06-03-2017 06:38 PM - edited 03-08-2019 10:50 AM
QOS for traffic going outside the router is straight forward. You specify classes for your traffic and prioritize, shape and police; based on the classes.
Ingress is a little confusing. Assuming I have 4/4mbps bandwidth available. I shape my traffic to 4mbps so there are no drops. Voice is prioritized and non-priority traffic is policed. Everything is perfect on the egress side.
But what can I do on the ingress side to ensure all the bandwidth is not used for http? I can just police http, right? But what if someone tries to download using some other protocol and use all the available bandwidth? I can't shape or do prioritization for ingress traffic.
Assuming my priority traffic comes from 1.2.3.4 and 4.5.6.7 and I want to reserve the 3mb bandwidth for it, is the following the best way:
class-map priority_traffic
match access-group name priority
policy-map input
class priority_traffic
class class-default
police cir 1000000
conform-action transmit
exceed-action drop
ip access-list extended priorty
permit ip host 1.2.3.4 any
permit ip host 4.5.6.7 any
06-04-2017 05:23 PM
Typically, you mark ingress, then you police the marked traffic on the egress interface.
so you would not need to police/shape traffic on your ingress interface.
PLease rate if usefull
06-05-2017 04:34 AM
When possible, the best QoS for ingress is the "other side's" egress.
When that's not possible, you can do things like police ingress, as you mention, but your "mileage may vary" as to how effective it is for your QoS needs.
I found you often must police at a (even much) higher rate to obtain the bandwidth guarantee you're looking to obtain for some of your traffic.
BTW, depending on the kind of ingress traffic, you might also be able to shape control flow egress traffic, like shaping egress TCP ACKs to help regulate ingress TCP flow rates.
There are also 3rd party appliances that can do more, like spoofing a receiver's TCP RWIN to regulate a TCP sender's transmission rate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide