 20.182.0.0 0.0.255.255
Limit in/out to 10Mbps
Dest address: 30.188.0.0 0.0.255.255
Dest address: 30.189.0.0 0.0.255.255
Others
Unlimit bandwidth access
Did not limit the incoming traffic with destination port such as 8080
WAN interface: fastEthernet 0/1
Command:
access-list 110 permit ip 10.235.132.0 0.0.0.255 20.181.0.0 0.0.255.255
access-list 110 permit ip 10.235.132.0 0.0.0.255 20.182.0.0 0.0.255.255
access-list 111 permit ip 10.235.132.0 0.0.0.255 30.188.0.0 0.0.255.255
access-list 111 permit ip 10.235.132.0 0.0.0.255 30.189.0.0 0.0.255.255
access-list 120 permit any any
class-map class_1
match access-group 110
exit
class-map class_2
match access-group 111
exit
policy-map policy_1
class class_1
bandwidth 5000
class class_2
match access-group 111
bandwidth 100000
exit
int fastEthernet 0/1
service output policy_1
However, I could not finish it for unlimited bandwdith for those out of accesss-list 110 & 111. Also for the no limited bandwidth access for the incoming port 8080.
Please advise. Thx!
12-16-2010 06:06 AM
The bandwidth command is a bandwidth guarentee, not a bandwidth limiter.
If you want to limit the amount of bandwidth used by a class you need a shaper, for example:
policy-map policy_1
class class_1
match access-group 110
shape average 5000
class class_2
match access-group 111
shape average 100000
Note in your example below you forgot the match command in class_1 and the bandwidth command in class_2 was set to 100Mb not 10Mb.
In you want to limit plus guarantee then you still include the bandwidth command like this:
class class_1
match access-group 110
shape average 5000
bandwidth 5000
Anything outside of the specified classes will be placed into class-default and will be able to use any remaining bandwidth (I think this is what you mean by unlimited).
Lastly since this policy is applied outbound it does not impact any incoming traffic.
Hope this helps,
Joe
12-17-2010 01:51 AM
Thanks for reply, is that means I need to apply this for the input interface also? Because I thinking is that will affect the incoming traffice for port 8080 if the bandwidth is fully use.
Thanks!
12-17-2010 07:39 AM
Again this policy will not impact the inbound traffic to that interface.
Of course since you are dealing with TCP traffic, you need to consider the ACKs and other return traffic (i.e. traffic from the inside destined for port 8080).
If hosts other then the ones you define in the current classes are sending traffic to 8080 then you may want to include traffic from inside to port 8080 into one of the classes you define or in a class of it's own.
something like this.if you wanted to add to class_1
access-list 110 permit tcp any any eq 8080
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide