Solved

Traffic Shaping/QoS with Bandwidth Limiting and Burst

Posted on 2010-09-15
7
1,084 Views
Last Modified: 2012-05-10
I'm looking for a router or L3 switch that provides ingress/egress rate limiting with bursting.  I've looked at the Cisco Catalyst 3750 and 3560 L3 switches but they don't appear to have true egress rate limiting capabilities (although the EMI image might provide additional capability?).  

Our scenario is fairly straightforward - we've got a fiber to copper optical network hand-off.  We're trying to determine the best solution to segment the network into VLANs so that each has a dedicated portion of the total WAN pipe (this will most likely be even among all VLAN interfaces but I don't think this matters).  After

Would someone be able to provide confirmation as to what L3 switch and/or routers would be able to provide the ingress/egress rate limiting along with bursting?  I understand the bursting is a function of specifying an amount of data that is able to pass through before the rate limit is applied.  

I prefer a L3 switch simply because we can do everything all in one device but I'd like the most straightforward and stable approach.  If a router and L2 switch is more straightforward, I'm open to going in that direction.
0
Comment
Question by:gatorIT
  • 4
  • 2
7 Comments
 
LVL 1

Expert Comment

by:cdusio
ID: 33683857
You should be able to accomplish that with a 3750 series switch.
Here's a link to an article that might help explain the capabilities of what you are trying to do.
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a0080883f9e.shtml#concept12

you can police ingress but you could invert that as well and apply inbound to the other side and that should work.
hth
0
 
LVL 10

Accepted Solution

by:
koudry earned 250 total points
ID: 33709165
As suggested above, you can use a multilayer switches but the problem is that some of the features and operational commands, are limited.  My recommendation would be to user a router because QoS is much easier to implement on a router than a switch.

However, if you are planning to host different bandwidths (5M, 10M, 20M, 50M etc) from the CPE side to the core side, then you may consider using a switch in between your cpe base and aggregation base.  The switch port density allows you to host several devices/routers to the core network, so long as the total bandwidth does not exceed that of the trunk.

From a QoS design point of view, you can configure Outbound / TX QoS on your CPE to control traffic bound to your core network. You can implement classification, marking and queueing on the WAN interface. You can also configure an inbound QoS on the WAN to take care of the traffic coming from the core. However to honour the bandwidth restriction downstream, you will need to implement another policy on the core / aggregator router.

These are just suggestions.

Thanks,

Koudry
{website removed by _alias99}
0
 
LVL 10

Expert Comment

by:koudry
ID: 33709258
When you configure policing, you will need to specify the burst (in bytes), for example:

policy-map test_policy
  class TestClass
    police CIR NORMAL_BURST EXCESS_BURST  conform-action  exceed-action

CIR: Committed Information Rate in bps

NORMAL_BURST -  in bytes is calculated as follows:
Square route of CIR (in Kb) multiplied by 1000   -- the result is rounded to the nearest 500

example: if CIR is 1000000 bps --> 1000kb, normal burst =[ sqrt (1000) ] * 1000

EXCESS_BURST = NORMAL_BURST * 2

Conform action: this can be transmit

Exceed action: can be drop

-------------------Example config------------
policy-map test_policy
  class TestClass
     police 1000000 32000 64000 conform-action transmit exceed-action drop
!

0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:gatorIT
ID: 33709444
Thanks for the responses.  Could you provide model numbers routers?  Also, is the EMI IOS required for these QoS features (both ingress and egress) or will SMI suffice?

0
 
LVL 10

Expert Comment

by:koudry
ID: 33712572
I suspect you will need EMI because this provides you with more features than SMI. You also pay more for EMI, so if money is not an issue, then EMI is your choice [see also http://www.tek-tips.com/viewthread.cfm?qid=1157540&page=1].

In terms of feature set, this will depend on where the device is on the network. For example, we use Advanced Security (k9) for our DSL CPE. This allows us to do QoS, RIP/static, VPN, embeded /software firewall etc.

If you are on the core network, you will need a different kind of feature set.  For example, you might want to use a service provider feature set on a Cisco 7200 or Cisco 10720 core router (see details @ http://tools.cisco.com/ITDIT/CFN/Dispatch?HMR_DDM=0&HPF_DDM=0&H_RBut=IM&HPN_Text=&Q1Submit=Continue&act=rlsSelect&task=display&HIM_Text=c10700-p-mz.120-27.S4.bin)

If you go with routers, you might want to use Cisco 2811, 1841, 3745 etc on your CPE base connecting (copper) to your access router which can be a Cisco 7200 or 10720 as these have gigabit port with fibre supports. You can run your BGP, OSPF etc here and do QoS as well.

If you decide to go with switches, you can have 3560 as your CPE base and use 3750 in your core network with EMI type of IOS. As I said in my previous post, switches may be cheaper and provide denser ports. You can still do QoS but the QoS isn't great.  You need to look at how much you want to spend.

When you decide which way to go, I am not an expert but I may be able to provide further information.

Good luck.

Koudry
0
 

Author Comment

by:gatorIT
ID: 33712590
We're only talking about a 15 Mbps WAN connection (ethernet handoff) so we basically just need an edge router.  It seems like this equipment might be overkill for our application.  

The Fortinet Fortigate 50B or Cisco ASA5510 may well be all we need.  The ASA5505 would probably be sufficient but it seems to only support 3 VLANs.  

Continuing to do research on this end, but a Cisco 3650 along with 3750 is not in the budget for this project.
0
 
LVL 10

Expert Comment

by:koudry
ID: 33715338
I have used a Cisco ASA 5510 as a firewall device but never attempted QoS on it. Looking at the Internet, I came accrosss this document:
 http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/about.html
Chapter 21, "Using Modular Policy Framework" of the above document, covers QoS among other things. This may provide a starting point to see if the Cisco ASA 5510 can deliver the service that you care looking for.
Thanks,
Koudry
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now