Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

which one will fit Policy map / Class map or Traffic shaping?

Posted on 2009-06-30
2
Medium Priority
?
520 Views
Last Modified: 2012-05-07
the situation is I want to implement traffic regulation mechanism over MPLS network
there are two sites (site A, Site B)each with two different subnets (site A (VLAN-1, VLAN-2), Site B(VLAN-10, VLAN-20)) VLAN-1 communicates only with VLAN-10 and VLAN-2 cmmunicates only with VLAN-20.the bandwidth available for WAN is 30 MB
I want to limit the communication between VLAN-1 and VLAN-10 to not exceed 2 MB
I want to show that there is no communication between the local VLANs within the site(No inter vlan routing)

so which mechanism shall I follow:
Generic Traffic Shaping
OR Class-Based Shaping
OR Distributed Class-Based Shaping
OR Committed Access Rate
OR Class-Based Policing

And please provide me with the proper configuration
the platform in use are 3800 and 2800

Thanks in advance
######## Router-A ########
RTR-A#sh run
!
interface GigabitEthernet0/0.1
 description #GOING TO VLAN-1#
 encapsulation dot1Q 1
 ip address 10.1.1.1 255.255.255.0
 ip access-group 101 in
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/0.2
 description #GOING TO VLAN-2#
 encapsulation dot1Q 2
 ip address 10.2.2.1 255.255.255.0
 ip access-group 102 in 
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1
 description CONNECT TO MPLS
 ip address 50.50.50.110 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 duplex auto
 speed auto
 no mop enabled
!
!
router bgp 123
 no synchronization
 bgp log-neighbor-changes
 network 1.0.0.0
 neighbor 50.50.50.109 remote-as 456
 no auto-summary
!
!
access-list 101 remark VLAN-1_TO_VLAN-10
access-list 101 permit ip 10.1.1.0 0.0 0.255.255.255 20.10.10.0 0.0.0.255
access-list 101 deny ip 10.1.1.0 0.0 0.255.255.255 any
access-list 102 remark VLAN-2_TO_VLAN-20
access-list 102 permit ip 10.2.2.0 0.0 0.255.255.255 20.20.20.0 0.0.0.255
access-list 102 deny ip 10.2.2.0 0.0 0.255.255.255 any
!
!
 
######## Router-B ########
RTR-B#sh run
!
interface GigabitEthernet0/0.10
 description #GOING TO VLAN-10#
 encapsulation dot1Q 10
 ip address 20.10.10.1 255.255.255.0
 ip access-group 101 in
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/0.20
 description #GOING TO VLAN-20#
 encapsulation dot1Q 20
 ip address 20.20.20.1 255.255.255.0
 ip access-group 102 in
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1
 description CONNECT TO MPLS
 ip address 70.70.70.110 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 duplex auto
 speed auto
 no mop enabled
!
!
router bgp 123
 no synchronization
 bgp log-neighbor-changes
 network 20.0.0.0
 neighbor 70.70.70.109 remote-as 456
 no auto-summary
!
!
access-list 101 remark VLAN-10_TO_VLAN-1
access-list 101 permit ip 20.10.10.0 0.0.0.255 10.1.1.0 0.0 0.255.255.255
access-list 101 deny ip 20.10.10.0 0.0.0.255 any
access-list 102 remark VLAN-20_TO_VLAN-2
access-list 102 permit ip 20.20.20.0 0.0.0.255 10.2.2.0 0.0 0.255.255.255
access-list 102 deny ip 20.20.20.0 0.0.0.255 any
!
!

Open in new window

0
Comment
Question by:paintco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 25

Accepted Solution

by:
Ken Boone earned 1200 total points
ID: 24751397
You want to police the traffic to 2Mb between vlan 1 and 10.  Here are the commands for the first router.   You can do the recipricol commands on the other router.


! create acl to define traffic flow - vlan 1 to vlan 10
ip access-list extended vlan-1-10
permit ip 10.1.1.0 0.0.0.255 20.10.10.0 0.0.0.255

! create class map to define traffic we listed above
class-map MATCH-VLAN-1-10
match access-group name vlan-1-10

! create a policy map to police the matched traffic to 2Mb
policy-map THROTTLE-VLAN-1-10
class MATCH-VLAN-1-10
police 2000000

!  apply the policy map to the outbound interface
interface gig0/1
service-policy output THROTTLE-VLAN-1-10


As far as controlling inter vlan routing, you just need to do that with ACLs on the local router.
0
 
LVL 4

Assisted Solution

by:nasirsh
nasirsh earned 300 total points
ID: 24753017
For Bandwidth Limitation you can simply use

This controls the download
rate-limit input 2048000 2048000 2048000 conform-action transmit exceed-action drop

This controls the upload.
rate-limit output 2048000  2048000 2048000 conform-action transmit exceed-action drop

Aplpy it to any interface and have a go. In your case gi 0/1
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question