Link to home
Start Free TrialLog in
Avatar of doulos2k
doulos2kFlag for United States of America

asked on

Bandwidth Shaping in a hodge podge network of multi-brand switches/routers

I manage a network where I wish to limit bandwidth usage from workstations for all traffic that travels outside the internal network. Here's what I have between the workstations and the outside world:

1. Cisco 2811 router (routes all traffic into network - including servers)
2. Dell 5212 Switch
3. Extreme Networks 200-48 switch
4. All workstations

We have ACLs set up on the router to control traffic in a macro state (one ACL for inbound, another for outbound). I have no ACLs or traffic shaping on the internal switches currently.

I've been frustrated trying to come up with the best way to ensure I only perform rate-limiting for bandwidth to/from workstations that travel external to the network. I thought the router would be a good place to perform this, but it appears I can only do this if I set up interface specific ACLs, which complicates management and it would still be macro (would be difficult to set this up so that it only affects the workstations).

My hope is that I would be able to configure one of the internal switches to perform the rate-limiting, but I'd need to have some way of ensuring it is only doing this to external traffic and not internal (don't want to rate limit people making copies to/from servers).
Avatar of rsivanandan
rsivanandan
Flag of India image

Still suggest you to go by the router itself and not complicate the internal traffic.

If the following is what you want to do;

1. Bandwidth/traffic shaping for all the outgoing traffic from workstations.

2. No shaping for any of the external facing servers.

Then it can't be done by using QoS, assuming that the servers do have static ip addresses.

Let me know if you'd like to go down that path.

Cheers,
rsivanandan
Sorry, read >>Then it can't be done by using QoS

as Then it can be done by using QoS

Cheers,
rsivanandan
In our situation you may want to experiment with host based traffic shaping. This way the burden of shaping is on the client, and you'll save the router from some cpu crunching (shaping is cpu intensive on non hardware switching platforms). You can use bandwidth controller for windows (http://bandwidthcontroller.com/trafficShaperXp.html) and the functionaly is built in the kernel for linux clients.

Cheers,
]\/[arco
Avatar of doulos2k

ASKER

rsivanandan - QoS would be my preference. What I'm trying to actually control are users hogging the inbound bandwidth. Due to reasons beyond my control, the web servers and the workstations share the same connection to the outside. A workstation running an application that doesn't play nice can literally hog all available bandwidth which starts causing timeouts for the web servers (of course).

It seems I could do this with WRED, but I'm not certain how to ensure it only affects the workstation subnet and then ONLY for external inbound traffic (I want to ensure that they can still use full internal network bandwidth for copies and the like).

I've attached an image that outlines the basic architecture.

The bonded T-1 is our only external internet connection. The ethernet connection to the backbone is the only connection from the internal network to the router. The backbone switch is the primary internal routing switch for all server and workstation traffic. The router most certainly appears the best place to perform this.

(marmata75 - thanks for the tip on trying host-based, but I'd prefer a solution that doesn't require all hosts to have third-part kernel-level software in place)
Sorry - file attached now.

BasicArch.jpg
ASKER CERTIFIED SOLUTION
Avatar of rsivanandan
rsivanandan
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
What is the most logical port to perform the QoS filtering... Serial inbound (Bonded T-1) or FastEthernet outbound to Backbone? The Serial already has two dedicated ACLs that handle all traffic as a group while the FastEthernet port is not currently using ACLs at all.
I'd say FastEthernet. This helps by churning traffic the moment it hits it (especially when the bandwidth is fully utilized). On the other hand if we apply it on the serial interface, it is done only after all the processing is done.

Cheers,
rsivanandan