RE: G.Q

From: Joseph Brunner (joe@affirmedsystems.com)
Date: Thu Sep 25 2008 - 12:13:37 ART

• Next message: Terry Tender: "OT: VPN"
• Previous message: John Lewis: "RE: G.Q"
• Maybe in reply to: 2008ccie@live.com: "G.Q"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Try speakeasy with absolute reservations and a "shape average" in the parent
policy... as such... I was getting a hair below say 384,000 bits per second
if my http policy was policing http.

class-map match-all http
 match protocol http
!
!
policy-map child_in
 class http
    police 384000
policy-map parent_in
 class class-default
  shape average 1536000
  service-policy child_in

int f0/0
description facing lan
service-policy output parent_in

I actually never use approximate reservations anymore... someone comes along
and changes the "bandwidth" statement (that's how all experts modify
eigrp-right? LOL)

-Joe

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of John
Lewis
Sent: Thursday, September 25, 2008 10:45 AM
To: ccielab@groupstudy.com
Subject: RE: G.Q

My configs are listed below. They are slightly scrubbed to exclude IP
addressing information. Also, I realized that my memory was faulty. I'm
policy proxy traffic both inbound and outbound. Speedtest.net and
speakeasy.net report my upload speed accurately, but not my download
speed. I'm basing my allocations based on percentages of interface
bandwidth. In this case, my bandwidth is set to 10 Mbs on my interface
since that is my CIR on my DS3s. Anything over 10 Mbs incurs elevated
charges from the ISP.

class-map match-all CS_OUT
 description Customer Site Traffic
 match access-group name CS_OUT
class-map match-any LOW_PRIORITY_OUT
 description FTP SMTP and Web Browsing
 match protocol ftp
 match protocol smtp
 match access-group name PROXY_OUT
class-map match-any LOW_PRIORITY_IN
 description FTP SMTP and Web Browsing
 match protocol smtp
 match protocol ftp
 match access-group name PROXY_IN
class-map match-all HIGH_OUT
 description HIGH Return Traffic
 match access-group name HIGH_OUT
class-map match-all IPSEC
 description VPN
 match protocol ipsec
!
!
policy-map LOW_PRIORITY_IN
 description FTP SMTP and Web Browsing
 class LOW_PRIORITY_IN
  police cir percent 30
policy-map QoS_IN
 description Parent Policy Inbound
 class class-default
  police cir percent 100
  service-policy LOW_PRIORITY_IN
policy-map QoS_OUT_CHILD
 description HIGH IPSEC and CS
 class HIGH_OUT
  bandwidth percent 30
 class IPSEC
  priority percent 30
 class CS_OUT
  bandwidth percent 20
 class LOW_PRIORITY_OUT
  police cir percent 25
policy-map QoS_OUT
 description Parent Policy Outbound
 class class-default
  shape average percent 100
  service-policy QoS_OUT_CHILD

ip access-list extended HIGH_OUT
 permit tcp host x.x.x.6 eq 443 any
 permit tcp host x.x.x.8 eq 443 any
ip access-list extended CS_OUT
 deny tcp host x.x.x.6 eq 443 any
 deny tcp host x.x.x.8 eq 443 any
 permit tcp x.x.x.0 0.0.0.63 any eq www
 permit tcp x.x.x.0 0.0.0.63 any eq 443
 permit tcp x.x.x.0 0.0.0.63 eq www any
 permit tcp x.x.x.0 0.0.0.63 eq 443 any
ip access-list extended PROXY_IN
 permit ip any host x.x.x.x
ip access-list extended PROXY_OUT
 permit ip host x.x.x.x any

Thanks,
John Lewis

-----Original Message-----
From: Joseph Brunner [mailto:joe@affirmedsystems.com]
Sent: Thursday, September 25, 2008 8:30 AM
To: John Lewis; ccielab@groupstudy.com
Subject: RE: G.Q

Post your configs...

They are dead on for me

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
John
Lewis
Sent: Thursday, September 25, 2008 10:17 AM
To: ccielab@groupstudy.com
Subject: RE: G.Q

Some of the speed test sites don't handle QoS very well unfortunately.
As an example, I used speedtest.net and speakeasy.net to test my DS3
before implementing my QoS policy. The tests from both sites accurately
reflected the speed of my DS3.

Unfortunately, after I implemented inbound policing of traffic to our
proxy server (3 Mbs), both of the aforementioned sites reported my
download speed as 0Kbs. These two sites did accurately show my upload
speed which I set by shaping proxied traffic to 2.5 Mbs. I've tested my
inbound policy by downloading large files and also by using other sites
and everything looks good.

I can't explain why speedtest and speakeasy don't work well with
policing.

Thanks,
John Lewis
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Charles Henson
Sent: Wednesday, September 24, 2008 5:22 PM
To: Mohamed El Henawy; 2008ccie@live.com; ccielab@groupstudy.com
Subject: Re: G.Q

www.speedtest.net

On 9/24/08, Mohamed El Henawy <m.henawy@link.net> wrote:
> simplest way to download big file using any download software and
monitor
> the connection using any tool like DU Meter
>
> Regards ,
>
>
> ----- Original Message -----
> From: <2008ccie@live.com>
> To: <ccielab@groupstudy.com>
> Sent: Wednesday, September 24, 2008 9:47 PM
> Subject: G.Q
>
>
>> Hi Experts
>> It's a general question
>> I have a internet connection But I don't know how much bandwidth
service
>> provider allocated for my connection.
>> take it as a DSL or Wireless connection
>> How do we find it?
>> Regards
>> Rahul
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>>

• Next message: Terry Tender: "OT: VPN"
• Previous message: John Lewis: "RE: G.Q"
• Maybe in reply to: 2008ccie@live.com: "G.Q"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:19 ART