I have an internet facing 7200 with one connection to my ISP. That connection is a single 100Mb circuit for all our 'live application' and 'user' traffic.
As we begin to use more and more of the circuit I'd like to make sure that the live data always has priority over the less important 'user' traffic which is mainly http browsing stuff.
I've set up my PIX so that all user traffic comes in/out on a particular external IP so I guess I can limit on this...Is it better to limit the non-important stuff or prioritise the important stuff? Will I need to limit in both directions, or just inbound from the outside?
Any help you can give me would be greatly appreciated!
You want to provide your data traffic a gauranteed amount of bandwidth, you should create a class-map to match your data traffic and then sepficy the bandwidth reserved for this, then all other traffic will fall into class-default class, which by default will get 25% of BW.
You also need to apply this in the OUTBOUND direction.
You can do many things with the outbound traffic, and a simple first step is activation of CBWFQ default class FQ.
Inbound traffic is a problem. You can police it, but such policing is often after inbound traffic has already congested your WAN link. You can restrict the rate so much, you might avoid such inbound congestion, but doing this effectively often requires a very low cap.
Ideally, you want to manage congestion upstream, where the congestion forms, but this is often on the ISP equipment, and many are not receptive to doing so. (Of course, you might mention to your ISP if they're not receptive, you'll need to find a new ISP that is, but not as a bluff.)
Another tecnique for controlling inbound bandwidth usage, assuming traffic is TCP, is to shape outbound ACKs. Very tricky to do right, and inbound bandwidth usage can still vary. The big advantage of outbound ACK shaping, you can configure it much like outbound congestion management so it only has an effect when the total traffic goes over some cap, instead of an inbound policer limiting a class of traffic even when the bandwidth is available.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.