• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 98
  • Last Modified:

How/where to use cir, shaping and policing in enterprise network ?

Dear All
I am new to QoS. Although I know the mechanism of cir, single-rate and dual-rate, shaping and policing etc. I do not know where to use it in enterprise network or campus network. In another word, in which router/switch we should place its command in the whole enterprise/campus network ? Any reply or link should be appreciated.
  • 2
  • 2
2 Solutions
Matthew BorrussoCommented:
Quality of service needs to be applied end to end.
That means, routers, switches, firewalls, anyplace where your "interesting" traffic will traverse.

There are a ton of good resources out there.
In the voip world, most pbx's will allow you to specify DSCP or 802.1p tags on the traffic. DSCP is one of the more common methods as it operates a layer 3, however, you need to ensure that your switches are L3 aware in order for this to work. Some organizations leverage both, others will use DSCP and an ACL to identify the interesting traffic or subnets (depending on what your doing).
Again, there is a ton of info out there on this: I am going to attach a few PDF's, but you can google just about any of it for any switch vendor.

Now I have tons of data on qos as I have had the pleasure of being involved with VoIP and trading apps for over a decade.. Ill be glad to share what I have if it will be of help.

If you are going to use DSCP values, then many of the switches come today with built in policies/ queue prioritys built in. This will address your L2 networks in many cases. For example on Cisco switches you can leverage autoqos. This is not the be all end all, but it is a great place to start if it fits your need.

Most routers will allow you to configure service policys, which you may need to customize depending on your pipes.. If you still are using legacy t1's, you may reserve a greater percentage of pipe for the high priority traffic than say if connecting to a metroE at 100mbps.

There is one last aspect to know about qos and Cisco. On most vendors, if you have a dscp tag on your packets, but do not have qos configured; the majority of vendors will just ignore it and pass the traffic as is. Cisco, however; if qos is not configured, chooses to strip the tag assuming it should not be there.. It is possible they have changed this, but it was default behavior for quite some time.

If you have a big network, you may want to send test traffic and capture it with a sniffer or something to verify the dscp tags. You can also use something like Nectar's Perspective to view/test real time traffic end to end.

Let me know how you make out,
eemoonAuthor Commented:
Hi Matt
Thank you so much for explaining ! There is a network where there two cores switches. The users packets go out from the cores and a router and then firewall to reach internet. The purpose of performing Qos is to guarantee bandwidth to internal voip. So, the qos should be configured at the device with bottleneck ( lowest bandwidth ) along the path to internet. Do you agree with it ? Or there is a specific rule to configure Qos at the specific device? In this case, Qos(allocate bandwidth) should be configured at the router or firewall? In addition, we should think about the original traffic marking when the traffic is generated.

Is there an example/link to show where to place these Qos strategy from the whole topology perspective ?
Matthew BorrussoCommented:

with regards to end to end over the internet. its hard for me to say or give you a diagram without know what your doing.

in most cases, an SBC or sip aware firewall is configured at the edge. this would be to address layer 7 issues with the rfc1918 addresses. There are other technology's like STUN, but again, since I don't know what your doing, its hard to make that call.

First and foremost, you need to address the qos on the internal network. How you have the qos on the firewall side will really depend on what your doing with regards to traffic over the internet.

DSCP will be the most common method for classification. Usually that is dscp 46 for voip and depending on your vendor, call control will or could be tagged with 24/26/ or 34. You willneed to know what your PBX is setup for, and if the IP trunk is passing through the firewall and not terminating at the outside of a SBC, you will need to know what the providers tags are so you can either match or remark accordingly.

If you want to post a sanitized version of your design, I will be happy to look at it.
eemoonAuthor Commented:
Hi Sorry for the delay since I am not familar with Qos and I need to review some papers on it.

I attached picture. The topology has two groups of IP phones. I would like to know where/what command of Qos needs to be used for the ip phone to contact. Thank you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now