I'm desiging a campus QoS policy currently and typically SMB/Netbios makes up a signifiacnt % of the traffic. Within this much of the traffic will be file transfer which I would expect to match to the QoS classification 'Bulk Traffic'.
However, 'Bulk Traffic' is normally marked as COS 1 which on some switches (29/35 XL, 3550) means it shares the same queue & threshold as scavenger traffic. This could lead to a scenario in which a network based attack takes place and the scavenger traffic throttles the SMB/Netbios traffic.
Further still, SMB/Netbios supports many key MS services so it can be difficult to separate key Netbios/SMB flows out from pure file transfer traffic. It would be detremental to end users to downgrade services such as netlogon.
With this in mind do you think SMB/Netbios is better classified as Best Effort rather than Bulk Traffic?
The SRND is not particularly explicit on this subject adn I haven't found any other best practice policies indicating what to do here. I suspect this should be in a MS tech doc somewhere.