There may come a time where you need to limit the speed of a connection coming through a router. This could be part of an internal network or part of and ISP’s network.

I am going to demonstrate this on an ISP topology where we are limiting the customers speed to the internet.

Lets see the topology:

So here we are going to limit the customers speed to 5mbps upload and 50mbps download.

Lets look at the upload and download speed currently:

Before traffic policing we are getting 91mbps download and 19mbps upload.

The Configuration

Create an ACL to map the traffic we want to police:

ISP_EDGE(config)# access-list 101 permit ip any host
ISP_EDGE(config)# access-list 102 permit ip host any

The IP address used in the ACL's is the customers public IPv4 address

These ACL’s will catch all upload and download traffic (ingress and egress). We have two separate ACL’s because the desired upload and download speeds are different. ACL 101 will catch download traffic and ACL 102 will catch upload traffic

Now we need to link these ACL’s to Class Map’s.

ISP_EDGE(config)# class-map match-all Customer-1-Download
ISP_EDGE(config-cmap)# match access-group 101
ISP_EDGE(config)# class-map match-all Customer-1-Upload
ISP_EDGE(config-cmap)# match access-group 102

These Class Maps are used to match traffic, here we have chosen the ACL’s we created before.

Now to tie the Class Maps to a Policy Map.

ISP_EDGE(config)# policy-map speedcontrol
ISP_EDGE(config-pmap)# class Customer-1-Download
ISP_EDGE(config-pmap-c)# police cir 50000000
ISP_EDGE(config-pmap-c-police)# conform-action transmit
ISP_EDGE(config-pmap-c-police)# exceed-action drop
ISP_EDGE(config-pmap)# class Customer-1-Upload
ISP_EDGE(config-pmap-c)# police cir 5000000
ISP_EDGE(config-pmap-c-police)# conform-action transmit
ISP_EDGE(config-pmap-c-police)# exceed-action drop

The police command sets the speed that we will police, the number is in bits per second. The value entered would limit to 50mbps and 5mbps.

Now we have tied all of the pieces together we need to apply it to a port on the ISP router.

ISP_EDGE(config)# interface GigabitEthernet 0/1
ISP_EDGE(config-if)# service-policy input speedcontrol
ISP_EDGE(config-if)# service-policy output speedcontrol

This applies the Policy Map to the port that connects to the Customer equipment.

The speed should now have taken effect. Lets see the speedtest after:

The results of this speed test, tell us that the configuration worked.

If you don’t see this change in speed. Double check your configuration.

The main benefits to doing traffic policing on the ISP equipment is so that you do not have to touch any of the customers equipment. Also if this was configured on the customer equipment, there is a possibility that they may be able to adjust the policing speed to increase their speed.


Leave a Reply

Your email address will not be published. Required fields are marked *