RE: Guarantee bandwidth

From: Mustafa Bayramov (ICT/IT) (mustafa@azercell.com)
Date: Tue Jul 22 2003 - 19:22:21 GMT-3

• Next message: ccie2be: "IPExpert E-Scenario 326"
• Previous message: Jim Phillipo: "Syslog Messages for IOS"
• Maybe in reply to: Glenn Johnson: "RE: Guarantee bandwidth"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Actually nor of traffic shaping or CAR give you guaranteed bandwidth.

I think correct solution RSVP, after that you can shape or police traffic.

Regards

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Joe
Deleonardo
Sent: Thursday, July 17, 2003 12:13 AM
To: gjcomcast@comcast.net; ccielab@groupstudy.com
Subject: Re: Guarantee bandwidth

Oh no that wasn't to drop https traffic. That was to exempt it from CAR.
Subjecting all other traffic to CAR to a limit of
(1.544Mbps-296kbps)=1.248Mbps, bursting to 1.544Mbps so that way when https
wasn't using the 300kpbs, it could utilize the full bandwidth of the line if
needed.

But that's a good option below too. I didn't think of that. I'm not sure
if my way would have worked the way I intended it to.

----- Original Message -----
From: "Glenn Johnson" <gjcomcast@comcast.net>
To: "'Joe Deleonardo'" <joe_deleonardo@hotmail.com>;
<ccielab@groupstudy.com>
Sent: Wednesday, July 16, 2003 8:32 PM
Subject: RE: Guarantee bandwidth

Joe,

Other than your approach of dropping all non-https traffic above a
certain level (theoretically a heavy-handed approach), I agree that CAR is
an odd answer if the question focuses on "guaranteed X" (versus "limited to
X") bandwidth. Normally, I'd be tempted when first seeing particular
bandwidth "guarantee" terms, e.g., 300Kbps, in a requirement (that isn't
RSVP related) to use class based queueing:

Something like:

Access-list 101 permit tcp any any eq 443
Class HTTPSEC
Match ip add 101
Policy-map POLMAP
Class HTTPSEC
Bandwidth 300
Interface FA0/0
Service output POLMAP

(no setup is provided for other classes or the default class)

Sound reasonable?
Thanks

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Joe
Deleonardo
Sent: Wednesday, July 16, 2003 10:42 PM
To: security@groupstudy.com
Subject: Guarantee bandwidth

I have a question in a lab that says, "Guarantee all secure web traffic a
bandwidth of 300kbps gout out of R6."

Their answer is this:
rate-limit output access-group 121 296000 2000 2000 conform-action transmit
exceed-action drop
access-list 121 permit tcp any any eq 443

But that doesn't guarantee that amount of bandwidth, that limits the
bandwidth... right? It doesn't seem right to me.

I was thinking of doing this instead:
rate-limit out access-group 100 1248000 296000 296000 conform-action
transmit
exceed-action drop
access-list 100 deny tcp any any eq 443
access-list 100 permit ip any any

Do you think this is a good idea? It's a serial interface so the default is
1.544Mbps. Do you think there is a better way of doing it?

• Next message: ccie2be: "IPExpert E-Scenario 326"
• Previous message: Jim Phillipo: "Syslog Messages for IOS"
• Maybe in reply to: Glenn Johnson: "RE: Guarantee bandwidth"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:49 GMT-3