Traffic Shaping configuration

  • 0
  • 2
  • Problem
  • Updated 2 years ago
  • Solved
  • (Edited)
Helllo people,
I have a problem with a Traffic Shaping configuration.
The situation is this:
I have three branch site and there are some servers that communicate between them and they saturate the WAN bandwidth.
I'd like configure the traffic shaping for limiting the bandwidth between their IP.
I have done this configuration:

------------------------------------------------------------------------------------------
create qosprofile qp2
configure qosprofile qp2 peak_rate 15 M ports 8:3

edit policy Traffic_Shaping_MAN

entry rule1 {
      if match all{
      source-address 10.19.2.201/32;
      destination-address 10.0.1.208/32;
    }
      then {
      qosprofile qp2;
      }
}
entry rule2 {
      if match all {
      source-address 10.19.2.201/32;
      destination-address 10.0.18.209/32;
    }
      then {
      qosprofile qp2;
      }
}

conf access-list Traffic_Shaping_MAN port 8:3 egress
-----------------------------------------------------------------------------------------------
This night I have noticed that the situation is not resolved.
Can you help me with the configuration?
Thank you
Leonardo
Photo of Leonardo Falconi

Leonardo Falconi

  • 182 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 2
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,476 Points 2k badge 2x thumb
traffic shaping via qos works only at L3 (if it passes your extreme as a gateway)
traffic between your ip-s flows directly between servers
Photo of Leonardo Falconi

Leonardo Falconi

  • 182 Points 100 badge 2x thumb
Yes, the extreme are the Gateway.
The wan is configured as a SVI.
Is more correct that I configure the acl over the physical interface or over the VLAN?
Now is over the physical interface.
Thank you.
Photo of JS

JS, Employee

  • 630 Points 500 badge 2x thumb
just a thought ... assuming port 8:3 is your router port :

1 - from the userguide, the qosprofile modifier does not work with an egress ACL
## quote ###
qosprofile qosprofilename—Forwards the packet to the specified QoS profile.

• ingress—all platforms
• egress—does not forward the packets to the specified qosprofile. If the action modifier “replacedot1p”
is present in the ACL rule, the dot1p field in the packet is replaced with the value from
associated qosprofile. Summit X460-G2, X670-G2, and X770 series switches only).
# end of quote ###

2 - what you may consider is to apply your ACL at ingress on the "non router" ports ... then traffic hitting those rules should be sent to QP2 on port 8:3 -> so shaping does occur at egress on prot 8:3
      to check : show port 8:3 qosmonitor [or use a counter for troubleshooting]

3 - an ACL should work on L2 or L3 traffic ... it is applied on a port [list of ports] or a VLAN [which means it is applied on the ports that are part of the vlan ... and it applies to the traffic of that vlan on these ports] or wildcard ... there is precedence involved.
-> the ACL chapter in the userguide is quite good -> http://documentation.extremenetworks.com/exos_22.1/EXOS_21_1/ACL/acls.shtml

hoping that helps ... JS
Photo of Leonardo Falconi

Leonardo Falconi

  • 182 Points 100 badge 2x thumb
In this article you can find one configuration of traffic shaping in egress direction using the acl filter such as the mine.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-basic-rate-limiting-on-a-port-for-ingress-and-egress
The only question is " if I must configure the acl in VLAN or in the physical interface"
The interface 8:43 is a trunk and there are two VLAN, WANDati and WANVoce.
Thank a lot
(Edited)
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Hi,

you can try this:

create and confgure a meter name limit_10M

example ACL on ingress port:

entry vlan132_meter { if match all {
    vlan-id 132 ;
    source-address 10.19.2.201/32 ;
    destination-address 10.0.18.209/32 ;
} then {
    meter limit_10M ;
} }

--
Jarek
Photo of JS

JS, Employee

  • 630 Points 500 badge 2x thumb
Hi Leonardo,

as suggested in the link you reference :
- if you want to use an "egress" ACL, then you should create a meter and apply the meter as the action [method 1]  -> as suggested by Jarek [you may not necessarily need the vlan-id condition]

- if you want to use a qosprofile action, this is method 2 and this method uses ingress ACL [3rd CLI command]  [the ACL is applied on ingress ports and shaping occurs on the egress port on QP2 - 8:53 in your case]

If you want to use method 2 [egress ACL using a meter action], I would apply the ACL on the port.

-JS
Photo of Leonardo Falconi

Leonardo Falconi

  • 182 Points 100 badge 2x thumb
Thank you.
I have configured the policy in this way:

create meter limit_15M
configure meter limit_15M committed-rate 15 Mbps out-actions drop

edit policy Rate_Limit_MAN
entry rule1 {
      if match all{
      source-address 10.19.2.201/32;
      destination-address 10.0.1.208/32;
    }
      then {
      meter limit_15M;
      }
}
entry rule2 {
      if match all {
      source-address 10.19.2.201/32;
      destination-address 10.0.1.209/32;
    }
      then {
      meter limit_15M;
      }
}     

configure access-list Rate_Limit_MAN vlan MAN-D-IMPAX ingress

If i want see if the policy is working, can I add in the policy this command then the meter limit_15M?
 count test ;

Thank you
Leonardo
(Edited)
Photo of JS

JS, Employee

  • 630 Points 500 badge 2x thumb
Hello Leonardo,

per the userguide, it should work

##### using a 21.1 userguide [consult the userguide that is relevant to the release you are using]
• count countername—Increments the counter named in the action modifier.
• ingress—all platforms
• egress—Summit X450-G2, X460-G2, X670-G2, X770, X620, and X440-G2 series switches only.
On egress, count does not work in combination with deny action.
#####

Just in case : make sure to do a "refresh policy... " after a policy is changed

-JS