Policy Routing: Guaranteeing Bandwidth Question


I work for a school district and we have now outsourced our entire student information database and with all the internet-traffic we have on some days, we can easily saturate our T-1 line. (We can easily have more than 200 concurrent connections, etc.) So I now get angry phone calls from secretaries who just want to do building attendance but can't because we're at 98% capacity.

What I would like to do, is set up a policy that takes say 40% of our bandwidth, and when it is required, is allocated to all traffic going to our outsourced database ip address. However, when administration / teachers are not visiting our database site, I want that 40% of the 'reserved' bandwidth to go back into the pot for everyone to use.

Through my research , I believe the solution will come via policy & class mapping with bandwidth settings. Please review my theory as I am hoping for comments and improvements.

# Theorized Solution

class-map student-data-traffic match access-group 171

policy-map student-data class student-data-traffic bandwidth percent 40 class class-default fair-queue queue-limit 10

Serial 0/0: ip policy route-map student-data

(create access 171 here) #

If there is an easier solution that would offer bandwidth to users when they need it, and release it when they aren't, I am very open to ideas.

Thanks in advance for your help. ~ Aaron

Reply to
Loading thread data ...

Quick Note: Router is a Cisco 2611.

Reply to

This looks ok... but... Be sure that your ACL 171 is configured to PERMIT traffic to the important web site. When that when you apply the policy-map to the interface on the 2611, remember that it's an out-going policy map. Therefore, if the saturation problem is on the incoming direction, you'll need to do some tricks to make this work.

To fix this, apply a bandwidth statement and policy-map on your inside ethernet interface. Assuming you have only one T1 , this would be (example): interface ethernet 0/0 bandwidth 1544 service-policy output student-data

Also, you'll need to make sure ACL 171 is built in such a manner as to be bi-directional. If the destination web site is then ACL 171 would look something like this:

access-list 171 remark identify important traffic !

Reply to

Wow thanks for the detailed response. I essentially just want to give people bandwidth to the student data when needed and then drop when not. I'm looking forward to testing this.

Quick question: On our 2611, we have a t-1 card serial 0/0 and an ethernet. You're saying I have to put the policy map on the ethernet port? I would assume I have to put it on the serial (i.e. T1)? I'm little confused on the placement and direction.

Thanks again JC for the help.

Reply to

If this is a T1 link to your ISP, you will probably need the ISP to do the policy routing for you. Unless your traffic patterns are weird for a user community, you'll find that you T1 is only saturated from the ISP to you, and still has lots of outbound capacity. Reserving 40% of your outbound capacity for the data base won't help if YouTube only requires 5% of your outbound capacity to generate a T3's worth of inbound traffic.

Good luck and have fun!

Reply to
Vincent C Jones


formatting link
Hide quoted text -

Vincent, Thanks for the clarification. You're right, its the inbound that we are saturated on. So instead of applying the 40% bandwidth to our Database on the outbound, why wouldn't it work on the inbound? Seems like it would just drop youtube traffic if we have saturation?

Here is what I have generated so far: class-map match-all SDS-Traffic match access-group 171 ! ! policy-map SDS-Policy class SDS-Traffic bandwidth percent 40 class class-default fair-queue queue-limit 10

interface Serial0/0 ip address xxx.xxx.xx.xxx ip access-group 151 in ip access-group 152 out ip nat outside service-policy output SDS-Policy

Now if I change the service policy to inbound, wouldn't that fix the problem?

Thanks again. Aaron

Reply to


formatting link
Hide quoted text -

yes it would, but it wont make much difference.

No - because the saturation happens at the "choke point".

QoS is just about choosing which packet to give preference to - so it only matters at the point where some packets might get sent 1st, or some packets might have to be thrown away.

So - Congestion for your inbound traffic happens before you get to see the packets - which is the router at the far end of the T1 link (assuming it has much more bandwidth to the ISP core).

at that router it may have an average of 6 Mbps heading for your T1. Over time buffers fill up, and it throws away 4.5 Mbps, and you get whats left.

Since that router isnt using QoS and / or it doesnt "know" what you think of as important, it chooses which packets to discard, not you.

It doesnt help that you give preference to inbound priority traffic at your end of the link, if most of it never gets to your router...

So, as Vincent says, you need a fix at the far end of the T1. Either QoS, or maybe get a separate link just for the application so congestion doesnt affect it.

Or - ignore the engineering and try politics. No student use of the link until after attendence is done.....

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.