Rate limit question

Discussion in 'Cisco' started by Michael Love, Oct 22, 2004.

  1. Michael Love

    Michael Love Guest

    I'm trying to find the proper way of achieving this on a 2600 series router
    running IOS 12.3(10):

    We have a good number of clients on our system, and the service that we sell
    them gives them a maximum rate of 1mpbs each. If our bandwidth to the
    internet is 10mbps, for example, that means 10 customers can get get the
    maximum rate at once. In practice, we rarely have more than a couple of
    customers performing large downloads at once.

    The previous administrator tried to enforce the 1mbps policy by setting up
    an access list like this for the subnet (the ip addresses below are just
    examples):
    access-list 101 permit ip any 10.0.0.64 0.0.0.63
    and then doing a simple traffic shape on the access-list

    This, of course, limited traffic across the subnet as a whole to 1mpbs, so
    if our available bandwidth was 10mbps and 3 customers tried to push to 1mpbs
    each, each would be limited to 333kbps, and 9mbps of our bandwidth would be
    unused. This is not what we wanted.

    Then, he set an access list where he specified each individual ip on the
    subnet separately. This, didn't work because, essentially, he just recreated
    the above access list in long-hand.

    He's tossed the job over to me, now. I'm certainly not an IOS expert, I have
    a couple of books I've been reading, as well as Cisco's webpages. I've set
    up QoS policies to help reduce the bandwidth wasted by P2P software and
    things like that, but up to now I've been working on groups of traffic
    types. Other than doing something stupid and adding 60 "traffic-shape group
    <xxx> 1000000" commands to the interface, I'm not sure what to do.

    I'm certain there's a simpler way to separately rate-limit each individual
    IP on the subnet, but I've been looking through docs and doing web searches
    for the last few hours, and found nothing to help me with this particular
    problem.

    Can anyone either explain to me how to do this, or point me in the direction
    of an appropriate example? This is driving me nuts because I'm sure there's
    a simple way to do it, and I'm overlooking it somewhere.

    Thanks!
     
    Michael Love, Oct 22, 2004
    #1
    1. Advertising

  2. Michael Love

    Ben Guest

    Not clear exactly what you want to achieve, so I will make a couple of
    assumptions.

    Say you only want to limit each individual customer to 1Mb.
    I assume the customer come in a switch which is not qos capable. Let me know
    what switch you have as this could make things easier.

    So the problem is limiting customers outbound once their traffic has been
    aggregated. This can still be easily done using qos and your acl's


    1) Create an ACL for each customer (using named ACL's for clarity)

    ip access-list standard customer-1
    permit 10.0.0.64 0.0.0.63
    ip access-list standard customer-2
    permit ......


    2) Create a separate class-map for each customer:

    class-map match-any customer-1
    match access-group name customer-1
    class-map match-any customer-2
    etc....


    3) Create your policy-map

    policy-map cust-1mb
    class customer-1
    police cir 1000000 bc 31250
    conform-action transmit
    exceed-action drop
    class customer-2
    police cir 1000000 bc 31250
    conform-action transmit
    exceed-action drop
    class customer-3
    etc

    4) Apply the policy-map to the interface - you can do this inbound from the
    switch or outbound to the internet

    interface fastethernet 0/0 ?
    service-policy output cust-1mb

    Voila.

    show policy interface fast 0/0 to verify.

    Now, you could also be really nice and guarantee each customer a minimum of
    1mb, but distribute any extra bandwidth not being used at the time amongst
    them.
    That might not be what they paid for however :)

    - Ben

    "Michael Love" <> wrote in message
    news:417912a0$...
    > I'm trying to find the proper way of achieving this on a 2600 series

    router
    > running IOS 12.3(10):
    >
    > We have a good number of clients on our system, and the service that we

    sell
    > them gives them a maximum rate of 1mpbs each. If our bandwidth to the
    > internet is 10mbps, for example, that means 10 customers can get get the
    > maximum rate at once. In practice, we rarely have more than a couple of
    > customers performing large downloads at once.
    >
    > The previous administrator tried to enforce the 1mbps policy by setting up
    > an access list like this for the subnet (the ip addresses below are just
    > examples):
    > access-list 101 permit ip any 10.0.0.64 0.0.0.63
    > and then doing a simple traffic shape on the access-list
    >
    > This, of course, limited traffic across the subnet as a whole to 1mpbs, so
    > if our available bandwidth was 10mbps and 3 customers tried to push to

    1mpbs
    > each, each would be limited to 333kbps, and 9mbps of our bandwidth would

    be
    > unused. This is not what we wanted.
    >
    > Then, he set an access list where he specified each individual ip on the
    > subnet separately. This, didn't work because, essentially, he just

    recreated
    > the above access list in long-hand.
    >
    > He's tossed the job over to me, now. I'm certainly not an IOS expert, I

    have
    > a couple of books I've been reading, as well as Cisco's webpages. I've set
    > up QoS policies to help reduce the bandwidth wasted by P2P software and
    > things like that, but up to now I've been working on groups of traffic
    > types. Other than doing something stupid and adding 60 "traffic-shape

    group
    > <xxx> 1000000" commands to the interface, I'm not sure what to do.
    >
    > I'm certain there's a simpler way to separately rate-limit each individual
    > IP on the subnet, but I've been looking through docs and doing web

    searches
    > for the last few hours, and found nothing to help me with this particular
    > problem.
    >
    > Can anyone either explain to me how to do this, or point me in the

    direction
    > of an appropriate example? This is driving me nuts because I'm sure

    there's
    > a simple way to do it, and I'm overlooking it somewhere.
    >
    > Thanks!
    >
    >
     
    Ben, Oct 23, 2004
    #2
    1. Advertising

  3. Michael Love

    Michael Love Guest

    > I assume the customer come in a switch which is not qos capable. Let me
    know
    > what switch you have as this could make things easier.


    It's our wireless network. We use Cisco 350's and 1200's, and the customers
    are all bridged to our gateway machine that does accounting and stuff for
    their usage. The customers connect to the AP's, the AP's go into a non-Cisco
    switch, and the switch connects to our gateway.

    > 3) Create your policy-map
    >
    > policy-map cust-1mb
    > class customer-1
    > police cir 1000000 bc 31250
    > conform-action transmit
    > exceed-action drop
    > class customer-2
    > police cir 1000000 bc 31250
    > conform-action transmit
    > exceed-action drop
    > class customer-3
    > etc


    This is another way I thought about doing it, but I was thinking if I ended
    up doing this like 60 to 100 times I was doing it the wrong way. I can write
    a simple script to generate the class and policy list for me, then just
    paste it into the router, but I was thinking there should have been a
    simpler, fewer number of commands to do it.

    > Now, you could also be really nice and guarantee each customer a minimum

    of
    > 1mb, but distribute any extra bandwidth not being used at the time amongst
    > them.
    > That might not be what they paid for however :)


    We have a couple of customers we want to guarantee bandwidth, too, but we
    haven't finalized the service for it.

    Thanks for your help!
     
    Michael Love, Oct 23, 2004
    #3
  4. Michael Love

    Ben Guest

    It's a few extra lines of config, but since you are policing after the
    traffic has been aggregrated there's no shorter way I can think of.
    That's why it's prefereable to do it at the switch (not possible with your
    setup).

    By the by policing to 1mb you *are* guaranteeing customers' that much
    bandwidth, but no more.

    Instead of all the policing statement you could use 'bandwidth 1000' instead
    That would guarantee a *minimum* bandwidth not a maximum. You would also
    have to change this default value:
    max-reserved-bandwidth 100

    If no-one else was using your connection, any customer could get 10Mb, but
    would be guaranteed to get at least 1Mb if they needed it.

    Or you can do some other stuff like selling a premium service that always
    gets queueing priority over other customers.

    "Michael Love" <> wrote in message
    news:4179c879$...
    > > I assume the customer come in a switch which is not qos capable. Let me

    > know
    > > what switch you have as this could make things easier.

    >
    > It's our wireless network. We use Cisco 350's and 1200's, and the

    customers
    > are all bridged to our gateway machine that does accounting and stuff for
    > their usage. The customers connect to the AP's, the AP's go into a

    non-Cisco
    > switch, and the switch connects to our gateway.
    >
    > > 3) Create your policy-map
    > >
    > > policy-map cust-1mb
    > > class customer-1
    > > police cir 1000000 bc 31250
    > > conform-action transmit
    > > exceed-action drop
    > > class customer-2
    > > police cir 1000000 bc 31250
    > > conform-action transmit
    > > exceed-action drop
    > > class customer-3
    > > etc

    >
    > This is another way I thought about doing it, but I was thinking if I

    ended
    > up doing this like 60 to 100 times I was doing it the wrong way. I can

    write
    > a simple script to generate the class and policy list for me, then just
    > paste it into the router, but I was thinking there should have been a
    > simpler, fewer number of commands to do it.
    >
    > > Now, you could also be really nice and guarantee each customer a minimum

    > of
    > > 1mb, but distribute any extra bandwidth not being used at the time

    amongst
    > > them.
    > > That might not be what they paid for however :)

    >
    > We have a couple of customers we want to guarantee bandwidth, too, but we
    > haven't finalized the service for it.
    >
    > Thanks for your help!
    >
    >
    >
     
    Ben, Oct 24, 2004
    #4
  5. Michael Love

    Michael Love Guest

    Ok, thanks! Theis has been really helpful.
     
    Michael Love, Oct 25, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John
    Replies:
    5
    Views:
    35,840
    area0
    Apr 8, 2010
  2. David Hill

    rate-limit

    David Hill, Jul 22, 2003, in forum: Cisco
    Replies:
    0
    Views:
    642
    David Hill
    Jul 22, 2003
  3. Michael Letchworth

    rate-limit or police question

    Michael Letchworth, Apr 7, 2007, in forum: Cisco
    Replies:
    1
    Views:
    941
    Thrill5
    Apr 7, 2007
  4. Radium
    Replies:
    1
    Views:
    1,695
    dadiOH
    Jul 18, 2007
  5. Patrick Cervicek
    Replies:
    0
    Views:
    842
    Patrick Cervicek
    Aug 7, 2007
Loading...

Share This Page