Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Qos on Subrate links to internet

Hi just a question regarding limiting web traffic

I have a Switch, a Firewall, a router, then a 20Meg EFM circuit (fancy multiplexed dsl)

Connected at 1gig between Switch (3750) and FW(ASA) and Router(2901), then at 100MB Link between the Router and the Service provider's Device.

The link is subrate because the 100Mb link to the SP is policed to 20 MB (symmetric)

If I wanted to carve 12 MB for Web traffic, this is fine either shaping or policing applied inbound into the Firewall, or applied on the router. - Traffic flowing to the internet

The problem I have is obviously the nature of Web traffic, being that outbound requests are far smaller in size than the return traffic for users which is the web pages they desire.

Without service provider involvement, is there a way to limit the web traffic in both directions?  How do others achieve this goal? A tiny outbound limit on internet requests?

Policing inbound from the internet will not help here as the traffic has already passed trhought he subrate bottlenecks.

Any ideas gents

Everyone's tags (3)
Super Bronze

Re: Qos on Subrate links to internet


The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.


The normal solution is to shape your overall outbound traffic to your subscribed rate.  If desired, you can prioritize traffic within the shaper's constraints.

For inbound, you're very restricted in what you can effectively do.  This because, as you've noted, you're downstream of the bottleneck.  However, for rate adaptive traffic (e.g. TCP) you can police some of it, to attempt to "set aside" bandwidth for other (more important?) traffic; or you might shape return ACKs.

CreatePlease login to create content