Centralized Internet for WAN & BW sharing

Unanswered Question
Apr 6th, 2010


We have a Central site with a 30mbps Internet link to the ISP. This central site is to be connected to 2 other WAN sites via a VPLS layer 2 cloud, each site having a 4 mbps link to the cloud, while the central site has a 100mbps link to the vpls cloud. The topolgy at the Central Site looks like the following,

Internet ----> 2821 Internet Router -----> ASA 5520 ------> MS ISA -----> 4507 SUP 6E Core (This has Central site user vlans)

Now the VPLS SP provides ethernet connections at all sites participating in the WAN cloud. For the Central site I am considering connecting the VPLS connection directly to the core and creating a vlan (or a layer 3 port) to provide conectivity to the cloud. The remote sites will connect to the cloud by dedicated routers.

- In order to guarantee that the Central site users would not consume more internet bandwidth than what is expected (here 22mbps) during link congestion, what QoS mechanism and in what direction and on what interface (SVI on 4507, per VLAN Qos?) should I apply? I was thinking of traffic shaping, but have a doubt whether applying it on the 4507 core does the job or it should be done further on the Edge, since downloads consume more BW than uploads. I want the central site users to abide by the logical BW limit, but should be able to use full BW if there is no traffic at the remote sites.

- Is connecting the WAN cloud directly to the 4507 advisable, or shall we have a separate WAN router as such?

All help is appreciated,


Mo Shea

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mo shea Thu, 04/08/2010 - 01:22

I was checking some Bandwidth Control products that work with MS ISA to allocate BW per user o IP address, one example is Bandwidth Splitter, and I am thinking that such application offers more flexibility vs configuring BW shaping on the 4507, since the MS ISA (proxy server) has complete knowledge of traffic source and destination, whereas other devices in my layout can see only MS ISA as the destination (here the 4507) or as the source (here ASA).

So if I deploy traffic shaping on the ISA port connected to the 4507 I would be shaping traffic in that area only, whereas data that have traveresed from the internet all the way to ISA external port goes unchecked.

Is that a sensible thought,


Mo Shea


This Discussion