09-06-2007 10:43 AM
I'm trying to get some input on the direction policy maps should be applied, inbound vs outbound. If I have a central site that is hosting resources that include web related apps, Citrix, and SQL, and want users at a remote end of a point 2 point connection or VPN tunnel to have QoS guarantees such as bandwidth reservation and cbwfq, should the policy be applied in the outbound direction of the serial interface on the remote router that makes the point 2 point connection, and the inbound direction of the central site router's serial interface that is the other end of that point 2 point?
Or, from the remote site, should it be the outbound direction on the serial interface that classifies traffic such as http to certain urls, citrix, and sql servers, but on the central router's serial interface that marking would be using acls, having the source being the http, citrix, and sql servers and the remote clients being the destination?
What?s the recommended method of implementing something like this in terms of the direction of the policy maps?
Thank you
Bill
Solved! Go to Solution.
09-07-2007 02:58 PM
If the policy map is being used for classification marking (e.g. DSCP marking), the usual recommendation is mark as close to the source as possible, usually "IN" on an ingress edge interface.
If the policy map is being used for congestion management, and since congestion usually is found on an egress interface, such policies are applied there.
So, from end-to-end, you might have an inbound policy on the local LAN device's edge interface, and an outbound policy on the local WAN device's WAN interface. Same on the remote side's devices for return traffic.
Since congestion is usually of primary concern on the WAN device, the inbound classification could be done inbound on that device's LAN interface, or even as part of the outbound policy.
Sample IOS policies (NB: syntax is incorrect):
wan router
class map VoIP
match protocol Voice
class map mission-critical match-any
match protocol citrix
match protocol sql
match protocol http
class map real-time
match dscp ef
class map gold
match dscp af31
policy map classify
class VoIP
set dscp ef
class mission-critical
set dscp af31
class class-default
set dscp best-effort
policy CBWFQ
class real-time
priority 50 percent
class gold
bandwidth remaining 80 percent
interface ethernet
service policy classify in
interface serial
service policy CBWFQ out
09-07-2007 02:58 PM
If the policy map is being used for classification marking (e.g. DSCP marking), the usual recommendation is mark as close to the source as possible, usually "IN" on an ingress edge interface.
If the policy map is being used for congestion management, and since congestion usually is found on an egress interface, such policies are applied there.
So, from end-to-end, you might have an inbound policy on the local LAN device's edge interface, and an outbound policy on the local WAN device's WAN interface. Same on the remote side's devices for return traffic.
Since congestion is usually of primary concern on the WAN device, the inbound classification could be done inbound on that device's LAN interface, or even as part of the outbound policy.
Sample IOS policies (NB: syntax is incorrect):
wan router
class map VoIP
match protocol Voice
class map mission-critical match-any
match protocol citrix
match protocol sql
match protocol http
class map real-time
match dscp ef
class map gold
match dscp af31
policy map classify
class VoIP
set dscp ef
class mission-critical
set dscp af31
class class-default
set dscp best-effort
policy CBWFQ
class real-time
priority 50 percent
class gold
bandwidth remaining 80 percent
interface ethernet
service policy classify in
interface serial
service policy CBWFQ out
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide