Policy Routing: Guaranteeing Bandwidth Question

Quick Note: Router is a Cisco 2611.

This looks ok... but... Be sure that your ACL 171 is configured to PERMIT traffic to the important web site. When that when you apply the policy-map to the interface on the 2611, remember that it's an out-going policy map. Therefore, if the saturation problem is on the incoming direction, you'll need to do some tricks to make this work.

To fix this, apply a bandwidth statement and policy-map on your inside ethernet interface. Assuming you have only one T1 , this would be (example): interface ethernet 0/0 bandwidth 1544 service-policy output student-data

Also, you'll need to make sure ACL 171 is built in such a manner as to be bi-directional. If the destination web site is 12.13.14.15 then ACL 171 would look something like this:

access-list 171 remark identify important traffic !

Wow thanks for the detailed response. I essentially just want to give people bandwidth to the student data when needed and then drop when not. I'm looking forward to testing this.

Quick question: On our 2611, we have a t-1 card serial 0/0 and an ethernet. You're saying I have to put the policy map on the ethernet port? I would assume I have to put it on the serial (i.e. T1)? I'm little confused on the placement and direction.

Thanks again JC for the help.

If this is a T1 link to your ISP, you will probably need the ISP to do the policy routing for you. Unless your traffic patterns are weird for a user community, you'll find that you T1 is only saturated from the ISP to you, and still has lots of outbound capacity. Reserving 40% of your outbound capacity for the data base won't help if YouTube only requires 5% of your outbound capacity to generate a T3's worth of inbound traffic.

Good luck and have fun!

destiny

Vincent, Thanks for the clarification. You're right, its the inbound that we are saturated on. So instead of applying the 40% bandwidth to our Database on the outbound, why wouldn't it work on the inbound? Seems like it would just drop youtube traffic if we have saturation?

Here is what I have generated so far: class-map match-all SDS-Traffic match access-group 171 ! ! policy-map SDS-Policy class SDS-Traffic bandwidth percent 40 class class-default fair-queue queue-limit 10

interface Serial0/0 ip address xxx.xxx.xx.xxx ip access-group 151 in ip access-group 152 out ip nat outside service-policy output SDS-Policy

Now if I change the service policy to inbound, wouldn't that fix the problem?

Thanks again. Aaron

destiny

yes it would, but it wont make much difference.

No - because the saturation happens at the "choke point".

QoS is just about choosing which packet to give preference to - so it only matters at the point where some packets might get sent 1st, or some packets might have to be thrown away.

So - Congestion for your inbound traffic happens before you get to see the packets - which is the router at the far end of the T1 link (assuming it has much more bandwidth to the ISP core).

at that router it may have an average of 6 Mbps heading for your T1. Over time buffers fill up, and it throws away 4.5 Mbps, and you get whats left.

Since that router isnt using QoS and / or it doesnt "know" what you think of as important, it chooses which packets to discard, not you.

It doesnt help that you give preference to inbound priority traffic at your end of the link, if most of it never gets to your router...

So, as Vincent says, you need a fix at the far end of the T1. Either QoS, or maybe get a separate link just for the application so congestion doesnt affect it.

Or - ignore the engineering and try politics. No student use of the link until after attendence is done.....