Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

service policy direction

I'm trying to get some input on the direction policy maps should be applied, inbound vs outbound. If I have a central site that is hosting resources that include web related apps, Citrix, and SQL, and want users at a remote end of a point 2 point connection or VPN tunnel to have QoS guarantees such as bandwidth reservation and cbwfq, should the policy be applied in the outbound direction of the serial interface on the remote router that makes the point 2 point connection, and the inbound direction of the central site router's serial interface that is the other end of that point 2 point?

Or, from the remote site, should it be the outbound direction on the serial interface that classifies traffic such as http to certain urls, citrix, and sql servers, but on the central router's serial interface that marking would be using acls, having the source being the http, citrix, and sql servers and the remote clients being the destination?

What?s the recommended method of implementing something like this in terms of the direction of the policy maps?

Thank you

Bill

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: service policy direction

If the policy map is being used for classification marking (e.g. DSCP marking), the usual recommendation is mark as close to the source as possible, usually "IN" on an ingress edge interface.

If the policy map is being used for congestion management, and since congestion usually is found on an egress interface, such policies are applied there.

So, from end-to-end, you might have an inbound policy on the local LAN device's edge interface, and an outbound policy on the local WAN device's WAN interface. Same on the remote side's devices for return traffic.

Since congestion is usually of primary concern on the WAN device, the inbound classification could be done inbound on that device's LAN interface, or even as part of the outbound policy.

Sample IOS policies (NB: syntax is incorrect):

wan router

class map VoIP

match protocol Voice

class map mission-critical match-any

match protocol citrix

match protocol sql

match protocol http

class map real-time

match dscp ef

class map gold

match dscp af31

policy map classify

class VoIP

set dscp ef

class mission-critical

set dscp af31

class class-default

set dscp best-effort

policy CBWFQ

class real-time

priority 50 percent

class gold

bandwidth remaining 80 percent

interface ethernet

service policy classify in

interface serial

service policy CBWFQ out

1 REPLY
Super Bronze

Re: service policy direction

If the policy map is being used for classification marking (e.g. DSCP marking), the usual recommendation is mark as close to the source as possible, usually "IN" on an ingress edge interface.

If the policy map is being used for congestion management, and since congestion usually is found on an egress interface, such policies are applied there.

So, from end-to-end, you might have an inbound policy on the local LAN device's edge interface, and an outbound policy on the local WAN device's WAN interface. Same on the remote side's devices for return traffic.

Since congestion is usually of primary concern on the WAN device, the inbound classification could be done inbound on that device's LAN interface, or even as part of the outbound policy.

Sample IOS policies (NB: syntax is incorrect):

wan router

class map VoIP

match protocol Voice

class map mission-critical match-any

match protocol citrix

match protocol sql

match protocol http

class map real-time

match dscp ef

class map gold

match dscp af31

policy map classify

class VoIP

set dscp ef

class mission-critical

set dscp af31

class class-default

set dscp best-effort

policy CBWFQ

class real-time

priority 50 percent

class gold

bandwidth remaining 80 percent

interface ethernet

service policy classify in

interface serial

service policy CBWFQ out

487
Views
0
Helpful
1
Replies
CreatePlease to create content