cisco: dual homed + traffic shaping = bad news?

[randal]

Okay, here is the situation. We have a Cisco 2514 (2 eth, 2 serial, ios 11.2(4)) that has a 2mbps wireless link coming in on e0, and two networks (10.10.10.0-127,10.10.10.128-255) hanging off of e1. The interface e1 is multihomed to be 10.10.10.1 and 10.10.10.129 to have access to both subnets. The subnets are physically connected to the router via a 4 port 10/100 switch that is attached to e1:

----net---------e0-router-e1--------switch==========(net1 & net2).

Net1 has ~ 20 users on it, and Net2 has maybe 8 users on it -- all clients are 100mbps. I very much desire to do trafficshaping on these two subnets (via ACLs), but I am told that this is a Bad Idea due to Layer 2 issues. Their attempts to explain why this is a terrible idea are very poor and make little sense. Could someone shed some light on this for me?

I do recognize that using a router with multiple ethernet interfaces would be the best way to go, but we don't happen to have any extras, and surely don't want to buy one for this 3-day/weekend event. I'd just like to know if this is A: Doable and Practical and B: if it is a Bad Idea, why (in clear terms?) ?

Thanks!
randal

 

[spidey07]

The e1 interface should only have one network on it. Why are there two? If there are two then eliminate one or combine them into one net. Say 10.10.10.0/24

Then we can talk about traffic shaping. Anyway you could get 12.x code on the 2500s? 11.2s traffic shaping is very poor at best.

 

[randal]

There are two because there are two separate networks that most definitely need to be segregated -- a Cyberkast Radio broadcasting setup with maybe 5-6 computers, and a CPL tournament network where there will be ~ 20 computers. Don't want them to talk to each other, but they both need to have a maxed bandwidth limit. The trafficshaping wouldn't have anything to do with QoS or anything high end, just bandwidth capping. It's an 8mb flash, 2mb ram router, so a real-early version of 12 might work.

Don't get me wrong -- I know that the *correct* solution is a multi-interfaced router. Unfortunately, the 2514 is the only spare that we have running around, and we don't want to drop the cash to buy a new router for a 3 day event. A classic "use what you have" situation. If for some reason the 2514 won't work, we've put together a freebsd box that can do sufficient routing / traffic shaping for us. We really want to use the Cisco though, because then there are 4 people who can make changes instead of 1. (3, 24 hour days is a lot for one person).

So the question stands ... can it be done? Pitfalls of doing it that way? Cisco vs. BSD?
randal

 

[randal]

^up^

 

[spidey07]

Sorry Randal. I'm confused. How do you have two separate IP networks on one interface? Using secondary addresses?

Can you provide a little more detail on exactly what you're trying to accomplish and how the clients are setup in terms of IP and mask, as well as the interface config of the e0 interface?

 

[Santa]

Not sure if this will help but when it comes to secondary IP addresses we did run into a weird qwirk that I am sure isn't the only qwirk when it comes to Secondary IP addresses.

Our issue was that there was inconsistant EIGRP announcments about the secondary IP address subnet so this caused some weird problems that went away when the subnet was broken off to it's own physical adapter. We have IOS 11.2 also and are not sure if this issue would of been fixed in 12.xx.

Now in your case you are trying to do some QoS over a secondary IP address and this too could be a weird problem that doesn't work right. The most you can do short of doing an IOS upgrade is to verify that the IP addresses do not overlap between the two subnets since you are risking it by using 10.10.10.x on one subnet and the same three octet on the secondary.

If you can do DHCP try to change out the secondary IP address to something totally differnt to see if this solves your issue.

As Spidey mentioned more information would be more helpful to us to help you out. Need to know how your subnet masks are setup to see if there is an overlap.

 

[randal]

The reason that we need two networks on one interface is because there are only two ethernet interfaces on the router -- one for the incoming net connection, and the other to hook up to the internal network. To simplify things, the two internal networks are on separate class Cs now.

e0 = 10.10.1.2 255.255.255.255.252 (incoming wan connection)

e1 = 10.10.10.1 255.255.255.0 { 2-254 available } (Net #1)
e1 = 10.10.20.1 255.255.255.0 { 2-254 available } (Net #2)

e1 has two IPs on it and is logically on two separate networks (physically connected by a switch -- see 1st post diagram).

We have no routing protocols on the router at all. Everything is static. Is it possible, using ACLs and trafficshaping, to limit the bandwidth on Net #1 and Net #2. If it is, what are the problems with it? If it is not possible, why not?

Thanks,
randal

 

[spidey07]

1) Are you using secondary addresses?
2) Exactly what do you want to do with traffic shaping? Just limit inbound and outbound bitrate?

Off the top of my head I'd say this is a no go because of the age of your IOS. But then again I'm going on a hunch and no real facts.

 

[randal]

Originally posted by: spidey07
1) Are you using secondary addresses?
2) Exactly what do you want to do with traffic shaping? Just limit inbound and outbound bitrate?

1. Yes, on e1
2. Just traffic shaping. Filtering will be handled on the incoming e0.

Found out that we can cram 12.0(5)T onto this router without issue, so assume that it's running that version.

Possible? Or Not? Good, Bad, Ugly?

randal

 

[spidey07]

<---bangs head against wall.

What are you trying to do with the traffic? There are about 10 different kinds of traffic shaping depending on what you want to do.

Limit to a certain rate? Allow bursting?

 

[randal]

Sorry to be frustrating :-( . Just want to do input / output bitrate limiting. No QoS, no bursting, nothing, just vanilla "you get 256k in, 128k out." aka Firm CAR.

access-list 101 permit tcp 10.10.10.0 0.0.0.255 any
access-list 102 permit tcp 10.10.20.0 0.0.0.255 any
access-list 103 permit tcp any 10.10.10.0 0.0.0.255
access-list 104 permit tcp any 10.10.20.0 0.0.0.255

int e0
traffic-shape group 101 128000
traffic-shape group 102 256000

int e1
traffic-shape group 103 1000000
traffic-shape group 104 1500000

That's off the top of my head, and should limit Net #1 to 1mbps down, 128k up, and Net #2 to 1.5mbps down, 256k up. Will something like that work?