11-07-2013 11:28 AM - edited 03-11-2019 08:02 PM
Hello!
I have never do some QoS config at Cisco ASA. But I was asked to do a QoS config at a ASA5505. The customer complain is that when he access a video/web meeting site he had a lot of problems, like delay and a bad quality in general.
Infos:
Ports and specifications:
The MegaMeeting.com services utilize the Real Time Message Protocol (RTMP) over port 1935, as well as the Real Time Message Protocol (RTMPT) over port 80 (tunneling via http) and the Real Time Message Protocol Secured (RTMPTS) over port 443 (tunneling via https) to allow audio, video and text chat to securely be transmitted from computer to computer.
Site: http://cfi-network.megameeting.com/guest/#id=XXXXXX
Internet Type: Radio, Download: 9Mbps. Upload: 1.2Mbps to 9Mbps (Yes, very variable!)
License: This platform has an ASA 5505 Security Plus license.
The question is: How can I improve his web meeting uses?
I found a lot of QoS configurations but always focus in VoIP. But I need it on Web Meeting/conference.
Solved! Go to Solution.
11-08-2013 06:18 AM
Hello Caio,
Exactly man
U got it
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
11-07-2013 12:26 PM
Based on some materials, I created the following script:
access-list web_conf extended permit tcp 10.6.0.0 255.255.0.0 any eq 1935
access-list web_conf extended permit udp 10.6.0.0 255.255.0.0 any eq 1935
access-list web_conf extended permit tcp 10.6.0.0 255.255.0.0 any eq 80
access-list web_conf extended permit udp 10.6.0.0 255.255.0.0 any eq 80
access-list web_conf extended permit tcp 10.6.0.0 255.255.0.0 any eq 443
access-list web_conf extended permit udp 10.6.0.0 255.255.0.0 any eq 443
access-list web_conf extended permit tcp any 10.6.0.0 255.255.0.0 eq 1935
access-list web_conf extended permit udp any 10.6.0.0 255.255.0.0 eq 1935
access-list web_conf extended permit tcp any 10.6.0.0 255.255.0.0 eq 80
access-list web_conf extended permit udp any 10.6.0.0 255.255.0.0 eq 80
access-list web_conf extended permit tcp any 10.6.0.0 255.255.0.0 eq 443
access-list web_conf extended permit udp any 10.6.0.0 255.255.0.0 eq 443
priority-queue inside
priority-queue outside
class-map webconf-inside-class
match access-list web_conf
class-map webconf-outside-class
match access-list web_conf
policy-map outside-policy
class webconf-outside-class
priority
policy-map inside-policy
class webconf-inside-class
priority
policy-map ins-policy
class class-default
shape average 2000000 8000
service-policy inside-policy
policy-map out-policy
class class-default
shape average 2000000 8000
service-policy outside-policy
service-policy ins-policy interface inside
service-policy out-policy interface outside
What do you think about it?
11-07-2013 04:42 PM
Hello Caio,
How u doing buddy.
My recommendations
1. It all starts with the right classificaiton of traffic
Make sure you match only the traffic you need.
On the configuration you show us you match for example all traffic leaving the internal network to internet via port TCP 80.
This will match all HTTP traffic, even the one to youtube and other non-work related sites
So match the traffic with Source IP, destination IP and Destination Port!
2. Enable QoS traffic Priority.
This will enable a preference queue on the ASA interfaces where the traffic you want (clasiffy before) will be placed so when congestion happens; the packets on this queue will take precedence.
3.Enable Traffic shapping:
Traffic priority will start to happen as long as the ASA feels that it's being overwhelmed on it's interfaces. we must accelerate this process to really take advantage.
If we configure this then as soon as the limit rate is reached priority wil succeed!
Now back to your configuration:
-Do the Traffic priority and traffic shapping only on the outside interface ;D
- Are u paying for 2 MBs from the ISP? If yes then u are good
-Change the class-maps as requested
Hey buddy, remember to Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
11-08-2013 05:04 AM
Julio, Thank you. Now I need some adjusts:
According to your points:
1. Right, I changed the configuration including only the two hosts that need to access it.
access-list web_conf extended permit tcp host 10.6.25.23 any eq 1935
access-list web_conf extended permit tcp host 10.6.25.20 any eq 1935
access-list web_conf extended permit tcp any host 10.6.25.23 eq 1935
access-list web_conf extended permit tcp any host 10.6.25.20 eq 1935
access-list web_conf extended permit tcp host 10.6.25.23 any eq 80
access-list web_conf extended permit tcp host 10.6.25.20 any eq 80
access-list web_conf extended permit tcp any host 10.6.25.23 eq 80
access-list web_conf extended permit tcp any host 10.6.25.20 eq 80
access-list web_conf extended permit tcp host 10.6.25.23 any eq 443
access-list web_conf extended permit tcp host 10.6.25.20 any eq 443
access-list web_conf extended permit tcp any host 10.6.25.23 eq 443
access-list web_conf extended permit tcp any host 10.6.25.20 eq 443
2. So, Will It be like this?
class-map webconf-outside-class
match access-list web_conf
policy-map outside-policy
class webconf-outside-class
priority
3. Could I keep this config?
policy-map out-policy
class class-default
shape average 2000000 8000
service-policy outside-policy
priority-queue outside
11-08-2013 06:18 AM
Hello Caio,
Exactly man
U got it
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: