Extreme Networks

Well the ISP only offers one copper gigabit Ethernet hand-off.

I have found with our cable operator's enterprise metro ethernet circuit, that rate limiting is not required. I can fully saturate the link with iPerf and get a consistent 43 mbps for example on a 40mbps line. The handoff is from a Ciena switch that they provide (fiber in, copper Ethernet out).

Telco's used to be more strict. Back when we had Verizon years ago, they required the end user policing the rates, or we would see that sawtooth bandwidth pattern as they would furiously drop packets over the CIR, and TCP windowing would reset and drop speed, slowly increasing until packets are dropped again from exceeding that CIR.

We don't have Verizon anymore, we have another Telco and we have been throttling that out of habit, but I have not seen any documentation to state that its required. I have 60mbps in to our HQ, and 20mbps at 3 other sites. We moved the routing from a Cisco 2901 at our HQ to a pair of X690s running the core license and we are using OSPF for our interior routing protocol. I've noticed that an iPerf in one direction was showing around 800mbps, and 20mbps in the other direction. So I removed the limiters at the remote branch office Cisco 2901 routers and now I'm getting GIG speeds on this telco. So the telco goofed in our error and we will continue to keep it wide open. I can hit two sites simultaneously around 430mbps using iPerf3, which adds up to around 860mbps which shows me its a gigabit fiber that they forgot or incorrectly policed. I have to wonder when they screwed this up because we wouldn't have known since we rate limited each sub interface on the CIsco 2901 to a service output policy that defined the rate.

Its too bad we can't simplify the ACL's and do a match any. Logically in my head it sounds like it should work, but I have the mind of a human, not the mind of a machine! I guess when the day comes that our current Telco WAN provider figures out and "fixes" the bandwidth, I'll have to just manually put each IP address for each site in its own if statement. Each site has two networks, a 10.x.x.x/16 data network and a 172.16.x.x/24 voice network. The other side is a Cisco 2901 which I would just then re-attach the existing service output policy on that WAN subinterface, so that takes care of throttling in the other direction coming back to HQ.

We do have one site that is a X450-G2 stack with advanced edge license, but it is on the Cable operators metro Ethernet circuit, which they do not require shaping. We do have a 2901 at that site as well but its only for LTE backup so its peering with the X450-G2 with a higher OSPF cost and our private LTE VPN cloud from a third party provider. We needed to put that in place because although we can create gre tunnels in XOS, you cannot do OSPF over a tunnel name (it asks for vlan name in the configure ospf command). I have put in a feature request to gtac for this functionality.

It all depends on where the branch office is located as to which providers are available in the area. Otherwise I prefer dealing with the Cable operator. Its a little less expensive and its dead simple to setup. All sites can see everything in our private "cloud" and we can configure our endpoints however we want. Enabling a routing protocol creates a full mesh topology here. With the Telco provider, the branch office can only "see" the HQ. So for one branch to talk to another (rare but possible), the traffic has to come back to HQ first.