Traffic shaping

eLvs
Getting noticed

Traffic shaping

hope someone can enlighten me. when a new policy was created on the mx and applied it to a device such as computer, some layer 7 rules will not take effect until clearing the cached of a computer connected to the network right,  but will the traffic shaping rules will take effect even without clearing the cached specially the bandwidth limit? 

thanks in advance 🙂 

4 REPLIES 4
KathleenJ
Meraki Employee
Meraki Employee

Hi eLvs,

 

Thanks for the question.

 

I think there may be some confusion around network design. In most networks there is generally a switch that sits between the MX (firewall) and the end user (computer). In your example you asked about layer 7 rules changing due to a change on the MX and needing to reboot the client so the rules are applied, this is not needed even if the client was directly connected to the MX.

 

If you are doing traffic shaping on the MX via SD-WAN policies, you can limit the per client bandwidth which means that the traffic that passes through the MX would be limited to what you predetermined the throughput to be. This policy isn't necessarily applied to a single device although it could be through the use of VLANs (keeping the example simple). 

 

Can you elaborate on what you are trying to accomplish and maybe I can provide a better explanation on how to accomplish the task.

 

Below are some KBs that do explain SD Wan and Traffic Shaping.

 

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...
https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/SD-WAN_and_Traffic_Shaping

 

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Global_Bandwidth_Limi...

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

Hi @KathleenJ .  What @eLvs is meaning - even if you have a client directly connected to an MX, and you make a layer 7 firewall change - that change may not take effect for 10 minutes or so.  The MX has a flow cache, and you need the existing entry in the flow cache in the MX to expire before the new rule takes effect.

Sometimes if you don't want to wait, you might reboot the MX to expedite this process.

 

@eLvs - I'm not sure about the answer (about using a group policy with a bandwdith limit applied to a client).  I think the bandwidth takes effect pretty quickly.  Like maybe 30s.

 

eLvs
Getting noticed

@KathleenJ @PhilipDAth , Thanks to the both of you you're always a big help appreciate it, you can see what i mean on the screenshot below Ms. kath, but i think sir Philip got it, and there are times that we are rebooting the MX to apply the changes on all the computers applied with the policy,  but there are times that the traffic shaping rules will not take effect unless we clear the cache of the computer or restart the computer itself. im just looking for a faster procedure where we will not reboot the MX or make any changes on the computer to make the policy take effect
thanks a lot 🙂 

eLvs_0-1674480492122.png

 

KathleenJ
Meraki Employee
Meraki Employee

Thanks for the clarification and I'm glad Philip was able to assist. 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.