Limit bandwidth used by a single computer over a wan link

Okay,

you can

ip access-list extended restrict
permit ip host computeripaddress any

class match-all restrict1
match access-group name restrict

policy-map restrict3
class restrict1
police 10000000 20000 20000 conform-action transmit exceed-action drop


apply below to you ds3 interface
service-policy input restrict3

The police limits it to 10Mbps. You can change if you want.

Nice catch Mag03. I didn't eve read the part where he said he didn't want to drop any traffic. Yes, shaping is what you want to do. Or you would police, but instead of drop traffic exceeding the rate, just change the dscp value to a lower priority.

Would this limit the traffic from the one computer to 24MB?

We have other traffic that needs to get across and that would have the other 21MB correct?

What if the traffic from the database replication from the one computer fills up the egress interface buffers? Would that data be dropped?

I would have to investigate how the SQL or Oracle database replication would respond to dropped packets. But if it is currently bursting past the 45MB limit of the DS3 then it is already possibly dropping packets?


policy-map SHAPE
class TRAFFIC
shape average 24000000

Shape average will limit traffic from the one host if only that host is specified in the ACL. The traffic will not be dropped as long as there is sufficient buffer memory for the queue. However, if the traffic sent fills this queue then excess traffic will be dropped. With Shaping, you could say, it is less likely that traffic will be dropped.

The policy will allocate the rest of the bandwidth for other traffic. you could also initiate fair queueing by for other traffic by doing the following:

policy-map SHAPE
class TRAFFIC
shape average 24000000
class class-default
fair

Here is an article comparing Policing to Shaping but gives some good advantage and disadvantages for the two
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800a3a25.shtml

If it is already maxing out the bandwidth you have, then it is very likely that packets are already being dropped.  you could do a packet capture on your network to check on this.

Do I need to set up the queues and enable MLS QOS or anything like that for shaping?

no for shaping you only need to match the traffic you want to affect, call it in a class map, the create a policy map, and apply that policy map to the interface outbound.

From the link:

Ensure that you have sufficient memory when enabling shaping. In addition, shaping requires a scheduling function for later transmission of any delayed packets. This scheduling function allows you to organize the shaping queue into different queues. Examples of scheduling functions are Class Based Weighted Fair Queuing (CBWFQ) and Low Latency Queuing (LLQ).

What command would  I use to check for sufficient memory and if I don't set up CBWFQ or LLQ then are the delayed packets just sent best effort?

The idea is to limit the computer relicating the database to a maximum amount to allow the non database replication traffic and applications be more responsive to end users of the applications. I assume that policing might work because it will actually drop traffic which the more I think about it might be ok. Whereas it sounds like policing may limit the database replication but then the excess replication and the user applications would still be contending for the bandwidth above the shaping limit?

TYPO:

Whereas it sounds like SHAPING may limit the database replication but then the excess replication and the user applications would still be contending for the bandwidth above the shaping limit?

Sorry for the late reply.

Anyway, What I believe they are asking about memory is if the Cisco device has enough memory to support buffering the excess. This can be checked by issuing the show memory command.

When configuring shaping the device will automatically allocate memory to each queue. The buffers can be tweeked if needed.

If no QoS is configured then everything will be based on best effort.

Shaping and policing basically provide the same function. The major difference is that with policing you will overall lose some bandwidth that could have potentially been used. With Shaping, the loss of bandwidth is lessened and although traffic might be delayed a bit, less traffic will be dropped.

The simple fact that you are specifying classes make you means you are using CBWFQ, but since you are not using the bandwidth command to specify bandwidth for a class, you are in essence still just using WFQ. LLQ is used once you use the priority command. It puts traffic in a priority queue for traffic such as voice and video.

My concern is that if we are already maxing out the 45mb link for several hours then neighter shaping or policing is going to prevent dropping packets.

Here is a show memory:

#sh memory
                            Head         Total(b)       Used(b)        Free(b)     Lowest(b)   Largest(b)
Processor   468139D0   360597040    92412684   268184356   264495508   216940652
              I/O    8000000     67108864    16487652     50621212     50621212     50619484

looks like we may have 200MB for buffering the traffic above what the shape value is set at. If we shaped at 30MB then it would only take about 30 seconds to fill the buffers and start dropping packets. If the traffic occasionally spiked up then I could see how the buffers might hold the excess traffic without dropping but when the traffic is above 45MB for 10 or 15 minutes at a time I don't see how it would work?

Maybe we will have to get more bandwidth or see if the database administrator can slow down the replication from the server.

Of course if you have a budget to support more bandwidth then, yes this is a good solution. I am looking from the aspect of keeping costs low.

we are investigating our options