cisco805 bandwith limit

Discussion in 'Cisco' started by sali, Nov 10, 2006.

  1. sali

    sali Guest

    we have branch office connected through dsl & cisco805 with both corporate
    vpn and internet.
    problem is that users from branch office "over-utilise" their internet
    access, so the vpn part [that supports core accounting apps] suffers, giving
    inacceptable bad response times.

    i am looking [besides other solutions] to limit bandwith between those two
    classes directly on cisco805.

    i have found some advice on internet, like:
    -----8<----
    access-list 181 permit ip host <ip of VPN box> any

    access-list 182 deny ip host <ip of VPN box> any
    access-list 182 permit ip <network range/mask> any
    (...)
    class-map Non-VPN
    match access-group 182
    class-map VPN
    match access-group 181
    (...)
    policy-map ShareBW
    class VPN
    bandwidth percent 67 <<<<<< bw limit1
    class Non-VPN
    bandwidth percent 33 <<<<<< bw limit2
    ----8<-----

    my question is, is it applicable to cisco805 router class, or needs
    something more sophisticated device?

    thnx
     
    sali, Nov 10, 2006
    #1
    1. Advertising

  2. sali

    stephen Guest

    "sali" <> wrote in message
    news:ej1a8i$2ac$...
    > we have branch office connected through dsl & cisco805 with both corporate
    > vpn and internet.
    > problem is that users from branch office "over-utilise" their internet
    > access, so the vpn part [that supports core accounting apps] suffers,

    giving
    > inacceptable bad response times.
    >
    > i am looking [besides other solutions] to limit bandwith between those two
    > classes directly on cisco805.
    >
    > i have found some advice on internet, like:
    > -----8<----
    > access-list 181 permit ip host <ip of VPN box> any
    >
    > access-list 182 deny ip host <ip of VPN box> any
    > access-list 182 permit ip <network range/mask> any
    > (...)
    > class-map Non-VPN
    > match access-group 182
    > class-map VPN
    > match access-group 181
    > (...)
    > policy-map ShareBW
    > class VPN
    > bandwidth percent 67 <<<<<< bw limit1
    > class Non-VPN
    > bandwidth percent 33 <<<<<< bw limit2
    > ----8<-----
    >
    > my question is, is it applicable to cisco805 router class, or needs
    > something more sophisticated device?


    i suspect that it is going to depend on what you actually get with your
    "DSL" service.

    ie is it contended, is there different up and down speeds, is it rate
    adaptive.

    you also dont mention what else may be crossing the VPN link - ie the
    accounting app may be contending with "stuff" on your internal network
    (email and file / print often eat a lot more bandwidth than you expect).

    it isnt obvious how many branches there are - but the congestion may be at
    the HQ end - since most client server apps send much more data from server
    to client - so that is where congestion tends to have a big effect.

    You should be able to try it and see the the effect in practice - but
    playing with a live service is not a good idea.

    i suggest that you actually build a dummy site at wherever you are (often
    support is from the HQ site) - and actually test it.

    if it doesnt work, then you could always install 2 DSL links at each site,
    and only allow the accouting app (and anything else that doesnt react well
    to bandwidth limites, jitter, latency etc) on a "high priority" VPN feed.
    >
    > thnx

    --
    Regards

    - replace xyz with ntl
     
    stephen, Nov 10, 2006
    #2
    1. Advertising

  3. sali

    sali Guest

    "stephen" <> je napisao u poruci interesnoj
    grupi:R955h.10820$...
    > "sali" <> wrote in message
    > news:ej1a8i$2ac$...
    >> we have branch office connected through dsl & cisco805 with both
    >> corporate
    >> vpn and internet.
    >> problem is that users from branch office "over-utilise" their internet
    >> access, so the vpn part [that supports core accounting apps] suffers,


    >
    >> my question is, is it applicable to cisco805 router class, or needs
    >> something more sophisticated device?

    >
    > i suspect that it is going to depend on what you actually get with your
    > "DSL" service.
    >
    > ie is it contended, is there different up and down speeds, is it rate
    > adaptive.
    >
    > you also dont mention what else may be crossing the VPN link - ie the
    > accounting app may be contending with "stuff" on your internal network
    > (email and file / print often eat a lot more bandwidth than you expect).
    >
    > it isnt obvious how many branches there are - but the congestion may be at
    > the HQ end - since most client server apps send much more data from server
    > to client - so that is where congestion tends to have a big effect.
    >
    > You should be able to try it and see the the effect in practice - but
    > playing with a live service is not a good idea.
    >
    > i suggest that you actually build a dummy site at wherever you are (often
    > support is from the HQ site) - and actually test it.
    >
    > if it doesnt work, then you could always install 2 DSL links at each site,
    > and only allow the accouting app (and anything else that doesnt react well
    > to bandwidth limites, jitter, latency etc) on a "high priority" VPN feed.
    >>
    >> thnx

    > --
    > Regards



    thnx for advice, but all of that was allready re-thinked.
    fixed bandwith limit is not optimal [it is very rough] but is better than
    situation when "surfers" overload bandwith and stops bussines activity on
    vpn.

    but, does your advice mean that cisco805 is capoable of fixing bandwith
    utilisation between defined groups [vpn vs internet]
    somebody told me that i need at least 18xx class of router to do something
    like that.
     
    sali, Nov 11, 2006
    #3
  4. sali

    stephen Guest

    "sali" <> wrote in message
    news:ej54q5$6jo$...
    > "stephen" <> je napisao u poruci interesnoj
    > grupi:R955h.10820$...
    > > "sali" <> wrote in message
    > > news:ej1a8i$2ac$...
    > >> we have branch office connected through dsl & cisco805 with both
    > >> corporate
    > >> vpn and internet.
    > >> problem is that users from branch office "over-utilise" their internet
    > >> access, so the vpn part [that supports core accounting apps] suffers,

    >
    > >
    > >> my question is, is it applicable to cisco805 router class, or needs
    > >> something more sophisticated device?

    > >
    > > i suspect that it is going to depend on what you actually get with your
    > > "DSL" service.
    > >
    > > ie is it contended, is there different up and down speeds, is it rate
    > > adaptive.


    This Q is about whether the carrier is clipping some traffic due to a
    "designed in" bottleneck in the service.

    If it is, then your QoS may prioritise some traffic, but the contention may
    drop enough to affect "high priority" traffic anyway.
    > >
    > > you also dont mention what else may be crossing the VPN link - ie the
    > > accounting app may be contending with "stuff" on your internal network
    > > (email and file / print often eat a lot more bandwidth than you expect).
    > >
    > > it isnt obvious how many branches there are - but the congestion may be

    at
    > > the HQ end - since most client server apps send much more data from

    server
    > > to client - so that is where congestion tends to have a big effect.
    > >
    > > You should be able to try it and see the the effect in practice - but
    > > playing with a live service is not a good idea.
    > >
    > > i suggest that you actually build a dummy site at wherever you are

    (often
    > > support is from the HQ site) - and actually test it.
    > >
    > > if it doesnt work, then you could always install 2 DSL links at each

    site,
    > > and only allow the accouting app (and anything else that doesnt react

    well
    > > to bandwidth limites, jitter, latency etc) on a "high priority" VPN

    feed.
    > >>
    > >> thnx

    > > --
    > > Regards

    >
    >
    > thnx for advice, but all of that was allready re-thinked.
    > fixed bandwith limit is not optimal [it is very rough] but is better than
    > situation when "surfers" overload bandwith and stops bussines activity on
    > vpn.
    >
    > but, does your advice mean that cisco805 is capoable of fixing bandwith
    > utilisation between defined groups [vpn vs internet]
    > somebody told me that i need at least 18xx class of router to do something
    > like that.


    dont know if that is feasible on an 805 - the cisco feature navigator doesnt
    even believe it understands CBWFQ - so probably not.

    you might want to try weighted fair queuing (if it isnt turned on already)
    and see if that can improve matters - WFQ will try to distribute what
    bandwidth is available evenly across the set of TCP sessions which are
    active.

    cisco feature navigator can tell you which s/w supports what functions (but
    there are hundreds of QoS features, and several ways to produce bandwidth
    sharing / traffic limiting):
    http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

    However - i am not sure that it matters.

    Note - any kind of policing or rate limiting is going to hit router perf (i
    expect by at least a factor of 2 or 3) - best case numbers are here:
    http://www.cisco.com/warp/public/765/tools/quickreference/routerperformance.pdf

    so if your DSL is significantly faster than 500 Kbps, or you are switching
    more than 1000 pps that router is going to run out of breath - and trying to
    do QoS on an overloaded router is not going to give predictable results.

    So - yes - you probably need a bigger router for performance reasons, and
    the 805 feature set means you might need something else to provide the
    functions you want.
    >

    --
    Regards

    - replace xyz with ntl
     
    stephen, Nov 12, 2006
    #4
  5. sali

    sali Guest

    "stephen" <> je napisao u poruci interesnoj
    grupi:60L5h.16385$...
    > "sali" <> wrote in message
    > news:ej54q5$6jo$...
    >> "stephen" <> je napisao u poruci interesnoj
    >> grupi:R955h.10820$...
    >> > "sali" <> wrote in message
    >> > news:ej1a8i$2ac$...
    >> >> we have branch office connected through dsl & cisco805 with both
    >> >> corporate
    >> >> vpn and internet.
    >> >> problem is that users from branch office "over-utilise" their internet
    >> >> access, so the vpn part [that supports core accounting apps] suffers,

    >>
    >> >
    >> >> my question is, is it applicable to cisco805 router class, or needs
    >> >> something more sophisticated device?



    > So - yes - you probably need a bigger router for performance reasons, and
    > the 805 feature set means you might need something else to provide the
    > functions you want.



    thnx for the detailed answer.

    this dsl link is only 256kb, and all what i am trying is to lower the costs,
    while increase the performace, and keep the configuration as simple as
    possible.

    doubling link speed will [temporarly] improve the situation, but is
    expensive, upgrade 256->512 is about eur250/monthly, router upgrade [cisco
    18xx class] also costs significantly [not less than eur1500], supervising
    users what are they doing is not a popular solution, and is also not a
    "single point" solutuion.

    maybe the next step i can try is to put sw bandwith limiter between cisco805
    and internal branch ofice lan, maybe some linux comp with ipcop sw, but it
    increase the maintenance complexity ...

    thx for the given infos, i shall try to estimate the balance between
    solutions.
     
    sali, Nov 13, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    3
    Views:
    745
    Charlie Root
    Mar 1, 2006
  2. Eric

    cisco 2950 limit bandwith

    Eric, May 10, 2006, in forum: Cisco
    Replies:
    1
    Views:
    949
  3. Replies:
    2
    Views:
    625
    brickwalls19
    Jun 1, 2007
  4. guimev

    limit bandwith

    guimev, Apr 7, 2008, in forum: Cisco
    Replies:
    0
    Views:
    428
    guimev
    Apr 7, 2008
  5. Rudi Hassauer

    limit bandwith in a LAN

    Rudi Hassauer, Nov 3, 2008, in forum: Wireless Networking
    Replies:
    3
    Views:
    483
    Rudi Hassauer
    Nov 6, 2008
Loading...

Share This Page