Cisco Blog: Throttling Bandwidth for Certain Internet Sites
I was teaching a Quality of Service (QoS) course at Interface a few weeks back. One of my students asked an interesting question: Is it possible to use QoS to throttle bandwidth for just a few, a-typical "bandwidth hog" websites using only Cisco gear... You bet it is! ...and what a cool idea! We worked through the configuration on the whiteboard, and Mike Storm (a fellow instructor & friend) documented the process...here's what we came up with:
For the sake of all that is sacred....save us from the bandwidth thieves! YouTube, Google Video, MySpace....and others. All of them are to thank for our latest level of Internet bandwidth saturation. If it bothers you like it does me, why not do something about it. Save the Internet bandwidth for your business!! On a Cisco router, it is easy to recognize and limit this type of traffic by using Cisco Quality of Service, specifically NBAR and traffic policing components.
In my scenario I will be reserving and policing the standard web traffic to 11Mbps of our DS3 and the Offending Traffic (mentioned above) to just 64Kbps. Offending traffic will still flow, (to save you from a freedom of speech lawsuit...yep, you heard me right), but it WILL be SLOOOOW...
Here is a sample config:
Start by creating your traffic classes -
!
class-map match-any web-traffic
match protocol http
match protocol secure-http
match protocol ipsec
match protocol dns
match protocol .... (match any other non-offending traffic here)
class-map match-any scum
match protocol http url "*youtube*"
match protocol http url "*video.google*"
match protocol http url "*myspace*"
Next, create your class maps to define the traffic parameters. (note the embedded policy may for the scum traffic)
policy-map inbound-internet
class web-traffic
bandwidth 10000 (in Kbps)
police cir 10000000 pir 11000000 conform-action transmit exceed-action set-prec-transmit 0 violate-action drop
service-policy die-scum
policy-map die-scum
class scum
police cir 56000 pir 64000 conform-action set-prec-transmit 0 exceed-action drop
Finally, assign the service policy to your inbound interface:
interface serial1/0
service-policy input inbound-internet
Save the Bandwidth! =)
(originally posted on Mike Storm's blog at Interface)
