Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
0
Helpful
6
Replies

Bandwidth control possible on ASA?

Andrew White
Level 2
Level 2

‎01-31-2015 05:19 AM - edited ‎03-11-2019 10:25 PM

Hello,

 

We had an issue the other day where replication through our ASA caused the ASA to hit is maximum throughput of 450mbps.  We tried to set the replication software to use less bandwith but the software takes no notice.

It uses port tcp 3650 and replicates from the inside interface through to dmz6 (WAN) which is a sub interface on the ASA,  during this time other services were effected as the CPU hit 95%, especially Citric which is hosted remotely through DMZ6 too.

 

Can I limit the bandwidth based on the ports being used and priorities Citrix traffic?

 

Citrix servers are on 192.168.139.x/24

Remote replication subnet is 192.168.38.x/24 especially 192.168.38.55.

 

Many thanks as the ASA it think is just using FIFO and can't cope at busy times, hopefully I can do something on the ASA like QoS or bandwidth policies, but I'm not experienced enough to configure thus myself, any examples would be great.

 

Thanks

Labels:
0 Helpful
6 Replies 6

johnlloyd_13
Level 9
Level 9

‎01-31-2015 06:52 AM

Hi,

Yes, you can police Citrix traffic based on its ports.

http://ccnpsecuritywannabe.blogspot.sg/2013/10/controlling-bandwidth-on-asa-traffic.html?m=0

I suggest using ASDM if you're not confident with ASA CLI.

0 Helpful

Andrew White
Level 2
Level 2
In response to johnlloyd_13

‎01-31-2015 09:36 AM

Thanks,in your experience would you use policing or shaping?

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to Andrew White

‎01-31-2015 10:13 PM

You'll go for policing for your case and match Citrix traffic. Shaping only 'shapes' default traffic not matched by any traffic class.

0 Helpful

Andrew White
Level 2
Level 2
In response to johnlloyd_13

‎02-01-2015 01:37 AM

So would I give the replication traffic a lower bandwidth than Citrix?  To be honest replication is taking up to much bandwidth generally as it goes through the inside then to dmz6 where we replicate to and not effecting just Citrix.

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to Andrew White

‎02-01-2015 07:11 AM

That depends on which traffic is critical for your business. I suggest you do a pre and post network traffic analysis whend doing QoS.

0 Helpful

Andrew White
Level 2
Level 2
In response to johnlloyd_13

‎02-01-2015 07:35 AM

I just need to make sure Citrix gets what it needs and replication does eat everything up and stop the users calling :) Maybe I could just use an interface policy based on the ports replication uses and cap it at at a certain amount of megabytes so things run smoothly?

If I create a policy for Citrix to have a certain amount of bandwidth does it guarantee it will get it above replication?  So if I set a policy for Citrix and give it say 100mb and replication kicks in will Citrix traffic be not effected?

Sorry it is new to me.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card