Traffic Policing on Service Provider Edge router.

Hi,
I'm confused about the traffic policing on service provider edge router. Suppose I have taken internet bandwidth from my ISP and he says that they will give me 100 Mbps bandwidth burstable upto 1Gbps. What does that mean? what is burstable here?
I would appreiciate if anyone from service provider organization, can give a output of their edge router's running config. I just have to understand how the police our traffic. Here I'm talking about the Internet leased lines.

This is probably something you will have to get your service provider to answer. Different service providers use the term burst in a different context. Some SP's are "NICE' and will setup no policer or shaper and will purely monitor the link for fair use allowing you to exceed what you have purchased as long as you don’t abuse the privilege. Other Serves providers may setup a dual rate policer with a CIR and a PIR to achieve the same. a 3rd scenario is as explained above where the SP will setup a policer for 100Mb/s and then calculate the burst value at 1/8 of a second (or less in some cases) which allows your traffic to burst to full line rate for that time slice,
There are other scenarios but the point I’m trying to make is that service providers don’t all do this the same way which is why you should ask them what they mean and how long your traffic would be allowed to burst to line rate.
PJ

Similar Messages

  • I have a new internet service provider and router and need to re-connect to my airport express. However, Airport Express is not showing up. Also, when I launch Airport utility (new and 5.6), it shows no available devices. What am I doing wrong?

    iMac (2008), 10.7.5
    Airport Express (2008)
    Comcast wifi router

    The AirPort Express must be reset back to factory default settings first, and then reconfigured again.
    To reset the AirPort......
    Power off the device
    Wait a minute
    Hold in the reset button first, then continue to hold the reset button in for an additional 10 seconds while you simultaneously plug the AirPort back into power
    Release the reset button after the hold period and allow a full minute for the AirPort to restart
    Try using AirPort Utility 5.6 now to see if it will "see" the AirPort so that it can be set up again.
    If you are using AirPort Utility 6.x, you must first click on the Other WiFi Devices tab, then click on AirPort Express to start the setup wizard

  • ISG: Service with traffic policing counts dropped packets.

    Hello,
    Our company has a router Cisco 7304 NPEG100. ("show version" in the  bottom of this message). We are planing to start ISG services at this router, but there is a bug CSCei4190. When I set traffic policing in service, accounting in this service counts  packets that has been dropped by traffic policing.
    Here is example of my definition of service in RADIUS:
    User-Name = 'Internet-Service'
    Cisco-AVPair += "ip:traffic-class=in access-group 2000 priority 10"
    Cisco-AVPair += "ip:traffic-class=out access-group 2001 priority 10"
    Cisco-AVPair += "ip:traffic-class=in default drop"
    Cisco-AVPair += "ip:traffic-class=out default drop"
    Cisco-AVPair += "prepaid-config=TRAFFIC_PREPAID"
    Cisco-AVPair += "accounting-list=ISG_ACCT"
    Cisco-Service-Info += "QU;256000;D;512000"
    Acct-Interim-Interval += '60'
    When I remove Cisco-Service-Info += "QU;256000;D;512000" from service  definition, all traffic are counting correctly.
    I did not found in Bug Details, which version of IOS, I should use in my  7304 router where this bug is fixed.
    Cisco IOS Software, 7300 Software (C7300-A3JK91S-M), Version 12.2(31)SB17,  RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2009 by Cisco Systems, Inc.
    Compiled Fri 30-Oct-09 12:35 by vpernank
    ROM: System Bootstrap, Version 12.2(22r)S, RELEASE SOFTWARE (fc1)
    BOOTLDR: 7300 Software (C7300-BOOT-M), Version 12.2(20)S6, RELEASE 
    SOFTWARE (fc4)
    7304 uptime is 17 hours, 24 minutes
    Uptime for this control processor is 17 hours, 24 minutes
    System returned to ROM by reload at 06:22:24 TSK Wed Feb 23 2005
    System restarted at 18:46:54 TSK Mon Mar 22 2010
    System image file is "disk0:c7300-a3jk91s-mz.122-31.SB17.bin"
    cisco 7300 (NPEG100) processor (revision B) with 983040K/65536K bytes of  memory.
    SB-1 CPU at 800Mhz, Implementation 0x401, Rev 0.2, 512KB L2 Cache
    4 slot midplane, Version 67.49
    Last reset from software reset or reload
    4 FastEthernet interfaces
    3 Gigabit Ethernet interfaces
    1021K bytes of non-volatile configuration memory.
    62592K bytes of ATA compact flash in bootdisk (Sector size 512 bytes).
    125952K bytes of ATA compact flash in disk0 (Sector size 512 bytes).
    Configuration register is 0x2102

    I am getting other logs sent to the syslog server, yes, just not the firewall-related "dropped packet" logs.  Here's an example of one that does make it through:
    5790: *Apr 30 15:05:27.039 UTC: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:-647534746 1500 bytes is out-of-order; expectedseq:3647406270. Reason: TCP reassembly queue overflow - session 192.168.1.179:3895 to 54.240.160.142:80 on zone-pair inside-to-Transitclass WB-Browsing
    I am not allowing all the traffic across the box.  The "self-to-inside" zone-pair just allows the *firewall itself* to initiate any traffic to the inside zone.  That's temporary until I get all the management traffic to and from the firewall defined, then I will lock it down further.
    And I added the "ip inspect log drop-pkt" and it did not appear to make any difference.
    Any other suggestions?
    -Mat

  • How Service Provider infrastructure looks???

    Hi All.
    I am just curious to understand about the Service Provider infrastructure and their backend connectivities with other service provider.
    is there any private and public network ...will each service will have their own private network and provide end to end connectivity between two location...say 
    india and us locations...or they will route traffic to different service provider also.
    ---- > what is meant by PPP --- is it leased dedicated cable runs from end to end ?.. then why we need L3 protocols over there....
    ----> Frame relay ---is this always referred as Private network..can't i have a internet connections with Frame relay running in my router ?
    ----> MPLS ---  can we have MPLS connections for internet or is it only for VPN / intranet / extranet connectivity ?
    ----> Finally, i have a isdn line with me .. and i read it is a SVC --- it creates a connection to the telephone office ..if i type www.cisco.com..how it is going to cisco.com  ????
    Regards,
    Gan

    The three technologies you describe (PPP, frame relay, MPLS) just describe layer 2 encapsulation protocols, except MPLS VPN which would be described at layer 3 of the OSI model, and you can use them all for internet access.
    When you type www.cisco.com, the name is resolved into an IP address thanks to DNS.
    Here are some really cool links to help you further your understanding:
    PPP
    http://www.cisco.com/c/en/us/tech/wan/point-to-point-protocol-ppp/index.html
    Frame Relay
    http://www.cisco.com/c/en/us/support/docs/wan/frame-relay/16563-12.html
    MPLS
    http://www.cisco.com/c/en/us/products/ios-nx-os-software/multiprotocol-label-switching-mpls/index.html
    DNS
    http://www.cisco.com/c/en/us/support/docs/ip/domain-name-system-dns/12683-dns-descript.html
    ISP connectivity (this is by no means authoritative or complete)
    http://en.wikipedia.org/wiki/Internet_backbone
    Hope this helps.

  • Verizon's third party application service provider for internationale texts

    Hi, I read here that Verizon uses a third party service provider to route international text messages. On that link they say it's a company called Inphomatch, but I found out that Inphomatch merged to another company called Sybase, and on Sybase's website they say Verizon and they are partners. Shoud I think that Sybase is the one that handles international text messages for Verizon now?

    Inphomatch handles International Text Messaging for Verizon.

  • My iPhone 4 cellphone was stolen last year. I have done all the procedures of reporting it to the South African Police Services and my Vodacom service provider. I do have the case number and I did blacklist my stolen phone. I have not had any assistance.

    My iPhone 4 cellphone was stolen last year. I have done all the procedures of reporting it to the South African Police Services and my Vodacom service provider. I do have the case number and I did blacklist my stolen phone. I have not had any assistance. I had installed Find My iPhone but did not have any iCloud account on it (ie. iCloud Username and Password). So I am unable to track it or find its location as yet. Please help me find my iPhone 4.

    Your only chance is setting it up as new device without using the latest backup afterwards, which you already did.
    If this does not work, you should get it serviced:
    Apple - Support - Service Answer Center
    How to back up your data and set up as a new device

  • Service Provider Distinctive Ring Call Routing

    I have the situation where I want to replace an old key switch with a UC500. The only outstanding issue I have is an inbound ring feature enabled by the provider. The way it works is the customer has 2 phone lines that are members of a service provider hunt group. When they dial the pilot the first line rings and if it is busy the second line rings, no big deal. The issue is that the published fax number is the second line in the hunt group. So if the call comes in directly to the fax number the service provider gives it a distinctive ring, this is currently how the customer knows not to answer the phone and let the fax machine get it. With a UC500 implementation I would like to make this all transparent to the user. So here is my question, is there a way to route the call to the fax machine based off the fact that it rings in with this funny tone from the provider?

    Call routing is based on dial plan, not tones. Tones in the speechpath will be sent to the destination, but are not used to determine where the destination should be. Fax pass-through/relay is triggered by the fax tones (CNG) when they start to sync up over the speechpath. Inband ringtones will not trigger these features; they will simply be passed through like plain voice conversation.

  • Traffic policing question on Cisco ASR 1001

    Hi Experts,
    I have a request to setup aggregated traffic policing on a Cisco ASR 1001 router for multiple networks within a router.
    Lets say I have a router with several subinterfaces:
    interface GigabitEthernet0/2
     description WAN
     ip address x.x.x.x x.x.x.x
    interface GigabitEthernet0/1.70
     description Lan_1
     encapsulation dot1Q 70
     ip address 192.168.55.1 255.255.255.0
    interface GigabitEthernet0/1.80
     description LAN_2
     encapsulation dot1Q 80
     ip address 192.168.56.1 255.255.255.0
    interface GigabitEthernet0/1.90
     description Servers
     encapsulation dot1Q 90
     ip address 172.16.10.1 255.255.255.0
    I have a WAN link 100Mbit/s and I need to police traffic, so that I have 30Mbit/s for servers (GigabitEthernet0/1.90) and the rest 70Mbit I want to share between Interface Lan_1 and LAN_2. The Idea is that I need 70Mbit/s equally shared between two interfaces, so that I have fair policing on both iunterfaces. What is the best way to achieve this?
    Many Thanks

    Hello
    The below configuration is a possible option, Its provides policing inbound from the clients interfaces and LLQ priority queung on the wan interface for the servers and  shaping values from LAN1 & 2 traffic is set to 35MB.each.
    Notice nothing is defined for the default class, however i am on the understanding this is given by default 1% of Hqos implementations.
    Maybe others on here could review to verify any problems with this post and share their thoughts?
    ip access-list extended SRVS_acl
     permit ip 172.16.10.0 0.0.0.255 any
    ip access-list extended LAN1_acl
     permit ip 192.168.55.0 0.0.0.255 any
    ip access-list extended LAN2_acl
     permit ip 192.168.56.0 0.0.0.255 any
    class-map match-all SRVS_CM
     match access-group name SRVS_acl
    class-map match-all LAN_1_CM
     match access-group name  LAN1_acl
    class-map match-all LAN_2_CM
     match access-group name LAN2_acl
    policy-map SRVS_PM
     class SRVS_CM
        police 30720000 conform-action transmit exceed-action drop
    policy-map LAN_2_PM
     class LAN_2_CM
        police 35840000 conform-action transmit 
    policy-map LAN_1_PM
     class LAN_1_CM
        police 35840000 conform-action transmit 
    interface GigabitEthernet0/1.70
    service-policy input LAN_1_PM
    interface GigabitEthernet0/1.90
     service-policy input SRVS_PM
    interface GigabitEthernet0/1.80
     service-policy input LAN_2_PM
    policy-map WAN_CHILD
     class SRVS_CM
      priority 30720
     class LAN_1_CM
      shape average 35840000
     class LAN_2_CM
      shape average 35840000
     class class-default
      fair-queue
    policy-map WAN_PARENT
     class class-default
      shape average 102400000
      service-policy WAN_CHILD
    int  GigabitEthernet0/2
    bandwidth 102400
    service-policy output WAN_PARENT
    res
    Paul

  • Looking for config example for qos marking on IOS edge router for UCCE

                       I was going through the UCCE SRND for QOS config, and found the following sample, wondering if someone can provide a tested config example to configur the QOS on edge router for UCCE.
    access-list 100 permit tcp host Public_High_IP any
    access-list 100 permit tcp any host Public_High_IP
    access-list 101 permit tcp host Public_NonHigh_IP any
    access-list 101 permit tcp any host Public_NonHigh_IPSecond, classify the traffic using a class map:class-map match-all ICM_Public_High
    match access-group 100
    class-map match-all ICM_Public_Low
    match access-group 101
    policy-map ICM_Public_Marking
    class ICM_Public_High
    set ip dscp af31
    class ICM_Public_Low
    set ip dscp af11Finally, apply the marking policy to the incoming interface:interface mod/port
    service-policy input ICM_Public_Marking

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    If you're going to use only two queues, and if you want to guarantee the one queue 35% of your egress bandwidth, you need to assign your two queues the ratio of 65:35; you'll need to adjust the four queue percentages to provide those two queues the same ratio.  Ideally you'll want something like share 0 65 35 0, but if you cannot assign zero, something like 40 13 7 40, 20 39 21 20, 10 52 28 10 should do.

  • 100 Mbps MPLS but service provider handing of gig fiber?

    Our service provider is providing 100 Mbps MPLS service to one of our remote sites that will accept the handoff via a gig fiber connection into our 3845 router using a GLC-SX-MM SMF tranciever. I'm assuming that I will have to shape the ingress traffic to 100 Mbps. Can anybody send me a link on CCO that explains how to do this? And am I correct that I will have to shape the ingress traffic? Thanks, John

    Hi,
    Even though you have a fiber coming into your remote location your service provider would have rate limited it appropriately in and out from his perspective to 100MB as per the BW sold to you.
    So from your question there should be no need to implement any policing in or out on your router towards the service provider.
    HTH-Cheers,
    Swaroop

  • Unable to connect to VM's in new cloud service via express route

    We have changed our express route setup, initially we had an express route via London, but we have added a second one via Amsterdam and removed the one via London. All existing and new vm's in the different vnet's have connection to our local datacenter,
    but as soon as we create vm's in a new cloud service the published routes don't seem to be picked up and the machine are only reachable in their local vnet on azure.
    Does anyone have an idea where to look, it looks like the route publishing does not seem to work correctly, but it is strange that new vm's in existing cloud service do work correctly. BGP peering and vnet have been provided access via the expressroute and
    all have status provisioned.

    Hi Syed,
    When I try to connect to a new vm via rdp or try to do a tracert to the machine (with firewall turned off on the vm) I don't get a response (traffic is routed via the express-route correctly). If I do a tracert to an ip on the on premise network
    from the vm in question the trace is directed to internet instead of to the on premise network via the express route.
    the new cloud services were created in the same region as the working cloud services and the vm's are also in the same vnet/subnet as the working vm's. If I delete a vm (keeping the disks) from a new cloud service and redeployed it in an existing cloud service
    I can reach it again via the internal ip.
    We have checked the route publishing and the correct routes are published to the express route/vnet.
    When I check the provisioning of the vnet's via get-azurededicatedcircuitlink all the vnet's in question are listed as provisioned.
    I'll try to remove the bpgrouting for the original expressroute this evening to see if that helps.
    kind regards
    Xander

  • Is it recommended to use HSRP or multiple default between Core Layer Switch and Customer Edge Router?

    My client is asking me for following
    Client is using Router as edge device. 2  WAN links from different service provider ( each 20 Mbps)  are getting terminated on the router. There are internal servers present in the network. Client want to make setup such that even if one wan link fails  internet users should be able to access web server. Moreover if the edge router fails there should be secondary edge device so that there is device redundancy ?
    As per my understanding, in this scenario we need to do static one - to - one natting(belonging to WAN interface subnet). If we use two routers as Customer edge ans if we connect core layer switch to these two router, is it recommended to use HSRP/VRRP/GLBP or two default route on core switch pointing to two routers with equal ad value. we will also track the wan link with help of ip sla.
    which is recommended solution  Router redundancy protocol or Default routes.?

    Just had another read of this post and some other points have come up.
    1) I assumed your secondary link was for redundancy but you talk about terminating both SP links on the same router in your first paragraph.
    Did you mean this or are you going to be terminating a link per router ?
    2) are you using the second router purely for backup ?
    3) something you didn't ask about but is relevant is the IP addressing. Are you using provider independent addressing or does each SP provide you with an address block.
    If it is the second then you are going to have an issue with the web server. The problem is which provider's IP do you use for the web server ie.
    if you use the primary provider IP then that will be the DNS record on the internet. If the primary router fails then the IP address will change on the secondary router but DNS will still be handing out the primary IP.
    If you enter both IPs (primary and secondary) into DNS then you would get load balancing but this means both links will be used and the secondary would not just be backup.
    In addition if one of the links fails then DNS does not know this so it will still be handing out the failed address as well as the address that is still up which means some connections will work and some won't.
    Jon

  • Best practice MPLS design/configuration for small service provider

    We are a small regional service provider and did not have MPLS supported on our network.  To start supporting MPLS, I’d like to get opinions and recommendations on the best practice configuration. 
    Here is what we have today –
    We have our own BGP AS and multiple /24s.
    We are running OSPF on the Cores and BGP on the Edge routers peering with ISPs.
    We peer with multiple tier-1 ISPs for internet traffic. We do not provide public transit.
    What we want for phase one MPLS implementation –
    Configure basic MPLS /vpn functionality.
    No QoS optimization required for phase 1.
    We have Cisco ME 3600X for  PE. Any recommendations will be appreciated.

    Not sure what kind of devices or routers you have in your network but looks for if you have support for labeled multicast for MVPN support. That will avoid other complexity of using other control protocols (like PIM) in core.
    PE redundancy can be obtained by BGP attributes, CE-PE connectivity can be tunned using IGP or VRRP/HSRP...
    You can have mutiple RSVP TEs for various contract traffic and you can bind various kind of traffic to different RSVP Tunnels based on contract or service with your customer.
    RSVP-TE with link/node protection design will be of great help to achieve quicker failover.

  • Dual cloud dual hub single tier dmvpn with backup service provider

    Hi,
    I have a design issue with a WAN network. I have decided to use dual cloud dual hub single tier DMVPN topology (ref. to http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf - "Dynamic Multipoint VPN (DMVPN) Design Guide"). I have tested in lab 2 hubs and 3 spokes, applying the mentioned technology. Everything is OK, when the primary hub fails, there is only 1-3 seconds loss (3 pings).
    The problem is that each spoke and hub will have 2 service providers for WAN - primary and backup. I am still wondering which design is better and more stable to implement - using more DMVPN clouds (for the backup service provider network) or creating static IPSEC GRE tunnels in the backup links?
    Is there a guide for this case?
    What is the best practice in this case?
    Thanks in advance,
    Mladen

    Dynamic spoke-to-spoke requires your spoke routers to have mGRE tunnel interfaces. If you ever have a spoke which sources 2 tunnels from the same physical interface, you have a problem: how to resolve which tunnel is an incoming NHRP request for?
    My DMVPN is a bit different in that the crypto is GETVPN on the physical interface. There is a crypto-map applied to the physical interface and it has 2 entries which correspond to the GETVPN crypto-groups for each tunnel.
    I resolved this issue by making one of the 2 tunnels on each spoke router mGRE and the 2nd one point to point. the mGRE tunnel is preferred as primary (we use eBGP through the tunnel, so routes received through the mGRE tunnel are local-pref'd high and we AS path prepend routes advertised out the point-to-point tunnel)
    I haven't gone back and tested what happens when you have a spoke which has 2 tunnels sourced from the same interface and another spoke with 2 tunnels sourced from the same interface or from 2 different physical interfaces. The concern is that you may get a situation where one router uses Tunnel 2 for dynamic spoke-to-spoke tunneling, and the other uses Tunnel1, and that the dynamic tunnel setup fails because the crypto map cannot properly decide which crypto group to use for the incoming traffic on the router where 2 tunnels use the same physical interface.

  • PBR to select a specific service provider

    I want to use PBR with route map to match some traffic coming from different vlans to go to a specific service provider I have vlan 10 and vlan 20 , both vlan default gateway are on the core switch I am thinking of configuring a route map to match source vlan 10 and set ip next hop to be the inside interface for the router to provider A Then i need to configure a PBR under interface but i am confused about which interface i have to apply the route map , is it the vlan interface on the core switch ? Also i need to know who can i test it

    Hi ,
     What is your core switch hardware ?? , need to verify do it support PBR . Share me your switch config and next hop ip address of your both service provider . 
    HTH
    Sandy

Maybe you are looking for

  • Can't access safe mode to delete System Security fake anti virus virus. HELP.

    Hi, our SL500 has become infected with "System Security" fake anti virus software. We have tracked down how to remove it. http://www.geekstogo.com/forum/system-security-malware-t222291.html However when we get to the "reboot your computer in safe mod

  • How do you copy files from one user to another

    How do you copy files from one user to another user on the same machine?

  • TS5376 iTunes will not open and errors

    I followed the instructions in the forum http://support.apple.com/kb/TS5376 but the error message I got remained and and no fix resulted.  Can anyone help?  The error message I get is, 'The procedure entry point ?fastFree@***@@YAXPAX@Z could not be l

  • How i can check this

    Hay Friends.. in my code i am generating a randum number (rng), Now i want to check TWO conditiond. Is my number LESS THAN EQUALLS TOsomenumber (let say 0.3) and GREATER THAN EQUALLS TO somenumber (let say 0.58)...I M NOT SURE AM I DOING IT WRITE OR

  • Can't connect to my Time Capsule!!

    My Time Capsule was working perfectly except it wouldn't let me back my data up to it, so I reboot it and now the backups work. However, now another problem presented itself. It won't let my WiFi devices connect to it. It's name appears and disappear