Solved: QoS for Active Directory Packet from Head Office to Branch Office

Arie -- · ‎12-16-2016

Hi,

I have setup the connection link between Head Office and Branch office through MPLS link. The maximum bandwidth between Head office and Branch office is 1Mbps.

The Active Directory server is located in Head office and it needs to send traffic from the server to Branch office. They require to set dedicated 128Kbps for active directory traffic from Head office to Branch office.

So, in 1Mbps, there is 128Kbps for active directory traffic and the rest of bandwidth is best effort.

How can I allocated the bandwidth by using QoS?

Thank you.

Regards,

Arie

Joseph W. Doherty · ‎12-18-2016

class-map match-any BranchX
!match ip block to branch

class-map match-any AD
!match AD traffic

policy-map SampleParent
class BranchX
shape average 1000000
service-policy SampleAD

policy-map SampleAD
class AD
bandwidth 128000

int Gig#

service-policy SampleParent out !or it might be "out SampleParent"

View solution in original post

Joseph W. Doherty · ‎12-16-2016

What's the HQ device that hands off to MPLS? What's the physical bandwidth, at HQ, to MPLS?

What's the MPLS topology? I.e. could other sites send to the branch concurrently with HQ?

Arie -- · ‎12-16-2016

Hi Joseph,

In HQ is Cisco 2951 router and the physical bandwidth to MPLS is 1 Gbps.

In MPLS, I use BGP routing and the branch only accepts ASN from HQ so the traffic from each branch will send to HQ. Maybe it's called Hub-and-spoke, if I'm not wrong.

Joseph W. Doherty · ‎12-18-2016

class-map match-any BranchX
!match ip block to branch

class-map match-any AD
!match AD traffic

policy-map SampleParent
class BranchX
shape average 1000000
service-policy SampleAD

policy-map SampleAD
class AD
bandwidth 128000

int Gig#

service-policy SampleParent out !or it might be "out SampleParent"

Arie -- · ‎12-18-2016

Hi Joseph,

Thanks for the sample configuration. :)

Btw, how does to match AD traffic? I mean, is that match by TCP/UDP port or by the AD's IP address?

Joseph W. Doherty · ‎12-20-2016

Either and/or both. You need to somehow identify the AD traffic.

aekinaka.palace · ‎03-14-2017

Arie-

Did you ever implement a configuration to resolve this problem? I have a similar situation with several remote MPLS sites with very limited bandwidth that are suffering from active directory replication problems due to link saturation among other things.

A working QoS setup might help us too.

Joseph W. Doherty · ‎03-15-2017

For what platform?

Generally, you want to shape for your least amount of end-to-end bandwidth, and apply a QoS policy to that. Often FQ (as the QoS policy), alone, can handle 95% of QoS needs.

If yours is also a multipoint topology, you need to insure the aggregate of all the senders doesn't overrun the receiver. Can be difficult to do, and it's generally inefficient.

As you mentioned MPLS, generally MPLS vendors can provide some QoS support. When dealing with multipoint, that's what you also want.

NB: MPLS vendors QoS support, IMO, is often rather lacking in features, but then they are more interested in solving your congestion problems by selling you more bandwidth.