Traffic Policing: This allows you to set a limit of throughput (in bits/second) and anything above that will be dropped - it also allows you to set maximum burst limits.
For example we may wish to limit HTTP traffic to a public facing web server to prevent a specific web server from saturating all of the bandwidth by limiting www traffic to 5mbps - to do this we apply MFP:
access-list WEBSITE-LIMIT permit tcp host any 66.77.88.99 eq www
class-map WEBSITE-TRAFFIC
match access-list WEBSITE-LIMIT
exit
policy-map WEBTRAFFIC-POLICY
class WEBSITE-TRAFFIC
police output 5000000 conform-action transmit exceed- action drop
exit
exit
service-policy WEBTRAFFIC-POLICY interface outside
Traffic Shaping: This allows you to restrict traffic throughput - but rather than dropping it will attempt to buffer the data and send it later on. For example:
access-list SHAPED-ACL permit ip interface DMZ interface OUTSIDE
class-map SHAPED-TRAFFIC
match access-list SHAPED-ACL
exit
policy-map qos_outside_policy
class SHAPED-TRAFFIC
shape average 2000000
exit
exit
service-policy qos_outside_policy interface outside
0 comments:
Post a Comment