We have multiple T1 and 2xT1 circuits that get maxed out when SCCM is patching multiple computers at a site. The HQ site has a DS3 so I'm looking for suggestions on how to best limit the traffic that the SCCM server can send to a particular site during business hours.
One would be to control by port number if you can find those The other would be by source address.
If the SCCM server have static address(es), you can match on that address going to whereever you want, or you can police inbound at the remote locations (but that means it's already left the core and used that bandwidth). You can create a time range, apply the time range to the acl, and the apply that to a class map which it would match on. You could then create a policy to match on the class and shape outbound during that timeframe.
I was thinking of source address since it looks like sccm uses a lot of 443 and 80. I'm wondering though if I have the sccm as source in each line and each remote site subnet as the destination, what will happen when sccm is patching one system at site b and is limited by qos to say 500kbs (T1 site) then it starts to patch a second at the same site will it get another 500 or will the shaping per destination subnet apply across the whole subnet no matter how many machines come online?
That depends on how you set up your classes. You could match all sites that have a T1 in the same acl and then shape on that class. Your shaping policy will cap out at whatever you set for any destination listed in the acl.
You could give the higher bandwidth sites more bandwidth by creating a different class for them. If you wanted to give one site preferential treatment, you'd need to create a separate class for them.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...