From: John Lewis (jlewis@galileoprocessing.com)
Date: Thu Sep 25 2008 - 11:45:14 ART
My configs are listed below. They are slightly scrubbed to exclude IP
addressing information. Also, I realized that my memory was faulty. I'm
policy proxy traffic both inbound and outbound. Speedtest.net and
speakeasy.net report my upload speed accurately, but not my download
speed. I'm basing my allocations based on percentages of interface
bandwidth. In this case, my bandwidth is set to 10 Mbs on my interface
since that is my CIR on my DS3s. Anything over 10 Mbs incurs elevated
charges from the ISP.
class-map match-all CS_OUT
description Customer Site Traffic
match access-group name CS_OUT
class-map match-any LOW_PRIORITY_OUT
description FTP SMTP and Web Browsing
match protocol ftp
match protocol smtp
match access-group name PROXY_OUT
class-map match-any LOW_PRIORITY_IN
description FTP SMTP and Web Browsing
match protocol smtp
match protocol ftp
match access-group name PROXY_IN
class-map match-all HIGH_OUT
description HIGH Return Traffic
match access-group name HIGH_OUT
class-map match-all IPSEC
description VPN
match protocol ipsec
!
!
policy-map LOW_PRIORITY_IN
description FTP SMTP and Web Browsing
class LOW_PRIORITY_IN
police cir percent 30
policy-map QoS_IN
description Parent Policy Inbound
class class-default
police cir percent 100
service-policy LOW_PRIORITY_IN
policy-map QoS_OUT_CHILD
description HIGH IPSEC and CS
class HIGH_OUT
bandwidth percent 30
class IPSEC
priority percent 30
class CS_OUT
bandwidth percent 20
class LOW_PRIORITY_OUT
police cir percent 25
policy-map QoS_OUT
description Parent Policy Outbound
class class-default
shape average percent 100
service-policy QoS_OUT_CHILD
ip access-list extended HIGH_OUT
permit tcp host x.x.x.6 eq 443 any
permit tcp host x.x.x.8 eq 443 any
ip access-list extended CS_OUT
deny tcp host x.x.x.6 eq 443 any
deny tcp host x.x.x.8 eq 443 any
permit tcp x.x.x.0 0.0.0.63 any eq www
permit tcp x.x.x.0 0.0.0.63 any eq 443
permit tcp x.x.x.0 0.0.0.63 eq www any
permit tcp x.x.x.0 0.0.0.63 eq 443 any
ip access-list extended PROXY_IN
permit ip any host x.x.x.x
ip access-list extended PROXY_OUT
permit ip host x.x.x.x any
Thanks,
John Lewis
-----Original Message-----
From: Joseph Brunner [mailto:joe@affirmedsystems.com]
Sent: Thursday, September 25, 2008 8:30 AM
To: John Lewis; ccielab@groupstudy.com
Subject: RE: G.Q
Post your configs...
They are dead on for me
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
John
Lewis
Sent: Thursday, September 25, 2008 10:17 AM
To: ccielab@groupstudy.com
Subject: RE: G.Q
Some of the speed test sites don't handle QoS very well unfortunately.
As an example, I used speedtest.net and speakeasy.net to test my DS3
before implementing my QoS policy. The tests from both sites accurately
reflected the speed of my DS3.
Unfortunately, after I implemented inbound policing of traffic to our
proxy server (3 Mbs), both of the aforementioned sites reported my
download speed as 0Kbs. These two sites did accurately show my upload
speed which I set by shaping proxied traffic to 2.5 Mbs. I've tested my
inbound policy by downloading large files and also by using other sites
and everything looks good.
I can't explain why speedtest and speakeasy don't work well with
policing.
Thanks,
John Lewis
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Charles Henson
Sent: Wednesday, September 24, 2008 5:22 PM
To: Mohamed El Henawy; 2008ccie@live.com; ccielab@groupstudy.com
Subject: Re: G.Q
www.speedtest.net
On 9/24/08, Mohamed El Henawy <m.henawy@link.net> wrote:
> simplest way to download big file using any download software and
monitor
> the connection using any tool like DU Meter
>
> Regards ,
>
>
> ----- Original Message -----
> From: <2008ccie@live.com>
> To: <ccielab@groupstudy.com>
> Sent: Wednesday, September 24, 2008 9:47 PM
> Subject: G.Q
>
>
>> Hi Experts
>> It's a general question
>> I have a internet connection But I don't know how much bandwidth
service
>> provider allocated for my connection.
>> take it as a DSL or Wireless connection
>> How do we find it?
>> Regards
>> Rahul
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>>
This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:19 ART