cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1329
Views
0
Helpful
3
Replies

Traffic Shaping on PIX version 8

Hello I would like to configure traffic shaping on wan to wan of 2 PIXes ( vpn site 2 site ) running 8.0.4 version

Remote Topology :

100 Mbps Inside ( dot1q interfaaces : some vlans + voice vlan )

100 Mbps Interface Outside : single interface using vpn Lan to Lan -> catalyst -> 10 Mbps Wan link -> PIX on central office

Total wan bandwith : 10 Mbps

Central site topology :

100 Mbps Outside PIX interface -> catalyst -> 10 Mbps wan link to remote site

Desired bandwith assignment :

2 Mbps for Voice Vlan guaranteed or for destination Voice subnets address ( i.e remote 10.1.0.0/24 & 10.2.0.0/24 )

5 Mbps for remote to central site communication ( cifs, smtp, http  ... etc ) ( remote networks10.80.0.0/24 + 10.90.0.0/24 )

2 Mbps for http ( rest of web browsing like internet )

1 Mbps for the rest of traffic

If I follow the document :

https://supportforums.cisco.com/docs/DOC-1230;jsessionid=AE6DD382CD127942A24AA17C04A1917E.node0

I cannot find where is defined the bandwith assignemt for the example :

(  says : " ... In other words we will traffic shape all traffic for 900kbps, prioritize the voice and guarantee 100kbps for it ... "

Where is the 900 Kbps and the 100 Kbps of the guarantee ?

Traffic Shaping with Prioritization

Now, lets assume that we have the same ASA as in the previous case. And we now want to traffic shape all traffic and prioritize the voice through the VPN. In other words we will traffic shape all traffic for 900kbps, prioritize the voice and guarantee 100kbps for it. Again, we assume that the voice traffic is flagged with dhcp field ef and the tunnel group name is tunnel-grp1.

ASA(config)# priority-queue outside

ASA(config)# class-map TG1-voice-class
ASA(config-cmap)# match tunnel-group tunnel-grp1
ASA(config-cmap)# match dscp ef

ASA(config-cmap)# policy-map priority-policy
ASA(config-pmap)# class TG1-voice-class
ASA(config-pmap-c)# priority

ASA(config-pmap-c)# policy-map shape-priority-policy
ASA(config-pmap)# class class-default
ASA(config-pmap-c)# shape average 1000000
ASA(config-pmap-c)# service-policy priority-policy


ASA(config-pmap-c)# service-policy shape-priority-policy interface outside


Thank you.
2 Accepted Solutions

Accepted Solutions

I fixed the document. There was a typo. It should have been:

ASA(config-pmap-c)# policy-map shape-priority-policy
ASA(config-pmap)# class class-default
ASA(config-pmap-c)# shape average 900000
ASA(config-pmap-c)# service-policy priority-policy

As for your setup, I think with the bw requirements you have, you need to police 5 Mbps for the http,
2 Mbps for for cifs etc (the police should be with a new policy-map).
Then traffic shape the default traffic to 1Mbps and prioritize the voice that you want. By definition
the voice will get the remaining 2 Mbps if you shape and police the rest.
I hope it makes sense.

PK

View solution in original post

3 Replies 3

andrew.prince
Level 10
Level 10

I fixed the document. There was a typo. It should have been:

ASA(config-pmap-c)# policy-map shape-priority-policy
ASA(config-pmap)# class class-default
ASA(config-pmap-c)# shape average 900000
ASA(config-pmap-c)# service-policy priority-policy

As for your setup, I think with the bw requirements you have, you need to police 5 Mbps for the http,
2 Mbps for for cifs etc (the police should be with a new policy-map).
Then traffic shape the default traffic to 1Mbps and prioritize the voice that you want. By definition
the voice will get the remaining 2 Mbps if you shape and police the rest.
I hope it makes sense.

PK

Thanks a lot !!

Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: