QoS question

Unanswered Question
Sep 21st, 2007
User Badges:

Hi All,


Just looking for some basics tips to setup QoS. I want to put an application in to my DMZ which is behind a cisco router.


The internet connection is 4MB and i want to allocate 10% for traffic going to this application. I will only be allowing access from one external IP address to this application not the entire internet.


any tips would be greatly appreciated.


Mick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
darkbeatzz Tue, 09/25/2007 - 08:51
User Badges:

from what I have read on the cisco site you can.


here is my proposed config.


Ip access-list extended custom_app (whatever the app is)

Permit tcp any any range 3001 3002 (depends on his port numbers)


Class-Map ?myownapp ?

Match access_group custom_app

Match access-group 100



Class-Map all-traffic

Match protocol IP -


Policy-map myapp

Class myownapp

Priority 400 (bandwidth)

Class all-traffic

Priority 3600 (rest of bandwidth)

Class class-defualt

Fair queue


Ip cef (I think this is already turned on)


Interface ? ntl outside interface ?

Service-policy myapp input


Access-list 100 permit ip (source)x.x.x.x (destination)x.x.x.x precedence critical


dgahm Tue, 09/25/2007 - 14:59
User Badges:
  • Blue, 1500 points or more

Mick,

Your CBWFQ with LLQ policy could only be applied outbound. Priority queueing is generally only used for voice and video. In your config all traffic is being priority queued which ends up being FIFO, or no QOS.


http://www.cisco.com/en/US/tech/tk543/tk545/technologies_q_and_a_item09186a00800cdfab.shtml


Queueing generally happens on outbound interfaces only. A router queues packets that are going out an interface. You can police inbound traffic, but usually you cannot queue inbound


Please rate helpful posts.


Dave

Joseph W. Doherty Tue, 09/25/2007 - 15:59
User Badges:
  • Super Bronze, 10000 points or more

As the other posters noted, to accomplish what you desire you need to set a policy on the ISP's Internet router outputting to your 4 Mb link.


Assuming the ISP won't support this, and you really, really need to provide guaranteed bandwidth to your application. You can come close by shaping your inbound Internet traffic on your LAN facing interface between 1/4 to 1/2 of your link's bandwidth and allocating 400 Kb for your special traffic. Or, policing non-special application traffic to about 1/2 to 3/4 of your link's bandwidth.

darkbeatzz Wed, 09/26/2007 - 00:45
User Badges:

Hi,


Sorry Guys I probably should have made this clear.


I propose to put this policy on the internet facing router on the network which is managed by us and apply the policy for all traffic coming in to the network.


So will it work for me to do this config on the serial interface?


thanks for help here




Joseph W. Doherty Wed, 09/26/2007 - 03:54
User Badges:
  • Super Bronze, 10000 points or more

Your policy will be ineffectual for inbound Internet traffic on your side of the Internet connection. Reason being, you're past the congestion point.


You need it on the ISP outbound (outbound to you) interface.


What I suggested was creating an artificial congestion point where you can manage the bandwidth. I also suggested placing it outbound on your LAN side, but it would also work inbound on your Internet side. It won't be as effective as your policy would be if that policy was placed on the ISP's router.

darkbeatzz Mon, 10/01/2007 - 04:46
User Badges:

Hi All,


appologies for not replying sooner.


as it turns out this customer I am implementing this for already has QoS setup(on his internet facing router)


he has 2 serial interfaces configured in a mulitlink group.


here is the config


class-map match-any SDMSVideo-Multilink1

match protocol cuseeme

match protocol netshow

match protocol rtsp

match protocol streamwork

match protocol vdolive

class-map match-any SDMIVideo-Multilink1

match protocol rtp video

class-map match-any SDMManage-Multilink1

match protocol dhcp

match protocol dns

match protocol imap

match protocol kerberos

match protocol ldap

match protocol secure-imap

match protocol secure-ldap

match protocol snmp

match protocol socks

match protocol syslog

class-map match-any SDMSignal-Multilink1

match protocol h323

match protocol rtcp

class-map match-any SDMRout-Multilink1

match protocol bgp

match protocol egp

match protocol eigrp

match protocol ospf

match protocol rip

match protocol rsvp

class-map match-any SDMBulk-Multilink1

match protocol exchange

cop match protocol ftp

match protocol irc

match protocol nntp

match protocol pop3

match protocol printer

match protocol secure-ftp

match protocol secure-irc

match protocol secure-nntp

match protocol secure-pop3

match protocol smtp

match protocol tftp

class-map match-any SDMScave-Multilink1

match protocol fasttrack

match protocol gnutella

class-map match-any SDMTrans-Multilink1

match protocol citrix

match protocol finger

match protocol notes

match protocol novadigm

match protocol pcanywhere

match protocol secure-telnet

match protocol sqlnet

match protocol sqlserver

match protocol ssh

match protocol telnet

match protocol xwindows

class-map match-any SDMVoice-Multilink1

match protocol rtp audio

policy-map SDM-Pol-Multilink1

class SDMVoice-Multilink1

priority percent 19

set dscp ef

class SDMManage-Multilink1

bandwidth remaining percent 8

set dscp cs2

class SDMRout-Multilink1

bandwidth remaining percent 8

set dscp cs6

class SDMTrans-Multilink1

bandwidth remaining percent 75

set dscp af21

class SDMSignal-Multilink1

bandwidth remaining percent 1

set dscp cs3


interface Multilink1

description Connected to NTL$FW_OUTSIDE$

ip address x.x.x.x x.x.x.x

ip access-group outside_acl in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip flow egress

ip route-cache flow

no cdp enable

ppp multilink

ppp multilink group 1

service-policy output SDM-Pol-Multilink1


so the want http traffic to get 10% of bandwith so if by adding a new class to the policy with bandwidth 10% that should do the trick yeah?


Actions

This Discussion