Solved

which one will fit Policy map / Class map or Traffic shaping?

Posted on 2009-06-30
2
512 Views
Last Modified: 2012-05-07
the situation is I want to implement traffic regulation mechanism over MPLS network
there are two sites (site A, Site B)each with two different subnets (site A (VLAN-1, VLAN-2), Site B(VLAN-10, VLAN-20)) VLAN-1 communicates only with VLAN-10 and VLAN-2 cmmunicates only with VLAN-20.the bandwidth available for WAN is 30 MB
I want to limit the communication between VLAN-1 and VLAN-10 to not exceed 2 MB
I want to show that there is no communication between the local VLANs within the site(No inter vlan routing)

so which mechanism shall I follow:
Generic Traffic Shaping
OR Class-Based Shaping
OR Distributed Class-Based Shaping
OR Committed Access Rate
OR Class-Based Policing

And please provide me with the proper configuration
the platform in use are 3800 and 2800

Thanks in advance
######## Router-A ########

RTR-A#sh run

!

interface GigabitEthernet0/0.1

 description #GOING TO VLAN-1#

 encapsulation dot1Q 1

 ip address 10.1.1.1 255.255.255.0

 ip access-group 101 in

 duplex auto

 speed auto

 media-type rj45

!

interface GigabitEthernet0/0.2

 description #GOING TO VLAN-2#

 encapsulation dot1Q 2

 ip address 10.2.2.1 255.255.255.0

 ip access-group 102 in 

 duplex auto

 speed auto

 media-type rj45

!

interface GigabitEthernet0/1

 description CONNECT TO MPLS

 ip address 50.50.50.110 255.255.255.252

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip flow ingress

 duplex auto

 speed auto

 no mop enabled

!

!

router bgp 123

 no synchronization

 bgp log-neighbor-changes

 network 1.0.0.0

 neighbor 50.50.50.109 remote-as 456

 no auto-summary

!

!

access-list 101 remark VLAN-1_TO_VLAN-10

access-list 101 permit ip 10.1.1.0 0.0 0.255.255.255 20.10.10.0 0.0.0.255

access-list 101 deny ip 10.1.1.0 0.0 0.255.255.255 any

access-list 102 remark VLAN-2_TO_VLAN-20

access-list 102 permit ip 10.2.2.0 0.0 0.255.255.255 20.20.20.0 0.0.0.255

access-list 102 deny ip 10.2.2.0 0.0 0.255.255.255 any

!

!
 

######## Router-B ########

RTR-B#sh run

!

interface GigabitEthernet0/0.10

 description #GOING TO VLAN-10#

 encapsulation dot1Q 10

 ip address 20.10.10.1 255.255.255.0

 ip access-group 101 in

 duplex auto

 speed auto

 media-type rj45

!

interface GigabitEthernet0/0.20

 description #GOING TO VLAN-20#

 encapsulation dot1Q 20

 ip address 20.20.20.1 255.255.255.0

 ip access-group 102 in

 duplex auto

 speed auto

 media-type rj45

!

interface GigabitEthernet0/1

 description CONNECT TO MPLS

 ip address 70.70.70.110 255.255.255.252

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip flow ingress

 duplex auto

 speed auto

 no mop enabled

!

!

router bgp 123

 no synchronization

 bgp log-neighbor-changes

 network 20.0.0.0

 neighbor 70.70.70.109 remote-as 456

 no auto-summary

!

!

access-list 101 remark VLAN-10_TO_VLAN-1

access-list 101 permit ip 20.10.10.0 0.0.0.255 10.1.1.0 0.0 0.255.255.255

access-list 101 deny ip 20.10.10.0 0.0.0.255 any

access-list 102 remark VLAN-20_TO_VLAN-2

access-list 102 permit ip 20.20.20.0 0.0.0.255 10.2.2.0 0.0 0.255.255.255

access-list 102 deny ip 20.20.20.0 0.0.0.255 any

!

!

Open in new window

0
Comment
Question by:paintco
2 Comments
 
LVL 24

Accepted Solution

by:
Ken Boone earned 400 total points
ID: 24751397
You want to police the traffic to 2Mb between vlan 1 and 10.  Here are the commands for the first router.   You can do the recipricol commands on the other router.


! create acl to define traffic flow - vlan 1 to vlan 10
ip access-list extended vlan-1-10
permit ip 10.1.1.0 0.0.0.255 20.10.10.0 0.0.0.255

! create class map to define traffic we listed above
class-map MATCH-VLAN-1-10
match access-group name vlan-1-10

! create a policy map to police the matched traffic to 2Mb
policy-map THROTTLE-VLAN-1-10
class MATCH-VLAN-1-10
police 2000000

!  apply the policy map to the outbound interface
interface gig0/1
service-policy output THROTTLE-VLAN-1-10


As far as controlling inter vlan routing, you just need to do that with ACLs on the local router.
0
 
LVL 4

Assisted Solution

by:nasirsh
nasirsh earned 100 total points
ID: 24753017
For Bandwidth Limitation you can simply use

This controls the download
rate-limit input 2048000 2048000 2048000 conform-action transmit exceed-action drop

This controls the upload.
rate-limit output 2048000  2048000 2048000 conform-action transmit exceed-action drop

Aplpy it to any interface and have a go. In your case gi 0/1
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now