This tutorial will go over how to set up a traffic shaper that limits bandwidth to 500k on both inbound and outbound traffic over a customer ethernet port (LAN facing) over a serial link (WAN facing).
The topology in use is specific to a T1 that is split between normal and VRF traffic, but can be applicable in other situations. The WAN interface (S1/0:0) already has a pre-existing policy applied, so we have to add our shaper as a nested policy (explained below).
CUST_ROUTER#show ip int br
Interface IP-Address
FastEthernet0/0 unassigned
FastEthernet0/0.1 10.30.255.1 (customer VRF block, not touching this for this tutorial)
FastEthernet0/0.2 62.0.62.1 (customer LAN block, this is the IP range we are shaping)
Serial1/0:0 unassigned
Serial1/0:0.30 55.100.228.12 (customer WAN block (internet))
Serial1/0:0.31 202.139.113.102 (customer WAN VRF block(we dont touch this either))
For this example, we are going to shape traffic for the Fa0/0.2 interface so inbound traffic towards the customer LAN off of Fa0/0.2 is shaped to 500k and outbound traffic on S1/0:0 for LAN block 62.0.62.0/24 is also shaped at 500k, essentially limiting the customer to 500k for any traffic on 62.0.62.0/24.
Here’s the config:
1. create the policy map:
policy-map 500K-DIA-SHAPE
class DIA-LAN-CLASS // use class ‘DIA-LAN-CLASS’
shape average 500000 // set a shaper of 500k for this class
2. Create the class
class-map match-any DIA-LAN-CLASS // class name
match access-group name DIA-LAN // match ACL named ‘DIA-LAN’
3. interface S1/0:0 already has policy VRF-100-PERCENT-OUT-POLICY applied to it (don’t worry about what it does for this tutorial). You can only have 1 policy per interface outbound, so, we have to add policy ’500K-DIA-SHAPE’ to this existing policy that will shape outbound traffic (to the WAN/cloud) on S1/0:0
policy-map VRF-100-PERCENT-OUT-POLICY
class DSCP-VOIP-CLASS
priority percent 99
class IPVPN-EF-AF31-SPECIAL-CLASS
bandwidth remaining percent 50
class IPVPN-AF11-SPECIAL-CLASS
bandwidth remaining percent 30
class class-default
bandwidth remaining percent 20
set ip dscp default
service-policy 500K-DIA-SHAPE // our policy is applied to the default/best effort traffic
4. apply the policy to the FA0/0 interface. This will be for traffic coming in from the cloud/WAN going towards the customers LAN
interface FastEthernet0/0
description Data LAN Port
… Omitted ..
max-reserved-bandwidth 96
service-policy output 500K-DIA-SHAPE // sets shaper policy on Fa0/0 interface
5. check/confirm the LAN block to be added to our ACL.
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 62.0.62.1 255.255.255.0 // this is the LAN block that the shaper will check against
no cdp enable
6. Build the ACL that is referenced in class ‘DIA-LAN-CLASS’
ip access-list extended DIA-LAN
permit ip 62.0.62.0 0.0.0.255 any
permit ip any 62.0.62.88 0.0.0.255
So what we did is make a shaper policy that shapes the internet (non-VRF) traffic to 500k for both ingress and egress traffic. Take a closer look at step 3. Policy map VRF-100-PERCENT-OUT-POLICY was already applied out to S1/0:0 before we even got here, so we had to add our new shaper policy onto it.
The topology in use is specific to a T1 that is split between normal and VRF traffic, but can be applicable in other situations. The WAN interface (S1/0:0) already has a pre-existing policy applied, so we have to add our shaper as a nested policy (explained below).
CUST_ROUTER#show ip int br
Interface IP-Address
FastEthernet0/0 unassigned
FastEthernet0/0.1 10.30.255.1 (customer VRF block, not touching this for this tutorial)
FastEthernet0/0.2 62.0.62.1 (customer LAN block, this is the IP range we are shaping)
Serial1/0:0 unassigned
Serial1/0:0.30 55.100.228.12 (customer WAN block (internet))
Serial1/0:0.31 202.139.113.102 (customer WAN VRF block(we dont touch this either))
For this example, we are going to shape traffic for the Fa0/0.2 interface so inbound traffic towards the customer LAN off of Fa0/0.2 is shaped to 500k and outbound traffic on S1/0:0 for LAN block 62.0.62.0/24 is also shaped at 500k, essentially limiting the customer to 500k for any traffic on 62.0.62.0/24.
Here’s the config:
1. create the policy map:
policy-map 500K-DIA-SHAPE
class DIA-LAN-CLASS // use class ‘DIA-LAN-CLASS’
shape average 500000 // set a shaper of 500k for this class
2. Create the class
class-map match-any DIA-LAN-CLASS // class name
match access-group name DIA-LAN // match ACL named ‘DIA-LAN’
3. interface S1/0:0 already has policy VRF-100-PERCENT-OUT-POLICY applied to it (don’t worry about what it does for this tutorial). You can only have 1 policy per interface outbound, so, we have to add policy ’500K-DIA-SHAPE’ to this existing policy that will shape outbound traffic (to the WAN/cloud) on S1/0:0
policy-map VRF-100-PERCENT-OUT-POLICY
class DSCP-VOIP-CLASS
priority percent 99
class IPVPN-EF-AF31-SPECIAL-CLASS
bandwidth remaining percent 50
class IPVPN-AF11-SPECIAL-CLASS
bandwidth remaining percent 30
class class-default
bandwidth remaining percent 20
set ip dscp default
service-policy 500K-DIA-SHAPE // our policy is applied to the default/best effort traffic
4. apply the policy to the FA0/0 interface. This will be for traffic coming in from the cloud/WAN going towards the customers LAN
interface FastEthernet0/0
description Data LAN Port
… Omitted ..
max-reserved-bandwidth 96
service-policy output 500K-DIA-SHAPE // sets shaper policy on Fa0/0 interface
5. check/confirm the LAN block to be added to our ACL.
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 62.0.62.1 255.255.255.0 // this is the LAN block that the shaper will check against
no cdp enable
6. Build the ACL that is referenced in class ‘DIA-LAN-CLASS’
ip access-list extended DIA-LAN
permit ip 62.0.62.0 0.0.0.255 any
permit ip any 62.0.62.88 0.0.0.255
So what we did is make a shaper policy that shapes the internet (non-VRF) traffic to 500k for both ingress and egress traffic. Take a closer look at step 3. Policy map VRF-100-PERCENT-OUT-POLICY was already applied out to S1/0:0 before we even got here, so we had to add our new shaper policy onto it.
Posted by Unknown on Selasa, 17 April 2012 - Rating: 4.5
Title : Cisco Shaper Policy Tutorial
Description : This tutorial will go over how to set up a traffic shaper that limits bandwidth to 500k on both inbound and outbound traffic over a custome...
Description : This tutorial will go over how to set up a traffic shaper that limits bandwidth to 500k on both inbound and outbound traffic over a custome...
0 Response to "Cisco Shaper Policy Tutorial"
Posting Komentar