From: kumara.shunmugam@wipro.com
Date: Tue Sep 13 2005 - 02:54:37 GMT-3
Thanks Chris & Edwards
The actual question was in the book is very clear about the direction. It's the client traffic going to the specified servers from a VLAN. Yes, it is "service-policy output" command that needed here. However, as you pointed out , it is always important to classify the traffic correctly in the Lab. I think if we have any clarification about the traffic direction, we could ask proctor ...
What you say.. ? or do we have any best practices document for ACL filtering specific to each protocols (example , ftp,ftp-data,ntp etc). I think as a Qos master, Chris should able to provide us some tips..
-----Original Message-----
From: Chris Lewis (chrlewis) [mailto:chrlewis@cisco.com]
Sent: Monday, September 12, 2005 6:13 PM
To: Edwards, Andrew M; Kumara Guru Shunmugam L (WI01 - Services); ccielab@groupstudy.com
Subject: RE: QoS- Policing Method
Good points,
My comments is related to the choice of ACLs or NBAR. If you are asked
to limit the E0 interface overall, I would take that to mean both
inbound and outbound traffic (although checking with the proctor would
not be a bad idea). You have to apply the service-policy in or out, but
either way you want to to catch inbound and outbound traffic of the type
you're interested in.
With the ACLs you have, you are only matching on the destination ports
of the protocols you are interested in, take access-list 106 as an
example.
access-list 106 permit tcp any any eq www
This matches any source address/port, but only port 80 destination, to
catch traffic the other way, include a second line for www as below:
access-list 106 permit tcp any any eq www
Access-list 106 permit tcp any eq www any
This way you catch traffic passing the other direction that is part of
http and it counts towards the target rate specified for the interface
overall.
NBAR catches both directions by default, which may or may be what you
want for other questions.
Chris
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Edwards, Andrew M
Sent: Monday, September 12, 2005 7:10 PM
To: kumara.shunmugam@wipro.com; ccielab@groupstudy.com
Subject: RE: QoS- Policing Method
Kumara,
Here has been my experience with any QoS task. From my own experience
in the lab, I don't believe I have been asked to do anything
unreasonable within the QoS or security framework.
What I have noticed however is that I have not been very successful with
these topics.
The only commonality I have found is that both require you to correctly
classify the traffic. For myself, I believe this has been my problem
with these two areas. Thus, I have spent a great deal of time thinking
of ways to actually classify a given traffic set into a class with
either the MQC's multitude of options, or ACLs.
I highly suggest to any CCIE candidate that you really understand and
learn how to classify traffic and then verify you actually classified it
correctly.
IOW, you might not want to rely only on an ACL, but instead use NBAR...
Or maybe both 8)
Further, I would ask you this, "What does the word "mail" include?" Is
it just SMTP, POP3, etc...
Just my 2 cents.
Andy
-----Original Message-----
From: kumara.shunmugam@wipro.com [mailto:kumara.shunmugam@wipro.com]
Sent: Monday, September 12, 2005 12:09 AM
To: ccielab@groupstudy.com
Subject: QoS- Policing Method
Hi Guys
I have a requirement as specified below. I have also included my
answer,Kindly verify the answer and provide me your feedback
1. Limit the E0 interface traffic (overall) to 115.2Kbps (Bc=12000,
be=32000),
The interface traffic less than 115.2K should have the precedence set to
4 and all other traffic greater than 115.2Kbps should be dropped
2. Limit the mail (smtp,pop3) traffic in E0 to 56Kbps (Bc=8000,
be=24000), The
Mail traffic less than 56K should have the precedence set to 4 and all
other traffic greater than 56Kbps should have the precedence set to 0
3. Similarly, Limit the HTTP traffic in E0 to 72Kbps (Bc=8000,
be=24000), The
web traffic less than 72K should have the precedence set to 4 and all
other traffic greater than 72Kbps should be dropped
I have used the MQC method to achieve the results....Is it OK ?
class-map match-all mail
match access-group 105
class-map match-all web
match access-group 106
!
!
policy-map child
class mail
police cir 56000 bc 8000 be 24000
conform-action set-prec-transmit 4
exceed-action set-prec-transmit 0
class web
police cir 72000 bc 8000 be 24000
conform-action set-prec-transmit 4
exceed-action drop
policy-map parent
class class-default
police cir 115000 bc 12000 be 32000
conform-action set-prec-transmit 4
exceed-action drop
service-policy child
access-list 105 permit tcp any any eq smtp
access-list 105 permit tcp any any eq pop3
access-list 106 permit tcp any any eq www
Please confirm/
Confidentiality Notice
The information contained in this electronic message and any attachments
to this message are intended for the exclusive use of the addressee(s)
and may contain confidential or privileged information. If you are not
the intended recipient, please notify the sender at Wipro or
Mailadmin@wipro.com immediately and destroy all copies of this message
and any attachments.
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3