Hello there!
I am trying to limit bandwidth use using a traffic policing on a ASA firewall.
Simply using the ASDM under Configuration > Firewall > Service Policy Rules I match for source and destination IP addresses (uses ACL), enable policing under Rule Actions > QoS and set the input and output policing to:
Commited Rate: 45000000 (which is roughly 45 Mbps)
Conform Action: transmit
Exceed Action: drop
Burst Size: 22500 (recommended size by ASDM, unable to set lower value)
The source and destination addresses are in different subnets in different offices connected via 100Mbps metro-ethernet.
When I copy a 100 Megabyte file from source to destination address the bandwidth limit works perfectly, it copies roughly at 45 Mbps.
When I now copy a 8 Megabyte file from source to destination address the bandwidth limit doesn't work, it copies it at 90 Mbps which is pretty close to the entire available bandwidth.
So I think I am not fully understanding how traffic policing works. Is it due to the burst size that small files can be copied at higher bandwidths or am I hitting some sort of bug?
How can I set up the ASA so it will also limit the bandwidth of these smaller files are there other options available?