We upgraded from 20 Mbps to 50 Mbps DIA about two months ago. This required a router upgrade as well. Since then, anyone who starts a large HTTP download – e.g. an ISO, large spreadsheet or log, movie file, etc. – can take all of the available bandwidth and block others from accessing the internet.
The old router didn't have any kind of QoS configured on it. Further, it was a very vanilla config. It simply had some named ints, the security levels of each, and the IP addresses associated with each int. The ISP supplied the new router and we don't have access to view the config, but they said they don't have any kind of QoS configured on it either.
My questions are:
-
Why when we had 20 Mbps service did we not have this problem where any one user could monopolize all the bandwidth to the internet?
-
Am I correct in thinking that Quality of Service configurations would prevent this or does QoS simply identify which traffic has priority over another, and does nothing for competing traffic of the same type?
-
If it's the latter, and my vocabulary is wrong, what statements do I need to configure and where (we have a Cisco 4507 core switch, a Cisco Pix on the primary ISP, a Cisco ASA on the backup ISP, and the inaccessible ISP router is a Cisco 2911) so that no one user can take all the available bandwidth to our internet connection?
Best Answer
You use QoS. Cisco has extensive QoS support. QoS is really a subject far too large to treat here. QoS is a very large and complex subject that encompasses everything from classifying and marking packets, to performing some sort of action (shaping, policing, queuing, etc.) based on the classification/marking.
QoS is about fairness, as you define it. First you need to classify the traffic. Basically marking the packets with separate TOS/DSCP marking for the different traffic types. This is best done as close to the traffic source as possible. Once you have classified and marked the traffic, you can apply your fairness doctrine.
Understand that your QoS markings and policies will not be honored on the Internet, and that you have no real control over incoming traffic, since by the time you see the incoming traffic, the bandwidth has already been used. You can police (drop) incoming traffic, but only after it has used your incoming bandwidth. The caveat to that is with TCP because a TCP connection requires acknowledgement, and you can disrupt that to a degree, but it is not as exact as you can do with outgoing traffic.
Once you research and understand QoS, we can help with specific questions.