Solved

which one will fit Policy map / Class map or Traffic shaping?

Posted on 2009-06-30
2
513 Views
Last Modified: 2012-05-07
the situation is I want to implement traffic regulation mechanism over MPLS network
there are two sites (site A, Site B)each with two different subnets (site A (VLAN-1, VLAN-2), Site B(VLAN-10, VLAN-20)) VLAN-1 communicates only with VLAN-10 and VLAN-2 cmmunicates only with VLAN-20.the bandwidth available for WAN is 30 MB
I want to limit the communication between VLAN-1 and VLAN-10 to not exceed 2 MB
I want to show that there is no communication between the local VLANs within the site(No inter vlan routing)

so which mechanism shall I follow:
Generic Traffic Shaping
OR Class-Based Shaping
OR Distributed Class-Based Shaping
OR Committed Access Rate
OR Class-Based Policing

And please provide me with the proper configuration
the platform in use are 3800 and 2800

Thanks in advance
######## Router-A ########

RTR-A#sh run

!

interface GigabitEthernet0/0.1

 description #GOING TO VLAN-1#

 encapsulation dot1Q 1

 ip address 10.1.1.1 255.255.255.0

 ip access-group 101 in

 duplex auto

 speed auto

 media-type rj45

!

interface GigabitEthernet0/0.2

 description #GOING TO VLAN-2#

 encapsulation dot1Q 2

 ip address 10.2.2.1 255.255.255.0

 ip access-group 102 in 

 duplex auto

 speed auto

 media-type rj45

!

interface GigabitEthernet0/1

 description CONNECT TO MPLS

 ip address 50.50.50.110 255.255.255.252

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip flow ingress

 duplex auto

 speed auto

 no mop enabled

!

!

router bgp 123

 no synchronization

 bgp log-neighbor-changes

 network 1.0.0.0

 neighbor 50.50.50.109 remote-as 456

 no auto-summary

!

!

access-list 101 remark VLAN-1_TO_VLAN-10

access-list 101 permit ip 10.1.1.0 0.0 0.255.255.255 20.10.10.0 0.0.0.255

access-list 101 deny ip 10.1.1.0 0.0 0.255.255.255 any

access-list 102 remark VLAN-2_TO_VLAN-20

access-list 102 permit ip 10.2.2.0 0.0 0.255.255.255 20.20.20.0 0.0.0.255

access-list 102 deny ip 10.2.2.0 0.0 0.255.255.255 any

!

!
 

######## Router-B ########

RTR-B#sh run

!

interface GigabitEthernet0/0.10

 description #GOING TO VLAN-10#

 encapsulation dot1Q 10

 ip address 20.10.10.1 255.255.255.0

 ip access-group 101 in

 duplex auto

 speed auto

 media-type rj45

!

interface GigabitEthernet0/0.20

 description #GOING TO VLAN-20#

 encapsulation dot1Q 20

 ip address 20.20.20.1 255.255.255.0

 ip access-group 102 in

 duplex auto

 speed auto

 media-type rj45

!

interface GigabitEthernet0/1

 description CONNECT TO MPLS

 ip address 70.70.70.110 255.255.255.252

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip flow ingress

 duplex auto

 speed auto

 no mop enabled

!

!

router bgp 123

 no synchronization

 bgp log-neighbor-changes

 network 20.0.0.0

 neighbor 70.70.70.109 remote-as 456

 no auto-summary

!

!

access-list 101 remark VLAN-10_TO_VLAN-1

access-list 101 permit ip 20.10.10.0 0.0.0.255 10.1.1.0 0.0 0.255.255.255

access-list 101 deny ip 20.10.10.0 0.0.0.255 any

access-list 102 remark VLAN-20_TO_VLAN-2

access-list 102 permit ip 20.20.20.0 0.0.0.255 10.2.2.0 0.0 0.255.255.255

access-list 102 deny ip 20.20.20.0 0.0.0.255 any

!

!

Open in new window

0
Comment
Question by:paintco
2 Comments
 
LVL 24

Accepted Solution

by:
Ken Boone earned 400 total points
ID: 24751397
You want to police the traffic to 2Mb between vlan 1 and 10.  Here are the commands for the first router.   You can do the recipricol commands on the other router.


! create acl to define traffic flow - vlan 1 to vlan 10
ip access-list extended vlan-1-10
permit ip 10.1.1.0 0.0.0.255 20.10.10.0 0.0.0.255

! create class map to define traffic we listed above
class-map MATCH-VLAN-1-10
match access-group name vlan-1-10

! create a policy map to police the matched traffic to 2Mb
policy-map THROTTLE-VLAN-1-10
class MATCH-VLAN-1-10
police 2000000

!  apply the policy map to the outbound interface
interface gig0/1
service-policy output THROTTLE-VLAN-1-10


As far as controlling inter vlan routing, you just need to do that with ACLs on the local router.
0
 
LVL 4

Assisted Solution

by:nasirsh
nasirsh earned 100 total points
ID: 24753017
For Bandwidth Limitation you can simply use

This controls the download
rate-limit input 2048000 2048000 2048000 conform-action transmit exceed-action drop

This controls the upload.
rate-limit output 2048000  2048000 2048000 conform-action transmit exceed-action drop

Aplpy it to any interface and have a go. In your case gi 0/1
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSL RA VPN 7 103
RIP Routing 5 59
Regarding command “deactivate snmp traceoptions” in Juniper 3 35
EIGRP STUB 19 41
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now