04-19-2012 11:40 AM - edited 03-04-2019 04:05 PM
Hello-
Our client has MPLS connected all sites. Each site has a router connected to MPLS via serial interface,
and connected to the switch (6500) via ethernet interface. There is QoS applied on the serial interface
for outbound.
Q1: It appears there are lots of inbound traffic coming to the site, and the client applied QoS on outbound
What I learned that after the packet are marked by the CPE, the ingree Provider Edge Router (PER)
uses these marking to map flows to various Label Switched Paths (LSPs) providing differentiated treatment
accross the network. Then at egree, the PER applies queuing policying based on the CPEs orginal DSCP markings
to properly allocate bandwidth on the egrees link during congestion. My guess we really don't need to have
inbound policy applied in the serial interface on the router, am I correct?
Q2: The serial interface has 1.5 MB, and the goal is we want to have 1 MB for cirtical apps, and 0.5 MB for download/upload
internet access. If we apply this policy on the switch, A) should I apply it on the VLAN interface or the port connected to the router?
B) Should I apply output or input? Any suggestion?
Regards,
Joe
04-19-2012 01:46 PM
Joe,
I personally use inbound policy maps for policing traffic. I don't know what type of service that you have from your ISP, but mine doesn't create policies to help us out. They only allow us to pass tags that they tell us they'll support and I have policies based around those. Policing inbound allows me to drop excess traffic. For example, I have SEP servers that sometimes users will come across the wan to get updates, but downloading those can take up a lot of the link. I have a policy that matches on my SEP servers source addresses and only allows them 10% of the link before it starts dropping traffic. Outbound on both ends of the link is fine for two-way communication in most scenarios.
In your scenario, your routed port is your egress port, so you could apply outbound there. Where is the current policy? Is it on your switch or router? I'd put it on my router and mark there if you're not doing an L2 markings.
John
04-19-2012 02:33 PM
Thank you John for looking at my issue.
My QoS policy is apply on the routed port on the router for outbound. My major problem is the user downloads the file and take up lots of bandwidth. My policy is allowed 15% of the link. Is it a good idea to apply the same outbound policy for the inbound in the same serial interface on the router? I just want the users to have under 15% bandwidth when they download and I can live with other inbound traffic. Any better way to implement? Any sample configuration is appriciated.
04-19-2012 04:25 PM
Joe,
It's going to be very hard to implement a downloading control policy unless you know what addresses users are downloading from. Are they downloading from the internet or from a server that you own?
John
04-19-2012 06:40 PM
John,
I have address from the LAN (192.168.10.0), but don't have address coming from. So assuming any IP to the LAN address via 80 and 443 that I want to restrict.
thanks,
Joe
04-20-2012 04:36 AM
It's going to be very difficult to do what you're wanting if you don't know the source addresses. What happens is that once you go out to the internet, you'll be natting somewhere. You'll need to control what comes back into your public side and not to the private addresses. For example, if you nat 192.168.10.50 to 5.5.5.50, outbound you can control 192.168.10.50, but inbound you'll have to control what comes into 5.5.5.50. And not knowing the source address means that you can't differentiate downloads from normal web browsing.
04-20-2012 06:55 AM
Additionally, placing an inbound policy in your router is fruitless as the flows have consumed your precious bandwidth anyway.
The best way of controlling internet traffic is by using proxy servers along with web cache engines.
Regards,
Edison
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide