cwiggler
asked on
Bandwidth Limiting on per IP basis
Hi all,
I'm confused with the bandwidth limit that i did, maybe anyone can clear my mind to this. I tried to limit bandwith on a specific IP address and here's what i did.
access-list 101 permit ip host 10.10.10.5 any
access-list 101 permit ip any host 10.10.10.5
int E0/0 -> attached to switch
traffic-shape group 101 512000
Now my question is, based on the traffic-shape statistics, I got alot of packets delayed and bytes delayed since bandwidth traffic in the router is very low.
5 minute input rate 231000 bits/sec and 5 minute output rate 158000 bits/sec.
router#sh traffic-shape statistics
Access Queue Packets Bytes Packets Bytes Shaping
I/F List Depth Delayed Delayed Active
Et0/0 101 0 14440 13493717 4200 4759171 yes
Sometimes, Shaping Active turns to no, why?
How did this packets being delayed since input rate and output rate is very low.
Any recommendation for a good and stable bandwidth limiting, im running cisco 2611 with an IOS 12.1(6).
TIA
Sorry im new here so I could only give 100 points. :)
I'm confused with the bandwidth limit that i did, maybe anyone can clear my mind to this. I tried to limit bandwith on a specific IP address and here's what i did.
access-list 101 permit ip host 10.10.10.5 any
access-list 101 permit ip any host 10.10.10.5
int E0/0 -> attached to switch
traffic-shape group 101 512000
Now my question is, based on the traffic-shape statistics, I got alot of packets delayed and bytes delayed since bandwidth traffic in the router is very low.
5 minute input rate 231000 bits/sec and 5 minute output rate 158000 bits/sec.
router#sh traffic-shape statistics
Access Queue Packets Bytes Packets Bytes Shaping
I/F List Depth Delayed Delayed Active
Et0/0 101 0 14440 13493717 4200 4759171 yes
Sometimes, Shaping Active turns to no, why?
How did this packets being delayed since input rate and output rate is very low.
Any recommendation for a good and stable bandwidth limiting, im running cisco 2611 with an IOS 12.1(6).
TIA
Sorry im new here so I could only give 100 points. :)
The rate you see is an average, shaping prevents the actual rate from ever exceeding the limit, so while your average may be low, a few burst may have been throttled.
ASKER
Is the bandwidth shaping on Ethernet interface is fine? how about my access-list, could it throttle the bandwith going out for that specific IP address or I am shaping the whole Interface?
You're limiting traffic from the one host only, assuming that address is not a firewall or router interface.
ASKER
Some more please. =)
ASKER
Last question. what does access-list 101 do? is it filtering incoming, outgoing or both? im my idea, 101 is for incoming, am i filtering incoming only?
ASKER
Last question. what does access-list 101 do? is it filtering incoming, outgoing or both? im my idea, 101 is for incoming, am i filtering incoming only?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try Rate-Limit ... It works both ways ... (i.e. inbound and outbound)
ASKER
Sheahmed can you give me an example how to do the rate-limit on per IP basis?
cwiggle, rate-limit is more flexible and deeper then traffic shaping, here you can define actions to be taken on reaching the limit ...
router(config-if)# rate-limit input access-group 101 32000 8000 16000 conform-action transmit exceed-action drop
here ...
access-group 101 is the traffic which will be limited to 32k ...
8000 is normal burst size
16000 is excess burt size
i would like you to study topics of CAR (Committed Access Rate) supported by cisco on web to explore the features of rate-limit ...
Regards,
Sheeraz Ahmed
router(config-if)# rate-limit input access-group 101 32000 8000 16000 conform-action transmit exceed-action drop
here ...
access-group 101 is the traffic which will be limited to 32k ...
8000 is normal burst size
16000 is excess burt size
i would like you to study topics of CAR (Committed Access Rate) supported by cisco on web to explore the features of rate-limit ...
Regards,
Sheeraz Ahmed
ASKER
Hi Sheeraz,
What should be the access-list use for rate-limit? can i use my access-list sample?
Your example is for the input, can i use the rate-limit output access-group 101 32000 8000 16000 ?
can you compare the rate-limit and traffic-shape in terms of memory utilization?
Thanks
Cwiggler
What should be the access-list use for rate-limit? can i use my access-list sample?
Your example is for the input, can i use the rate-limit output access-group 101 32000 8000 16000 ?
can you compare the rate-limit and traffic-shape in terms of memory utilization?
Thanks
Cwiggler
Yes cwiggler, Rate-Limit works both ways ... and you can implement it for your output as well ...
i will recommend it to traffic shape or rate limit on two different interfaces ... like if you are implementing it on FastEth for inbound, then ...
access-list 101 permit ip host 10.10.10.5 any
and if you are implementing it on Serial for inbound,
then ...
access-list 109 permit ip any host 10.10.10.5
if 10.10.10.5 is your VoIP device? then access-list if fine ...
i will recommend it to traffic shape or rate limit on two different interfaces ... like if you are implementing it on FastEth for inbound, then ...
access-list 101 permit ip host 10.10.10.5 any
and if you are implementing it on Serial for inbound,
then ...
access-list 109 permit ip any host 10.10.10.5
if 10.10.10.5 is your VoIP device? then access-list if fine ...
cwiggler, kindly skip this line
"if 10.10.10.5 is your VoIP device? then access-list if fine ... "
i merged another query with this one ... sorry
if your host is 10.10.10.5, then access-list is fine ... and as far as the cpu load is concerned ... it increases only when the threshold is reached, and shaping or limiting is in progress ... traffic shaping is lighter than the rate-limit ... but u better monitor it ...
"if 10.10.10.5 is your VoIP device? then access-list if fine ... "
i merged another query with this one ... sorry
if your host is 10.10.10.5, then access-list is fine ... and as far as the cpu load is concerned ... it increases only when the threshold is reached, and shaping or limiting is in progress ... traffic shaping is lighter than the rate-limit ... but u better monitor it ...
ASKER
Hi sheadmed,
I tried to implement the rate-limit on my router E0 which is facing the Lan. I set a specific bandwith to a specific IP address. I monitored the input rate(5 minutes) of E0.
I have a question. Why is it that 5 minute input rate goes higher to 1MB since I set 512 to a specific IP address and that the only IP address is using the bandwidth. can you explain it to me further why?
Btw, 10.10.10.5 gateway of a seperate network. I also have an MRTG and I could see a high bandwidth consumption on the router E0.
Can i ask your yahoo id or msn id, so I could we talk on private?
thanks
Cwiggler
I tried to implement the rate-limit on my router E0 which is facing the Lan. I set a specific bandwith to a specific IP address. I monitored the input rate(5 minutes) of E0.
I have a question. Why is it that 5 minute input rate goes higher to 1MB since I set 512 to a specific IP address and that the only IP address is using the bandwidth. can you explain it to me further why?
Btw, 10.10.10.5 gateway of a seperate network. I also have an MRTG and I could see a high bandwidth consumption on the router E0.
Can i ask your yahoo id or msn id, so I could we talk on private?
thanks
Cwiggler
u implemented that rate-limit for both inbound and outbound traffic?
what was your excess and normal busrst size?
my id is <edited by AnnieMod for user privacy>
what was your excess and normal busrst size?
my id is <edited by AnnieMod for user privacy>
Hi!
I know I found your question a bit late but I just wanted to tell you this: Consider using traffic-shaping instead of rate-limit. Rate-limit is not designed to limit/shape traffic in the same nice way as traffic-shaping is.
I know I found your question a bit late but I just wanted to tell you this: Consider using traffic-shaping instead of rate-limit. Rate-limit is not designed to limit/shape traffic in the same nice way as traffic-shaping is.
Hi,
I have same problem below my config
interface FastEthernet0
description $$$$ Lan $$$$
ip address 192.168.2.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet1
description ######## Internet #########
ip address 192.168.0.10 255.255.255.0
ip nat outside
ip virtual-reassembly
rate-limit input access-group 101 96000 24000 48000 conform-action transmit exc
eed-action drop
rate-limit output access-group 101 96000 24000 480000 conform-action transmit e
xceed-action drop
duplex auto
speed auto
ip nat pool IP_NAT 192.168.0.11 192.168.0.11 netmask 255.255.255.0
ip nat inside source list 100 pool IP_NAT overload
!
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip host 192.168.2.10 any
Above is my config but it's not working if any apply access-list 101 permit ip any any it appling for all host and it's working fine.
Kindly suggest which will be the right command
Hi,
I have same problem below my config
interface FastEthernet0
description $$$$ Lan $$$$
ip address 192.168.2.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet1
description ######## Internet #########
ip address 192.168.0.10 255.255.255.0
ip nat outside
ip virtual-reassembly
rate-limit input access-group 101 96000 24000 48000 conform-action transmit exc
eed-action drop
rate-limit output access-group 101 96000 24000 480000 conform-action transmit e
xceed-action drop
duplex auto
speed auto
ip nat pool IP_NAT 192.168.0.11 192.168.0.11 netmask 255.255.255.0
ip nat inside source list 100 pool IP_NAT overload
!
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip host 192.168.2.10 any
Above is my config but it's not working if any apply access-list 101 permit ip any any it appling for all host and it's working fine.
Kindly suggest which will be the right command