I am after a bit of advice. I currently have a 1Gbps connection between two sites. The server guys are looking to locate a backup of the companies TSM Backup solution at each of the sites - this will involve a lot of replication traffic between the sites as the Backup DB's synchronise.
I want to be able to police or at least shape the traffic to/from these servers to 80% of the available capacity. Currently, the link in question has one end connected to a Cisco 6509 (Native IOS) and one end is connected to a brand new Cisco 3560 (IOS12.2(35)).
We are currently running a basic AutoQos config on the interface on the 3560 and a pretty standard QoS config on the 6509 as we have IP telephones at each site. The current setup is that the two devices are OSPF neighbors over a native VLAN, with a couple of other VLANs trunked on the same link.
I have found a way to Police traffic on the ingress interface on the 3560 - this gives me the option to police at source (I.e where the TSM servers connect into the network) but ideally, I would only like to do this over the inter-site connection.
My current thinking is that I could mark the TSM servers with a specific DSCP value at source, then configure an srr-queue shape x x x x command on the 3560 to set a specific shaped limit to the queue that I place the TSM traffic in. For example, if I mark all TSM traffic with a DSCP value of 21, the current config on my 3560 would place it in queue 3:
1, If you want police the traffic from TSM, why do you want do it on inter-site connection? If the out of profile traffic will be dropped, why waste resource to send them?
2, the srr-queue command is for egress queueing, so I suppose you want put them on the inter-site connection? If you reserve 80% of the bandwidth to queue 3, then other traffic will be lack of bandwidth.
3, srr-queue bandwidth shape 10 0 80 0 will not give queue 3 80% of the bandwidth; it should be read as 1/80 of the bandwidth.
If i can help it, i want the local TSM traffic at each site to be allowed to use the full 100% of its interface if necessary, i am only concerned about restricting it once it crosses the link. As far as i know, the only time TSM will be attempting to use the intersite conenction is when it is replicating its storage pools, that why i only want to limit that.
Would you have any advice on the best way of acheiving this? We have QoS running on the link to prioritise DSCP EF traffic at the moment to protect our telephones, but the main worry is that the TSM replication will easily chew up the entire link iof it is allowed to. Now, it is to be scheduled to run overnight, but if it overuns and ends up running during the working day, our current QoS config should protect the voice, but all other general user traffic will suffer, such as internet browsing, file copies etc.
Would it be a simple process to simply police TSM traffic to 80% of the bandwidth?
Any idea's much appreciated!
P.S I do have the QOS SRND guide and have found it to be very helpful, i guess I just need to spend a bit more time with this stuff to really understand it properly.
If I understand you correctly, TSM only uses the intersite connection during storage replication, and this should be on none-working hour. So if it is in none working time, you donot want to restrict the TSM data replication traffic; however if it is in working time, you want rate limit the TSM data replication traffic to a reasonable rate so other traffic will not be saturated. Is that correct?
I would think you can use time-based ACL to do that. First, you need to create a time range for working hours; then configure ACL match TSM traffic and the working hours time range; create a class as TSM_working_time and match the ACL; create a policy-map to rate limit that class to a reasonable rate, and trust other traffic; apply that policy-map on the intersite link.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...