Thanks a lot for the solution. Have a question, which came to my mind. Do i need to apply this configuration on all ASA contexts separately ? and Also, we are going to apply this traffic shaping on ASA level, which has 2 1 Gig interface bundled as port channel-which is used for OUTSIDE traffic. So what will happen, after it crosses ASA and reach the WAN Edge switch and gateway switch. Will it maintain the shaped bandwidth after leaving ASA?

Kindly advice.

Thanks

Sreeraj

Hello,

actually, and unfortunately, QoS is not supported at all on the ASA in multiple context mode. So the solution I suggested doesn't work. That said, what is the edge device in your drawing (the one connected to the Internet), is that an ASA as well ?

The Edge switch is Nexus 7k-vdc switch, which takes the input from ASA virtual Outside interface from each context (which is a single Port channel interace with 2 physical interface bundled).

Can we do a Rate limiting/preference setting on Nexus 7k Edge switch level and give prefernce for migration traffic with out affecting existing customer web traffic.

--------------|

ASA context 1   |

--------------|===Gig 0/4===| -----------------------|---------

                         |       (Po 10)     |     Nexus7k-VDC(EdgeSw) |--------- +++++++++++

ASA context 2   |===Gig 0/5===|------------------------|---------   WAN switch   ======>Provider------>

--------------|                                                                   |---------++++++++++++

ASA context 3   |

--------------|

Please advice

Thanks

Sreeraj

Hello,

sorry for the confusion, I meant the WAN switch. Is that under your control, and if so, what model/platform is that ?

I believe, WAN Switch is an 3750 stack, which is not in my control. But the Edge switch, is under my control, Can we do some configuration settings on Edge switch. Also, suggest the configuration we can do on 3750 stack to make this solution work.

Hello,

the thing is: whatever you configure on the devices that are in front of the Internet edge device doesn't matter if everything goes out through a single 1Gbps pipe. 

Are you using some sort of MPLS for the WAN ? The 3750 doesn't support NAT, so if that is the device connected to the 'Internet', there must be something else, probably provided by the ISP, in front of it.

I think your only option is to get with your ISP and ask them to implement something similar to what I have initially suggested...

Thank you. Will the service provider will agree and be able to give rate limit traffic for the default internet traffic and give preference/definite value for specific traffic ? Please suggest.

And also, i believe, we should be able to set Rate limit of the Edge switch, am not sure, how to achieve here, since there is only a single vlan which is consolidated for all customer internet traffic.

Hello,

setting any sort of QoS on your Nexus will only affect the link between the Nexus and the WAN switch, so it would not make any sense to configure it there. Most providers are probably willing to implement what you want, after all, you are the paying customer...

Thanks for the help.