«

I'm trying to find the proper way of achieving this on a 2600 series router
running IOS 12.3(10):

We have a good number of clients on our system, and the service that we sell
them gives them a maximum rate of 1mpbs each. If our bandwidth to the
internet is 10mbps, for example, that means 10 customers can get get the
maximum rate at once. In practice, we rarely have more than a couple of
customers performing large downloads at once.

The previous administrator tried to enforce the 1mbps policy by setting up
an access list like this for the subnet (the ip addresses below are just
examples):
access-list 101 permit ip any 10.0.0.64 0.0.0.63
and then doing a simple traffic shape on the access-list

This, of course, limited traffic across the subnet as a whole to 1mpbs, so
if our available bandwidth was 10mbps and 3 customers tried to push to 1mpbs
each, each would be limited to 333kbps, and 9mbps of our bandwidth would be
unused. This is not what we wanted.

Then, he set an access list where he specified each individual ip on the
subnet separately. This, didn't work because, essentially, he just recreated
the above access list in long-hand.

He's tossed the job over to me, now. I'm certainly not an IOS expert, I have
a couple of books I've been reading, as well as Cisco's webpages. I've set
up QoS policies to help reduce the bandwidth wasted by P2P software and
things like that, but up to now I've been working on groups of traffic
types. Other than doing something stupid and adding 60 "traffic-shape group
<xxx> 1000000" commands to the interface, I'm not sure what to do.

I'm certain there's a simpler way to separately rate-limit each individual
IP on the subnet, but I've been looking through docs and doing web searches
for the last few hours, and found nothing to help me with this particular
problem.

Can anyone either explain to me how to do this, or point me in the direction
of an appropriate example? This is driving me nuts because I'm sure there's
a simple way to do it, and I'm overlooking it somewhere.

Thanks!

Not clear exactly what you want to achieve, so I will make a couple of
assumptions.

Say you only want to limit each individual customer to 1Mb.
I assume the customer come in a switch which is not qos capable. Let me know
what switch you have as this could make things easier.

So the problem is limiting customers outbound once their traffic has been
aggregated. This can still be easily done using qos and your acl's


1) Create an ACL for each customer (using named ACL's for clarity)

ip access-list standard customer-1
permit 10.0.0.64 0.0.0.63
ip access-list standard customer-2
permit ......


2) Create a separate class-map for each customer:

class-map match-any customer-1
match access-group name customer-1
class-map match-any customer-2
etc....


3) Create your policy-map

policy-map cust-1mb
class customer-1
police cir 1000000 bc 31250
conform-action transmit
exceed-action drop
class customer-2
police cir 1000000 bc 31250
conform-action transmit
exceed-action drop
class customer-3
etc

4) Apply the policy-map to the interface - you can do this inbound from the
switch or outbound to the internet

interface fastethernet 0/0 ?
service-policy output cust-1mb

Voila.

show policy interface fast 0/0 to verify.

Now, you could also be really nice and guarantee each customer a minimum of
1mb, but distribute any extra bandwidth not being used at the time amongst
them.
That might not be what they paid for however

- Ben

"Michael Love" <> wrote in message
news:417912a0$...
> I'm trying to find the proper way of achieving this on a 2600 series
router
> running IOS 12.3(10):
>
> We have a good number of clients on our system, and the service that we
sell
> them gives them a maximum rate of 1mpbs each. If our bandwidth to the
> internet is 10mbps, for example, that means 10 customers can get get the
> maximum rate at once. In practice, we rarely have more than a couple of
> customers performing large downloads at once.
>
> The previous administrator tried to enforce the 1mbps policy by setting up
> an access list like this for the subnet (the ip addresses below are just
> examples):
> access-list 101 permit ip any 10.0.0.64 0.0.0.63
> and then doing a simple traffic shape on the access-list
>
> This, of course, limited traffic across the subnet as a whole to 1mpbs, so
> if our available bandwidth was 10mbps and 3 customers tried to push to
1mpbs
> each, each would be limited to 333kbps, and 9mbps of our bandwidth would
be
> unused. This is not what we wanted.
>
> Then, he set an access list where he specified each individual ip on the
> subnet separately. This, didn't work because, essentially, he just
recreated
> the above access list in long-hand.
>
> He's tossed the job over to me, now. I'm certainly not an IOS expert, I
have
> a couple of books I've been reading, as well as Cisco's webpages. I've set
> up QoS policies to help reduce the bandwidth wasted by P2P software and
> things like that, but up to now I've been working on groups of traffic
> types. Other than doing something stupid and adding 60 "traffic-shape
group
> <xxx> 1000000" commands to the interface, I'm not sure what to do.
>
> I'm certain there's a simpler way to separately rate-limit each individual
> IP on the subnet, but I've been looking through docs and doing web
searches
> for the last few hours, and found nothing to help me with this particular
> problem.
>
> Can anyone either explain to me how to do this, or point me in the
direction
> of an appropriate example? This is driving me nuts because I'm sure
there's
> a simple way to do it, and I'm overlooking it somewhere.
>
> Thanks!
>
>

> I assume the customer come in a switch which is not qos capable. Let me
know
> what switch you have as this could make things easier.

It's our wireless network. We use Cisco 350's and 1200's, and the customers
are all bridged to our gateway machine that does accounting and stuff for
their usage. The customers connect to the AP's, the AP's go into a non-Cisco
switch, and the switch connects to our gateway.

> 3) Create your policy-map
>
> policy-map cust-1mb
> class customer-1
> police cir 1000000 bc 31250
> conform-action transmit
> exceed-action drop
> class customer-2
> police cir 1000000 bc 31250
> conform-action transmit
> exceed-action drop
> class customer-3
> etc

This is another way I thought about doing it, but I was thinking if I ended
up doing this like 60 to 100 times I was doing it the wrong way. I can write
a simple script to generate the class and policy list for me, then just
paste it into the router, but I was thinking there should have been a
simpler, fewer number of commands to do it.

> Now, you could also be really nice and guarantee each customer a minimum
of
> 1mb, but distribute any extra bandwidth not being used at the time amongst
> them.
> That might not be what they paid for however

We have a couple of customers we want to guarantee bandwidth, too, but we
haven't finalized the service for it.

Thanks for your help!

It's a few extra lines of config, but since you are policing after the
traffic has been aggregrated there's no shorter way I can think of.
That's why it's prefereable to do it at the switch (not possible with your
setup).

By the by policing to 1mb you *are* guaranteeing customers' that much
bandwidth, but no more.

Instead of all the policing statement you could use 'bandwidth 1000' instead
That would guarantee a *minimum* bandwidth not a maximum. You would also
have to change this default value:
max-reserved-bandwidth 100

If no-one else was using your connection, any customer could get 10Mb, but
would be guaranteed to get at least 1Mb if they needed it.

Or you can do some other stuff like selling a premium service that always
gets queueing priority over other customers.

"Michael Love" <> wrote in message
news:4179c879$...
> > I assume the customer come in a switch which is not qos capable. Let me
> know
> > what switch you have as this could make things easier.
>
> It's our wireless network. We use Cisco 350's and 1200's, and the
customers
> are all bridged to our gateway machine that does accounting and stuff for
> their usage. The customers connect to the AP's, the AP's go into a
non-Cisco
> switch, and the switch connects to our gateway.
>
> > 3) Create your policy-map
> >
> > policy-map cust-1mb
> > class customer-1
> > police cir 1000000 bc 31250
> > conform-action transmit
> > exceed-action drop
> > class customer-2
> > police cir 1000000 bc 31250
> > conform-action transmit
> > exceed-action drop
> > class customer-3
> > etc
>
> This is another way I thought about doing it, but I was thinking if I
ended
> up doing this like 60 to 100 times I was doing it the wrong way. I can
write
> a simple script to generate the class and policy list for me, then just
> paste it into the router, but I was thinking there should have been a
> simpler, fewer number of commands to do it.
>
> > Now, you could also be really nice and guarantee each customer a minimum
> of
> > 1mb, but distribute any extra bandwidth not being used at the time
amongst
> > them.
> > That might not be what they paid for however
>
> We have a couple of customers we want to guarantee bandwidth, too, but we
> haven't finalized the service for it.
>
> Thanks for your help!
>
>
>

Ok, thanks! Theis has been really helpful.