Solved: Re: Internet access and QoS

Neil Haswell · ‎11-11-2013

We have small branch offices that use the datacenter internet access for their main internet access. the DC has a 100mb pipe.

If we want to prioritize downloading from the internal addressess (RFC1918 address) would we be looking to shape the traffic on the Datacenter router out, rather than police the traffic inbound on the branch office routers?

Some branch offices have only 2mb download and we want to ensure company apps hosted inside the network are prioritized.

Thanks in advance.

Joseph W. Doherty · ‎11-11-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Hmm, QoS on 6500s depends much on your line cards. LAN type cards have simple QoS, WAN type cards offer more, but many of those are restricted to the 7600 series.

Ah, Internet. Branches use same link for local (site) Internet access? If they do, it often makes bandwidth management impractical.

The right path, generally, is QoS manage of bottleneck bandwidth. For example, egress QoS for the 2 Mbps DSL. When you don't have control of the bottleneck interface, you often can manage the bottleneck's bandwidth by shaping for its bandwidth upstream. For example, at the last device you control before you send the data across Internet or a private WAN cloud.

When you have any-to-any traffic, for example as often found in MPLS VPN clouds, it's usually impractical to perform upstream shaping (because of multiple sending sites), then vendor (egress) QoS becomes part of the solution.

View solution in original post

Joseph W. Doherty · ‎11-11-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

If we want to prioritize downloading from the internal addressess (RFC1918 address) would we be looking to shape the traffic on the Datacenter router out, rather than police the traffic inbound on the branch office routers?

Yes.

Neil Haswell · ‎11-11-2013

as most sites are terminated on an IPSEC tunnel or via MPLS how would we acheive this?

Where would we put the qos statements, on what piece of equipment, or would a new purchase be required?

Joseph W. Doherty · ‎11-11-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

How to achieve? Well that's quite an expansion of your original question - which is better, egress shaping or ingress policing - I've been told my consultation fees are reasonable - laugh.

Seriously, to answer that kind of question accurately, I would need much more detail beyond most sites use IPSec tunnels or MPLS. However, I will say, if either is supporting a WAN that has traffic, to a branch, from more than your DC, QoS becomes much more complex.

I'll also mention, QoS feature support varies much between Cisco devices, so it's possible you would be better served by different equipment, but again, I would need much more information.

If you're thinking it's easy to police on each branch's ingress, it is, but the problem is, ingress shaping is downstream of the physical bottleneck. It certainly will control bandwidth beyond the policer, but bandwidth control before the policer is "hit or miss".

Neil Haswell · ‎11-11-2013

you are quite correct- it is a huge expansion on the original concept.

Basically we have 2 scenarios

a branch office with the a 2mb dsl line and IPSEC to the datecenter router (we control). that then goes either to the local services via the 6509 with its VRFs that we control in the DC or hands off internet traffic to 50mb pipe (another vendor supplied router)

a larger branch MPLS vendor supplied router with 10 or 20Mb connections to the Datacenter again to another vendor supplied router.

I use the term "we control" loosely.

I suspect that with a lot of this sort of stuff it comes down to feature sets on the IOS on the 6509

and i suppose what I am after if conceptually am I on the right path.

Can i basically say for any given subnet that the vrf on 6509 routes to that the bandwidth to a site is xMb and for non RFC1918 traffic dont go past 25% for example??

Or should we be looking for the application of this QoS on the vendor supplied routers?

Joseph W. Doherty · ‎11-11-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Hmm, QoS on 6500s depends much on your line cards. LAN type cards have simple QoS, WAN type cards offer more, but many of those are restricted to the 7600 series.

Ah, Internet. Branches use same link for local (site) Internet access? If they do, it often makes bandwidth management impractical.

The right path, generally, is QoS manage of bottleneck bandwidth. For example, egress QoS for the 2 Mbps DSL. When you don't have control of the bottleneck interface, you often can manage the bottleneck's bandwidth by shaping for its bandwidth upstream. For example, at the last device you control before you send the data across Internet or a private WAN cloud.

When you have any-to-any traffic, for example as often found in MPLS VPN clouds, it's usually impractical to perform upstream shaping (because of multiple sending sites), then vendor (egress) QoS becomes part of the solution.