Showing results for 
Search instead for 
Did you mean: 

Community Helping Community


Ingress QOS

QOS for traffic going outside the router is straight forward. You specify classes for your traffic and prioritize, shape and police; based on the classes.

Ingress is a little confusing. Assuming I have 4/4mbps bandwidth available. I shape my traffic to 4mbps so there are no drops. Voice is prioritized and non-priority traffic is policed. Everything is perfect on the egress side.

But what can I do on the ingress side to ensure all the bandwidth is not used for http? I can just police http, right? But what if someone tries to download using some other protocol and use all the available bandwidth? I can't shape or do prioritization for ingress​ traffic.

Assuming my priority traffic comes from and and I want to reserve the 3mb bandwidth for it, is the following the best way:

class-map priority_traffic

   match access-group name priority

policy-map input

   class priority_traffic

   class class-default

      police cir 1000000

         conform-action transmit

         exceed-action drop

ip access-list extended priorty

   permit ip host any

   permit ip host any

VIP Advisor

Typically, you mark ingress,

Typically, you mark ingress, then you police the marked traffic on the egress interface.

so you would not need to police/shape traffic on your ingress interface.

PLease rate if usefull

Please remember to rate useful posts, by clicking on the stars below.


When possible, the best QoS

When possible, the best QoS for ingress is the "other side's" egress.

When that's not possible, you can do things like police ingress, as you mention, but your "mileage may vary" as to how effective it is for your QoS needs.

I found you often must police at a (even much) higher rate to obtain the bandwidth guarantee you're looking to obtain for some of your traffic.

BTW, depending on the kind of ingress traffic, you might also be able to shape control flow egress traffic, like shaping egress TCP ACKs to help regulate ingress TCP flow rates.

There are also 3rd party appliances that can do more, like spoofing a receiver's TCP RWIN to regulate a TCP sender's transmission rate.

CreatePlease to create content
Content for Community-Ad