Solved

Best way to limit bandwidth to an access-group in IOS on a dialer interface

Posted on 2011-03-17
4
574 Views
Last Modified: 2012-05-11
Hi I have an ACL(110) which I want to limit the bandwidth.  This is an IP camera and I dont want it trying to push out so many frames per-second that everything else suffers.

The server at our remove office reads the cgi file of the camera on TCP port 80.  I'm wondering if dropping the packets is the smartest way to do this or not.

(config-if)#rate-limit out access-group 110 90000 1000 2000 conf trans exceed drop
This is a Dialer interface so my options are somewhat limited.
thx!
interface Dialer0
 bandwidth 400
 ip address negotiated
 no ip unreachables
 ip nat outside
 ip virtual-reassembly
 rate-limit output access-group 110 88000 1500 2000 conform-action transmit exceed-action drop
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 fair-queue 64 16 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname name
 ppp chap password 7 paswerd
 ppp multilink
 ppp multilink fragment delay 20
 ppp multilink interleave
 crypto map aesmap
 ip rtp reserve 4569 4569 200

Open in new window

0
Comment
Question by:sean-keys
  • 2
  • 2
4 Comments
 
LVL 17

Expert Comment

by:MAG03
Comment Utility
you could use a policy map to limit the bandwidth for the camera or police it.

access-list 1 permit <ip add of camera>

class-map IPCAM
match access-group 1

policy-map LIMIT-BW
class IPCAM
bandwidth percent 10

interface dialer 0
service-policy out LIMIT-BW

instead of using percent you can enter the actual bandwidth you want it to use.  Or you could also configure policing where if it reaches a certain bandwidth usage traffic gets dropped.
0
 

Author Comment

by:sean-keys
Comment Utility
That makes more sense to me.
Am I right in saying this:
    If you drop TCP packets then the receiver wont generate the acks so it will request the same packet again? Causing more traffic than simply delaying the packet.

When you use a bandwidth limit does it delay the packet or drop it ?

0
 
LVL 17

Accepted Solution

by:
MAG03 earned 500 total points
Comment Utility
--->If you drop TCP packets then the receiver wont generate the acks so it will request the same packet again?
yes that is correct, the sender doesn't receive the ack from the receiver so the sender sends the packet again after a short wait.

--->When you use a bandwidth limit does it delay the packet or drop it ?
regardless of which method you use packets will be dropped if the conditions are exceeded. In the configuration I gave above, yes packets will be dropped if they exceed the 10% bandwidth. The other option to use is traffic shaping. this method will allow excess traffic to be queued for delivery up to a configured limit above the configured bandwidth (excess burst). Of course, if traffic exceeds the excess burst then that traffic will be dropped.

an example of traffic shaping:

 access-list 1 permit <ip add of camera>

 class-map IPCAM
 match access-group 1

 policy-map LIMIT-BW
 class IPCAM
 shape average 100000 10000 10000
 
 interface dialer 0
 service-policy out LIMIT-BW

In this example the first number is the committed information rate (ie bandwidth). The second number is the committed burst which is the normal allowed burst size. The third is the excess burst size. Any traffic that exceeds the excess burst will be dropped.

On another side you could leave out the excess burst and just live with the committed burst.
0
 

Author Closing Comment

by:sean-keys
Comment Utility
Awesome answer!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now