Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1621
Views
0
Helpful
2
Replies

Ingress QOS

Frank Sinatra
Level 1
Level 1

‎06-03-2017 06:38 PM - edited ‎03-08-2019 10:50 AM

QOS for traffic going outside the router is straight forward. You specify classes for your traffic and prioritize, shape and police; based on the classes.

Ingress is a little confusing. Assuming I have 4/4mbps bandwidth available. I shape my traffic to 4mbps so there are no drops. Voice is prioritized and non-priority traffic is policed. Everything is perfect on the egress side.

But what can I do on the ingress side to ensure all the bandwidth is not used for http? I can just police http, right? But what if someone tries to download using some other protocol and use all the available bandwidth? I can't shape or do prioritization for ingress​ traffic.

Assuming my priority traffic comes from 1.2.3.4 and 4.5.6.7 and I want to reserve the 3mb bandwidth for it, is the following the best way:

class-map priority_traffic

   match access-group name priority

policy-map input

   class priority_traffic

   class class-default

      police cir 1000000

         conform-action transmit

         exceed-action drop

ip access-list extended priorty

   permit ip host 1.2.3.4 any

   permit ip host 4.5.6.7 any

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Dennis Mink
VIP Alumni
VIP Alumni

‎06-04-2017 05:23 PM

Typically, you mark ingress, then you police the marked traffic on the egress interface.

so you would not need to police/shape traffic on your ingress interface.

PLease rate if usefull

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

jwdoherty
Level 1
Level 1

‎06-05-2017 04:34 AM

When possible, the best QoS for ingress is the "other side's" egress.

When that's not possible, you can do things like police ingress, as you mention, but your "mileage may vary" as to how effective it is for your QoS needs.

I found you often must police at a (even much) higher rate to obtain the bandwidth guarantee you're looking to obtain for some of your traffic.

BTW, depending on the kind of ingress traffic, you might also be able to shape control flow egress traffic, like shaping egress TCP ACKs to help regulate ingress TCP flow rates.

There are also 3rd party appliances that can do more, like spoofing a receiver's TCP RWIN to regulate a TCP sender's transmission rate.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card