Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Rate Limiting or Traffic Shaping by IP Address -- How?!?!

Status
Not open for further replies.

chiacomo

IS-IT--Management
Jul 9, 2004
103
US
I want to guarantee bandwidth between several servers on different subnets based on IP addresses.

On the 192.168.10.0 subnet, I have 192.168.10.10 -- this is the "Hub", basically.
On the 192.168.20.0 subnet, we've got 192.168.20.10, a "node".
On the 192.168.30.0 subnet, we've got 192.168.30.10, a "node".
On the 192.168.35.0 subnet, we've got 192.168.35.10, a "node".

I suppose I'll need an access-list defining each of the above

They connect over a series of Cisco Routers via T1 - (1.544 Mb throughput?)

I'm not sure whether to "rate limit" or "traffic-shape", and really not sure how to accomplish either.

Basically, the hub/nodes need to have at least 50% of the available bandwidth if required.

I'm hoping someone can provide some guidance, or help.

Thanks!

-N.
 
You can use a class-map example below.


class-map match-any ALL-TRAFFIC
match any
class-map match-any 192.168.10.10
match access-group name 192.168.10.10-PAT
class-map match-any 192.168.20.10
match access-group name 192.168.20.10-PAT
!
!
policy-map INTERNET-POLICER-OUT
class 192.168.10.10
police cir 700000
exceed-action drop
class 192.168.20.10
police cir 300000
exceed-action drop
class class-default
policy-map INTERNET-POLICER-IN
class 192.168.10.10
police cir 700000
exceed-action drop
class 192.168.20.10
police cir 300000
exceed-action drop
class class-default

ip access-list extended 192.168.20.10-PAT
remark traffic to and from node PAT address
permit ip any host XXX.XXX.XXX.XXX(outside address)
permit ip host XXX.XXX.XXX.XXX(outside address) any


ip access-list extended 192.168.10.10-PAT
remark traffic to and from hub PAT address
permit ip any host XXX.XXX.XXX.XXX(outside address)
permit ip host XXX.XXX.XXX.XXX(outside address) any
 
Thanks!

I'll need to assign the policy-map to an interface?

It's getting late, and I may be missing it, but how is "other" traffic handled in the above example -- traffic that's not between the above hub and nodes?

Thanks again for your help!
 
Trying to simplify a bit -- and still accomplish my goal of giving these server at least 50% of the bandwidth (if needed) on the serial interfaces.

Will snippet below accomplish what I'm trying to do?

Code:
policy-map server-priority
	class servers
		priority percent 50
	class class-default
		fair-queue
	
ip access-list extended servers 
	remark traffic to and from hub and node servers 
	permit ip any host 192.168.10.10
	permit ip any host 192.168.20.10
	permit ip any host 192.168.30.10
	permit ip any host 192.168.35.10
	permit ip host 192.168.10.10 any
	permit ip host 192.168.20.10 any
	permit ip host 192.168.30.10 any
	permit ip host 192.168.35.10 any

interface serial0/0
	bandwidth 1544
	service-policy output server-priority
 
your ACL should be changed depending on the CPE device you are looking at. for example, the ACL on the CPE device attached to the .10 network should be something like this:
Code:
ip access-list extended FROM_10_NET
  permit ip any host 192.168.20.10
  permit ip any host 192.168.30.10
  permit ip any host 192.168.35.10
the ACL on the CPE device attached to the .20 network should be something like this:
Code:
ip access-list extended FROM_TWENTY_NET
  permit ip any host 192.168.10.10
  permit ip any host 192.168.30.10
  permit ip any host 192.168.35.10
under your class-default class you might want to add random-detect so tail-drop isn't used for congestion avoidance should it become a problem (for TCP based traffic anyway).

as for putting all of the server traffic in the priority queue, you may not want to do that. you must understand that you are establishing both a minumum and a maximum bandwidth reservation for the priority queue. when congestion occurs you will be policed at 50% of the bandwidth. you may or may not want this.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top