Cisco Blog

June 24, 2007

Throttle Bandwidth Based on the Time of Day

Okay...thanks to good-ol Vonage, I've thought of a simple, yet brilliant (in my humble opinion) method to throttle bandwidth based on the time of day. Here's the story: I use Vonage VoIP lines for ALL of my phone lines at home - primarily because I'm cheap, not because of the VoIP "cool factor." The problem? I run a massive file server at home that holds every digital picture, work project, video recording, etc... that I've ever done. Sure, I have a local backup that runs, but I always think "what if the house burns down?!?" so...I have an automated program that backs EVERYTHING up to a remote FTP server anytime things change (add/deletes/etc.) on my file server. The problem? I save so much stuff to the server, the FTP file backup is always running and destroying my Vonage call quality for my home phone. Here's how I fixed it:

Step 1: Create an access-list that matches my file server (172.30.100.11), but only during the day.

Router(config)# time-range DAY (creates a new time range)
Router(config-time-range)# periodic weekdays 6:00 to 22:00 (matches weekdays from 6:00am to 10:00pm)
Router(config-time-range)# periodic weekend 6:00 to 22:00 (matches weekends from 6:00am to 10:00pm)
Router(config-time-range)# exit
Router(config)# ip access-list extended SERVER
Router(config-ext-nacl)# permit ip host 172.30.100.11 any time-range DAY (matches my server during the time-range I specified above)
Router(config-ext-nacl)# exit
Router(config)#

Step 2: Create a class-map (used for QoS) that matches the SERVER access-list we just created.

Router(config)# class-map MATCH_SERVER (MATCH_SERVER is just the name)
Router(config-class-map)# match access-group name SERVER (ties in the access-list above)
Router(config-class-map)# exit
Router(config)#

Step 3: Create a policy-map (used for QoS) that throttles the bandwidth.

Router(config)# policy-map LIMIT_SERVER (creates the policy)
Router(config-pmap)# class MATCH_SERVER (applies policy to this class)
Router(config-pmap-c)# police 80000 (limits bandwidth to 80Kbps)
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)#

Step 4: Apply the new policy to the incoming interface (the one connected to my LAN, not the Internet).

Router(config)# interface fa0/0
Router(config-if)# service-policy input LIMIT_SERVER

Awesome. Vonage issue solved. Now, I know this is a little cheezy home scenario, but if you think of it, you could apply this logic for any business, any type of traffic, any time of day. You could stretch this to just about any situation!!

Posted by JC at 2:32 PM | Comments (3) | TrackBack

November 27, 2006

Throttling Bandwidth for Certain Internet Sites

I was teaching a Quality of Service (QoS) course at Interface a few weeks back. One of my students asked an interesting question: Is it possible to use QoS to throttle bandwidth for just a few, a-typical "bandwidth hog" websites using only Cisco gear... You bet it is! ...and what a cool idea! We worked through the configuration on the whiteboard, and Mike Storm (a fellow instructor & friend) documented the process...here's what we came up with:

For the sake of all that is sacred....save us from the bandwidth thieves! YouTube, Google Video, MySpace....and others. All of them are to thank for our latest level of Internet bandwidth saturation. If it bothers you like it does me, why not do something about it. Save the Internet bandwidth for your business!! On a Cisco router, it is easy to recognize and limit this type of traffic by using Cisco Quality of Service, specifically NBAR and traffic policing components.

In my scenario I will be reserving and policing the standard web traffic to 11Mbps of our DS3 and the Offending Traffic (mentioned above) to just 64Kbps. Offending traffic will still flow, (to save you from a freedom of speech lawsuit...yep, you heard me right), but it WILL be SLOOOOW...

Here is a sample config:

Start by creating your traffic classes -

!
class-map match-any web-traffic
match protocol http
match protocol secure-http
match protocol ipsec
match protocol dns
match protocol .... (match any other non-offending traffic here)

class-map match-any scum
match protocol http url "*youtube*"
match protocol http url "*video.google*"
match protocol http url "*myspace*"

Next, create your class maps to define the traffic parameters. (note the embedded policy may for the scum traffic)

policy-map inbound-internet
class web-traffic
bandwidth 10000 (in Kbps)
police cir 10000000 pir 11000000 conform-action transmit exceed-action set-prec-transmit 0 violate-action drop
service-policy die-scum

policy-map die-scum
class scum
police cir 56000 pir 64000 conform-action set-prec-transmit 0 exceed-action drop

Finally, assign the service policy to your inbound interface:

interface serial1/0
service-policy input inbound-internet

Save the Bandwidth! =)

(originally posted on Mike Storm's blog at Interface)

Posted by JC at 6:58 PM | Comments (19) | TrackBack