[c-nsp] Traffic Shaping

Brian Desmond brian at briandesmond.com
Thu Feb 2 23:20:11 EST 2006

This is best done on the router - it is the last hop to your ISP. If you
were to add another switch, for example, now you'd be maintaining the
same rate limits in two places.

You're going to need a couple things to make this work:

access-list 150 permit ip any
access-list 150 remark rate-limiting acl

then on your isp interface 

rate-limit output access-group 150 10000000 1875000 3750000
conform-action continue exceed-action drop

I assume your ISP is doing 95th percentile billing...the second pair of
numbers are the magic numbers recommended by cisco... 1875000 is CIR *
1/8 * 1.5s and the third value to 3750000 (2x the previous).

If you want to hard limit it to 10megs, you can set the second two
values to 5000 (minimum value @ 10megs)

Brian Desmond
brian at briandesmond.com
c - 312.731.3132

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Joseph Jackson
> Sent: Thursday, February 02, 2006 8:53 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Traffic Shaping
> Hey all,
>     We currently have a ds3 to the internet which we pay a flat fee
> the first 10megs of traffic and anything over that we pay extra.  I
> been tasked with setting up some traffic shaping on the link so we
> burst over the 10 meg cap.  My first question is is it better to do
> limiting on the switch or the router?  The router is a 7206vxr with an
> NPE-300 and 128megs of ram.  The switch is a catalyst 2950. Question
> number 2)  We only want to limit traffic from US going over the 10 meg
> cap we do not want to limit any of our customers hitting our websites
> be limited. Is it possible for the router/switch to only rate limit on
> traffic that originates from our network?
> Thanks.
> Joseph
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list