nabeel92
asked on
qos thru pix active/active
Hi there,
Topology is somethign like this
Router 1 --> Pix 1 --> Switch 1 --> Service Provider 1
Router 2 --> Pix 2 --> Switch 2 --> Service Provider 2
There is a full mesh between routers, pix and switch and am running active/active on Pix (for which i guess there is no support for QOS) .... Question is simple ...
First of all, does Pix support QOS in active/acitve mode ? If it doesnt, then If i apply QOS policy on the router (marking, classification, etc), will the PIX reset the packet's priority to zero default (best effort = 0) ?
Topology is somethign like this
Router 1 --> Pix 1 --> Switch 1 --> Service Provider 1
Router 2 --> Pix 2 --> Switch 2 --> Service Provider 2
There is a full mesh between routers, pix and switch and am running active/active on Pix (for which i guess there is no support for QOS) .... Question is simple ...
First of all, does Pix support QOS in active/acitve mode ? If it doesnt, then If i apply QOS policy on the router (marking, classification, etc), will the PIX reset the packet's priority to zero default (best effort = 0) ?
I know of no features that are disabled due to failover configuration, either Active/Passive or Active/Active.
ASKER
ok, my mistake i actually realized that yes it does support basic commands .... some expert mentioned in some other topic of mine that u dont have support for qos commands so i thought it was the case ....
but anyway, if i go into policy-map policyname and then type class classname, it doesnt give me option of setting bandwidth, shaping, policing, etc .... no NBAR in class-map as well ... Do u have any sample config of PIX with QOS so i can have an idea about it ... ?
but anyway, if i go into policy-map policyname and then type class classname, it doesnt give me option of setting bandwidth, shaping, policing, etc .... no NBAR in class-map as well ... Do u have any sample config of PIX with QOS so i can have an idea about it ... ?
ASKER
how about the priority-queue command or the priority command in policy-map .? .. are they not disabled in active/active failover config ?
ASKER
between, thanks for the links ... am gonna go thru them today !
ASKER
How can I define bandwidth in policy map in my PIX ? ... The way i understand in a set up where
Router --> Pix --> Internet
is that i do my marking of traffic in the router (which means in my policy map in router, i mark the traffic like ef, af41, etc) and then in pix, i define class-maps saying that for traffic matching ef, allocate this chunk of bandwidth ? If my understand is not correct, please let me know .... because I cant find bandwidth commands in policy-map defined in pix where I can allocate certain chunk of bandwidth to a specific traffic ... I dont have any VPN tunnel ! Just different marked values sent from the router that I need to allocate certain quota of bandwidth in PIX to ensure QOS , thats all ! ... Similarly, i cant find any police,shaping commands .... The links you posted above are assuming a single context, not multiple context as in my case ... Some of the options given upon ? are as follow:
1. When I call class in my policy-map
...
pixfirewall/admin(config-p
MPF policy-map class configuration commands:
exit Exit from MPF class action configuration mode
help Help for MPF policy-map class/match submode commands
inspect Protocol inspection services
no Negate or set default values of a command
quit Exit from MPF class action configuration mode
set Set connection values
pixfirewall/admin(config-p
Router --> Pix --> Internet
is that i do my marking of traffic in the router (which means in my policy map in router, i mark the traffic like ef, af41, etc) and then in pix, i define class-maps saying that for traffic matching ef, allocate this chunk of bandwidth ? If my understand is not correct, please let me know .... because I cant find bandwidth commands in policy-map defined in pix where I can allocate certain chunk of bandwidth to a specific traffic ... I dont have any VPN tunnel ! Just different marked values sent from the router that I need to allocate certain quota of bandwidth in PIX to ensure QOS , thats all ! ... Similarly, i cant find any police,shaping commands .... The links you posted above are assuming a single context, not multiple context as in my case ... Some of the options given upon ? are as follow:
1. When I call class in my policy-map
...
pixfirewall/admin(config-p
MPF policy-map class configuration commands:
exit Exit from MPF class action configuration mode
help Help for MPF policy-map class/match submode commands
inspect Protocol inspection services
no Negate or set default values of a command
quit Exit from MPF class action configuration mode
set Set connection values
pixfirewall/admin(config-p
ASKER
reply would be really appreciated, thanks -:)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
how can i assign certain chunk of bandwidth to class in policy-map ? in my action in qos, all i need is to define (or guarantee) different chunks of bandwidth to different classes...e.g voip gets 15%, p2p gets 20 % , and so on .. how can i accomplish that in pix ? i cant find the bandwidth command for that in policy-map ?
That's the "police" command on an ASA.
ASKER
yes but with police, if i say i police traffic at 15 %, then even if 100 % of bandwidth is available, then it will police the traffic at 15 % and wont let it go beyond 15 % .... in bandwidth command, you define , say 15 % for voip traffic and if 100 % bandwidth is available at that time, it will go ahead and use that 100 % ... thts how i understand the difference between the two , so am sure the two are different ....
QoS on an ASA is less flexible than QoS on a router. Nature of the beast.
-I'm pretty sure it does.