I'm trying to get some input on the direction policy maps should be applied, inbound vs outbound. If I have a central site that is hosting resources that include web related apps, Citrix, and SQL, and want users at a remote end of a point 2 point connection or VPN tunnel to have QoS guarantees such as bandwidth reservation and cbwfq, should the policy be applied in the outbound direction of the serial interface on the remote router that makes the point 2 point connection, and the inbound direction of the central site router's serial interface that is the other end of that point 2 point?
Or, from the remote site, should it be the outbound direction on the serial interface that classifies traffic such as http to certain urls, citrix, and sql servers, but on the central router's serial interface that marking would be using acls, having the source being the http, citrix, and sql servers and the remote clients being the destination?
What?s the recommended method of implementing something like this in terms of the direction of the policy maps?
If the policy map is being used for classification marking (e.g. DSCP marking), the usual recommendation is mark as close to the source as possible, usually "IN" on an ingress edge interface.
If the policy map is being used for congestion management, and since congestion usually is found on an egress interface, such policies are applied there.
So, from end-to-end, you might have an inbound policy on the local LAN device's edge interface, and an outbound policy on the local WAN device's WAN interface. Same on the remote side's devices for return traffic.
Since congestion is usually of primary concern on the WAN device, the inbound classification could be done inbound on that device's LAN interface, or even as part of the outbound policy.
Sample IOS policies (NB: syntax is incorrect):
class map VoIP
match protocol Voice
class map mission-critical match-any
match protocol citrix
match protocol sql
match protocol http
class map real-time
match dscp ef
class map gold
match dscp af31
policy map classify
set dscp ef
set dscp af31
set dscp best-effort
priority 50 percent
bandwidth remaining 80 percent
service policy classify in
service policy CBWFQ out