QoS Config Question

Unanswered Question

Hello,

We have a Cisco ASA 5510 connecting our internal network to the Internet using a T1 circuit.

Often, a single person downloading a file from the Internet causes bandwidth usage to spike to the full 1.4Mb and to the detriment of other users.

Can someone please suggest the particular QoS config for being able to more equitably share bandwidth among connections?

Thanks in advance.

Ahmadali

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
suschoud Mon, 03/12/2007 - 10:18

Unfortunately, the PIX firewall has no feature set to manage bandwidth per user. On PIX

7.0 code, we have included QoS feature which is a traffic-management strategy that lets

you allocate network resources for both mission-critical and normal data, based on the

type of network traffic and the priority you assign to that traffic. In short, QoS ensures

unimpeded priority traffic and provides the capability of rate-limiting (policing) default

traffic.

Here is some information on Applying QoS Policies :

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration

_guide_chapter09186a0080450b9a.html

abinjola Mon, 03/12/2007 - 10:27

hello AA..

why dont you determine first what type of download is it...ftp,peer to peer, web, etc

1) Once we determine the type of protocol this download happens then we can apply the rate limiting for that protocol

2)Or else if there is a specific subnet or host that does this download then we can apply a traffic bandwidth for that host/subnet

Thanks for the reply.

In the typical scenario of an internal network connected to the Internet, how would the rate limiting commands be applied?

Would the 'police' command be an 'input' or 'output'?

Which interface would the service-policy be applied to? The internal one, or the external Internet side?

Thanks again.

abinjola Mon, 03/12/2007 - 12:53

well lets assume you want to rate limit for everything and anything thats accessed then following are the commands needed to limit it for 5mbps (Lets assume you need 5 mbps)

class-map police_traffic

match any

policy-map qos

class police_traffic

police output 5000000 5000000

service-policy qos interface inside

=====================================

Look at the match command ...here you can refine this by using an access-list, protocol instead of "any"

Actions

This Discussion