[c-nsp] Traffic Shaping

Joseph Jackson JJackson at aninetworks.com
Mon Feb 6 03:04:11 EST 2006

Thanks for the reply.  Can I do shaping per source ip? I would like to only limit the PAT address our internal users source out from so then any other address (our ftp and web servers) won't be limited on their out going bandwidth. 


From: Church, Chuck [mailto:cchurch at netcogov.com]
Sent: Thu 2/2/2006 8:23 PM
To: Joseph Jackson; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Traffic Shaping

Shaping/policing is much more effective on the transmit side, versus the
receive side, so you're in luck.  I'd do it on the 7206, rather than the
switch.  The switch can't shape, it can only police, which isn't very
friendly for TCP traffic.  The router will also have much finer control
over traffic and protocols than a L2 switch.  Your NPE-300 should have
plenty of CPU to do that at DS-3 speed.  Keep in mind that even if
you're not limiting customers from hitting your web server, you would be
limiting the server's responses.  It might take some trial and error,
but a decent combination of policing and shaping statements should be

Chuck Church
Lead Design Engineer
Netco Government Services - Design & Implementation Team
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 864-266-3978
cchurch at netcogov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D

"I'm one Snickers Pie away from losing my foot to diabetes."  -  Homer

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joseph Jackson
Sent: Thursday, February 02, 2006 8:53 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Traffic Shaping

Hey all,

    We currently have a ds3 to the internet which we pay a flat fee for
the first 10megs of traffic and anything over that we pay extra.  I have
been tasked with setting up some traffic shaping on the link so we can't
burst over the 10 meg cap.  My first question is is it better to do rate
limiting on the switch or the router?  The router is a 7206vxr with an
NPE-300 and 128megs of ram.  The switch is a catalyst 2950. Question
number 2)  We only want to limit traffic from US going over the 10 meg
cap we do not want to limit any of our customers hitting our websites to
be limited. Is it possible for the router/switch to only rate limit on
traffic that originates from our network?



cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list