?
Solved

Bandwidth limit doesn't work correct in 3640. Why?

Posted on 2003-03-27
11
Medium Priority
?
384 Views
Last Modified: 2012-08-13
I do have 3640 with 2x T1 lines connected two T1 csu/dsu modules (serial 0/0 and 0/1). Total bandwidth is 3M bit/s.

I would like to limit a group of IP addresses to 512K bit/s. My 3640 has two FastEthernet ports 0/0 and 0/1 but Im using just one of them (0/0). All my customers are connected to FastEth 0/0.

An example:

access-list 50 permit 20.20.20.20
access-list 50 permit 20.20.20.10 0.0.0.255

interface fastethernet 0/0
 rate-limit input access-group 50 512000 512000 512000 conform-action transmit exceed-action drop

interface serial 0/0
 traffic-shape group 50 256000

interface serial 0/1
 traffic-shape group 50 256000

With that configuration all customers included in access-list 50 should not receive more then 512K bit/s. Is that right?

Im doing something totally wrong because when Im testing a machine in access-list 50 with speed test (for high speed ex: T1, DSL, cable) from http://bandwidthplace.com/speedtest/, test report is: 1 megabits per second which is 124.3 kilobytes per second. How come when I limited it to 512K bit/s Im having 1000M bit/s?
0
Comment
Question by:jozatan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 8220145
G'day, jozatan
>  rate-limit input access-group 50 512000 512000 512000
This says that you want 512k, but it can burst in 512k increments for a max burst of 512, so 1Mb is the expected max.
Try changing it to simply:
rate-limit input access-group 50 512000

Cheers!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8220215
By the way, welcome to EE!!
0
 
LVL 2

Author Comment

by:jozatan
ID: 8220275
Thanks!

ROUTER(config-if)#rate-limit input access-group 50 512000
% Incomplete command.
ROUTER(config-if)#
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 79

Expert Comment

by:lrmoore
ID: 8220337
Try:
rate-limit input access-group 50 512000 0 0
0
 
LVL 2

Author Comment

by:jozatan
ID: 8221191
<8000-2000000000>  Bits per second
<1000-512000000>  Normal burst bytes
<2000-1024000000>  Maximum burst bytes

I have IOS 12.2-15.T which is ip only.

Maybe my way of testing those rules is not accurate.
Any suggestions how to test the bandwidth?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8221339
Give it to 'em this way:
rate-limit input access-group 50 500000 8000 512000 conform-action transmit exceed-action drop

you need to do it both inbound and outbound. What you're limiting with this is only outbound (input INto the Ethernet interface)

If they downloads are what you want to limit, not uploads:
rate-limit output access-group 50 500000 12000 512000 conform-action transmit exceed-action drop
0
 
LVL 2

Author Comment

by:jozatan
ID: 8221482
I do agree. It's only inbound. If I apply the same rule but for outbound traffic it didn't match a single packet. Don't know why. Check this:

 rate-limit input access-group 50 496000 8000 512000 conform-action transmit exceed-action drop
 rate-limit output access-group 50 496000 8000 512000 conform-action transmit exceed-action drop

and the stats regarding these rules above:

FastEthernet0/0
  Input
    matches: access-group 50
      params:  496000 bps, 8000 limit, 512000 extended limit
      conformed 14984 packets, 1338648 bytes; action: transmit
      exceeded 0 packets, 0 bytes; action: drop
      last packet: 32ms ago, current burst: 0 bytes
      last cleared 00:06:41 ago, conformed 26000 bps, exceeded 0 bps
  Output
    matches: access-group 50
      params:  496000 bps, 8000 limit, 512000 extended limit
      conformed 0 packets, 0 bytes; action: transmit
      exceeded 0 packets, 0 bytes; action: drop
      last packet: 5457988ms ago, current burst: 0 bytes
      last cleared 00:06:29 ago, conformed 0 bps, exceeded 0 bps

Still inbound traffic is not ... hmm limited to 512K bit/s.
I went to www.kernel.org and I am downloading different linux kernel everytime. Speed is 75 - 100K bit/s. Great isn't it?

As you can see in stats there is not single packet droped. I have no clue why. I'm sure I was on the computer downloading with speed more then 512K bit/s (which is 64K byte/s).

Something is totally wrong and I cannot find what.
Here on cisco's site they have a document regarding traffic-shape. I can apply it but it doesn't work too.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800bd8ef.html

What shell I do? This is not happening.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8221523
inbound traffic is not matching your acl
Duh! I should have realized that...

try changing the inbound acl from 50 to 150

access-list 150 permit ip any 20.20.20.10 0.0.0.255
rate-limit output access-group 150 496000 8000 512000 conform-action transmit exceed-action drop


0
 
LVL 79

Accepted Solution

by:
lrmoore earned 200 total points
ID: 8221540
We can also change the traffic shape groups on the serial interfaces so that it matches all traffic to/from that subnet

access-list 151 permit ip 20.20.20.0 0.0.0.255 any
access-list 151 permit ip any 20.20.20.0 0.0.0.255

interface serial 0/0
traffic-shape group 151 256000

0
 
LVL 2

Author Comment

by:jozatan
ID: 8222135
Thanks a bunch, Imoore! You really helped me a lot when I was lost! I know for some people from aside it doesn't look a big deal, but we all know when we're working too much on something sometimes we're lost.

I did both "rate-limit" and "traffic-shape" with one list:

1) to both serials: traffic-shape group 151 256000
2) to eth: rate-limit output 151 496000 8000 512000 ...

Maybe will be a good idea to apply rate-limit to eth input also, but I can do that later.

Again, thanks!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8222175
Glad to help...

Cheers!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question