xkln.net

Shaping Outbound Traffic on Cisco IOS

Posted on June 23, 2016

Traditionally tape drives have been used to ensure a company has offsite backups, however, with the relatively recent explosion of cloud services, and higher bandwidth Internet connectivity, it is now much more common to push your offsite backups through the WAN. Further, with the majority of workloads being visualised, replication to a DR site is becoming increasingly common. Every so often large data changes will be made, resulting in the offsite backup or replication process taking longer than usual, sometimes pushing into business hours and impacting productivity.

The configuration below applies time based QoS shaping, ensuring the business is able operate as normal while the backup or replication process completes.

Firstly, a time range must be specified to define business hours. For this to work the router clock must be accurate.

time-range OFFICE-HOURS
 periodic weekdays 8:00 to 18:00

We then create the ACL which will define the traffic to be shaped. In this scenario, we’re shaping Rsync (TCP 873), and Veeam Cloud Connect (TCP 6180).

ip access-list extended ACL-BACKUP-BW
 permit tcp any any eq 873 time-range OFFICE-HOURS
 permit tcp any any eq 6180 time-range OFFICE-HOURS

Once we have the ACL in place the class map and policy map can be configured. In the class map we specify the traffic to be rate limited by referencing the ACL, and in the policy map we configure the bandwidth we wish to limit the traffic to, entered in bits per second.

class-map match-any CM-BACKUP-BW
 match access-group name ACL-BACKUP-BW

policy-map PM-BACKUP-BW
 class CM-BACKUP-BW
    shape average 8000000

The last step is to apply the policy map to the WAN interface.

interface GigabitEthernet0/0
service-policy output PM-BACKUP-BW

We can now verify the QoS configuration is working correctly

#show policy-map interface gigabitEthernet 0/0
 GigabitEthernet0/0

  Service-policy output: BACKUP-BW

    Class-map: BACKUP-BW (match-any)
      1999787 packets, 2803841898 bytes
      5 minute offered rate 8073000 bps, drop rate 81000 bps
      Match: access-group name BACKUP-BW
        1999787 packets, 2803841898 bytes
        5 minute rate 8073000 bps
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 38/22647/0
      (pkts output/bytes output) 1977140/2772949486
      shape (average) cir 8000000, bc 32000, be 32000
      target shape rate 8000000

    Class-map: class-default (match-any)
      254492 packets, 63549892 bytes
      5 minute offered rate 97000 bps, drop rate 0000 bps
      Match: any

      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 253928/63519016

Looking at the 5 minute rate under the Match: access-group name BACKUP-BW we are able to confirm that the rate limiting is in effect.

If you enjoyed this post consider sharing it on , , , or , and .

© 2008-2024, xkln.net