I'm desiging a campus QoS policy currently and typically SMB/Netbios makes up a signifiacnt % of the traffic. Within this much of the traffic will be file transfer which I would expect to match to the QoS classification 'Bulk Traffic'.
However, 'Bulk Traffic' is normally marked as COS 1 which on some switches (29/35 XL, 3550) means it shares the same queue & threshold as scavenger traffic. This could lead to a scenario in which a network based attack takes place and the scavenger traffic throttles the SMB/Netbios traffic.
Further still, SMB/Netbios supports many key MS services so it can be difficult to separate key Netbios/SMB flows out from pure file transfer traffic. It would be detremental to end users to downgrade services such as netlogon.
With this in mind do you think SMB/Netbios is better classified as Best Effort rather than Bulk Traffic?
The SRND is not particularly explicit on this subject adn I haven't found any other best practice policies indicating what to do here. I suspect this should be in a MS tech doc somewhere.
Part of the situation you describe can be even worse. CS1/AF1x/IPPrec1 is, on many Cisco devices that provide QoS, is often defaulted into the same class as best-effort or even treated better (e.g. WFQ). The solution, either override default QoS for the marking and/or swap BE with CS1/IPPrec1.
For you concern about one set of traffic markings, which shares physical QoS class processing with other marked traffic, and the impact this can have against other traffic, is valid, even when not dealing with some kind of DoS. This, though, can sometimes be addressed by additional QoS features provided by the device. For instance, you might drop congestion sooner for one type of traffic over another that share the same queue. Or, perhaps you have an explicit policer for one kind of traffic.
The "multiplex" functions for MS NetBIOS/SMB is also a problem. I would suggest treating the traffic logically as best effort. On routers, that support FQ, placing NetBIOS/SMB into FQ goes far from one individual flow adversely impacting others. On most LANs switches, it's often difficult to deal properly with NetBIOS/SMB using QoS device features but generally bandwidth is usually both more plentiful and inexpensive.
Keep in mind, that QoS RFCs and SRNDs are really suggestions. They shouldn't be disregarded but the real purpose for QoS is to provide the necessary performance for your traffic in your environment. I.e. the goal of QoS is to make it work for you, not you work for QoS.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...