Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1314
  • Last Modified:

Aggregate Bandwidth Rate Limiting with CiR/CAR Rate Limiting

Hello,

I am looking for a solution to do traffic-shaping and rate limiting on an aggregate port-based / traffic path basis...

Here is the problem; my ISP has allocated us a block of 16 static IPs on a 2 Mb up/down connection. However, they control the routing, and we do not have access to the router to do any kind of QoS, etc.

Let's say that I have 6 devices attached to this network using the static IPs. Naturally, since I only have one wire coming down from the router, they must be connected to a switch. Unfortunately this allows me zero percent control over the QoS and badnwidth that the various devices use.

The trouble comes in that one of those devices is a video conference endpoint that I want to dedicate 1 Mb of bandwidth to. Of course, using an inexpensive switch with rate-limiting capbilities, I can throttle the bandwidth; I could rate-limit each of the 5 other devices to 200k each; this would ensure that I always have 1Mb available to the conference unit.

The obvious solution here is to develop some kind of aggregate policy, say, the sum of ports 1 through 6 must not exceed 2Mb, and port 6 (The VC device) must have a commited information rate of 1Mb (But if the unit is not in use, then the whole 2Mb should be available to the other ports) This becomes slightly more complex when you realize that the traffic from the other 5 devices may potentially be flowing between each other; thus you cannot simply police the sum of the ingress and egress traffic on the ports.

The ultimate solution would allow for policing of the traffic flowing from ports 1-6 to port 8 where the  router is connected, but not any of the traffic flowing between any of ports 1-6 to each other.

The more I think about this, the more complex it appears, yet it seems to me a situation that would be rather common. (3 of the 4 network locations I manage have this issue, and I can see many other network managers having similar issues)

Does anyone know of an elegant solution? I can't seem to find a layer 2 switch that can do what I'm looking for, and although it appears there are a few layer 3 switches that could, they all have far more than the 8 to 16 ports necessary and are quite costly. Thoughts?
0
matheweis
Asked:
matheweis
  • 3
  • 3
  • 2
  • +1
3 Solutions
 
rsivanandanCommented:
The level of control you want would only be available in enterprise class switches and they are going to be costly.

How about thinking of a software that can be installed on all the 6 computers (since it is going to be only 6 in number) ?

www.netlimiter.com

Take a look at it and see if it would help you.

Cheers,
Rajesh
0
 
mikecrCommented:
Would you be interested in an inline device?

http://www.packeteer.com/
0
 
matheweisAuthor Commented:
rsivanandan:
What enterprise switches do have the capability; just so I can know what I'm looking for...?

Software isn't a valid solution - the 6 devices include a NAT router, a hardware video conference device, a Linux server, and 3 Windows servers. Also, I need to be able to dynamically adjust bandwidth delivered to each device in direct relation to the bandwidth being used by the other devices. It's really a pretty complex problem.

mikecr:
I would be interested in an inline device; note that a switch would essentially be an inline device. Also, I have been testing the Hawking HBB1 device, which makes things bearable but ultimately still doesn't work. http://www.hawkingtech.com/products/productlist.php?CatID=36&FamID=80&ProdID=216

Hmm, the Packeteer PacketShaper device with the Traffic Shaping module looks like it has a lot of potential. It depends on how configurable it is.

0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
mikecrCommented:
The Packateer is extremely configurable, down to giving no access at all. They can be a bit pricey but I can guarantee, you'll get what you pay for. They will send you one to test I believe for 30 days or something like that.
0
 
Jim_CoyneCommented:
Just to give you a workable solution, this would reserve 1.5 meg for video and audio, give HTTP 250K and anything else 250K. ofcourse this is just an example, you could tweak the bandwidth and also add a police statement to drop traffic.

Cisco 3550, 3560 or 3750

put 1 - 6 in vlan 1
int range fa0/1 - 6
switchport mode access

put 8 in vlan 2
int fa0/8
switchport mode access

setup routing
ip routing
ip route 0.0.0.0 0.0.0.0 x.x.x.x (x.x.x.x is the internet router)
int vlan 1
ip address x.x.x.x
int vlan 2
ip address x.x.x.x

classify traffic (video and voice)

class-map match-any REALTIME
match protocol h323
match protocol rtp
match protocol rtlp
match protocol realaudio

classify http taffic

class-map match-any HTTP
match protocol http

Create the policy

policy-map MYPOLICY
class REALTIME
bandwidth 1500
class HTTP
bandwidth 250
class class-default
bandwidth 250

apply the policy:
int vlan2
service-policy MYPOLICY out

 
0
 
rsivanandanCommented:
Matheweis,

  Cisco routers, as you an see above from Jim's config example.

Cheers,
Rajesh
0
 
mikecrCommented:
Seriously if you think about it, if you don't have control over the router, anyone on the inside could initiate a large download that could create a problem. The QoS policy is good, but you need to police whats coming in also.
0
 
Jim_CoyneCommented:
policy-map MYPOLICY
class REALTIME
bandwidth 1500
class HTTP
bandwidth 250
class class-default
bandwidth 250
  police cir 250   <----------------------------------------- Just add the commands, if you want to police
     conform-action transmit
     exceed-action drop
0
 
matheweisAuthor Commented:
After several months of experimenting and testing in my limited spare time, it turns out that mikecr's solution was exactly what I was looking for, and in fact the only way to do it as far as I can still find.... too bad the Packeteer devices are as expensive as they are.

Jim_Coyne gets some points for an alternative option, even though it wasn't quite what I was after, but would have worked in some different scenarios.
0
 
matheweisAuthor Commented:
Specifically, Jim_Coyne's solution would work, but leave that bandwidth reserved for video all the time. I was after a solution that would make that 1500k of bandwidth available for other uses such as HTTP when the video was not in use, which the above Cisco configuration does not do.

The Packateer device, however, does this perfectly.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now