Shaping or Policing for Metro Services

relsethagen · ‎04-27-2009

I have a multi site Metro Ethernet Service, and am currently using a 3560 series router at each site. The metro service will not honor any QoS markings so I am attempting to set up my service so that I don't send more traffic to the providor than the remote sites can handle. I have configured each remote site as a seperate tagged VLAN and all are forced back to my data Center site for InterVLAN routing. My dillemma is on the VLAN interface on the data center 3560 I would like to police the traffic down to the remote sites bandwith so the carrier never has to drop any packets. Is this possible on a 3560.

bretjaquish · ‎04-27-2009

I think you would want to do shaping instead of policing. Policing is very disruptive for TCP. It hammers the TCP window, because of the dropped packets. Shaping would be a better option.

Joseph W. Doherty · ‎04-27-2009

Unclear why you would use policing, which drops packets when bandwidth is oversubscribed, to avoid later downstream Metro Ethernet provider drops when bandwidth is oversubscribed. Further, since you mention multiple sites, if there's site-to-site traffic, its often impractical since you also need to deal with multi-site aggregates to the same receiving site. E.g. if sites A and B send to site C, you can't dynamically allocate site C's bandwidth between sites A and B, although you can statically divide it.

I believe the 3560 can inbound police using ACLs. So if you inbound police from the LANs, by using ACLs that match destination address, you might accomplish your goal. Again, though, unclear this will provide much benefit.