Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
0
Helpful
6
Replies

CoS Policies for WAN - where to place

James Baldwin
Level 1
Level 1

‎08-19-2016 04:22 AM - edited ‎03-05-2019 04:31 AM

Hi folks,

A question(s) in relation to where CoS policies with ACLs should be applied, please.

Scenario: Dual MPLS links (30MBit) to WAN provider, carries to main corporate networks in the UK.

We want to provide a bi-directional bandwidth class of service to 4 types of traffic, let's call them A, B, C, D. 

We want to have a total combined CoS to the practical throughput of the MPLS lines.

Where should those CoS policies be set?

  A) Both Ingress/Egress in our on-site Data Center only

  B) Egress in our Data Center, Ingress at WAN provider

  C) Both Ingress/Egress in both our Data Center and WAN Provider

If I have an access map with an ACL;

   Permit IP any host 10.10.10.10

Does this rule inherently assume reverse ACL (10.10.10.10 > ANY), or do I need to specify the other direction also  ?

Many thanks,

James

Labels:
0 Helpful
6 Replies 6

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎08-19-2016 06:08 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Assuming your MPLS egress is a bandwidth bottleneck, you would want egress QoS there.  (Which isn't one of your choices?)

When it comes to marking your traffic, it may not actually be needed but if it is, ideally, you mark as close to the source of the traffic (assuming the source doesn't mark).  However, you can also often mark even as late as the bandwidth bottleneck.

0 Helpful

James Baldwin
Level 1
Level 1
In response to Joseph W. Doherty

‎08-19-2016 06:28 AM

Hi there,

Ingress would be considered the major risk of contention to critical traffic, as opposed to Egress

To clarify for my example, I'm not sure how clear I made it ;

Company <===Ingress===  ISP

Company ====Egress===> ISP

We're concerned with Ingress, and assuring bandwidth per Cos policy for critical traffic v's say O365 email.

So, should our Ingress CoS policies be applied at the ISP side?

Thanks, James

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to James Baldwin

‎08-19-2016 09:19 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Without a special traffic shaping appliance, it's very, very difficult to manage quality for ingress traffic.  Even special appliances cannot fully guarantee ingress quality.

Since you mention MPLS, you might be able to obtain egress QoS from the MPLS cloud (which would be your ingress).  As MPLS vendors differ much in what they can or will support, you'll need to talk with them.

0 Helpful

James Baldwin
Level 1
Level 1
In response to Joseph W. Doherty

‎08-25-2016 01:32 AM

Thank you Joseph,

Is there another strategy we could employ to control inbound bursts of lower priority traffic?  Perhaps setting a bandwidth limit/cap (as opposed to CoS) ?

While this may reduce the potential utilization of the line, we could assure that no more than % of the bandwidth will be used by lower priority traffic.

Thanks,

James

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to James Baldwin

‎08-25-2016 05:42 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Yes, you can do something like police low priority ingress traffic, but again, it might not be as effective as you desire.  Also again, if you're using a MPLS WAN provider, ask if they support any egress QoS.

0 Helpful

James Baldwin
Level 1
Level 1
In response to Joseph W. Doherty

‎08-25-2016 07:12 AM

Thank you Joseph, very helpful.

I think I need to figure out how/if our inbound traffic is being DSCP marked/honoured.

Thanks

James

0 Helpful
Customers Also Viewed These Support Documents