How/where to use cir, shaping and policing in enterprise network ?

Posted on 2015-02-11
Medium Priority
Last Modified: 2015-05-11
Dear All
I am new to QoS. Although I know the mechanism of cir, single-rate and dual-rate, shaping and policing etc. I do not know where to use it in enterprise network or campus network. In another word, in which router/switch we should place its command in the whole enterprise/campus network ? Any reply or link should be appreciated.
Question by:eemoon
  • 2
  • 2

Assisted Solution

by:Matthew Borrusso
Matthew Borrusso earned 1500 total points
ID: 40604907
Quality of service needs to be applied end to end.
That means, routers, switches, firewalls, anyplace where your "interesting" traffic will traverse.

There are a ton of good resources out there.
In the voip world, most pbx's will allow you to specify DSCP or 802.1p tags on the traffic. DSCP is one of the more common methods as it operates a layer 3, however, you need to ensure that your switches are L3 aware in order for this to work. Some organizations leverage both, others will use DSCP and an ACL to identify the interesting traffic or subnets (depending on what your doing).
Again, there is a ton of info out there on this: I am going to attach a few PDF's, but you can google just about any of it for any switch vendor.

Now I have tons of data on qos as I have had the pleasure of being involved with VoIP and trading apps for over a decade.. Ill be glad to share what I have if it will be of help.

If you are going to use DSCP values, then many of the switches come today with built in policies/ queue prioritys built in. This will address your L2 networks in many cases. For example on Cisco switches you can leverage autoqos. This is not the be all end all, but it is a great place to start if it fits your need.

Most routers will allow you to configure service policys, which you may need to customize depending on your pipes.. If you still are using legacy t1's, you may reserve a greater percentage of pipe for the high priority traffic than say if connecting to a metroE at 100mbps.

There is one last aspect to know about qos and Cisco. On most vendors, if you have a dscp tag on your packets, but do not have qos configured; the majority of vendors will just ignore it and pass the traffic as is. Cisco, however; if qos is not configured, chooses to strip the tag assuming it should not be there.. It is possible they have changed this, but it was default behavior for quite some time.

If you have a big network, you may want to send test traffic and capture it with a sniffer or something to verify the dscp tags. You can also use something like Nectar's Perspective to view/test real time traffic end to end.

Let me know how you make out,

Author Comment

ID: 40604987
Hi Matt
Thank you so much for explaining ! There is a network where there two cores switches. The users packets go out from the cores and a router and then firewall to reach internet. The purpose of performing Qos is to guarantee bandwidth to internal voip. So, the qos should be configured at the device with bottleneck ( lowest bandwidth ) along the path to internet. Do you agree with it ? Or there is a specific rule to configure Qos at the specific device? In this case, Qos(allocate bandwidth) should be configured at the router or firewall? In addition, we should think about the original traffic marking when the traffic is generated.

Is there an example/link to show where to place these Qos strategy from the whole topology perspective ?

Accepted Solution

Matthew Borrusso earned 1500 total points
ID: 40606512

with regards to end to end over the internet. its hard for me to say or give you a diagram without know what your doing.

in most cases, an SBC or sip aware firewall is configured at the edge. this would be to address layer 7 issues with the rfc1918 addresses. There are other technology's like STUN, but again, since I don't know what your doing, its hard to make that call.

First and foremost, you need to address the qos on the internal network. How you have the qos on the firewall side will really depend on what your doing with regards to traffic over the internet.

DSCP will be the most common method for classification. Usually that is dscp 46 for voip and depending on your vendor, call control will or could be tagged with 24/26/ or 34. You willneed to know what your PBX is setup for, and if the IP trunk is passing through the firewall and not terminating at the outside of a SBC, you will need to know what the providers tags are so you can either match or remark accordingly.

If you want to post a sanitized version of your design, I will be happy to look at it.

Author Comment

ID: 40617515
Hi Sorry for the delay since I am not familar with Qos and I need to review some papers on it.

I attached picture. The topology has two groups of IP phones. I would like to know where/what command of Qos needs to be used for the ip phone to contact. Thank you.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question