Link to home
Start Free TrialLog in
Avatar of kgtwebadmin
kgtwebadminFlag for United States of America

asked on

Cisco Traffic Shaping, 'both' directions

So we are getting a fiber run to our office soon (10/10). We are going to have a few additional clients share this with us. We want to be able to keep them from eating all the speed.

Ive been reading for hours on rate-limit, traffic shaping, and traffic policing. Being that shaping can only happen in an outbound direction of an interface, would the following example work?

Fiber handoff as ethernet---> (WAN-SIDE)Cisco Router (2611xm at the moment for testing) (LAN-SIDE)---> Switch --> Clients.
On the (WAN-SIDE) configure my shaping using access maps to match the client's IP(range) to shape their outbound (to the internet) speed, while on the (LAN-SIDE) interface, use different access maps to limit the traffic outbound from that interface into the switch to limit their download speed? Thus the router is effectively queuing in both directions? No NAT, all public, routeable IP addresses. No other firewalling or policies will be done here other than QoS.

Not that it matters but all connections will be on 100 mbit copper ethernet ports.
ASKER CERTIFIED SOLUTION
Avatar of agonza07
agonza07
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of kgtwebadmin

ASKER

Does this do it nicely or will I get horrid packet loss? I tried rate-limit on the interface, and when I was just firing off large packet pings to simulate traffic, it started throwing packets out rather than just delay them.

I read about policing but did not simulate it yet in my test network.
TRY this: You can change markings as you want
example:

class-map match-any CUSTOMER_EF
  match access-group name CUSTOMER_EF
class-map match-any CUSTOMER_AF3
  match access-group name CUSTOMER_AF3
class-map match-any CUSTOMER_AF2
  match access-group name CUSTOMER_AF2
class-map match-any EF_WAN
  match ip precedence 5
class-map match-any AF3_WAN
  match ip precedence 4
class-map match-any AF2_WAN
  match ip precedence 3
!
policy-map PREMIUM
  class EF_WAN
    priority
  class AF3_WAN
   bandwidth remaining percent <<put your desired BW% allocation ex:66>>
   queue-limit 272
   queue-limit precedence 4 150
  class AF2_WAN
   bandwidth remaining percent 21
   queue-limit 150
  class class-default
   bandwidth remaining percent 13
   queue-limit 150

!
policy-map LAN_IN
  class CUSTOMER_EF
!Suppose you want 5mb of traffic to be priortiez the put the BW in bps i.e. 500000
   police cir 5000000 bc 6000000
   conform-action set-prec-transmit 5
   conform-action set-cos-transmit 6
   exceed-action drop
  class CUSTOMER_AF3
   set cos 4
   set precedence 4
  class CUSTOMER_AF2
   set cos 3
   set precedence 3
  class class-default
   set cos 2
   set precedence 2
!
policy-map WAN_IN
  class CUSTOMER_EF
   police cir 5000000 bc 6000000
   conform-action set-prec-transmit 5
   conform-action set-cos-transmit 6
class CUSTOMER_AF3
   set cos 4
   set precedence 4
  class CUSTOMER_AF2
   set cos 3
   set precedence 3
  class class-default
   set cos 2
   set precedence 2
!

policy-map WAN
  class class-default
    shape average <<PUT you desired BW allocation in bps. ex for 30mb put 30000000>>
    service-policy PREMIUM
!
policy-map LAN
  class class-default
    shape average 30000000
    service-policy PREMIUM

Int WAN

service-policy input WAN_IN
service-policy output WAN


Int LAN

service-policy input LAN_IN
service-policy output LAN


!

ip access-list extended CUSTOMER_AF2
permit ip any any precedence flash
ip access-list extended CUSTOMER_AF3
permit ip any any precedence flash-override
permit ip any any precedence internet
permit ip any any precedence network
ip access-list extended CUSTOMER_EF
permit ip any any precedence critical
The violate action drop command will drop packets when babndwidth is exceeded. But Ethernet is designed to handle that drop and retransmit. So you'll see the drops when running pings, but I've had no complaints from normal web usage.
A 2611 is surely not a rocket when it comes to traffic shaping/queuing for LAN type interfaces. It does that in software so be aware that you push it to the limits. What device will you use in real life to perform the task?
Looking at either an 1841 or 3750 catalyst. 10/10 fiber, with the ability to turn it up maybe to 20-30mbps in the near future.
Worked for me, I was able to dl a file and still ping with no loss.