09-21-2007 06:52 AM - edited 03-13-2019 04:27 PM
Hi All,
Just looking for some basics tips to setup QoS. I want to put an application in to my DMZ which is behind a cisco router.
The internet connection is 4MB and i want to allocate 10% for traffic going to this application. I will only be allowing access from one external IP address to this application not the entire internet.
any tips would be greatly appreciated.
Mick
09-25-2007 07:30 AM
You can't really do QoS for incoming traffic per se, only outbound traffic.
http://www.cisco.com/en/US/tech/tk543/tsd_technology_support_category_home.html
There's some info and tips about QoS for you.
09-25-2007 08:51 AM
from what I have read on the cisco site you can.
here is my proposed config.
Ip access-list extended custom_app (whatever the app is)
Permit tcp any any range 3001 3002 (depends on his port numbers)
Class-Map ?myownapp ?
Match access_group custom_app
Match access-group 100
Class-Map all-traffic
Match protocol IP -
Policy-map myapp
Class myownapp
Priority 400 (bandwidth)
Class all-traffic
Priority 3600 (rest of bandwidth)
Class class-defualt
Fair queue
Ip cef (I think this is already turned on)
Interface ? ntl outside interface ?
Service-policy myapp input
Access-list 100 permit ip (source)x.x.x.x (destination)x.x.x.x precedence critical
09-25-2007 02:59 PM
Mick,
Your CBWFQ with LLQ policy could only be applied outbound. Priority queueing is generally only used for voice and video. In your config all traffic is being priority queued which ends up being FIFO, or no QOS.
http://www.cisco.com/en/US/tech/tk543/tk545/technologies_q_and_a_item09186a00800cdfab.shtml
Queueing generally happens on outbound interfaces only. A router queues packets that are going out an interface. You can police inbound traffic, but usually you cannot queue inbound
Please rate helpful posts.
Dave
09-25-2007 03:59 PM
As the other posters noted, to accomplish what you desire you need to set a policy on the ISP's Internet router outputting to your 4 Mb link.
Assuming the ISP won't support this, and you really, really need to provide guaranteed bandwidth to your application. You can come close by shaping your inbound Internet traffic on your LAN facing interface between 1/4 to 1/2 of your link's bandwidth and allocating 400 Kb for your special traffic. Or, policing non-special application traffic to about 1/2 to 3/4 of your link's bandwidth.
09-26-2007 12:45 AM
Hi,
Sorry Guys I probably should have made this clear.
I propose to put this policy on the internet facing router on the network which is managed by us and apply the policy for all traffic coming in to the network.
So will it work for me to do this config on the serial interface?
thanks for help here
09-26-2007 03:54 AM
Your policy will be ineffectual for inbound Internet traffic on your side of the Internet connection. Reason being, you're past the congestion point.
You need it on the ISP outbound (outbound to you) interface.
What I suggested was creating an artificial congestion point where you can manage the bandwidth. I also suggested placing it outbound on your LAN side, but it would also work inbound on your Internet side. It won't be as effective as your policy would be if that policy was placed on the ISP's router.
10-01-2007 04:46 AM
Hi All,
appologies for not replying sooner.
as it turns out this customer I am implementing this for already has QoS setup(on his internet facing router)
he has 2 serial interfaces configured in a mulitlink group.
here is the config
class-map match-any SDMSVideo-Multilink1
match protocol cuseeme
match protocol netshow
match protocol rtsp
match protocol streamwork
match protocol vdolive
class-map match-any SDMIVideo-Multilink1
match protocol rtp video
class-map match-any SDMManage-Multilink1
match protocol dhcp
match protocol dns
match protocol imap
match protocol kerberos
match protocol ldap
match protocol secure-imap
match protocol secure-ldap
match protocol snmp
match protocol socks
match protocol syslog
class-map match-any SDMSignal-Multilink1
match protocol h323
match protocol rtcp
class-map match-any SDMRout-Multilink1
match protocol bgp
match protocol egp
match protocol eigrp
match protocol ospf
match protocol rip
match protocol rsvp
class-map match-any SDMBulk-Multilink1
match protocol exchange
cop match protocol ftp
match protocol irc
match protocol nntp
match protocol pop3
match protocol printer
match protocol secure-ftp
match protocol secure-irc
match protocol secure-nntp
match protocol secure-pop3
match protocol smtp
match protocol tftp
class-map match-any SDMScave-Multilink1
match protocol fasttrack
match protocol gnutella
class-map match-any SDMTrans-Multilink1
match protocol citrix
match protocol finger
match protocol notes
match protocol novadigm
match protocol pcanywhere
match protocol secure-telnet
match protocol sqlnet
match protocol sqlserver
match protocol ssh
match protocol telnet
match protocol xwindows
class-map match-any SDMVoice-Multilink1
match protocol rtp audio
policy-map SDM-Pol-Multilink1
class SDMVoice-Multilink1
priority percent 19
set dscp ef
class SDMManage-Multilink1
bandwidth remaining percent 8
set dscp cs2
class SDMRout-Multilink1
bandwidth remaining percent 8
set dscp cs6
class SDMTrans-Multilink1
bandwidth remaining percent 75
set dscp af21
class SDMSignal-Multilink1
bandwidth remaining percent 1
set dscp cs3
interface Multilink1
description Connected to NTL$FW_OUTSIDE$
ip address x.x.x.x x.x.x.x
ip access-group outside_acl in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip route-cache flow
no cdp enable
ppp multilink
ppp multilink group 1
service-policy output SDM-Pol-Multilink1
so the want http traffic to get 10% of bandwith so if by adding a new class to the policy with bandwidth 10% that should do the trick yeah?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: