5

I have a Cisco Router 1900 series and I would like to limit the bandwidth used by a subnet/subinterface. This subnet/subinterface (192.168.10.*) uses most of the bandwidth making it useless for other subnets/subinterfaces and would like to limit their total bandwidth consumption to like 2MB out of whatever total bandwidth we might be assigned.

I have read some resources on Class Based Shaping but not getting the idea.

I dont have any certification on Cisco but I learn as I proceed with their range of products.

Awaiting responses.

Laredo
  • 569
  • 2
  • 7
  • 15
  • The question title is erroneous. You do not want a quota, you want a rate. – Ronnie Royston Jun 16 '15 at 03:07
  • How do you mean? I have a router that has subinterfaces configured. We are connected on fiber with a total of 11MB and a department/one subinterface is taking the whole bandwidth and I need to do something about it like limiting them to just 2 or 3MB out of the total. – Laredo Jun 16 '15 at 07:33
  • 2
    @RonRoyston, may I politely suggest that you consult a dictionary for the definition of quota. He is not a native English speaker, but he is using the phrase "Bandwidth Quota" correctly. – Mike Pennington Jun 16 '15 at 09:47
  • Exactly, you want to limit. Most people associate quota with bandwidth/timeframe like cellular providers sometimes do. @MikePennington [context](http://www.cisco.com/en/US/products/ps6134/products_configuration_guide_chapter09186a0080849902.html). – Ronnie Royston Jun 16 '15 at 16:39

1 Answers1

3

I have a Cisco Router 1900 series and I would like to limit the bandwidth used by a subnet/subinterface. This subnet/subinterface (192.168.10.*) uses most of the bandwidth making it useless for other subnets/subinterfaces and would like to limit their total bandwidth consumption to like 2MB out of whatever total bandwidth we might be assigned.

I will give you a policy that I run myself... I took the liberty of prioritizing traffic within that 2MB class, since it's a common need once you start limiting the bandwidth of certain people

First I define a couple of ACL objects:

  • Q_CBWFQ_net is used to define what traffic will be shaped; traffic will match this object if the IP matches either the source or destination address.
  • Q_LLQ_net is used to define what traffic will be prioritized into a low latency (i.e. high priority) queue. Up to 200Kbps of traffic (10% of 2Mbps) will be prioritized like this. Traffic will match this object if the IP matches either the source or destination address. Q_LLQ_net traffic can go above 10% of the circuit with this configuration (subject to not competing with other non-LLQ traffic).
object-group network Q_CBWFQ_net
 192.168.10.0 /24
!
object-group network Q_LLQ_net
 host 198.137.202.19
!
!
ip access-list extended CBWFQ
 permit ip any object-group Q_CBWFQ_net
 permit ip object-group Q_CBWFQ_net any
ip access-list extended LLQ
 permit ip object-group Q_LLQ_net any
 permit ip any object-group Q_LLQ_net

Now I define classes to match against those ACLs...

class-map match-all C_LLQ
 match access-group name LLQ
class-map match-all C_CBWFQ
 match access-group name CBWFQ
!

This is where the guts of the policy are implemented... I use WRED to manage the non-LLQ traffic. WRED helps ensure that your shaped traffic behaves well (assuming it is mostly TCP traffic).

!
policy-map Q_CBWFQ_to_inet
 class C_LLQ
  priority percent 10
 class C_CBWFQ
  bandwidth remaining percent 90
  random-detect
!
policy-map Q_CBWFQ_from_inet
 class C_LLQ
  priority percent 10
 class C_CBWFQ
  bandwidth remaining percent 90
  random-detect
!
policy-map Q_shape_from_inet
 class class-default
  shape average 2000000
  service-policy Q_CBWFQ_from_inet
!
policy-map Q_shape_to_inet
 class class-default
  shape average 2000000
  service-policy Q_CBWFQ_to_inet
!

Now apply the policies to your ingress and egress interfaces / subinterfaces...

interface FastEthernet0/0
 description [Interface to LAN, via sw1]
 bandwidth qos-reference 100000
 ip address 10.1.5.5 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 arp timeout 240
 service-policy output Q_shape_from_inet
!
!
interface FastEthernet0/1
 description [Uplink to internet, via fw]
 bandwidth qos-reference 100000
 ip address 10.1.2.2 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 arp timeout 240
 service-policy output Q_shape_to_inet

Please keep in mind that traffic shaping is not exact... you'll get up to 2Mbps for a single TCP flow, but the actual transfer rate could be anywhere between 1.5Mbps and 1.9Mbps at any given point in time.

Mike Pennington
  • 29,876
  • 11
  • 78
  • 152
  • This appears to answer the question but just wanted to note that this type of config achieves a target rate, not a data quota such as 2GB/week. A TCL script or some other type of script/application would be required for configuring a data quota. – Ronnie Royston Jun 16 '15 at 03:11
  • I dont mean a quota per week. I mean their download rate. – Laredo Jun 16 '15 at 07:35
  • Mike, please what do you mean by host 198.137.202.19? To be candid, I have been trying to understand the solution you provided but has not been able to. Can you please explain to a lame man like me? Please. – Laredo Jun 16 '15 at 07:38
  • I have implemented this and it worked like magic. Thanks Mike and would like to know how to be as this good. – Laredo Jun 16 '15 at 09:10
  • `host 198.137.202.19` is just a way to illustrate how you might classify traffic into a [LLQ](http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fsllq26.html). In this case, the ACL called `LLQ` references that object-group and it matches traffic either to or from 198.137.202.19. – Mike Pennington Jun 16 '15 at 09:48