We limit the speed on the Cisco router. Technology rate-limit
Hello. I want to share my experience in setting speed limits on Cisco routers.
So, for a start I will talk a little about why it was needed. Let's say we built a small Hub-and-Spoke network. Our communication channels are small, for example, 2 Mbit / s each. The network of a small enterprise, which over time begins to grow and the traffic in these channels is also increasing.
An example from life. There is a central office and several branches. The main traffic is ERP-systems and software updates. Channels 2 Mbit / s are not loaded, everything works, everyone is happy. A video surveillance server appears here at the branch, from which the video streams go to the central office, when the security service there scans the cameras. In this case, the channel is loaded under 100% and problems begin. That is, you need to cut all traffic to the video server.
How to do it. Two options immediately come to mind:
How are these two ways different?
Traffic-shape works only on output interfaces. Also traffic-shape can work with queues. Rate-limit works on both input and output interfaces and cuts all packets that are out of the band, but you can set the maximum burst value.
The rate-limit command is entered in the physical interface configuration mode and has the following syntax:
Let us examine in more detail:
')
Next come the three speeds limit bps, nbc, ebc
To calculate all the values we use the following formula:
nbc = limit (bit / s) / 8 (bit / s) * 1,5sec
ebc = 2nbc
Or use a ready-made calculator .
Further on syntax:
And there are several actions:
Now let's take a look at the practice. Take GNS3, one router and two virtual machines.
The simplest topology is to simply show how it works.
We restrict all traffic from the network 192.168.40.0/24 to the network 192.168.78.0/24. To do this, create an ACL on R1.
We limit absolutely all traffic. An example is simple, there may be more complex ACLs to limit the speed for some services, ports, etc.
Check the speed of the network to the limits.
On the C1 host, we have an FTP server, C2 will be an ftp client. My virtual network speed is 1Mbps
We see that the download speed of about 1Mbps.
After that, we hang on the physical rate-limit interface, which looks into the network 192.168.40.0/24
Now we have limited the speed to 8Kbytes / sec. We are checking.
The speed has become 64 Kbps. Everything is working.
Thank you for attention.
So, for a start I will talk a little about why it was needed. Let's say we built a small Hub-and-Spoke network. Our communication channels are small, for example, 2 Mbit / s each. The network of a small enterprise, which over time begins to grow and the traffic in these channels is also increasing.
An example from life. There is a central office and several branches. The main traffic is ERP-systems and software updates. Channels 2 Mbit / s are not loaded, everything works, everyone is happy. A video surveillance server appears here at the branch, from which the video streams go to the central office, when the security service there scans the cameras. In this case, the channel is loaded under 100% and problems begin. That is, you need to cut all traffic to the video server.
How to do it. Two options immediately come to mind:
- rate-limit
- traffic-shape
How are these two ways different?
Traffic-shape works only on output interfaces. Also traffic-shape can work with queues. Rate-limit works on both input and output interfaces and cuts all packets that are out of the band, but you can set the maximum burst value.
The rate-limit command is entered in the physical interface configuration mode and has the following syntax:
rate-limit input|output [access-group [rate-limit] acl-index] [limit-bps] [nbc] [ebc] conform-action [action] exceed-action [action]Let us examine in more detail:
- access-group — specify the number of our ACL, into which we catch traffic, which we will restrict.
')
Next come the three speeds limit bps, nbc, ebc
- limit bps - limit speed (in bits!)
- nbc - traffic limit
- ebc - maximum traffic limit
To calculate all the values we use the following formula:
nbc = limit (bit / s) / 8 (bit / s) * 1,5sec
ebc = 2nbc
Or use a ready-made calculator .
Further on syntax:
- conform-action - what to do with traffic if the restriction matches
- exceed-action action - what to do with traffic when the limit is exceeded.
And there are several actions:
- drop - drop the packet
- transmit - transmit packet
- set-dscp-transmit - flag packet
Now let's take a look at the practice. Take GNS3, one router and two virtual machines.
The simplest topology is to simply show how it works.
We restrict all traffic from the network 192.168.40.0/24 to the network 192.168.78.0/24. To do this, create an ACL on R1.
- R1 (config) # access-list 101 permit ip 192.168.40.0 0.0.0.255 192.168.78.0 0.0.0.255
- R1 (config) # access-list 101 deny ip any any
We limit absolutely all traffic. An example is simple, there may be more complex ACLs to limit the speed for some services, ports, etc.
Check the speed of the network to the limits.
On the C1 host, we have an FTP server, C2 will be an ftp client. My virtual network speed is 1Mbps
We see that the download speed of about 1Mbps.
After that, we hang on the physical rate-limit interface, which looks into the network 192.168.40.0/24
- R1 (config) #int fa 0/0
- R1 (config-if) # rate-limit output access-group 101 64000 12000 24000 conform-action transmit exceed-action drop
Now we have limited the speed to 8Kbytes / sec. We are checking.
The speed has become 64 Kbps. Everything is working.
Thank you for attention.
Source: https://habr.com/ru/post/172789/
All Articles