[c-nsp] shaping outbound

Mark Tinka mtinka at globaltransit.net
Sun Dec 25 07:30:47 EST 2011

On Sunday, December 25, 2011 05:34:42 AM Dan Letkeman wrote:

> Ok, so my solution would look something like this:
> class-map match-any application
>  match protocol http
> policy-map inbound
>  class application
>   police 10000000 1000000....
>  class class-default
>   police 20000000 2000000....
> interface g0/1
>  service-policy input inbound
> And this would police http traffic to 10mbps and all
> other traffic to 20mbps.

Pretty much. 

If you don't intend to police specific protocols, you could 
just apply this on all packets arriving from your customer.

Remember that this just limits the customer's upload 
capacity. Most Internet access customers download more than 
they upload, so you probably want a policer in the opposite 
direction as well.

> Are there any recommendations on the police command to
> limit the about of drops I get from doing this?

Typical policing formula in IOS has tended to be:

	Bc = (CIR/8) * 1.5
	Be = Bc * 2

Note that there are some platforms that may not have an 
infinite Bc value, especially hardware-based ones. On 
software routers, you should be fairly okay.

That said, even with this small limitation on some hardware 
platforms, we've been relatively happy with this formual.

Note that if you're implementing QoS marking or 
classification anywhere else in your network, you might want 
to consider marking all inbound traffic from the Internet as 
DSCP 0/EXP 0, or whatever value you feel makes sense to you. 
This is mandatory, but could be helpful as you deploy more 
advanced QoS-dependent services in the future.

> I do have an ASA5520 in front of this router, is there
> any way of utilizing that to shape the traffic?

No clue on QoS capabilities of the ASA. Maybe someone else 
can chime in there.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20111225/26e0e742/attachment.sig>

More information about the cisco-nsp mailing list