Avatar of Dragon0x40
Dragon0x40
 asked on

Limit bandwidth used by a single computer over a wan link

If a computer is transferring a large amount of data and maxing out a wan link what options are there for throttling the traffic coming from that particular computer.

I don't really care if it takes half of the bandwidth but just not more than that.

This is a Cisco 6500 device with a serial connection over a 45MB DS3 WAN circuit.

This is database replication so I don't believe that we want to drop any of the traffic just slow it down from saturating the link at 100%

RoutersSwitches / HubsNetwork Architecture

Avatar of undefined
Last Comment
Dragon0x40

8/22/2022 - Mon
Soulja

Okay,

you can

ip access-list extended restrict
permit ip host computeripaddress any

class match-all restrict1
match access-group name restrict

policy-map restrict3
class restrict1
police 10000000 20000 20000 conform-action transmit exceed-action drop


apply below to you ds3 interface
service-policy input restrict3

The police limits it to 10Mbps. You can change if you want.
ASKER CERTIFIED SOLUTION
Marius Gunnerud

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Soulja

Nice catch Mag03. I didn't eve read the part where he said he didn't want to drop any traffic. Yes, shaping is what you want to do. Or you would police, but instead of drop traffic exceeding the rate, just change the dscp value to a lower priority.
Dragon0x40

ASKER
Would this limit the traffic from the one computer to 24MB?

We have other traffic that needs to get across and that would have the other 21MB correct?

What if the traffic from the database replication from the one computer fills up the egress interface buffers? Would that data be dropped?

I would have to investigate how the SQL or Oracle database replication would respond to dropped packets. But if it is currently bursting past the 45MB limit of the DS3 then it is already possibly dropping packets?


policy-map SHAPE
class TRAFFIC
shape average 24000000

All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Marius Gunnerud

Shape average will limit traffic from the one host if only that host is specified in the ACL. The traffic will not be dropped as long as there is sufficient buffer memory for the queue. However, if the traffic sent fills this queue then excess traffic will be dropped. With Shaping, you could say, it is less likely that traffic will be dropped.

The policy will allocate the rest of the bandwidth for other traffic. you could also initiate fair queueing by for other traffic by doing the following:

policy-map SHAPE
class TRAFFIC
shape average 24000000
class class-default
fair

Here is an article comparing Policing to Shaping but gives some good advantage and disadvantages for the two
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a00800a3a25.shtml

If it is already maxing out the bandwidth you have, then it is very likely that packets are already being dropped.  you could do a packet capture on your network to check on this.
Dragon0x40

ASKER
Do I need to set up the queues and enable MLS QOS or anything like that for shaping?
Marius Gunnerud

no for shaping you only need to match the traffic you want to affect, call it in a class map, the create a policy map, and apply that policy map to the interface outbound.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Dragon0x40

ASKER
From the link:

Ensure that you have sufficient memory when enabling shaping. In addition, shaping requires a scheduling function for later transmission of any delayed packets. This scheduling function allows you to organize the shaping queue into different queues. Examples of scheduling functions are Class Based Weighted Fair Queuing (CBWFQ) and Low Latency Queuing (LLQ).

What command would  I use to check for sufficient memory and if I don't set up CBWFQ or LLQ then are the delayed packets just sent best effort?
Dragon0x40

ASKER
The idea is to limit the computer relicating the database to a maximum amount to allow the non database replication traffic and applications be more responsive to end users of the applications. I assume that policing might work because it will actually drop traffic which the more I think about it might be ok. Whereas it sounds like policing may limit the database replication but then the excess replication and the user applications would still be contending for the bandwidth above the shaping limit?

Dragon0x40

ASKER
TYPO:

Whereas it sounds like SHAPING may limit the database replication but then the excess replication and the user applications would still be contending for the bandwidth above the shaping limit?

This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Marius Gunnerud

Sorry for the late reply.

Anyway, What I believe they are asking about memory is if the Cisco device has enough memory to support buffering the excess. This can be checked by issuing the show memory command.

When configuring shaping the device will automatically allocate memory to each queue. The buffers can be tweeked if needed.

If no QoS is configured then everything will be based on best effort.

Shaping and policing basically provide the same function. The major difference is that with policing you will overall lose some bandwidth that could have potentially been used. With Shaping, the loss of bandwidth is lessened and although traffic might be delayed a bit, less traffic will be dropped.
Soulja

The simple fact that you are specifying classes make you means you are using CBWFQ, but since you are not using the bandwidth command to specify bandwidth for a class, you are in essence still just using WFQ. LLQ is used once you use the priority command. It puts traffic in a priority queue for traffic such as voice and video.
Dragon0x40

ASKER
My concern is that if we are already maxing out the 45mb link for several hours then neighter shaping or policing is going to prevent dropping packets.

Here is a show memory:

#sh memory
                            Head         Total(b)       Used(b)        Free(b)     Lowest(b)   Largest(b)
Processor   468139D0   360597040    92412684   268184356   264495508   216940652
              I/O    8000000     67108864    16487652     50621212     50621212     50619484

looks like we may have 200MB for buffering the traffic above what the shape value is set at. If we shaped at 30MB then it would only take about 30 seconds to fill the buffers and start dropping packets. If the traffic occasionally spiked up then I could see how the buffers might hold the excess traffic without dropping but when the traffic is above 45MB for 10 or 15 minutes at a time I don't see how it would work?

Maybe we will have to get more bandwidth or see if the database administrator can slow down the replication from the server.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Marius Gunnerud

Of course if you have a budget to support more bandwidth then, yes this is a good solution. I am looking from the aspect of keeping costs low.
Dragon0x40

ASKER
we are investigating our options