Bandwidth Seggrigation

tauseef · ‎12-16-2002

Hi All ,

We have a typical scenario where in the setup is as follows ...

Internet --> 256 K leased Line Cloud -----> Perimeter Router -->Pix FIrewall--> LAN + Web server ( on same local subnet )

So on the LAN we have all the clients that access the Internet + The clients own web server which is obviously accessed from outside.

Everything working smooth...

I was looking for a configuration hardware or software so that I can biforcate the 256 K as 128 dedicated to only the webserver and the remaining 128 to the clinets to access the internet ....

Any ideas or tickles in the brain about this ....

Thanks in advance ....

Tauseef Ahmed.

tauseef@cadgulf.com

gfullage · ‎12-17-2002

You'll have to do this on the permieter router, the PIX doesn't have any functionality for this.

CAR (Committed Access Rate) is one option for you:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/qcprt1/qcdcar.htm

See the "Rate Limiting by Access List" example near the bottom, your ACL would include traffic going to and from the web server and another one for encrypted traffic.

Philip D'Ath · ‎12-27-2002

Also check out CBWFQ. What this does is allow you to guarantee a minimum level of bandwidth for certain classes of traffic. Note that you can not commit more than 75% of your bandwidth (by default) using this approach.

For example, you could guarantee the WWW server 128Kb/s. If no one else is using the circuit, it would be able to burst up to 256Kb/s. If lots of users suddenly started FTPing files out, then the bandwidth available to the WWW server would drop to 128Kb/s, but not go any lower.

If the WWW server was using none of the banwidth, users could happily use all 256Kb/s.

Basically, you could make the users second class citizens.