Best way to limit bandwidth to an access-group in IOS on a dialer interface

Hi I have an ACL(110) which I want to limit the bandwidth.  This is an IP camera and I dont want it trying to push out so many frames per-second that everything else suffers.

The server at our remove office reads the cgi file of the camera on TCP port 80.  I'm wondering if dropping the packets is the smartest way to do this or not.

(config-if)#rate-limit out access-group 110 90000 1000 2000 conf trans exceed drop
This is a Dialer interface so my options are somewhat limited.
interface Dialer0
 bandwidth 400
 ip address negotiated
 no ip unreachables
 ip nat outside
 ip virtual-reassembly
 rate-limit output access-group 110 88000 1500 2000 conform-action transmit exceed-action drop
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 fair-queue 64 16 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname name
 ppp chap password 7 paswerd
 ppp multilink
 ppp multilink fragment delay 20
 ppp multilink interleave
 crypto map aesmap
 ip rtp reserve 4569 4569 200

Open in new window

Who is Participating?
Marius GunnerudConnect With a Mentor Senior Systems EngineerCommented:
--->If you drop TCP packets then the receiver wont generate the acks so it will request the same packet again?
yes that is correct, the sender doesn't receive the ack from the receiver so the sender sends the packet again after a short wait.

--->When you use a bandwidth limit does it delay the packet or drop it ?
regardless of which method you use packets will be dropped if the conditions are exceeded. In the configuration I gave above, yes packets will be dropped if they exceed the 10% bandwidth. The other option to use is traffic shaping. this method will allow excess traffic to be queued for delivery up to a configured limit above the configured bandwidth (excess burst). Of course, if traffic exceeds the excess burst then that traffic will be dropped.

an example of traffic shaping:

 access-list 1 permit <ip add of camera>

 class-map IPCAM
 match access-group 1

 policy-map LIMIT-BW
 class IPCAM
 shape average 100000 10000 10000
 interface dialer 0
 service-policy out LIMIT-BW

In this example the first number is the committed information rate (ie bandwidth). The second number is the committed burst which is the normal allowed burst size. The third is the excess burst size. Any traffic that exceeds the excess burst will be dropped.

On another side you could leave out the excess burst and just live with the committed burst.
Marius GunnerudSenior Systems EngineerCommented:
you could use a policy map to limit the bandwidth for the camera or police it.

access-list 1 permit <ip add of camera>

class-map IPCAM
match access-group 1

policy-map LIMIT-BW
class IPCAM
bandwidth percent 10

interface dialer 0
service-policy out LIMIT-BW

instead of using percent you can enter the actual bandwidth you want it to use.  Or you could also configure policing where if it reaches a certain bandwidth usage traffic gets dropped.
sean-keysAuthor Commented:
That makes more sense to me.
Am I right in saying this:
    If you drop TCP packets then the receiver wont generate the acks so it will request the same packet again? Causing more traffic than simply delaying the packet.

When you use a bandwidth limit does it delay the packet or drop it ?

sean-keysAuthor Commented:
Awesome answer!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.