[c-nsp] Bandwidth shaping/limiting

Dan Brisson dbrisson at gmail.com
Wed Oct 28 11:05:57 EDT 2015



On 10/28/2015 11:02 AM, daniel.dib at reaper.nu wrote:
>
>
> 2015-10-28 14:28 skrev Dan Brisson:
>> On 10/28/2015 9:06 AM, daniel.dib at reaper.nu wrote:
>>>
>>>
>>> 2015-10-28 13:37 skrev Mark Tinka:
>>>> On 28/Oct/15 14:27, Dan Brisson wrote:
>>>>
>>>>> I'm hoping to get some feedback on how to limit/shape bandwidth for
>>>>> customers in a co-lo environment.  Currently customers are connected
>>>>> to Cisco 3750 switches at either 10, 100, or 1Gig depending on what
>>>>> they purchase for commodity Internet bandwidth.  The 10 and 100 is
>>>>> fine but customers are allowed to purchase in increments between
>>>>> 100Meg and 1Gig.  So because of that, if a customer purchased 
>>>>> 300Mb/s,
>>>>> it would be nice to limit their physical gig port to capping out at
>>>>> 300Mb/s.
>>>>>
>>>>> I know the 3750 line has some shaping capability, but I'm not sure it
>>>>> can do what I want.  And further I'm not sure if it has the buffer
>>>>> space to do what I want.
>>>>>
>>>>> Can someone confirm or deny the capabilities the Catalyst 3750 line
>>>>> with respect to this situation.  And if the 3750 cannot do what I
>>>>> need, what should I look at in the Cisco line?  Would the ME line of
>>>>> switches be more appropriate.
>>>>
>>>> The only Cisco switch I am aware of that can do egress policing is the
>>>> ME3600X, ASR920, and whatever runs the SUP-2T (SUP-2T not tested, just
>>>> based on what others have said).
>>>>
>>>> Egress shaping is, IIRC, supported on some of Cisco's desktop 
>>>> switches,
>>>> but as you say, the limited buffers on these platforms may create some
>>>> interesting situations in the field.
>>>>
>>>> I believe reasonably recent desktop switches from Cisco will support
>>>> ingress policing, but suggest you check this out before you buy.
>>>>
>>>> Mark.
>>>
>>> Does each customer have its own VLAN or do they share VLANs? Do you 
>>> care if the customer uses more capacity internally or only towards 
>>> the Internet? Catalyst switches can do ingress policing which would 
>>> mean outbound traffic if you do it on the customer port. It also has 
>>> egress shaping but it uses an algorithm called SRR which is quite 
>>> different to the policy-maps that are used on routers. You could do 
>>> ingress policing on a trunk port but it's quite convoluted to be 
>>> honest.
>>>
>>> Like Mark said you could either move up to some more advanced switch 
>>> such as 4500 or 6880 etc or keep things as is but invest in more 
>>> intelligence at the edge with a box like ASR920 or similar.
>>>
>>> Regards,
>>>
>>> Daniel
>> Each customer does have its own VLAN.  And the only concern is to/from
>> the Internet.  The customer's routing interface is actually a
>> subinterface on an ASR1002 (the ASR1002 has dot1q tagged interface
>> connected to the 3750 with a tag for each customer's vlan). Maybe a
>> policy applied to that interface is a better spot?  I guess that would
>> come down to the policing/shaping capabilities of the ASR1002
>> platform.
>>
>> Thanks!
>> -dan
>
> Yes, the ASR1002 would be a better place to implement the policy. I 
> think it should support both ingress and egress policing or you could 
> do ingress policing and egress shaping. You could create a VLAN to 
> test with before you implement it on the real customers.
>
> Regards,
> Daniel
Ok, cool.  Thanks for getting me thinking a bit upstream...looks like it 
will really make my life easier.  I need to do a bit more research on 
"policing" vs. "shaping".  My first inclination is that I don't ever 
want to drop traffic in any direction in a co-lo environment so policing 
seems like a bad idea, but perhaps my understanding of policing is not 
accurate.

Thanks,
-dan



More information about the cisco-nsp mailing list