Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

QoS question about input/output policy

Hello-

Our client has MPLS connected all sites. Each site has a router connected to MPLS via serial interface,

and connected to the switch (6500) via ethernet interface. There is QoS applied on the serial interface

for outbound.

Q1: It appears there are lots of inbound traffic coming to the site, and the client applied QoS on outbound

What I learned that after the packet are marked by the CPE, the ingree Provider Edge Router (PER)

uses these marking to map flows to various Label Switched Paths (LSPs) providing differentiated treatment

accross the network. Then at egree, the PER applies queuing policying based on the CPEs orginal DSCP markings

to properly allocate bandwidth on the egrees link during congestion. My guess we really don't need to have

inbound policy applied in the serial interface on the router, am I correct?

Q2: The serial interface has 1.5 MB, and the goal is we want to have 1 MB for cirtical apps, and 0.5 MB for download/upload

internet access. If we apply this policy on the switch, A) should I apply it on the VLAN interface or the port connected to the router?

B) Should I apply output or input? Any suggestion?

Regards,

Joe

6 REPLIES

QoS question about input/output policy

Joe,

I personally use inbound policy maps for policing traffic. I don't know what type of service that you have from your ISP, but mine doesn't create policies to help us out. They only allow us to pass tags that they tell us they'll support and I have policies based around those. Policing inbound allows me to drop excess traffic. For example, I have SEP servers that sometimes users will come across the wan to get updates, but downloading those can take up a lot of the link. I have a policy that matches on my SEP servers source addresses and only allows them 10% of the link before it starts dropping traffic. Outbound on both ends of the link is fine for two-way communication in most scenarios.

In your scenario, your routed port is your egress port, so you could apply outbound there. Where is the current policy? Is it on your switch or router? I'd put it on my router and mark there if you're not doing an L2 markings.

John

HTH, John *** Please rate all useful posts ***
New Member

QoS question about input/output policy

Thank you John for looking at my issue.

My QoS policy is apply on the routed port on the router for outbound. My major problem is the user downloads the file and take up lots of bandwidth. My policy is allowed 15% of the link. Is it a good idea to apply the same outbound policy for the inbound in the same serial interface on the router? I just want the users to have under 15% bandwidth when they download and I can live with other inbound traffic. Any better way to implement? Any sample configuration is appriciated.

QoS question about input/output policy

Joe,

It's going to be very hard to implement a downloading control policy unless you know what addresses users are downloading from. Are they downloading from the internet or from a server that you own?

John

HTH, John *** Please rate all useful posts ***
New Member

QoS question about input/output policy

John,

I have address from the LAN (192.168.10.0), but don't have address coming from. So assuming any IP to the LAN address via 80 and 443 that I want to restrict.

thanks,

Joe

QoS question about input/output policy

It's going to be very difficult to do what you're wanting if you don't know the source addresses. What happens is that once you go out to the internet, you'll be natting somewhere. You'll need to control what comes back into your public side and not to the private addresses. For example, if you nat 192.168.10.50 to 5.5.5.50, outbound you can control 192.168.10.50, but inbound you'll have to control what comes into 5.5.5.50. And not knowing the source address means that you can't differentiate downloads from normal web browsing.

HTH, John *** Please rate all useful posts ***
Hall of Fame Super Bronze

QoS question about input/output policy

Additionally, placing an inbound policy in your router is fruitless as the flows have consumed your precious bandwidth anyway.

The best way of controlling internet traffic is by using proxy servers along with web cache engines.

Regards,

Edison

562
Views
0
Helpful
6
Replies
CreatePlease to create content