Wednesday, July 16, 2014

Limit bandwidth between on premise and Azure with Cisco ASA

Here is a new recipe. We are working into a new hybrid cloud with Microsoft Azure and our offices. One of the requirements was the limitation of the bandwidth, between on premise servers and services in Azure servers, because we only have a  link of 20Mbps and this link has to provide access to clients and to our infrastructures in Azure. So we decided to limit the bandwidth to 8Mbps, between both sites. Here is the configuration example.




  • On premise network 10.188.0.0 255.255.255.0
  • Azure Network 192.168.214.0 255.255.255.0


Access via SSH to ASA and execute the following sentences.

  • Create the Access List:

access-list throttle_azure_BBDD extended permit ip 10.188.0.0 255.255.255.0 192.168.214.0 255.255.255.0
access-list throttle_azure_BBDD extended permit ip 192.168.215.0 255.255.255.0  10.188.0.0 255.255.255.0

  • Create the traffic classification:

class-map throttle_azure_BBDD
match access-list throttle_azure_BBDD

  • Create the bandwidth policy 

policy-map throttle-policy
class throttle_azure_BBDD
police output 8000000 4000
police input 8000000 4000

  • Apply it to the interface:

service-policy throttle-policy-BBDD  interface PRE-BBDD

Now connexion to Azure network is applied with 8 Mbps shaping.

No comments:

Post a Comment