5

I have a Cisco Router 1900 series and I would like to limit the bandwidth used by a subnet/subinterface. This subnet/subinterface (192.168.10.*) uses most of the bandwidth making it useless for other subnets/subinterfaces and would like to limit their total bandwidth consumption to like 2MB out of whatever total bandwidth we might be assigned.

I have read some resources on Class Based Shaping but not getting the idea.

I dont have any certification on Cisco but I learn as I proceed with their range of products.

Awaiting responses.

Laredo
  • 569
  • 2
  • 8
  • 15

1 Answers1

3

I have a Cisco Router 1900 series and I would like to limit the bandwidth used by a subnet/subinterface. This subnet/subinterface (192.168.10.*) uses most of the bandwidth making it useless for other subnets/subinterfaces and would like to limit their total bandwidth consumption to like 2MB out of whatever total bandwidth we might be assigned.

I will give you a policy that I run myself... I took the liberty of prioritizing traffic within that 2MB class, since it's a common need once you start limiting the bandwidth of certain people

First I define a couple of ACL objects:

  • Q_CBWFQ_net is used to define what traffic will be shaped; traffic will match this object if the IP matches either the source or destination address.
  • Q_LLQ_net is used to define what traffic will be prioritized into a low latency (i.e. high priority) queue. Up to 200Kbps of traffic (10% of 2Mbps) will be prioritized like this. Traffic will match this object if the IP matches either the source or destination address. Q_LLQ_net traffic can go above 10% of the circuit with this configuration (subject to not competing with other non-LLQ traffic).
object-group network Q_CBWFQ_net
 192.168.10.0 /24
!
object-group network Q_LLQ_net
 host 198.137.202.19
!
!
ip access-list extended CBWFQ
 permit ip any object-group Q_CBWFQ_net
 permit ip object-group Q_CBWFQ_net any
ip access-list extended LLQ
 permit ip object-group Q_LLQ_net any
 permit ip any object-group Q_LLQ_net

Now I define classes to match against those ACLs...

class-map match-all C_LLQ
 match access-group name LLQ
class-map match-all C_CBWFQ
 match access-group name CBWFQ
!

This is where the guts of the policy are implemented... I use WRED to manage the non-LLQ traffic. WRED helps ensure that your shaped traffic behaves well (assuming it is mostly TCP traffic).

!
policy-map Q_CBWFQ_to_inet
 class C_LLQ
  priority percent 10
 class C_CBWFQ
  bandwidth remaining percent 90
  random-detect
!
policy-map Q_CBWFQ_from_inet
 class C_LLQ
  priority percent 10
 class C_CBWFQ
  bandwidth remaining percent 90
  random-detect
!
policy-map Q_shape_from_inet
 class class-default
  shape average 2000000
  service-policy Q_CBWFQ_from_inet
!
policy-map Q_shape_to_inet
 class class-default
  shape average 2000000
  service-policy Q_CBWFQ_to_inet
!

Now apply the policies to your ingress and egress interfaces / subinterfaces...

interface FastEthernet0/0
 description [Interface to LAN, via sw1]
 bandwidth qos-reference 100000
 ip address 10.1.5.5 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 arp timeout 240
 service-policy output Q_shape_from_inet
!
!
interface FastEthernet0/1
 description [Uplink to internet, via fw]
 bandwidth qos-reference 100000
 ip address 10.1.2.2 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 arp timeout 240
 service-policy output Q_shape_to_inet

Please keep in mind that traffic shaping is not exact... you'll get up to 2Mbps for a single TCP flow, but the actual transfer rate could be anywhere between 1.5Mbps and 1.9Mbps at any given point in time.

Community
  • 1
Mike Pennington
  • 30,049
  • 12
  • 82
  • 153