Asymmetric Qos

From: Devi Mallampalli (Devi.Mallampalli@chubb.com.au)
Date: Tue Sep 07 2004 - 02:07:06 GMT-3

• Next message: Kenan Tahsin Hersan: "IS-IS Strange Problem"
• Previous message: Annu Roopa: "OT: Books to Sell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group,

I got a requirement at hand to deploy Asymmetric Qos at our Corporate
Internet Boundary to Protect one of our Ecommerce application which may
need 1MB of dedicated B/W for herself. We need to *control* the busty
web bound traffic , both inbound and/or outbound on our primary 2MB
Frame (which is likely to go for 4MB shortly) out through our ISP. Our
Egress interface traffic is relatively lighter when compared to Massive
amount of traffic which is coming back on Ingress interface. And
particularly when we do not control our upstream router at ISP , it is a
bit of an issue for us to Protect the mission critical Ecommerce HTTPS
traffic from other dominant HTTP traffic.

I am currently looking at both Shaping and Policing. Originally I
thought of doing Shaping at Egress , but later began thinking that it
may NOT help me because , we RARELY fill in the outbound queue and so
Queuing engine may not kick in at all. So the only option which I may
have is , to do Policing at Ingress interface. And I am of the opinion
that though Qos is an end-to-end technology , Policing at Ingress can
still do the job by NOT allowing any single HTTP or FTP or SMTP flow to
dominate our 2MB or 4MB Internet pipe. Particularly for TCP based
Applications. Because with regular drops in the event of congestion or
even before congestion point(in the presence of RED I suppose), TCP's
sliding window mechanism will kick in and make Server/client end to back
off and wait for ACK which in turn can make them wait for a second or 2
before she tries to put 1s & 0s on the wire again. Though it may sound
like we are NOT gaining any thing from Policing because the Data is
already traveled across the Local Loop , but I think we can still save
considerable amount of B/W on a decent pipes such as 2MB or 4MB Frame
circuits as they can carry multiple flows. I am also looking at
deploying NBAR at our Internet Router who can diagnose the traffic flows
and can discover and drop the less critical HTTP traffic to protect
HTTPS traffic.

But I am after the best and workable approach , I suppose.

I am sure some one must have tried sort of Asymmetric Qos at Internet
boundary on Production networks before and really appreciate some feed
back along with good/bad experience.

Cheers

Devi.

*************************************************************
This email and any files attached are considered
confidential and intended solely for the use of the
individual or entity to whom this email is addressed.
If you have received this email in error, please send a
reply message to this email address.
This footnote also confirms that the above email has been
scanned for the presence of computer viruses.
*************************************************************

• Next message: Kenan Tahsin Hersan: "IS-IS Strange Problem"
• Previous message: Annu Roopa: "OT: Books to Sell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:39 GMT-3