[c-nsp] Bandwidth shaping/limiting

daniel.dib at reaper.nu daniel.dib at reaper.nu
Wed Oct 28 09:06:48 EDT 2015 


2015-10-28 13:37 skrev Mark Tinka:
> On 28/Oct/15 14:27, Dan Brisson wrote:
> 
>> I'm hoping to get some feedback on how to limit/shape bandwidth for
>> customers in a co-lo environment.  Currently customers are connected
>> to Cisco 3750 switches at either 10, 100, or 1Gig depending on what
>> they purchase for commodity Internet bandwidth.  The 10 and 100 is
>> fine but customers are allowed to purchase in increments between
>> 100Meg and 1Gig.  So because of that, if a customer purchased 300Mb/s,
>> it would be nice to limit their physical gig port to capping out at
>> 300Mb/s.
>> 
>> I know the 3750 line has some shaping capability, but I'm not sure it
>> can do what I want.  And further I'm not sure if it has the buffer
>> space to do what I want.
>> 
>> Can someone confirm or deny the capabilities the Catalyst 3750 line
>> with respect to this situation.  And if the 3750 cannot do what I
>> need, what should I look at in the Cisco line?  Would the ME line of
>> switches be more appropriate.
> 
> The only Cisco switch I am aware of that can do egress policing is the
> ME3600X, ASR920, and whatever runs the SUP-2T (SUP-2T not tested, just
> based on what others have said).
> 
> Egress shaping is, IIRC, supported on some of Cisco's desktop switches,
> but as you say, the limited buffers on these platforms may create some
> interesting situations in the field.
> 
> I believe reasonably recent desktop switches from Cisco will support
> ingress policing, but suggest you check this out before you buy.
> 
> Mark.

Does each customer have its own VLAN or do they share VLANs? Do you care 
if the customer uses more capacity internally or only towards the 
Internet? Catalyst switches can do ingress policing which would mean 
outbound traffic if you do it on the customer port. It also has egress 
shaping but it uses an algorithm called SRR which is quite different to 
the policy-maps that are used on routers. You could do ingress policing 
on a trunk port but it's quite convoluted to be honest.

Like Mark said you could either move up to some more advanced switch 
such as 4500 or 6880 etc or keep things as is but invest in more 
intelligence at the edge with a box like ASR920 or similar.

Regards,

Daniel

More information about the cisco-nsp mailing list