cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
985
Views
5
Helpful
7
Replies

QoS for Active Directory Packet from Head Office to Branch Office

Arie --
Level 1
Level 1

Hi,

I have setup the connection link between Head Office and Branch office through MPLS link. The maximum bandwidth between Head office and Branch office is 1Mbps.

The Active Directory server is located in Head office and it needs to send traffic from the server to Branch office. They require to set dedicated 128Kbps for active directory traffic from Head office to Branch office.

So, in 1Mbps, there is 128Kbps for active directory traffic and the rest of bandwidth is best effort.

How can I allocated the bandwidth by using QoS?

Thank you.

Regards,

Arie

1 Accepted Solution

Accepted Solutions

class-map match-any BranchX
!match ip block to branch

class-map match-any AD
!match AD traffic

policy-map SampleParent
 class BranchX
  shape average 1000000
  service-policy SampleAD

policy-map SampleAD
 class AD
  bandwidth 128000

int Gig#

service-policy SampleParent out !or it might be "out SampleParent"

View solution in original post

7 Replies 7

Joseph W. Doherty
Hall of Fame
Hall of Fame

What's the HQ device that hands off to MPLS?  What's the physical bandwidth, at HQ, to MPLS?

What's the MPLS topology?  I.e. could other sites send to the branch concurrently with HQ?

Hi Joseph,

In HQ is Cisco 2951 router and the physical bandwidth to MPLS is 1 Gbps.

In MPLS, I use BGP routing and the branch only accepts ASN from HQ so the traffic from each branch will send to HQ. Maybe it's called Hub-and-spoke, if I'm not wrong.

class-map match-any BranchX
!match ip block to branch

class-map match-any AD
!match AD traffic

policy-map SampleParent
 class BranchX
  shape average 1000000
  service-policy SampleAD

policy-map SampleAD
 class AD
  bandwidth 128000

int Gig#

service-policy SampleParent out !or it might be "out SampleParent"

Hi Joseph,

Thanks for the sample configuration. :)

Btw, how does to match AD traffic? I mean, is that match by TCP/UDP port or by the AD's IP address?

Either and/or both.  You need to somehow identify the AD traffic.

aekinaka.palace
Level 1
Level 1

Arie-

Did you ever implement a configuration to resolve this problem? I have a similar situation with several remote MPLS sites with very limited bandwidth that are suffering from active directory replication problems due to link saturation among other things.

A working QoS setup might help us too.

For what platform?

Generally, you want to shape for your least amount of end-to-end bandwidth, and apply a QoS policy to that.  Often FQ (as the QoS policy), alone, can handle 95% of QoS needs.

If yours is also a multipoint topology, you need to insure the aggregate of all the senders doesn't overrun the receiver.  Can be difficult to do, and it's generally inefficient.

As you mentioned MPLS, generally MPLS vendors can provide some QoS support.  When dealing with multipoint, that's what you also want.

NB: MPLS vendors QoS support, IMO, is often rather lacking in features, but then they are more interested in solving your congestion problems by selling you more bandwidth.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: