cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1016
Views
0
Helpful
3
Replies

QoS policing/shaping for ASA 5510

Angelo ANELLO
Level 1
Level 1

Hi Guys,

     We are looking to implement a bandwidth policy for our Internet link.  What i would like to know is if we use a policing policy, will the exceeded dropped packets be resubmitted from the source?  Will the dropped packets be resubmitted?  Are there any differences besides this when using either policing or shaping policies?  Is one better than the other?

CISCO ASA 5510 IOS 8.2

Your help is appreciated.

Regards,

1 Accepted Solution

Accepted Solutions

Robert Thomas
Level 7
Level 7

Hello Angelo,

I work mostly on voice but I think the QoS advise is general for all tech.

When you use policing the source will tell the drops and force a drop on the tcp window size and throttle back the connection speed. Since the window is cut back, the clients cant send as much data as they did before without an ACK, this basically drives down the download speed from your "clients". The exact drop rate is OS specific but some OS cut back the window in half.

This will give you a chainsaw like pattern close to the police targer.

If you want to be nicer and prevent that same dropping, and chainsaw like pattern you would use shaping. In this case it will buffer packets, and wait for bw blow the shape targer, but if the client keeps sending you will tail drop once the queue is full.

Shapping works for small burst in packet transmit rates.

You could also look into RED random early detection for certain traffic classes you detect with NBAR, ACLs or any other method.

Sent from Cisco Technical Support iPad App

View solution in original post

3 Replies 3

Robert Thomas
Level 7
Level 7

Hello Angelo,

I work mostly on voice but I think the QoS advise is general for all tech.

When you use policing the source will tell the drops and force a drop on the tcp window size and throttle back the connection speed. Since the window is cut back, the clients cant send as much data as they did before without an ACK, this basically drives down the download speed from your "clients". The exact drop rate is OS specific but some OS cut back the window in half.

This will give you a chainsaw like pattern close to the police targer.

If you want to be nicer and prevent that same dropping, and chainsaw like pattern you would use shaping. In this case it will buffer packets, and wait for bw blow the shape targer, but if the client keeps sending you will tail drop once the queue is full.

Shapping works for small burst in packet transmit rates.

You could also look into RED random early detection for certain traffic classes you detect with NBAR, ACLs or any other method.

Sent from Cisco Technical Support iPad App

Hi Robert, thanks for your reply.  Your answer is very informative.  I have attached a graph below of a recent bandwidth test on a particular link we have at one remote site.  I have removed the QoS from the remote router as well as any corresponding QoS config from our primary router but it looks as though the link is still suffering from the symptoms of policing above.

What do you think?

Thanks,

Angelo,

So you remove QoS completely.

I think you need to leverage a combination of Shapping and RED to minimize this Chain Saw effect.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: