07-29-2008 02:13 AM - edited 03-03-2019 10:56 PM
Hey guys,
I have an internet facing 7200 with one connection to my ISP. That connection is a single 100Mb circuit for all our 'live application' and 'user' traffic.
As we begin to use more and more of the circuit I'd like to make sure that the live data always has priority over the less important 'user' traffic which is mainly http browsing stuff.
I've set up my PIX so that all user traffic comes in/out on a particular external IP so I guess I can limit on this...Is it better to limit the non-important stuff or prioritise the important stuff? Will I need to limit in both directions, or just inbound from the outside?
Any help you can give me would be greatly appreciated!
Thanks,
Anthony
07-29-2008 02:49 AM
Hi,
You want to provide your data traffic a gauranteed amount of bandwidth, you should create a class-map to match your data traffic and then sepficy the bandwidth reserved for this, then all other traffic will fall into class-default class, which by default will get 25% of BW.
You also need to apply this in the OUTBOUND direction.
Have a look at this url for info on CBWFQ;
HTH
LR
07-29-2008 03:20 AM
You can do many things with the outbound traffic, and a simple first step is activation of CBWFQ default class FQ.
Inbound traffic is a problem. You can police it, but such policing is often after inbound traffic has already congested your WAN link. You can restrict the rate so much, you might avoid such inbound congestion, but doing this effectively often requires a very low cap.
Ideally, you want to manage congestion upstream, where the congestion forms, but this is often on the ISP equipment, and many are not receptive to doing so. (Of course, you might mention to your ISP if they're not receptive, you'll need to find a new ISP that is, but not as a bluff.)
PS:
Another tecnique for controlling inbound bandwidth usage, assuming traffic is TCP, is to shape outbound ACKs. Very tricky to do right, and inbound bandwidth usage can still vary. The big advantage of outbound ACK shaping, you can configure it much like outbound congestion management so it only has an effect when the total traffic goes over some cap, instead of an inbound policer limiting a class of traffic even when the bandwidth is available.
07-29-2008 06:24 AM
Ok, thanks guys.
I understand the point regarding not being able to control what's coming into us from the ISP side but hopefully just by limiting it from our side will be enough.
You talk of using a policy where I allocate 75% to the live data - but reading around I can only see how to do this via certain bandwidths, not by a percentage...could you show me how to do it?
Thanks,
Anthony
07-29-2008 06:29 AM
Hi,
Well you can assign BW using either the actual amount, or you can use the percentage value, its no real difference.
since you have a 100mb pipe, then all you will be allowed to allocate will be 75mb, so you could configure "bandwidth 75000" or "bandwidth percent 75"
Have a look at the command ref for this;
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_a1.html#wp1040825
HTH
LR
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide