[c-nsp] Traffic Shaping

Brian Desmond brian at briandesmond.com
Thu Feb 2 23:20:11 EST 2006


This is best done on the router - it is the last hop to your ISP. If you
were to add another switch, for example, now you'd be maintaining the
same rate limits in two places.

You're going to need a couple things to make this work:

access-list 150 permit ip 10.0.0.0 0.255.255.255 any
access-list 150 remark rate-limiting acl

then on your isp interface 

rate-limit output access-group 150 10000000 1875000 3750000
conform-action continue exceed-action drop

I assume your ISP is doing 95th percentile billing...the second pair of
numbers are the magic numbers recommended by cisco... 1875000 is CIR *
1/8 * 1.5s and the third value to 3750000 (2x the previous).

If you want to hard limit it to 10megs, you can set the second two
values to 5000 (minimum value @ 10megs)

Thanks,
Brian Desmond
brian at briandesmond.com
 
c - 312.731.3132
 
 

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Joseph Jackson
> Sent: Thursday, February 02, 2006 8:53 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Traffic Shaping
> 
> Hey all,
> 
>     We currently have a ds3 to the internet which we pay a flat fee
for
> the first 10megs of traffic and anything over that we pay extra.  I
have
> been tasked with setting up some traffic shaping on the link so we
can't
> burst over the 10 meg cap.  My first question is is it better to do
rate
> limiting on the switch or the router?  The router is a 7206vxr with an
> NPE-300 and 128megs of ram.  The switch is a catalyst 2950. Question
> number 2)  We only want to limit traffic from US going over the 10 meg
> cap we do not want to limit any of our customers hitting our websites
to
> be limited. Is it possible for the router/switch to only rate limit on
> traffic that originates from our network?
> 
> 
> 
> Thanks.
> 
> 
> Joseph
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list