Hi Joseph,

Yeah the problem is we are a company of about 15 sub-companies, so the bills go to different people all over the country (not efficient, I know), and most of the those people I've called don't have the bills.  However, I was able to get a few ISP techs that must not be up on the rules to release some of the information, which brings me to another question:

One of the sites has 27Mbps down service from the ISP. My speed test on that same site shows 16Mbps down.  That means there is an 11Mbps difference in what we are getting vs what we are paying for.  Let's assume the branch was using 11Mbps at the time of the speed test. Is the speed test on the 27Mbps circuit going to come back at 16Mbps if the site is using 11Mbps, or should the speed test show me 27Mbps regardless of how subscribed the pipe is at the time of the speed test? I assume the latter.

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

". . . so the bills go to different people all over the country (not efficient, I know), and most of the those people I've called don't have the bills."  I understand. At the company I work at now, it took almost a year to run down the circuit's bill for a site we decommissioned.  The service provider didn't seem to mind us continuing to pay for a down (on our end) circuit.

My expectation would be your speed test should show whatever bandwidth is available at the time of the test.  If there's other concurrent traffic, interface stats, on the device terminating the provider's link, should show total aggregate usage.

Thanks Joseph, for all your help on QOS. One more very important question:

When I deploy the traffic shaper policy on the ASA, does that effectively make that circuit whatever bandwidth is specified in the class-map-default statement? Or does it only serve to trigger when QOS kicks in?  Reason I am asking is because I have some sites with 3Mbps pipes, but I might like the ASA to start prioritizing VOIP when bandwidth gets to 2Mbps. So if I configure the shaper for 2mbps (shaper average 2000000) on a 3Mbps pipe, I just want to make sure I am not effectively making the interface only 2Mbps and preventing my site from using the remaining 1Mbps of bandwidth that is otherwise available when applying the shaper policy.

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Again, just want to mention, I'm pretty unfamiliar with ASAs, but assuming their QoS is like Cisco routers . . .

Generally, a shaper will restrict traffic to the shaped rate.  So, if your circuit supported 3 Mbps, and you shaped at 2 Mbps, effectively you'll only get 2 Mbps of performance.

As to how QoS "triggers", that depends on the configuration.  QoS can be configured "above" or "parallel" with a shaper, or subordinate to it.  The latter QoS will behave (somewhat) like a QoS on a circuit for the shaped rate.

BTW, if you have 3 Mbps of bandwidth, there's no reason to shape at 2 Mbps to prioritize something like VoIP, assuming there's a QoS policy subordinate to the shaper.

For example, if you had 3 Mbps, and you want to guarantee 1 Mbps for VoIP, you could configure something like:

policy-map SampleA

class LLQ

priority 1000000

class class-default

shape average 2000000

The above would only work correctly if the port ran at 3 Mbps.  Plus, it restricts non-VoIP traffic to 2 Mbps, even if VoIP isn't using all its bandwidth.

QoS might also be "better" configured as:

policy-map 3Mbps

class class-default

shape average 3000000

service-policy SampleB

policy-map SampleB

class LLQ

priority 1000000

Thanks Joseph.  Unfortunately ASA's don't offer the ability to configure the priority command with a value following it for reserving bandwidth. The best you can do is "priority."

FW63PineBluff-5505(config-cmap)# policy-map QOS-POLICY
FW63PineBluff-5505(config-pmap)# class QOS-VOICE
FW63PineBluff-5505(config-pmap-c)# priority ?

mpf-policy-map-class mode commands/options:
  <cr>

I was hoping the traffic shaper would just trigger QOS and wouldn't effectively rate-limit the port. Normally this wouldn't be a problem, but I was able to get the bandwidth values for the WAN circuits from the ISPs, and what we are paying for does not match what the speed test shows in most cases. For example, I have a site that is allegedly getting 100Mbps from the ISP, but speed tests show it only gets 7Mbps.  So then it becomes a matter of; "Do I shape the interface to 100Mbps or do I shape it to 7Mbps? If I shape it to 100Mbps, will it ever even really kick in? If I shape it to 7Mbps, will I choke out the site?" etc etc... 

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

If you're not getting the bandwidth you're paying for, time to "talk" with your provider.  However, a provider's contract might not guarantee any actual bandwidth or guarantee very little, vs. the "nominal" bandwidth.

If you know for a fact, you never, or rarely, will get the "nominal" bandwidth, then yes, you might want to shape slower.  Unfortunately, this does preclude taking advantage of and or all available bandwidth, but it does better guarantee service for things like VoIP.  You would shape for the bandwidth you're pretty sure you can obtain.

BTW, Cisco has a relatively new feature for DMVPNs, that can shape dynamically based on available bandwidth.  Of course, probably not available for ASA.

On routers, I had one case where I was very tempted to create my own dynamic shaping using SLA and embedded scripting.  However, "problem" site was closed, so I didn't need to pursue further.

Yeah I wish ASA's had DMVPN support. Would make admin overhead so much easier.

Thanks Joseph.  Appreciate all your help on this one.