Solved

which one will fit Policy map / Class map or Traffic shaping?

Posted on 2009-06-30
2
514 Views
Last Modified: 2012-05-07
the situation is I want to implement traffic regulation mechanism over MPLS network
there are two sites (site A, Site B)each with two different subnets (site A (VLAN-1, VLAN-2), Site B(VLAN-10, VLAN-20)) VLAN-1 communicates only with VLAN-10 and VLAN-2 cmmunicates only with VLAN-20.the bandwidth available for WAN is 30 MB
I want to limit the communication between VLAN-1 and VLAN-10 to not exceed 2 MB
I want to show that there is no communication between the local VLANs within the site(No inter vlan routing)

so which mechanism shall I follow:
Generic Traffic Shaping
OR Class-Based Shaping
OR Distributed Class-Based Shaping
OR Committed Access Rate
OR Class-Based Policing

And please provide me with the proper configuration
the platform in use are 3800 and 2800

Thanks in advance
######## Router-A ########
RTR-A#sh run
!
interface GigabitEthernet0/0.1
 description #GOING TO VLAN-1#
 encapsulation dot1Q 1
 ip address 10.1.1.1 255.255.255.0
 ip access-group 101 in
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/0.2
 description #GOING TO VLAN-2#
 encapsulation dot1Q 2
 ip address 10.2.2.1 255.255.255.0
 ip access-group 102 in 
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1
 description CONNECT TO MPLS
 ip address 50.50.50.110 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 duplex auto
 speed auto
 no mop enabled
!
!
router bgp 123
 no synchronization
 bgp log-neighbor-changes
 network 1.0.0.0
 neighbor 50.50.50.109 remote-as 456
 no auto-summary
!
!
access-list 101 remark VLAN-1_TO_VLAN-10
access-list 101 permit ip 10.1.1.0 0.0 0.255.255.255 20.10.10.0 0.0.0.255
access-list 101 deny ip 10.1.1.0 0.0 0.255.255.255 any
access-list 102 remark VLAN-2_TO_VLAN-20
access-list 102 permit ip 10.2.2.0 0.0 0.255.255.255 20.20.20.0 0.0.0.255
access-list 102 deny ip 10.2.2.0 0.0 0.255.255.255 any
!
!
 
######## Router-B ########
RTR-B#sh run
!
interface GigabitEthernet0/0.10
 description #GOING TO VLAN-10#
 encapsulation dot1Q 10
 ip address 20.10.10.1 255.255.255.0
 ip access-group 101 in
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/0.20
 description #GOING TO VLAN-20#
 encapsulation dot1Q 20
 ip address 20.20.20.1 255.255.255.0
 ip access-group 102 in
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1
 description CONNECT TO MPLS
 ip address 70.70.70.110 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 duplex auto
 speed auto
 no mop enabled
!
!
router bgp 123
 no synchronization
 bgp log-neighbor-changes
 network 20.0.0.0
 neighbor 70.70.70.109 remote-as 456
 no auto-summary
!
!
access-list 101 remark VLAN-10_TO_VLAN-1
access-list 101 permit ip 20.10.10.0 0.0.0.255 10.1.1.0 0.0 0.255.255.255
access-list 101 deny ip 20.10.10.0 0.0.0.255 any
access-list 102 remark VLAN-20_TO_VLAN-2
access-list 102 permit ip 20.20.20.0 0.0.0.255 10.2.2.0 0.0 0.255.255.255
access-list 102 deny ip 20.20.20.0 0.0.0.255 any
!
!

Open in new window

0
Comment
Question by:paintco
2 Comments
 
LVL 24

Accepted Solution

by:
Ken Boone earned 400 total points
ID: 24751397
You want to police the traffic to 2Mb between vlan 1 and 10.  Here are the commands for the first router.   You can do the recipricol commands on the other router.


! create acl to define traffic flow - vlan 1 to vlan 10
ip access-list extended vlan-1-10
permit ip 10.1.1.0 0.0.0.255 20.10.10.0 0.0.0.255

! create class map to define traffic we listed above
class-map MATCH-VLAN-1-10
match access-group name vlan-1-10

! create a policy map to police the matched traffic to 2Mb
policy-map THROTTLE-VLAN-1-10
class MATCH-VLAN-1-10
police 2000000

!  apply the policy map to the outbound interface
interface gig0/1
service-policy output THROTTLE-VLAN-1-10


As far as controlling inter vlan routing, you just need to do that with ACLs on the local router.
0
 
LVL 4

Assisted Solution

by:nasirsh
nasirsh earned 100 total points
ID: 24753017
For Bandwidth Limitation you can simply use

This controls the download
rate-limit input 2048000 2048000 2048000 conform-action transmit exceed-action drop

This controls the upload.
rate-limit output 2048000  2048000 2048000 conform-action transmit exceed-action drop

Aplpy it to any interface and have a go. In your case gi 0/1
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question