QoS - Prevent Bandwidth Hogs

Unanswered Question
Feb 5th, 2010

IS there a way in ios to prevent an internet circuit from being saturated by a single user or by a single aggressive application? To give you a deployment scenario, we often create builds for small hotels and wifi hotspots. These builds tend to have limited funds for network equipment(think a 1841, a few 2950/2960 switches, some aironets running in autonomous mode, and usually a cable/dsl connection). Using products such as Pfsense and Nomadix gateway devices, you can use a per-user qos policy. These are usually very basic and simply limit the up/down stream for a specific user(most of the time based on mac address). I know this can be done using some of Cisco's modular Catalyst switches, but due to budget restrictions we need to see if something similar can be implemented in the ISRs as a single-box solution. I'm not so interested in using per-user policies as I am in simply placing “bandwidth hogs” in a scavenger queue when the pipe is stressed. Would something similar to the following work: 1)classify known aggressive applications using nbar signatures(peer-to-peer, etc) 2)classify known encryption traffic(ssl mostly) 3)create a policy map that limits this traffic during contention 4)fair-queue all other traffic giving it right of way

Has anyone been successful in preventing single-user saturation with the above method? I could see how this would be applied to outbound traffic but most of our problems tend to be with the downstream bandwidth. How could we prevent a user from filling up the downstream speeds as well?

Thanks so much for everyones help and please let me know if I could provide anymore details.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Sat, 02/06/2010 - 23:23

IS there a way in ios to prevent an internet circuit from being saturated by a single user or by a single aggressive application? To give you a deployment scenario, we often create builds for small hotels and wifi hotspots. These builds tend to have limited funds for network equipment(think a 1841, a few 2950/2960 switches, some aironets running in autonomous mode, and usually a cable/dsl connection). Using products such as Pfsense and Nomadix gateway devices, you can use a per-user qos policy. These are usually very basic and simply limit the up/down stream for a specific user(most of the time based on mac address). I know this can be done using some of Cisco's modular Catalyst switches, but due to budget restrictions we need to see if something similar can be implemented in the ISRs as a single-box solution. I'm not so interested in using per-user policies as I am in simply placing “bandwidth hogs” in a scavenger queue when the pipe is stressed. Would something similar to the following work: 1)classify known aggressive applications using nbar signatures(peer-to-peer, etc) 2)classify known encryption traffic(ssl mostly) 3)create a policy map that limits this traffic during contention 4)fair-queue all other traffic giving it right of way

Has anyone been successful in preventing single-user saturation with the above method? I could see how this would be applied to outbound traffic but most of our problems tend to be with the downstream bandwidth. How could we prevent a user from filling up the downstream speeds as well?

Thanks so much for everyones help and please let me know if I could provide anymore details.

Hi ,

Preventing and limiting bandwidth based on application that can be achiveable in cisco devices via qos implentation where you set priroty to certain applications,check out the belowlink on some sample configuration in 2950 switches and 1811 routers hope that help

http://articles.techrepublic.com.com/5100-10878_11-6136216.html

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_6_ea2c/configuration/guide/swgqos.html

Ganesh.H

Actions

This Discussion