We help IT Professionals succeed at work.

Limit bandwidth used by a single computer over a wan link

Dragon0x40
Dragon0x40 used Ask the Experts™
on
If a computer is transferring a large amount of data and maxing out a wan link what options are there for throttling the traffic coming from that particular computer.

I don't really care if it takes half of the bandwidth but just not more than that.

This is a Cisco 6500 device with a serial connection over a 45MB DS3 WAN circuit.

This is database replication so I don't believe that we want to drop any of the traffic just slow it down from saturating the link at 100%

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Okay,

you can

ip access-list extended restrict
permit ip host computeripaddress any

class match-all restrict1
match access-group name restrict

policy-map restrict3
class restrict1
police 10000000 20000 20000 conform-action transmit exceed-action drop


apply below to you ds3 interface
service-policy input restrict3

The police limits it to 10Mbps. You can change if you want.
Senior Systems Engineer
Top Expert 2013
Commented:
If you don't want to drop any traffic, then I would shy away from police command.  Instead go with the shape average command. This will queue any excess traffic and hold it for delivery during heavy congestion.

enable
conf t

access-list 101 permit ip x.x.x.x y.y.y.y any

class-map match-all TRAFFIC
match access-group 101

policy-map SHAPE
class TRAFFIC
shape average 24000000

int (interface connecting to particular computer)
service-policy input SHAPE
Marius GunnerudSenior Systems Engineer
Top Expert 2013
Commented:
oops change that a bit

int (ds3 interface)
service-policy output SHAPE
SouljaSr.Net.Eng
Top Expert 2011

Commented:
Nice catch Mag03. I didn't eve read the part where he said he didn't want to drop any traffic. Yes, shaping is what you want to do. Or you would police, but instead of drop traffic exceeding the rate, just change the dscp value to a lower priority.

Author

Commented:
Would this limit the traffic from the one computer to 24MB?

We have other traffic that needs to get across and that would have the other 21MB correct?

What if the traffic from the database replication from the one computer fills up the egress interface buffers? Would that data be dropped?

I would have to investigate how the SQL or Oracle database replication would respond to dropped packets. But if it is currently bursting past the 45MB limit of the DS3 then it is already possibly dropping packets?


policy-map SHAPE
class TRAFFIC
shape average 24000000

Marius GunnerudSenior Systems Engineer
Top Expert 2013

Commented:
Shape average will limit traffic from the one host if only that host is specified in the ACL. The traffic will not be dropped as long as there is sufficient buffer memory for the queue. However, if the traffic sent fills this queue then excess traffic will be dropped. With Shaping, you could say, it is less likely that traffic will be dropped.

The policy will allocate the rest of the bandwidth for other traffic. you could also initiate fair queueing by for other traffic by doing the following:

policy-map SHAPE
class TRAFFIC
shape average 24000000
class class-default
fair

Here is an article comparing Policing to Shaping but gives some good advantage and disadvantages for the two
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800a3a25.shtml

If it is already maxing out the bandwidth you have, then it is very likely that packets are already being dropped.  you could do a packet capture on your network to check on this.

Author

Commented:
Do I need to set up the queues and enable MLS QOS or anything like that for shaping?
Marius GunnerudSenior Systems Engineer
Top Expert 2013

Commented:
no for shaping you only need to match the traffic you want to affect, call it in a class map, the create a policy map, and apply that policy map to the interface outbound.

Author

Commented:
From the link:

Ensure that you have sufficient memory when enabling shaping. In addition, shaping requires a scheduling function for later transmission of any delayed packets. This scheduling function allows you to organize the shaping queue into different queues. Examples of scheduling functions are Class Based Weighted Fair Queuing (CBWFQ) and Low Latency Queuing (LLQ).

What command would  I use to check for sufficient memory and if I don't set up CBWFQ or LLQ then are the delayed packets just sent best effort?

Author

Commented:
The idea is to limit the computer relicating the database to a maximum amount to allow the non database replication traffic and applications be more responsive to end users of the applications. I assume that policing might work because it will actually drop traffic which the more I think about it might be ok. Whereas it sounds like policing may limit the database replication but then the excess replication and the user applications would still be contending for the bandwidth above the shaping limit?

Author

Commented:
TYPO:

Whereas it sounds like SHAPING may limit the database replication but then the excess replication and the user applications would still be contending for the bandwidth above the shaping limit?

Marius GunnerudSenior Systems Engineer
Top Expert 2013

Commented:
Sorry for the late reply.

Anyway, What I believe they are asking about memory is if the Cisco device has enough memory to support buffering the excess. This can be checked by issuing the show memory command.

When configuring shaping the device will automatically allocate memory to each queue. The buffers can be tweeked if needed.

If no QoS is configured then everything will be based on best effort.

Shaping and policing basically provide the same function. The major difference is that with policing you will overall lose some bandwidth that could have potentially been used. With Shaping, the loss of bandwidth is lessened and although traffic might be delayed a bit, less traffic will be dropped.
SouljaSr.Net.Eng
Top Expert 2011

Commented:
The simple fact that you are specifying classes make you means you are using CBWFQ, but since you are not using the bandwidth command to specify bandwidth for a class, you are in essence still just using WFQ. LLQ is used once you use the priority command. It puts traffic in a priority queue for traffic such as voice and video.

Author

Commented:
My concern is that if we are already maxing out the 45mb link for several hours then neighter shaping or policing is going to prevent dropping packets.

Here is a show memory:

#sh memory
                            Head         Total(b)       Used(b)        Free(b)     Lowest(b)   Largest(b)
Processor   468139D0   360597040    92412684   268184356   264495508   216940652
              I/O    8000000     67108864    16487652     50621212     50621212     50619484

looks like we may have 200MB for buffering the traffic above what the shape value is set at. If we shaped at 30MB then it would only take about 30 seconds to fill the buffers and start dropping packets. If the traffic occasionally spiked up then I could see how the buffers might hold the excess traffic without dropping but when the traffic is above 45MB for 10 or 15 minutes at a time I don't see how it would work?

Maybe we will have to get more bandwidth or see if the database administrator can slow down the replication from the server.
Marius GunnerudSenior Systems Engineer
Top Expert 2013
Commented:
---->Maybe we will have to get more bandwidth or see if the database administrator can slow down the replication from the server.

Yes this would most likely be a better solution as you don't know the affect droped packets will have on the replication. I am also not sure how dropped packets will affect the replication, but I am assuming that TCP is used, which means that if an ACK is not received for a packet that is sent, that packet will be resent after a short time.

--->Maybe we will have to get more bandwidth or see if the database administrator can slow down the replication from the server.

Of course if you have unlimited bandwidth then there is no need for QoS, for example you have a 10Gb line. Other than that without any shaping or policing, the server will max out the bandwidth until replication is done, whether that replication takes 10 to 15 minutes or just 1 minute. Not the best solution if you ask me.
Marius GunnerudSenior Systems Engineer
Top Expert 2013

Commented:
Of course if you have a budget to support more bandwidth then, yes this is a good solution. I am looking from the aspect of keeping costs low.

Author

Commented:
we are investigating our options