Qos

Unanswered Question
Jan 10th, 2006
User Badges:

Hi, is there a way to differentiate normal web surfing and downloading of files on a router using Cisco QoS. I would like to limit the bandwidth at which people, within my LAN, can download files from the Internet. As for web surfing, I do not want to limit the bandwidth web surfing. Is that achievable?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
mheusinger Tue, 01/10/2006 - 08:09
User Badges:
  • Green, 3000 points or more

Hello,


this is possible to some extent. Some remarks: QoS takes care about which traffic gets what amount of resources. What you can do is to control your resources, i.e. the output interface towards the internet.

What you can not control is the interface in the ISP router towards you.


Regarding outbound traffic: you can f.e. setup a policy, which will limit all traffic sent except HTTP. So you can achieve the policy for your uplink.


The problem usually is however that you would like to control how much bandwidth on the ISP interface is taken by people downloading. It is difficult to rate-limit this from your side.

The reason why it is difficult is, that there is only a minimum amount of traffic to send (TCP Ack) in order to receive a much much larger amount of traffic (TCP window size).

So consider the case you limit the uplink bandwidth for anything except HTTP to as small as 1000 bps. How much download traffic can be generated?

1000 bps means approximtely 2 64-Byte packets per second sent. In case those are TCP acks only you could have 2 x 64 kByte = 1 Mbps of download initiated (assuming a window size of 64 kByte).

This is a factor of 1000 !


Hope this helps


Martin

mheusinger Tue, 01/10/2006 - 08:09
User Badges:
  • Green, 3000 points or more

Hello,


this is possible to some extent. Some remarks: QoS takes care about which traffic gets what amount of resources. What you can do is to control your resources, i.e. the output interface towards the internet.

What you can not control is the interface in the ISP router towards you.


Regarding outbound traffic: you can f.e. setup a policy, which will limit all traffic sent except HTTP. So you can achieve the policy for your uplink.


The problem usually is however that you would like to control how much bandwidth on the ISP interface is taken by people downloading. It is difficult to rate-limit this from your side.

The reason why it is difficult is, that there is only a minimum amount of traffic to send (TCP Ack) in order to receive a much much larger amount of traffic (TCP window size).

So consider the case you limit the uplink bandwidth for anything except HTTP to as small as 1000 bps. How much download traffic can be generated?

1000 bps means approximtely 2 64-Byte packets per second sent. In case those are TCP acks only you could have 2 x 64 kByte = 1 Mbps of download initiated (assuming a window size of 64 kByte).

This is a factor of 1000 !


Hope this helps


Martin

dwrscisco Tue, 01/10/2006 - 12:20
User Badges:

Martin,

It sounds interesting. I am new to QoS of Cisco, is the a basic examples of such traffic classification. I want to start with something to understand and go one step furhter and do such implementation on my leased line WAN links.


I would appreciate it if you can give a URL from Cisoc or other, or if there is a book you recommend it would be great.


Thanks,

Shamsan

mheusinger Tue, 01/10/2006 - 15:56
User Badges:
  • Green, 3000 points or more

Hello,


a good starting point would be

"Cisco IOS Quality of Service Solutions Configuration Guide"

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_book09186a0080435d50.html

There are some good explanations and examples to be found. Being a QoS instructor (amongst other things) with Global Knowledge I recommend also to attend the Cisco QoS 2.1 class

http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=7578&catid=206&methodid=c&country=United+States&translation=English

or even the AQOS

http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=9368&catid=206&methodid=c&country=United+States&translation=English

After those classes there will be merely a question regarding QoS left. Instead you will be the one answering questions in the NetPro forum :-)


Hope this helps! Please rate all posts


Martin


dwrscisco Tue, 01/10/2006 - 21:21
User Badges:

Martin,

Big Thanks for your PRFESSIONAL assistance.


I believe it will take some time for me to answer others :-)

(your previous post was rated .. 5)


God Pless

Shamsan

mheusinger Tue, 01/10/2006 - 23:19
User Badges:
  • Green, 3000 points or more

You are welcome, enjoy your studies!


God bless you


Martin

alanchia2000 Thu, 01/12/2006 - 00:15
User Badges:

Thanks for the explanation Martin, I appreciate that. If I got you correct, you are saying that it is pretty impossible to limit HTTP bandwidth, and differentitate traffic - HTTP surfing and HTTP downloading files.



mheusinger Thu, 01/12/2006 - 16:27
User Badges:
  • Green, 3000 points or more

Hello,


not exactly what I meant. You can differentiate even URLs with NBAR - but only the upload and not the download direction (from Internet to you). For the download direction the resource to be handled is controlled by the ISP.

There are some ISPs which will offer QoS to enterprise customers - but not very likely.


Hope this helps! Please rate all posts


Martin

alanchia2000 Mon, 01/16/2006 - 19:19
User Badges:

What if I were the ISP? How would you differentiate traffic? In my example, downloads and people just surfing the web.



pkhatri Mon, 01/16/2006 - 19:33
User Badges:
  • Purple, 4500 points or more

Hi,


If you mean how you would limit the traffic if you were an ISP, the answer is that it would be no different to how you would do it as a customer, in terms of the QoS tools used.


As Martin indicated, the only limiting that can be done in a downstream direction is by the ISP itself. If your ISP provides differentiated services, you can get them to put in policers on your bulk download traffic. However, there are very few ISPs who will actually do that.


One thing I would suggest, however, is to possibly setup an outbound service policy on your router's ethernet interface. You could use NBAR-type classification mechanisms to shape (at a very low rate) your bulk download traffic out to your users. While this will not help with link utilisation (since the download packets would have already made it down the link to your router), it can serve as a form of social engineering. Your users will experience very low download rates and will hopefully be discouraged from using the link for heavy downloads. In addition, this will slow the rate at which TCP ACKs will be sent back to the source of the downloaded files.


Hope that helps... pls rate the post if it does.


Regards,

Paresh.



Actions

This Discussion