Re: Traffic shaping

toolshed1 · ‎09-23-2021

Hello,

I have somewhat unique situation.

Everything is L2

My ISP is handing off their up link to me through 10 GB SFP (traffic rated for 2 GB).

As my ASR is not licensed to do 10GB i was forced to place 3850 in between.

I have ISP 10GB going to 3850 10GB module and from 3850 1GB to ASR.

My question is how can i limit interface so it wont get overrun from 10GB to 1GB

i set up

Policy-map 1GB

class class-default

shape average 1000000000

on GB interface

service-policy output 1GB

However i'm not sure if it's entirely working.

Any help is appreciated.

Thanks in advance

Georg Pauwen · ‎09-24-2021

Hello,

you can really only influence your own outgoing traffic. Is this what you are trying to do ? If so, the shaping you have in place looks fine...

toolshed1 · ‎09-24-2021

Thats correct. I just want to make sure that 2 GB that ISP gave me wont oversubscribe 1GB interface that i have on 3850.

Georg Pauwen · ‎09-24-2021

You are now shaping 1Gig...if your ISP gives you 2Gig, you need ro reflect that in your policy. Other than that, the policy looks fine.

paul driver · ‎09-24-2021

Hello

@toolshed1 wrote:
I have ISP 10GB going to 3850 10GB module and from 3850 1GB to ASR.

You can police the 3850 interface egress on the towards the ASR.
int x/x
srr bandwidth shape 10 0 0 0

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

toolshed1 · ‎09-24-2021

Paul,

I'm getting "unrecognizable command"

I dont have AutoQos applied. Not sure if that is requirement

Giuseppe Larosa · ‎09-24-2021

Hello @toolshed1 ,

given your network description

>>

My ISP is handing off their up link to me through 10 GB SFP (traffic rated for 2 GB).

As my ASR is not licensed to do 10GB i was forced to place 3850 in between.

I have ISP 10GB going to 3850 10GB module and from 3850 1GB to ASR.

Your issue is that you have bought 2 Gbps from ISP but your ASR cannot use 10GE for licensing question.

You should police to 1 GB traffic incoming to the Cisco 3850 Tengiga if you want to protect the 1 GE link to ASR.

The long term solution is to buy that license for the ASR otherwise you pay for 2 Gbps but you can use only 1 Gbps.

A possible workaround would be to use a port-channel made of two 1 GE ports between the Cat 3850 and the ASR.

I would give it a try.

It would be a L2 port-channel associated to the same VLAN ( access mode) whre the tengiga port is member of. It would be a L3 port-channel on the ASR side.

Hope to help

Giuseppe

Joseph W. Doherty · ‎09-24-2021

"However i'm not sure if it's entirely working."

Yea, could be difficult to "see" as (if I understand what you're doing, correctly) you're shaping for gig on a gig interface.

Normally we shape (or police) "slower" than what the interface supports/provides.

For example, you might shape (or police) at gig rate on a 10g interface, or 800 Mbps on a gig interface.

In other words, if you want to limit your bandwidth to gig, you've already doing that on a gig interface.

Now, if you think, but I don't want to overrun the gig interface, consider what happens with a gig shaper (or policer), they will just drop the traffic rather than the "interface" doing so. I.e. more-or-less, the same effect. (As a side note, with a QoS policy, we can be "selective" which traffic will be dropped first during over subscription, but you didn't ask about that.)

If your ASR isn't licensed for 10g interfaces, but does offer, at least, 4 Gbps aggregate throughput (the same your provider provides), as @Giuseppe Larosa suggests, you might consider using Etherchannel. Also, although Giuseppe further suggests trying a dual gig connection, which should provide additional bandwidth vs. a single gig link, due to the "quirks" of Etherchannel, to really obtain 2 Gbps, you'll likely need 3 or 4 gig links in your Etherchannel. This also assumes your traffic will distribute itself across your links.

BTW, when getting involved with Etherchannel between a pair of network devices, many almost automatically jump into optical connections, but copper works, usually, just as well, and, again for multiple Etherchannel links, can bring the cost of implementation way down.

Giuseppe Larosa · ‎09-24-2021

Hello @Joseph W. Doherty ,

yes having more interfaces in the etherchannel would be better for performance, but we have to think that the ASR router needs also to connect to the internal enterprise network, so likely we need to think of two port-channel one going to the internet to the ISP and one going to the internal LAN switch ( firewalls or core switches I assume the Catalyst 3850 is not also the core switch but it may be).

The number of GE ports on an ASR 1000 is limited so likely the two port-channels may have two or three member links each but no more.

@toolshed1 : I hope I have understood your network scenario. My guess is that the ASR acts as Internet Edge router performing NAT or simply advertising your public subnets ( with NAT and more granular security implemented on an internal Firewall).

Hope to help

Giuseppe

Joseph W. Doherty · ‎09-24-2021

@Giuseppe Larosa

"we have to think that the ASR router needs also to connect to the internal enterprise network, so likely we need to think of two port-channel one going to the internet to the ISP and one going to the internal LAN switch "

That's an excellent point, i.e. to Etherchannel, we need to consider internal links too.

"The number of GE ports on an ASR 1000 is limited. . ."

True, but did OP identify ASR model? I also recall (?) some additional gig ports can be added to some low end models. (I further recall, some years back, in somewhat a similar situation, i.e. with one of low-end ASR1ks models, my company didn't want to spring for 10g interface license upgrade, so I was going to Etherchannel multiple gig interface. Recall [???] some limitations on the model I was using with Etherchannel. Before production rollout, though, company decided to go ahead with 10g licenses. [Which for OP, if you have 2 Gbps today, and a 10g link for possible future "easy" bandwidth upgrades, your company might want to reconsider getting 10g license, or, conversely, downgrade bandwidth "CIR" to gig since otherwise you're paying for bandwidth you cannot use.)

PS:

To OP, BTW, with dual Etherchannel, expect about a 50% effective bandwidth boost, not 100%, which you might otherwise expect. I.e. a dual gig Etherchannel, would normally provide about 1.5 Gbps effective bandwidth. (If you're wondering why, it's because Etherchannel doesn't take into account actual interface loading. I.e. one link can be over subscribed while other is idle.)

Joseph W. Doherty · ‎09-25-2021

PPS:

Re: using Etherchannel on an ASR with few ports

I recall what I intended to do was use the same physical interfaces, in an Etherchannel configuration, using subinterfaces for both my "inside" and "outside" interfaces. (Basically a classical one-arm router setup.)

Physically, of course, the Etherchannel would connect to the same switch, but the switch would have 10g interfaces for its "in" and "out".

My reasoning was often bidirectional traffic varies in bandwidth, so I could use/share the aggregate Etherchannel bandwidth for both "in" and "out".