[c-nsp] Bandwidth shaping/limiting

daniel.dib at reaper.nu daniel.dib at reaper.nu
Wed Oct 28 11:02:51 EDT 2015 


2015-10-28 14:28 skrev Dan Brisson:
> On 10/28/2015 9:06 AM, daniel.dib at reaper.nu wrote:
>> 
>> 
>> 2015-10-28 13:37 skrev Mark Tinka:
>>> On 28/Oct/15 14:27, Dan Brisson wrote:
>>> 
>>>> I'm hoping to get some feedback on how to limit/shape bandwidth for
>>>> customers in a co-lo environment.  Currently customers are connected
>>>> to Cisco 3750 switches at either 10, 100, or 1Gig depending on what
>>>> they purchase for commodity Internet bandwidth.  The 10 and 100 is
>>>> fine but customers are allowed to purchase in increments between
>>>> 100Meg and 1Gig.  So because of that, if a customer purchased 
>>>> 300Mb/s,
>>>> it would be nice to limit their physical gig port to capping out at
>>>> 300Mb/s.
>>>> 
>>>> I know the 3750 line has some shaping capability, but I'm not sure 
>>>> it
>>>> can do what I want.  And further I'm not sure if it has the buffer
>>>> space to do what I want.
>>>> 
>>>> Can someone confirm or deny the capabilities the Catalyst 3750 line
>>>> with respect to this situation.  And if the 3750 cannot do what I
>>>> need, what should I look at in the Cisco line?  Would the ME line of
>>>> switches be more appropriate.
>>> 
>>> The only Cisco switch I am aware of that can do egress policing is 
>>> the
>>> ME3600X, ASR920, and whatever runs the SUP-2T (SUP-2T not tested, 
>>> just
>>> based on what others have said).
>>> 
>>> Egress shaping is, IIRC, supported on some of Cisco's desktop 
>>> switches,
>>> but as you say, the limited buffers on these platforms may create 
>>> some
>>> interesting situations in the field.
>>> 
>>> I believe reasonably recent desktop switches from Cisco will support
>>> ingress policing, but suggest you check this out before you buy.
>>> 
>>> Mark.
>> 
>> Does each customer have its own VLAN or do they share VLANs? Do you 
>> care if the customer uses more capacity internally or only towards the 
>> Internet? Catalyst switches can do ingress policing which would mean 
>> outbound traffic if you do it on the customer port. It also has egress 
>> shaping but it uses an algorithm called SRR which is quite different 
>> to the policy-maps that are used on routers. You could do ingress 
>> policing on a trunk port but it's quite convoluted to be honest.
>> 
>> Like Mark said you could either move up to some more advanced switch 
>> such as 4500 or 6880 etc or keep things as is but invest in more 
>> intelligence at the edge with a box like ASR920 or similar.
>> 
>> Regards,
>> 
>> Daniel
> Each customer does have its own VLAN.  And the only concern is to/from
> the Internet.  The customer's routing interface is actually a
> subinterface on an ASR1002 (the ASR1002 has dot1q tagged interface
> connected to the 3750 with a tag for each customer's vlan).  Maybe a
> policy applied to that interface is a better spot?  I guess that would
> come down to the policing/shaping capabilities of the ASR1002
> platform.
> 
> Thanks!
> -dan

Yes, the ASR1002 would be a better place to implement the policy. I 
think it should support both ingress and egress policing or you could do 
ingress policing and egress shaping. You could create a VLAN to test 
with before you implement it on the real customers.

Regards,
Daniel

More information about the cisco-nsp mailing list