Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login




Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Donate Today!

Do you enjoy these
technical forums?
Donate Today! Click Here

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Jobs from Indeed

Link To This Forum!

Partner Button
Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Sreelu (IS/IT--Management) (OP)
26 Apr 05 17:25
Hi,

I need to limit the bandwidth for some of the IP's leaving my 2600 e0/0.

Setup :
[Internet]---[S0/0 -- 2600 -- e0/0]---- [Public IP i want to limit traffic]

Any Detailed Advice in appriciated.

Thanks in Advance
Sree
Helpful Member!  lambent (Vendor)
26 Apr 05 21:56
You can try the Generic Traffic Shaping commands:

!
access-list 101 permit ip <the public IP range or hosts> any
!
interface Ethernet0/0
traffic-shape group 101 <CIR in bps> <burst size in bytes> <excess burst size>
!

CIR = the limited rate you want to define
burst size = I usually set it to (CIR/8)*1.5
excess burst size = I usually set it to (burst size)*2
Sreelu (IS/IT--Management) (OP)
27 Apr 05 2:32
Thanks,

I had Done the Same Actually.

Still Not getting shaped[controlled].

Plese let me if you need any more details which would help you to suggest more in details.

Thanks.
Sree
lambent (Vendor)
27 Apr 05 3:01
"some of the IP's leaving my 2600 e0/0"
Do you mean the inbound or outbound traffic of e0/0?

Sreelu (IS/IT--Management) (OP)
27 Apr 05 4:27
I think this will help in all ways.

Please Find the Conf For Detailed Info:
________________________________________
!
!
interface Ethernet0/0
 ip address y.y.y.153 255.255.255.240 secondary
 ip address x.x.x.1 255.255.255.240
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting output-packets
 ip nat inside
 ip route-cache same-interface
 no ip mroute-cache
 half-duplex
 traffic-shape group 102 64000 8000 8000 1000
 no cdp enable
!
interface Serial0/0
 ip address z.z.z.z 255.255.255.252
 ip access-group 111 in
 ip access-group 112 out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting output-packets
 ip nat outside
 encapsulation ppp
 no ip mroute-cache
 keepalive 15
 serial restart-delay 0
 no fair-queue
 no cdp enable
!
access-list 101 deny   udp any any eq netbios-ns
access-list 101 deny   udp any any eq netbios-dgm
access-list 101 deny   udp any any eq netbios-ss
access-list 101 deny   udp any any eq 135
access-list 101 deny   udp any any eq 445
access-list 101 deny   udp any any eq 593
access-list 101 deny   tcp any any eq 1034
access-list 101 deny   tcp any any eq 1080
access-list 101 deny   tcp any any eq 3127
access-list 101 deny   tcp any any eq 3128
access-list 101 deny   tcp any any eq 3198
access-list 101 deny   udp any any eq 4444
access-list 101 deny   udp any any eq 8998
access-list 101 deny   tcp any any eq 445
access-list 101 deny   tcp any any eq ident
access-list 101 deny   tcp any any eq 3067
access-list 101 deny   tcp any any eq 256
access-list 101 deny   tcp any any eq 8191
access-list 101 deny   tcp any any eq 5111
access-list 101 deny   tcp any any eq 2000
access-list 101 deny   tcp any any eq 8192
access-list 101 deny   tcp any any eq 6667
access-list 101 deny   tcp any any eq 20012
access-list 101 deny   udp any any eq 20012
access-list 101 deny   tcp any any eq 10080
access-list 101 permit ip any any
access-list 102 permit ip host x.x.x.3 any
access-list 111 deny   ip host 0.0.0.0 any
access-list 111 deny   ip host 255.255.255.255 any
access-list 111 deny   ip 127.0.0.0 0.255.255.255 any
access-list 111 deny   ip 10.0.0.0 0.255.255.255 any
access-list 111 deny   ip 172.16.0.0 0.15.255.255 any
access-list 111 deny   ip 192.168.0.0 0.0.255.255 any
access-list 111 permit ip host x.x.x.137 any
access-list 111 deny   ip x.x.x.0 0.0.0.255 any
access-list 111 deny   ip y.y.y.0 0.0.0.255 any
access-list 111 permit ip any any
access-list 112 permit ip x.x.x.0 0.0.0.255 any
access-list 112 permit ip y.y.y.0 0.0.0.255 any
access-list 112 deny   ip any any
!
!
______________________________________

x.x.x.X and y.y.y.Y are the pools in the Router. z.z.z.z is the serial IP.

in the Above Config I am trying to limit the Bandwidth of the IP x.x.x.3 for which i wrote 102 access list and the respective traffic shape command on e0/0.

Please advice if i have to make any changes.

Thanks
Sree
lambent (Vendor)
27 Apr 05 5:16
If that's the case, then you're just trying to limit the "upstream" traffic from the host x.x.x.3 to anything outside the Internet. Do you also want to limit the "downstream" traffic from anything outside the Internet into the host x.x.x.3?

I would suggest that for "upstream" traffic, you use GTS on the s0/0 interface since "GTS shapes traffic by reducing outbound traffic flow to avoid congestion by constraining traffic to a particular bit rate using the token bucket mechanism."

For "downstream" traffic, you use inbound rate-limiting on the s0/0 interface.

so now the commands should look like this:

!define upstream traffic in ACL198
access-list 198 permit ip host x.x.x.3 any
!
!define downstream traffic in ACL199
access-list 199 permit ip any host x.x.x.3
!
interface s0/0
traffic-shape group 198 64000 8000 8000
rate-limit input access-group 199 64000 8000 8000 conform-action transmit exceed-action drop
!

Actually there're newer commands for both rate-limit and GTS which is modular and class-based. But I think you can try this first.
Sreelu (IS/IT--Management) (OP)
27 Apr 05 5:52
I had Just tried, Negative.

Bandwidth Not being shaped.

I had disabled CEF also.

Do u think any other factors influence this ?

Let me if your want any other parts of the configuration.

Thanks
Sree
Sreelu (IS/IT--Management) (OP)
27 Apr 05 6:08
Hey

It works Great.

Thanks.. Man

I have to do this for almost 16 ip's.

I find that this increases the Router overhead. Please suggest if there are better and advanced way's to setup this.

Thanks A Lot.
Sree
lambent (Vendor)
27 Apr 05 6:14
type "show int s0/0 rate" and let me see your output

also type "show traffic statistics" and let me see

Sreelu (IS/IT--Management) (OP)
27 Apr 05 6:19
ye yes......

I could see them.

Thanks.. :)

And in this scenario if i have to enable Shaping for a couple of IP's. Please Advice a effeciant way if exists.

Sree
lambent (Vendor)
27 Apr 05 6:24
just add more entries in the access-list 198 and 199

say you want to include x.x.x.4 and x.x.x.5 also, then..

!define upstream traffic in ACL198
access-list 198 permit ip host x.x.x.3 any
access-list 198 permit ip host x.x.x.4 any
access-list 198 permit ip host x.x.x.5 any
!
!define downstream traffic in ACL199
access-list 199 permit ip any host x.x.x.3
access-list 199 permit ip any host x.x.x.4
access-list 199 permit ip any host x.x.x.5
!
Sreelu (IS/IT--Management) (OP)
27 Apr 05 6:38
OK Got it...

I See some CPU Overhead/Usage being increased.

Hmmm... can it be handled ?

Thanks
Sree
lambent (Vendor)
27 Apr 05 10:16
Just a simple shaping and rate-limiting on a single interface should be ok.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close