01-17-2020 06:16 PM - edited 01-17-2020 06:17 PM
I want to limit downstream internet bandwidth for each customer. But need separate inter and domestic traffic.
And within a customer, all hosts will be share bandwidth together.
Everything looks good in my lab with this configuration below because my router in lab is IOS not IOS XR.
ip access-list extended acl_cust1_dl permit ip any 10.1.1.0 0.0.0.255 class-map match-all class_cust1_inter_dl match access-group name acl_cust1_dl match input-interface GigabitEthernet0/1 class-map match-all class_cust1_domestic_dl match access-group name acl_cust1_dl match input-interface GigabitEthernet0/4 policy-map policy_cust1_inter_dl_child class class_cust1_inter_dl bandwidth percent 99 policy-map policy_cust1_domestic_dl_child class class_cust1_domestic_dl bandwidth percent 99 policy-map policy_physical_dl class class_cust1_inter_dl shape average 100m service-policy policy_cust1_inter_dl_child class class_cust1_domestic_dl shape average 900m service-policy policy_cust1_domestic_dl_child interface GigabitEthernet0/3 service-policy output policy_physical_dl
BUT in my production I used ASR9K that doesn't support "match input-interface" in class-map.
Can anyone help me please?
Thanks in advance.
01-17-2020 06:33 PM - edited 01-17-2020 06:36 PM
Hi,
As long as you are matching customers network based on the network address, you really don't need to put match input-interface command.
so for your configuration, below will be enough to match the traffic.
class-map match-all class_cust1_inter_dl
match access-group name acl_cust1_dl
Test it, it should be working fine for sure.
01-17-2020 07:01 PM - edited 01-17-2020 07:09 PM
Thanks for reply, but I think your suggestion without match input-interface will not work for me.
Without match input-interface we cannot classify that which is inter or domestic traffic.
Do not forget: In this scenario, inter and domestic traffic are not equal in bandwidth limiting.
So I'm here to ask someone about solution that replace the match input-interface.
01-17-2020 11:47 PM
Hi,
As you aware, match input-interface command is not available with ASR9K as mentioned in below QOS command reference guide
You have still multiple options available like matching the traffic based on ACL where source and destination defined for each customer or you can use DSCP taggings where you can set the tag on the interfaces gi0/1 and gi0/4 with unique values like 10 or 12 for the traffic for domestic and internet and later use these tags for policing on gi0/3.
example config using DSCP Tags
class-map match-any class-cust1-dscptag
match access-group name acl_cust1_dl
!
policy-map policy_cust1_inter_dscptag
class class-cust1-dscptag
set dscp 10
!
policy-map policy_cust1_domes_dscptag
class class-cust1-dscptag
set dscp 12
interface gi0/1
service-policy input policy_cust1_inter_dscptag
interface gi0/4
service-policy input policy_cust1_domes_dscptag
!
class-map match-all class_cust1_inter_dl
match access-group name acl_cust1_dl
match dscp ipv4 10
!
class-map match-all class_cust1_domestic_dl
match access-group name acl_cust1_dl
match dscp ipv4 12
!
policy-map policy_cust1_inter_dl_child
class class_cust1_inter_dl
bandwidth percent 99
policy-map policy_cust1_domestic_dl_child
class class_cust1_domestic_dl
bandwidth percent 99
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide