There may come a time where you need to limit the speed of a connection coming through a router. This could be part of an internal network or part of and ISP’s network.
I am going to demonstrate this on an ISP topology where we are limiting the customers speed to the internet.
Lets see the topology:
So here we are going to limit the customers speed to 5mbps upload and 50mbps download.
Lets look at the upload and download speed currently:
Before traffic policing we are getting 91mbps download and 19mbps upload.
Create an ACL to map the traffic we want to police:
ISP_EDGE(config)# access-list 101 permit ip any host 184.108.40.206 ISP_EDGE(config)# access-list 102 permit ip host 220.127.116.11 any The IP address used in the ACL's is the customers public IPv4 address
These ACL’s will catch all upload and download traffic (ingress and egress). We have two separate ACL’s because the desired upload and download speeds are different. ACL 101 will catch download traffic and ACL 102 will catch upload traffic
Now we need to link these ACL’s to Class Map’s.
ISP_EDGE(config)# class-map match-all Customer-1-Download ISP_EDGE(config-cmap)# match access-group 101 ISP_EDGE(config)# class-map match-all Customer-1-Upload ISP_EDGE(config-cmap)# match access-group 102
These Class Maps are used to match traffic, here we have chosen the ACL’s we created before.
Now to tie the Class Maps to a Policy Map.
ISP_EDGE(config)# policy-map speedcontrol ISP_EDGE(config-pmap)# class Customer-1-Download ISP_EDGE(config-pmap-c)# police cir 50000000 ISP_EDGE(config-pmap-c-police)# conform-action transmit ISP_EDGE(config-pmap-c-police)# exceed-action drop ISP_EDGE(config-pmap)# class Customer-1-Upload ISP_EDGE(config-pmap-c)# police cir 5000000 ISP_EDGE(config-pmap-c-police)# conform-action transmit ISP_EDGE(config-pmap-c-police)# exceed-action drop
The police command sets the speed that we will police, the number is in bits per second. The value entered would limit to 50mbps and 5mbps.
Now we have tied all of the pieces together we need to apply it to a port on the ISP router.
ISP_EDGE(config)# interface GigabitEthernet 0/1 ISP_EDGE(config-if)# service-policy input speedcontrol ISP_EDGE(config-if)# service-policy output speedcontrol
This applies the Policy Map to the port that connects to the Customer equipment.
The speed should now have taken effect. Lets see the speedtest after:
The results of this speed test, tell us that the configuration worked.
If you don’t see this change in speed. Double check your configuration.
The main benefits to doing traffic policing on the ISP equipment is so that you do not have to touch any of the customers equipment. Also if this was configured on the customer equipment, there is a possibility that they may be able to adjust the policing speed to increase their speed.