ASA Bandwidth Guarantee / Traffic Shaping

gvb · ‎11-29-2014

Working on an environment with a 5512X where there is a need to provide bandwidth guarantees for a few subnets behind the FW (for general Internet traffic, which I assume is mostly HTTP/HTTPS).

I've never had to do any traffic shaping on an ASA, and from what I am reading, there is no way to guarantee bandwidth.. only limit/shape/prioritize.

Any recommendations here?

Karsten Iwen · ‎11-30-2014

The ASA is a device with only limited features when it comes to QoS. You can't even do shaping any more on the actual devices.

The typical recommendation is to apply QoS on the device in front of your ASA if you control it.

jfrancisco1 · ‎12-02-2014

I have similar issue. Internet -> ASA -> 6500. I would like to guarantee Internet bandwidth for couple VLAN, but let others use this bandwidth if not in use. Confused by egress/ingress in this scenario.

AJAZ NAWAZ · ‎02-12-2015

The option of 'Prioritizing' is there, for example with Voice traffic (dscp ef), but I don't see any control knobs for setting min/max interface bandwidth.

btw - ingress and egress is relevant when taking the direction of the flow into consideration. typically egress traffic is what leaves your network and goes out to the internet (for instance). the interface traffic exits out from is whats knows as egress.

the term 'ingress interface' is used to describe an interface where traffic is coming into the device.

both egress/ingress interfaces are more often than come up when discussing edge devices such as internet facing router.

hth