[c-nsp] Unussual bandwidth limit question :) (Cisco ASR1002-X)

Sheremet Roman romka at kharkov.org.ua
Wed Dec 16 05:56:58 EST 2020 

Hi Everyone,

Hardware:
cisco ASR1002-X (2RU-X) processor (revision 2KP) with 1066632K/6147K bytes of memory.
Cisco IOS XE Software, Version 03.16.04a.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4a, RELEASE SOFTWARE (fc1)


10G interface:

interface TenGigabitEthernet0/3/0
 description "10G Uplink"
 no ip address
 service-policy input bwlimit
 service-policy output bwlimit
 service instance 1 ethernet
  encapsulation dot1q 301
  bridge-domain 301
 !


Policy map:

policy-map bwlimit
 description "Policy for BW limit"
 class fuckup
  police cir 8000
 class fuckup-5mbps
  police cir 5000000
 class fuckup-1mbps
  police cir 1000000
 class class-default
  police cir 9000000000 bc 200000000
!
end


Classes:
class-map match-all fuckup
  description "ClassMap for BW limit (0 mbps)"
 match access-group name BWLIMIT
class-map match-all fuckup-5mbps
  description "ClassMap for BW limit (5 mbps)
 match access-group name BWLIMIT_5MBPS
class-map match-all fuckup-1mbps
  description "ClassMap for BW limit (1 mbps)
 match access-group name BWLIMIT_1MBPS

Access Lists:

ip access-list extended BWLIMIT
 permit ip any host x.x.x.x
ip access-list extended BWLIMIT_1MBPS
 permit ip any host y.y.y.y
ip access-list extended BWLIMIT_5MBPS
 permit ip any host z.z.z.z


So,  this  is  my  current configuration for cap bandwidth, when i add
IP like "x.x.x.x" into access list cisco cap this IP.

My question is:
How  i can manage ACL's remotely, i need dynamicly add/remove ips from
list,  for  example  customer pay for 5mb/s i need move his ip to 5MBS
list.  This is TPIA service, so i don't see any MAC's and i have just
once interface with ALL customers (around 3k users there).

I  already have quagga peered with my cisco for turn off customers who
'non  pay'  for  example, i just announce from quagga needed ips, then
route  them to Null0, or nullroute yet. I want find some way like this
for  put  needed  ips into needed access-lists. I can announce from quagga
ips with needed BGP community (for example) but can't find how to match
community  in  my  access-lists or policy lists, looks like this work
only for route-maps.

I need something like this:

class-map match-all fuckup
  description "ClassMap for BW limit (0 mbps)"
 match community AS:NN

Or maybe someone know any other way, any opinions are welcome.

Thank you guys!



-- 
С уважением,
 Sheremet                          mailto:romka at kharkov.org.ua

More information about the cisco-nsp mailing list