Re: asa 5510 QOS ?

Helmeczi Zoltan · ‎02-28-2011

Hi all,

Please advise me about asa5510 feature,capabilities.

My question/problem :

My ISP provides 2 internet connection (1. 8mbps; 2. 2mbps) and his router change the paths if one goes down.

But if the second with 2 mbps is in use it is not enough for all inside network. And we have an inside host which is very inportant.

I have to allocate x bps minimum bandwidth for traffic between 1 inside host and 1 outside host on the outside interface.

The goal is: provide a minimum bandwith for traffic above when the other hosts use too much or all of the bandwidth.

But the above traffic must able to use more than the minimum if the others not use all of the remaining.

How can i do this with asa 5510, or which feature is what i have to use ? (if asa capable to do)

I tried qos features but dont works, but i hope there is a tricky way to solve this problem.

I attached a visio file for help.

andrew.prince · ‎03-01-2011

In which direction is this host important?

inside<>out

or

outside<>in, as this it not clear from the diagram.

Helmeczi Zoltan · ‎03-01-2011

The important direction of this host is:

from inside to outside.

When i try to solve this with qos, my problem was that in the asa, can't set a subset of the network or some ip.

because the qos must be applied to all outgoing traffic on a physical interface.

and one another problem i think that the asa don't know when the 8mbps or wher the 2mbps internet access is active.?

so i don't know how to guarantee a fix bandwidth for this host which can expand if its possible.

andrew.prince · ‎03-01-2011

You need to create a policy that calls a class in that class you reference an acl that defines your source and desintation.

What version of code are you running - you can use IP SLA is use a specific QoS policy I beleive.

Helmeczi Zoltan · ‎03-01-2011

I use asa823-k8.

i try this in test

access-list shape permit ip host 192.168.4.2 any

class-map shape

match access-list shape

policy-map qos_class

class shape ----->here i think must set an action to take any effect

policy-map qos_shape

class class-default --------------->must use this class for shape

shape average 2000000 16000

service-policy qos_class ---------->dont take effect

service-policy qos_shape outside

and in the 8.2 config guide there is a row

:• Traffic shaping must be applied to all outgoing traffic on a physical interface or in the case of the

ASA 5505, on a VLAN. You cannot configure traffic shaping for specific types of traffic.

What do you think?

andrew.prince · ‎03-01-2011

A quick internet search

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml

HTH>

Helmeczi Zoltan · ‎03-02-2011

yeah i know this page but

What do you think which feature will help me?

because with policing, packets are droped when the traffic reach a limit, so it is no good for me.

or priority queuing?

lcaruso · ‎03-02-2011

because with policing, packets are droped when the traffic reach a limit,

you have two possible solutions: either set the exceed action to transmit or configure the burst_bytes to a large enough value to meed your needs.

ciscoasa(config-pmap-c)# police output conform_rate burst_bytes conform-action transmit exceed-action transmit

A burst size of 12,000 bytes (eight 1500-byte packets) is configured:

ciscoasa(config-pmap-c)# police output 8000 12000 conform-action transmit exceed-action drop

andrew.prince · ‎03-02-2011

The issue you have is this - how can the ASA know that the next hop has a bandwidth issue - answer, you can't.

So you need to answer the question - how much traffic MUST the inside host send to the outside host. Then you need to account for that in your policy if you have failed over to your lower speed circuit.

HTH>

Helmeczi Zoltan · ‎03-19-2011

Hi Andrew,

Sorry for my late.

Thank you for your help, but i was not able to test because the device was changed.

Best regards:

Zoltán!