Cisco routers - ethernet property congestion

[sharkbitz]

I've been decreed by management to put in place bandwidth constraints on one of our ethernet properties, which has a 10meg fiber drop. Problem is, they are eating up more bandwidth than we want. Personally, I don't care, but it might affect us in the long run, when bandwidth is more scarce.

Now, I'm trying to be as nice as possible, without causing harm to the average user. What do you guys think:


Interface FastEthernet0/0
access-list 101 out
custom-queue-list 1
rate-limit output 4000000 24000 32000 conform-action transmit exceed-action drop
rate-limit input 4000000 24000 32000 conform-action transmit exceed-action drop
traffic-shape rate 4000000 100000 100000 1000

access-list 101 permit icmp any any
access-list 101 permit tcp any any gt 1023
access-list 101 permit udp any any gt 1023

#this queue list is a round robin
#default byte-count setting is 1500
queue-list 1 protocol ip 1 udp 53 <----DNS
queue-list 1 protocol ip 2 tcp 110 <----pop3
queue-list 1 protocol ip 3 tcp 25 <----smtp
queue-list 1 protocol ip 4 tcp 23 <----telnet
queue-list 1 protocol ip 5 www <----web
queue-list 1 protocol ip 6 ftp <---ftp
queue-list 1 protocol ip 7 nntp <----news
queue-list 1 protocol ip 8 default <---default traffic
queue-list 1 queue 5 byte-count 3000 <---double priority for web

 

[loosbrew]

that should limit people without really restrictinf them. either way you do it, you are limiting the amount of bandwidth used, which is a good thing. but you might want to consider your replication processes in your network if youre running WIN2k severs. many times people fail to realize that they are wasting mucho bandwidth replicating major AD entries everynight, or sometimes even during the day when people are using the network.

loosbrew

 

[Zach]

Also, if they have any newbies with servers. A place that I've worked with did co-locating, anf had a few customers backing up to each other's servers. Everynight 4GB of data was going from one end of the room to the other, effectively DOS'ing everyone because of some badly written scripts. That's what I was told anyway, it doesn't seem to fit together, but the moral is there!

 

[sharkbitz]

These are actually apartments, almost all are students in fact. No commercial customers. Thanks for the input.

 

[Zach]

Oh, hah.. restrict them to hell!

 

[dowser]

lol

Why not tell them you're restricting their throughput and suggest they use a proxy?

Richard

 

[sharkbitz]

Proxy?!?! Don't even go there. NAT maybe, but proxy's are a pain.

 

[Zach]

<< Proxy?!?! Don't even go there. NAT maybe, but proxy's are a pain. >>



It's because proxies cache, there is a reason to thier madness.

Edit: their thier their thier their.. I suck in the morning. And evening. I can never spell. Ack.

 

[sharkbitz]

Seeing as www traffic is probably not even 10% of total bandwidth, I'm guessing a proxy server wouldn't be worthwhile.