Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. NSP
Unussual bandwidth limit question :) (Cisco ASR1002-X)
romka at kharkov
Dec 16, 2020, 2:56 AM
Post #1 of 7 (907 views)
Permalink
Hi Everyone,

Hardware:
cisco ASR1002-X (2RU-X) processor (revision 2KP) with 1066632K/6147K bytes of memory.
Cisco IOS XE Software, Version 03.16.04a.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4a, RELEASE SOFTWARE (fc1)


10G interface:

interface TenGigabitEthernet0/3/0
description "10G Uplink"
no ip address
service-policy input bwlimit
service-policy output bwlimit
service instance 1 ethernet
encapsulation dot1q 301
bridge-domain 301
!


Policy map:

policy-map bwlimit
description "Policy for BW limit"
class fuckup
police cir 8000
class fuckup-5mbps
police cir 5000000
class fuckup-1mbps
police cir 1000000
class class-default
police cir 9000000000 bc 200000000
!
end


Classes:
class-map match-all fuckup
description "ClassMap for BW limit (0 mbps)"
match access-group name BWLIMIT
class-map match-all fuckup-5mbps
description "ClassMap for BW limit (5 mbps)
match access-group name BWLIMIT_5MBPS
class-map match-all fuckup-1mbps
description "ClassMap for BW limit (1 mbps)
match access-group name BWLIMIT_1MBPS

Access Lists:

ip access-list extended BWLIMIT
permit ip any host x.x.x.x
ip access-list extended BWLIMIT_1MBPS
permit ip any host y.y.y.y
ip access-list extended BWLIMIT_5MBPS
permit ip any host z.z.z.z


So, this is my current configuration for cap bandwidth, when i add
IP like "x.x.x.x" into access list cisco cap this IP.

My question is:
How i can manage ACL's remotely, i need dynamicly add/remove ips from
list, for example customer pay for 5mb/s i need move his ip to 5MBS
list. This is TPIA service, so i don't see any MAC's and i have just
once interface with ALL customers (around 3k users there).

I already have quagga peered with my cisco for turn off customers who
'non pay' for example, i just announce from quagga needed ips, then
route them to Null0, or nullroute yet. I want find some way like this
for put needed ips into needed access-lists. I can announce from quagga
ips with needed BGP community (for example) but can't find how to match
community in my access-lists or policy lists, looks like this work
only for route-maps.

I need something like this:

class-map match-all fuckup
description "ClassMap for BW limit (0 mbps)"
match community AS:NN

Or maybe someone know any other way, any opinions are welcome.

Thank you guys!



--
? ?????????,
Sheremet mailto:romka@kharkov.org.ua

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Unussual bandwidth limit question :) (Cisco ASR1002-X) [ In reply to ]
saku at ytti
Dec 16, 2020, 3:45 AM
Post #2 of 7 (907 views)
Permalink
Hey,

> So, this is my current configuration for cap bandwidth, when i add
> IP like "x.x.x.x" into access list cisco cap this IP.

I don't agree with any of this as a good product or good technical
implementation of the product, but putting that aside.

> How i can manage ACL's remotely, i need dynamicly add/remove ips from

> class-map match-all fuckup
> description "ClassMap for BW limit (0 mbps)"
> match community AS:NN

You do it 'other way around', you set packet QoS behaviour in QPPB per
BGP community, as_path or whatever. So if a customer needs 5Mbps
class, or 0Mbps class or whatnot, you originate the prefix
differently.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/xe-3s/iri-xe-3s-book/iri-qos-policy-prop-via-bgp.html

--
++ytti
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Unussual bandwidth limit question :) (Cisco ASR1002-X) [ In reply to ]
romka at kharkov
Dec 16, 2020, 7:57 AM
Post #3 of 7 (907 views)
Permalink
Hi, Saku.

Thank you for your time, i just can't understand how i can apply
received prefixes to my current ACL's.

Maybe i explain my config worng, just little more info:

I have linux server with web panel for admins/client, and i have cisco
ASR with 10Gb/s link to our TPIA provider, we just route subnets to
this service, they terminate clients for us, and doing rest, we just
sold internet BW, its typical cable connection for customer.

So, i just want have option for limit customer's bandwidth.... Our
Developers will write any scenario (with quagga or without) but i
can't find how to do this in console yet.

Maybe you know other schemes for same? Or possible you can show me few
examples how to use QoS for my situation.

I just see way when i sent from quagga needed IP (prefix) like
1.1.1.1/32 to my Cisco with community 100 (for example), then i should
match this community on cisco side and apply bw restriction to this
IP.

If you know how to do this i will be very grateful for
help.



> Hey,

>> So, this is my current configuration for cap bandwidth, when i add
>> IP like "x.x.x.x" into access list cisco cap this IP.

> I don't agree with any of this as a good product or good technical
> implementation of the product, but putting that aside.

>> How i can manage ACL's remotely, i need dynamicly add/remove ips from

>> class-map match-all fuckup
>> description "ClassMap for BW limit (0 mbps)"
>> match community AS:NN

> You do it 'other way around', you set packet QoS behaviour in QPPB per
> BGP community, as_path or whatever. So if a customer needs 5Mbps
> class, or 0Mbps class or whatnot, you originate the prefix
> differently.

> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/xe-3s/iri-xe-3s-book/iri-qos-policy-prop-via-bgp.html




--
? ?????????,
Sheremet mailto:romka@kharkov.org.ua

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Unussual bandwidth limit question :) (Cisco ASR1002-X) [ In reply to ]
saku at ytti
Dec 16, 2020, 9:14 AM
Post #4 of 7 (907 views)
Permalink
On Wed, 16 Dec 2020 at 17:57, Sheremet Roman <romka@kharkov.org.ua> wrote:

> Thank you for your time, i just can't understand how i can apply
> received prefixes to my current ACL's.

With QPPB, you don't, with QPPB while processing the BGP NLRI, based
on community or whatever information you have in RIB you assign QoS
class. This is then given to the FIB and will be part of the lookup
process, when DADDR is looked up, it will get rewrite information and
QoS class information.

So your BGP community could be 65000:fuckup, 65000:fuckup5mbps and so
forth (of course some number representing fuckup). Then when you
originate those prefixes, you need to attach the right community to
them. But you don't touch the QoS config on the far end, that would be
done automatically based on the community.

If you must push new ACL on the device then this is more question of
automation. Your options would be screenscraping or netconf.

--
++ytti
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Unussual bandwidth limit question :) (Cisco ASR1002-X) [ In reply to ]
romka at kharkov
Dec 17, 2020, 3:57 AM
Post #5 of 7 (907 views)
Permalink
Hi,

Thank you for your time and answer.

I can announce from quagga to cisco with any community, i know how to
do this, its not problem, but how then limit IP based on community ?

I want create few groups, like 1mb/s , 5mb/s 10mb/s (for example) then
i just want add IPS for manage customer's bandwidth speed without
touching cisco. Thats why i build quagga->cisco peering, my scripts
just modify quagga configs, then it announce this ips to cisco.

So, i should read more about QoS? There i can limit speed to X mb/s
based on BGP community ?


I don't want push new ACL's each time, i will create few then just
will add IPS into this ACL's.... But if you tell me need QoS, then
maybe i don't need ACL's yet.... ?

and now, i see "netconf", maybe this feature solve my issue, like i
understand i can configure router remotely ? so, possible i can add
or remove ip from exist list used netconf ?

> On Wed, 16 Dec 2020 at 17:57, Sheremet Roman <romka@kharkov.org.ua> wrote:

>> Thank you for your time, i just can't understand how i can apply
>> received prefixes to my current ACL's.

> With QPPB, you don't, with QPPB while processing the BGP NLRI, based
> on community or whatever information you have in RIB you assign QoS
> class. This is then given to the FIB and will be part of the lookup
> process, when DADDR is looked up, it will get rewrite information and
> QoS class information.

> So your BGP community could be 65000:fuckup, 65000:fuckup5mbps and so
> forth (of course some number representing fuckup). Then when you
> originate those prefixes, you need to attach the right community to
> them. But you don't touch the QoS config on the far end, that would be
> done automatically based on the community.

> If you must push new ACL on the device then this is more question of
> automation. Your options would be screenscraping or netconf.




--
? ?????????,
Sheremet mailto:romka@kharkov.org.ua

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Unussual bandwidth limit question :) (Cisco ASR1002-X) [ In reply to ]
saku at ytti
Dec 17, 2020, 4:21 AM
Post #6 of 7 (907 views)
Permalink
On Thu, 17 Dec 2020 at 13:56, Sheremet Roman <romka@kharkov.org.ua> wrote:

> So, i should read more about QoS? There i can limit speed to X mb/s
> based on BGP community ?

Yes, you should read up on QPPB if that fits your bill:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/xe-3s/iri-xe-3s-book/iri-qos-policy-prop-via-bgp.html

--
++ytti
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Unussual bandwidth limit question :) (Cisco ASR1002-X) [ In reply to ]
romka at kharkov
Dec 17, 2020, 7:36 AM
Post #7 of 7 (907 views)
Permalink
Hi Saku.

Thnka you very mutch !!! Will go read right now.

> On Thu, 17 Dec 2020 at 13:56, Sheremet Roman <romka@kharkov.org.ua> wrote:

>> So, i should read more about QoS? There i can limit speed to X mb/s
>> based on BGP community ?

> Yes, you should read up on QPPB if that fits your bill:

> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/xe-3s/iri-xe-3s-book/iri-qos-policy-prop-via-bgp.html




--
? ?????????,
Sheremet mailto:romka@kharkov.org.ua

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal