kgtwebadmin
asked on
Cisco Traffic Shaping, 'both' directions
So we are getting a fiber run to our office soon (10/10). We are going to have a few additional clients share this with us. We want to be able to keep them from eating all the speed.
Ive been reading for hours on rate-limit, traffic shaping, and traffic policing. Being that shaping can only happen in an outbound direction of an interface, would the following example work?
Fiber handoff as ethernet---> (WAN-SIDE)Cisco Router (2611xm at the moment for testing) (LAN-SIDE)---> Switch --> Clients.
On the (WAN-SIDE) configure my shaping using access maps to match the client's IP(range) to shape their outbound (to the internet) speed, while on the (LAN-SIDE) interface, use different access maps to limit the traffic outbound from that interface into the switch to limit their download speed? Thus the router is effectively queuing in both directions? No NAT, all public, routeable IP addresses. No other firewalling or policies will be done here other than QoS.
Not that it matters but all connections will be on 100 mbit copper ethernet ports.
Ive been reading for hours on rate-limit, traffic shaping, and traffic policing. Being that shaping can only happen in an outbound direction of an interface, would the following example work?
Fiber handoff as ethernet---> (WAN-SIDE)Cisco Router (2611xm at the moment for testing) (LAN-SIDE)---> Switch --> Clients.
On the (WAN-SIDE) configure my shaping using access maps to match the client's IP(range) to shape their outbound (to the internet) speed, while on the (LAN-SIDE) interface, use different access maps to limit the traffic outbound from that interface into the switch to limit their download speed? Thus the router is effectively queuing in both directions? No NAT, all public, routeable IP addresses. No other firewalling or policies will be done here other than QoS.
Not that it matters but all connections will be on 100 mbit copper ethernet ports.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
TRY this: You can change markings as you want
example:
class-map match-any CUSTOMER_EF
match access-group name CUSTOMER_EF
class-map match-any CUSTOMER_AF3
match access-group name CUSTOMER_AF3
class-map match-any CUSTOMER_AF2
match access-group name CUSTOMER_AF2
class-map match-any EF_WAN
match ip precedence 5
class-map match-any AF3_WAN
match ip precedence 4
class-map match-any AF2_WAN
match ip precedence 3
!
policy-map PREMIUM
class EF_WAN
priority
class AF3_WAN
bandwidth remaining percent <<put your desired BW% allocation ex:66>>
queue-limit 272
queue-limit precedence 4 150
class AF2_WAN
bandwidth remaining percent 21
queue-limit 150
class class-default
bandwidth remaining percent 13
queue-limit 150
!
policy-map LAN_IN
class CUSTOMER_EF
!Suppose you want 5mb of traffic to be priortiez the put the BW in bps i.e. 500000
police cir 5000000 bc 6000000
conform-action set-prec-transmit 5
conform-action set-cos-transmit 6
exceed-action drop
class CUSTOMER_AF3
set cos 4
set precedence 4
class CUSTOMER_AF2
set cos 3
set precedence 3
class class-default
set cos 2
set precedence 2
!
policy-map WAN_IN
class CUSTOMER_EF
police cir 5000000 bc 6000000
conform-action set-prec-transmit 5
conform-action set-cos-transmit 6
class CUSTOMER_AF3
set cos 4
set precedence 4
class CUSTOMER_AF2
set cos 3
set precedence 3
class class-default
set cos 2
set precedence 2
!
policy-map WAN
class class-default
shape average <<PUT you desired BW allocation in bps. ex for 30mb put 30000000>>
service-policy PREMIUM
!
policy-map LAN
class class-default
shape average 30000000
service-policy PREMIUM
Int WAN
service-policy input WAN_IN
service-policy output WAN
Int LAN
service-policy input LAN_IN
service-policy output LAN
!
ip access-list extended CUSTOMER_AF2
permit ip any any precedence flash
ip access-list extended CUSTOMER_AF3
permit ip any any precedence flash-override
permit ip any any precedence internet
permit ip any any precedence network
ip access-list extended CUSTOMER_EF
permit ip any any precedence critical
example:
class-map match-any CUSTOMER_EF
match access-group name CUSTOMER_EF
class-map match-any CUSTOMER_AF3
match access-group name CUSTOMER_AF3
class-map match-any CUSTOMER_AF2
match access-group name CUSTOMER_AF2
class-map match-any EF_WAN
match ip precedence 5
class-map match-any AF3_WAN
match ip precedence 4
class-map match-any AF2_WAN
match ip precedence 3
!
policy-map PREMIUM
class EF_WAN
priority
class AF3_WAN
bandwidth remaining percent <<put your desired BW% allocation ex:66>>
queue-limit 272
queue-limit precedence 4 150
class AF2_WAN
bandwidth remaining percent 21
queue-limit 150
class class-default
bandwidth remaining percent 13
queue-limit 150
!
policy-map LAN_IN
class CUSTOMER_EF
!Suppose you want 5mb of traffic to be priortiez the put the BW in bps i.e. 500000
police cir 5000000 bc 6000000
conform-action set-prec-transmit 5
conform-action set-cos-transmit 6
exceed-action drop
class CUSTOMER_AF3
set cos 4
set precedence 4
class CUSTOMER_AF2
set cos 3
set precedence 3
class class-default
set cos 2
set precedence 2
!
policy-map WAN_IN
class CUSTOMER_EF
police cir 5000000 bc 6000000
conform-action set-prec-transmit 5
conform-action set-cos-transmit 6
class CUSTOMER_AF3
set cos 4
set precedence 4
class CUSTOMER_AF2
set cos 3
set precedence 3
class class-default
set cos 2
set precedence 2
!
policy-map WAN
class class-default
shape average <<PUT you desired BW allocation in bps. ex for 30mb put 30000000>>
service-policy PREMIUM
!
policy-map LAN
class class-default
shape average 30000000
service-policy PREMIUM
Int WAN
service-policy input WAN_IN
service-policy output WAN
Int LAN
service-policy input LAN_IN
service-policy output LAN
!
ip access-list extended CUSTOMER_AF2
permit ip any any precedence flash
ip access-list extended CUSTOMER_AF3
permit ip any any precedence flash-override
permit ip any any precedence internet
permit ip any any precedence network
ip access-list extended CUSTOMER_EF
permit ip any any precedence critical
The violate action drop command will drop packets when babndwidth is exceeded. But Ethernet is designed to handle that drop and retransmit. So you'll see the drops when running pings, but I've had no complaints from normal web usage.
A 2611 is surely not a rocket when it comes to traffic shaping/queuing for LAN type interfaces. It does that in software so be aware that you push it to the limits. What device will you use in real life to perform the task?
ASKER
Looking at either an 1841 or 3750 catalyst. 10/10 fiber, with the ability to turn it up maybe to 20-30mbps in the near future.
ASKER
Worked for me, I was able to dl a file and still ping with no loss.
ASKER
I read about policing but did not simulate it yet in my test network.