Advice on 800-series router

Unanswered Question
Jun 16th, 2010
User Badges:

I'm about to purchase an 800-series router for a DSL Internet connection at my office, but, given the cost, I want to make sure it'll do what I need it to do: finely-detailed QoS.

My sniffer tells me that we're clogging the upstream with file uploads (usually port 80, sometimes 443 or 21; always to the same destination IP addresses) and sending email (SSL over port 465, not typical SMTP over port 25; always to the same mail server).  I need a router that can prioritize the traffic better than our present solution, which doesn't have the granularity we need.  Presently we can only prioritize as "high" or "low" by port number.  That doesn't work because it ends up giving almost everything the same priority.

Here's an example of the problem:

  - Port 80 upstream traffic is marked as low QoS priority (so that other stuff, like SSH, will not be interrupted -- it's the best we can do given our hardware).

  - Suzie frequently uploads files using her browser (port 80), to one and only one site, which floods the upstream.

  - Johnny and the rest of the office experience slow web browsing because, as they browse, they have the same QoS priority as Suzie's big file uploads.

The ideal solution is to give low QoS priority to Suzie's traffic, normal priority to Johnny's traffic, and high priority to any SSH traffic.  I did some reading, and it looks like either NBAR would work (because it can intelligently detect certain types of traffic, let you segregate by destination IP and/or HTTP URL) or ACLs would work (because I already know the IPs and port numbers that uniquely identify the problem traffic).

I think I've read enough articles to figure out how to configure rules to identify and flag traffic patterns as low QoS priority.

The choices I've narrowed down are the 891 and 871-SEC-K9.  Cisco online chat (at recommended the 891.  I found the 871 on my own, looking for a less-costly alternative.  Given that I'm going to implement 5-10 QoS rules, and we will have 19 workstations total within the next year, I'm wondering whether the less costly 871 will suffice or if I should get the more expensive 891.

I thought about the 877 or 887 with a POTS/DSL port, but I'm not sure how long we'll be using DSL -- so I think I'm best off with two Ethernet ports.

Anyway, before pulling the trigger, I'm just trying to get some input on the QoS option in the 800-series routers.  I'm pretty sure that NBAR or ACLs will solve our QoS problem (right?).  I'm also pretty sure that upgrading to a faster Internet connection won't necessarily solve the problem, because this is a QoS problem, not necessarily a lack-of-bandwidth problem (I think, if we did get a faster Internet connection, we'd just flood that as well and still have the same problem).

Thanks for the input!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion