How/where to use cir, shaping and policing in enterprise network ?

Posted on 2015-02-11
Last Modified: 2015-05-11
Dear All
I am new to QoS. Although I know the mechanism of cir, single-rate and dual-rate, shaping and policing etc. I do not know where to use it in enterprise network or campus network. In another word, in which router/switch we should place its command in the whole enterprise/campus network ? Any reply or link should be appreciated.
Question by:eemoon
  • 2
  • 2

Assisted Solution

by:Matthew Borrusso
Matthew Borrusso earned 500 total points
ID: 40604907
Quality of service needs to be applied end to end.
That means, routers, switches, firewalls, anyplace where your "interesting" traffic will traverse.

There are a ton of good resources out there.
In the voip world, most pbx's will allow you to specify DSCP or 802.1p tags on the traffic. DSCP is one of the more common methods as it operates a layer 3, however, you need to ensure that your switches are L3 aware in order for this to work. Some organizations leverage both, others will use DSCP and an ACL to identify the interesting traffic or subnets (depending on what your doing).
Again, there is a ton of info out there on this: I am going to attach a few PDF's, but you can google just about any of it for any switch vendor.

Now I have tons of data on qos as I have had the pleasure of being involved with VoIP and trading apps for over a decade.. Ill be glad to share what I have if it will be of help.

If you are going to use DSCP values, then many of the switches come today with built in policies/ queue prioritys built in. This will address your L2 networks in many cases. For example on Cisco switches you can leverage autoqos. This is not the be all end all, but it is a great place to start if it fits your need.

Most routers will allow you to configure service policys, which you may need to customize depending on your pipes.. If you still are using legacy t1's, you may reserve a greater percentage of pipe for the high priority traffic than say if connecting to a metroE at 100mbps.

There is one last aspect to know about qos and Cisco. On most vendors, if you have a dscp tag on your packets, but do not have qos configured; the majority of vendors will just ignore it and pass the traffic as is. Cisco, however; if qos is not configured, chooses to strip the tag assuming it should not be there.. It is possible they have changed this, but it was default behavior for quite some time.

If you have a big network, you may want to send test traffic and capture it with a sniffer or something to verify the dscp tags. You can also use something like Nectar's Perspective to view/test real time traffic end to end.

Let me know how you make out,

Author Comment

ID: 40604987
Hi Matt
Thank you so much for explaining ! There is a network where there two cores switches. The users packets go out from the cores and a router and then firewall to reach internet. The purpose of performing Qos is to guarantee bandwidth to internal voip. So, the qos should be configured at the device with bottleneck ( lowest bandwidth ) along the path to internet. Do you agree with it ? Or there is a specific rule to configure Qos at the specific device? In this case, Qos(allocate bandwidth) should be configured at the router or firewall? In addition, we should think about the original traffic marking when the traffic is generated.

Is there an example/link to show where to place these Qos strategy from the whole topology perspective ?

Accepted Solution

Matthew Borrusso earned 500 total points
ID: 40606512

with regards to end to end over the internet. its hard for me to say or give you a diagram without know what your doing.

in most cases, an SBC or sip aware firewall is configured at the edge. this would be to address layer 7 issues with the rfc1918 addresses. There are other technology's like STUN, but again, since I don't know what your doing, its hard to make that call.

First and foremost, you need to address the qos on the internal network. How you have the qos on the firewall side will really depend on what your doing with regards to traffic over the internet.

DSCP will be the most common method for classification. Usually that is dscp 46 for voip and depending on your vendor, call control will or could be tagged with 24/26/ or 34. You willneed to know what your PBX is setup for, and if the IP trunk is passing through the firewall and not terminating at the outside of a SBC, you will need to know what the providers tags are so you can either match or remark accordingly.

If you want to post a sanitized version of your design, I will be happy to look at it.

Author Comment

ID: 40617515
Hi Sorry for the delay since I am not familar with Qos and I need to review some papers on it.

I attached picture. The topology has two groups of IP phones. I would like to know where/what command of Qos needs to be used for the ip phone to contact. Thank you.

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question