Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Inbound QoS for internet traffic

I'm faced with a problem that I'm sure many others have encountered, which is- How do I effectively manage inbound internet traffic?

The majority of our internet traffic is inbound and we routinely max out our download bandwidth. We never reach full utiliation outbound/upload bandwidth.

Thoughts:

1. Queing is not configurable inbound on an interface, so this is not an option.

2. Products like PacketShaper can solve this problem, but is outside of our budget, so this is not an option.

3. Have the service provider mark the inbound traffic, and then apply a policing strategy, not prefferred/don't want service provider to have this control.

4. Create an artificial bottleneck on the LAN side of our internet router and introduce a packet shaping strategy (Got the idea from the following link: http://blog.ioshints.info/2009/03/rate-limiting-inbound-traffic-on-dsl.html)- This may be the best option.

5. Upgrade WAN bandwidth, outside of our budget, so this is not an option.

If someone has been faced with this problem will you kindly reply with how you reached a resolution? Any comments would be greatly appreciated. Thanks.

3 REPLIES
Hall of Fame Super Blue

Re: Inbound QoS for internet traffic

matcor9925FDS wrote:

I'm faced with a problem that I'm sure many others have encountered, which is- How do I effectively manage inbound internet traffic?

The majority of our internet traffic is inbound and we routinely max out our download bandwidth. We never reach full utiliation outbound/upload bandwidth.

Thoughts:

1. Queing is not configurable inbound on an interface, so this is not an option.

2. Products like PacketShaper can solve this problem, but is outside of our budget, so this is not an option.

3. Have the service provider mark the inbound traffic, and then apply a policing strategy, not prefferred/don't want service provider to have this control.

4. Create an artificial bottleneck on the LAN side of our internet router and introduce a packet shaping strategy (Got the idea from the following link: http://blog.ioshints.info/2009/03/rate-limiting-inbound-traffic-on-dsl.html)- This may be the best option.

5. Upgrade WAN bandwidth, outside of our budget, so this is not an option.

If someone has been faced with this problem will you kindly reply with how you reached a resolution? Any comments would be greatly appreciated. Thanks.

Can't see the point of paying for the bandwidth and then creating an artificial bottleneck on the outbound LAN interface. It's kind of missing the point somewhat as well as the bandwidth has already been utilised on the Internet link.

If you want to restrict traffic you have 2 options really and it depends on what is using the bandwidth.

1) If the bandwidth is being used by users for personal use then consider a firewall which blocks all unnecessary non-business related traffic. Easier said than done but for example the last place i worked the Internet sites you could access were restricted

2)    Work with your ISP. I appreciate what you say about control but you have already given them control over your Internet access.

Jon

Re: Inbound QoS for internet traffic

Hi,

According to your requirement and criteria, I would go with the following:

1- Apply QoS shaping Inbound direction based on the traffic Inspection using NBAR.

what I have to concern about is the CPU as NBAR is CPU consuming, so I would let the incoming traffic not to exceed certain bandwidth based on the traffic type.

2- Apply QoS CAR Inbound direction based on traffic type matched on specific ACL, port numbers.

Does those options suffice?

HTH

Mohamed

Hall of Fame Super Silver

Re: Inbound QoS for internet traffic

Hello Mohamed,

1- Apply QoS shaping Inbound direction based on the traffic Inspection using NBAR.

shaping inbound is not possible in current routers platforms, inbound policing is possible but discarding what has already used payed bandwidth may not be so effective as noted by Jon.

Cooperation with service provider is probably the most effective move.

Hope to  help

Giuseppe

7295
Views
0
Helpful
3
Replies
CreatePlease to create content