We limit the speed on the Cisco router. Rate-limit technology

Hello. I want to share my experience on setting speed limits on Cisco routers.
So, for starters, I’ll talk a bit about why this was needed. Let's say we built a small Hub-and-Spoke network. We have small communication channels, for example, 2 Mbit / s each. The network of a small enterprise, which begins to grow over time and the traffic in these channels also increases.
An example from life. There is a central office and several branches. The main traffic is ERP systems and software updates. 2 Mbps channels are not loaded, everything works, everyone is happy. Then a video surveillance server appears in the branch, from which video streams go to the central office when a security service is viewing cameras there. In this case, the channel is loaded at 100% and problems begin. That is, it is necessary to cut down all the traffic going to the video server.
How to do it. Two options immediately come to mind:
  • rate-limit
  • traffic-shape

How are these two ways different?
Traffic-shape only works on output interfaces. Also, traffic-shape can work with queues. Rate-limit works on both input and output interfaces and cuts all packets that are out of band, but you can set the maximum burst value.

The rate-limit command is entered in the configuration mode of the physical interface and has the following syntax:

rate-limit input|output [access-group [rate-limit] acl-index] [limit-bps] [nbc] [ebc] conform-action [action] exceed-action [action]

We analyze in more detail:
  • access-group - specify the number of our ACL, into which we catch traffic, which we will limit.


Next, there are three speed values: limit bps, nbc, ebc

  • limit bps - limit speed (in bits!)
  • nbc - allowable traffic limit
  • ebc - maximum traffic limit


To calculate all the values, we use the following formula:

nbc = limit (bit / s) / 8 (bit / s) * 1.5sec

ebc = 2nbc

Or we use a ready-made calculator .
Further on the syntax:
  • conform-action - what to do with traffic when compliance is limited
  • exceed-action action - what to do with traffic when the limit is exceeded.


And there are several actions:
  • drop - drop the packet
  • transmit - transmit a packet
  • set-dscp-transmit - mark a packet


Now let's see in practice. Take GNS3, one router and two virtual machines.
image

The topology is simple to just show how it works.

Limit all traffic from the network 192.168.40.0/24 to the network 192.168.78.0/24. To do this, create an ACL on R1.

  • R1 (config) # access-list 101 permit ip 192.168.40.0 0.0.0.255 192.168.78.0 0.0.0.255
  • R1 (config) # access-list 101 deny ip any any


We limit absolutely all traffic. An example is simple, there may be more complex ACLs to limit the speed for some services, ports, etc.

Let's check the network speed to the limits.

On host C1, we have an FTP server, C2 will be an ftp client. My virtual network speed is 1Mbit / s.
image

We see that the download speed is about 1Mbit / s.

After that, we hang up on the physical interface rate-limit, which looks at the network 192.168.40.0/24

  • R1 (config) #int fa 0/0
  • R1 (config-if) # rate-limit output access-group 101 64000 12000 24000 conform-action transmit exceed-action drop


Now we have limited the speed to 8KB / s. We check.
image

The speed has become 64 Kbps. Everything works.

Thank you for attention.

Also popular now: