Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Limit network bandwidth (PIX 515E OS 7.2.1 & Dell PowerConnect 5324)

Posted on 2006-10-19
9
Medium Priority
?
1,441 Views
Last Modified: 2012-05-05
I have a server on my network that I need to limit the bandwidth on.  Presently it is behind a Cisco PIX 515E (running 7.2.1) and attached to a Dell PowerConnect 5324 switch.  I need to be able to cap the bandwidth at 256kbps for the port, I dont really care where I apply the limit but need to make this happen.
0
Comment
Question by:innotionent
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
9 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 17771251
The PIX can't help you, and I don't know if the PowerConnect switch can do bandwidth policing.
If the server is Windows 2003 it has QoS settings that can throttle it..
http://technet2.microsoft.com/WindowsServer/en/library/a9b9d7f3-ff08-4c49-b8a7-b92e9ce080101033.mspx?mfr=true
http://technet2.microsoft.com/WindowsServer/en/library/450c1fec-d358-42f4-b7e4-18b3f47ef6ff1033.mspx?mfr=true
0
 
LVL 5

Author Comment

by:innotionent
ID: 17771260
I looked at both of those documents and I dont see where it says I can set the maximum throughput on the interface.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17771302
Well... I may have thrown you a red herring . . . I'll have to research that one a bit more.
However, the Dell switch is capable of QoS and WRR which should allow you to identify, tag, and pseudo rate-limit traffic from this server on the switch.
http://docs.us.dell.com/support/edocs/network/pc5324/en/UG/qos.htm#1133796
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 5

Author Comment

by:innotionent
ID: 17771312
I read all of that, does that actually work? If I understand it correctly I dump all of the traffic into one QoS category and then I can assign a rate limit to that?
0
 
LVL 10

Expert Comment

by:Joesmail
ID: 17771516
Pix v7.0+ does do both policing of the traffic (rate limiting) or QoS.  The newer v7.2 can even add the l2l QoS parameters for you site to site vpn traffic.
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/qos.htm#wp1043440

Check the policing section for what you want.
0
 
LVL 5

Author Comment

by:innotionent
ID: 17773480
Joesmail, that looks really close to what I am trying to do, but it doens't look like its a cap on the entire interface (or VLAN in my case) is that possible?
0
 
LVL 10

Accepted Solution

by:
Joesmail earned 2000 total points
ID: 17780495
Hi Inno,

Policing and QoS are applied to an interface although it can be any traffic you setup in the class map.  You need to sit down and read this document in its entirety.  It’s important to understand some of the examples without going into QoS design. Its always good design to use the "class-default" at the end of any policy-map.  I am only offering a guide below as most of the QoS I put in place is for VOIP over VPN's (no special servers).  If the server is the only device attached to one of the PIX interfaces just apply it to that interface.  Otherwise you might want to think a little harder about exactly what you want the traffic applying to if you map it to the outside interface.

To get you on the right track...You need to define the class-map using your traffic.  In your case you only want to police a server.  You can approach this in several ways although just adding a simple access-list with the ip address of the server will probably work for you.

e.g.
hostname(config)# access-list my_special_server permit tcp host 192.168.1.1 any
hostname(config)# class-map my_special_server
hostname(config-cmap)# match access-list my_special_server

- then create the police map with this class-map and the class-map default (as mentioned above you might want to think of others in this list).

e.g.  (256k for for special server, 1gb the rest.)
hostname(config)# policy-map restrict_special_server
hostname(config-pmap)# class my_special_server
hostname(config-pmap-c)# police output 256000 20000
hostname(config-pmap-c)# class class-default
hostname(config-pmap-c)# police output 1000000 37500

- then apply it to a interface....int fa0/1 or "outside".  You probably only want to poice the traffic output, unless its a highend web server?

e.g.
service-policy restrict_special_server interface outside

Don't try to play with the DSCP values you assign to traffic or search for in packets unless you get familiar with it.  God knows I have some issues trying to use these on different Cisco devices as there are certain rules you have to follow e.g. Cisco 3550 can only apply these to traffic flowing out an interface etc..etc..

Play around with the access-list and matching traffic and remember to use the "sh service-policy police" and "sh run policy-map" to make sure everything is working ok.

Good luck.
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question