I'm new to QoS so appreciate any help/guidance :)
There's a requirement to limit bandwidth usage for a specific application's inbound traffic.
This app pushes data up to S3 bucket in AWS, data gets processed by the vendor, and once the data is processed automatically downloaded from S3.
During the test over a 500Mbps link, initial upload was using average of 20Mbps, but subsequent download spiked to over 240Mbps briefly. The vendor has confirmed no way of throttling b/w usage from their app.
As I do not want this traffic to impact other business apps like O365 in production environment, I want to limit the bandwidth usage for the inbound traffic somehow.
host/vlan <=> CAT6707 15.2(1)SY7 <=> inside ASA5555 9.4(4)29 outside <=> Internet <=> S3
In this scenario, would it be possible to use QoS to limit bandwidth for INBOUND traffic? My initial thought is that by the time the traffic hits ASA it's already used up a chunk of b/w, so it's too late to do anything, unless we can do something during initial upload phase to somehow mark the traffic and that is applied to the download process?
Solved! Go to Solution.
As far as I know .. ASA cannot do QoS marking but it does preserve and forward.
S3 does allow bandwidth config -
the application should allow setting bandwidth. If it doesn't ... then its not well design I guess.
Yes, unfortunately the app vendor has confirmed that there's no way throttling bandwidth from the app.
I was looking for alternatives and limiting on S3 was one of them, so thanks very much for the link.
Regarding S3, to your knowledge is this something that you have to do every time or set it once and the config sticks from then on?
As for the QoS on ASA, thanks for the clarification, so I think that the answer is it's impossible to achieve this on ASA alone.
We also use Zscaler for Internet access. We do not currently subscribe to their Bandwidth Control service, but this could be another alternative as this would have benefit of prioritising business critical apps like O365 as well albeit additional cost.
Glad if I can be any help ..
As far as I know, the max_bandwidth setting is used with S3 calls via CLI or API.
The application is most likely calling the S3 API to upload/download content. The max_bandwidth parameter, either the app is not using these parameters when calling the API or the parameters are coded in the app.
Proxy is another option to either limit S3 traffic or priorities critical traffic.
Is the app using multiple concurrent requests? One option could be to limit concurrent requests.
app vendor not taking any feature requests for future development? :)
You welcome. Thanks for hitting helpful button :)
please keep this thread open .. there are a lot of clever people here .. someone might come up with a better solution.
Thank you Joseph.
If I was to use traffic policing policy to limit inbound traffic exceeding say 200mb would look something like this?
ASA(config)#access-list s3_eu-west1_acl extended permit ip s3_regional_networks host x.x.x.x
ASA(config-cmap)#match access-list s3_eu-west1_acl
ASA(config-pmap-c)#police input 200000000 conform-action transmit exceed-action drop
ASA(config)#service-policy s3_rate_limit_policy interface outside
As for the traffic shaping option, do I just replace the 'police' statement to 'shape average' ?
Also I'm not quite sure 'Burst bytes' would do in policing policy.