We have a DMZ that is shared between several divisions, each with their own Web sites and applications. We want to ensure that inbound traffic for one of the sites does not consume all of the available bandwidth. If possible, we would like a dynamic policy so all bandwidth could be used by one application unless there is competing traffic, and then we would want to throttle the heavy users. Is it possible to do this on a router or is there a better place within the infrastructure to perform this function?
You need to configure CBWFQ (Class Based Weighted Fair Queue) for your DMZ. You need to use bandwidth or the priority command while creating classes for the traffic you want to classify and use resources. Although the bandwidth guarantees provided by issuing the bandwidth and priority commands can be described like "reserved" and "bandwidth to be set aside," neither command implements a true reservation, meaning, if a traffic class is not using its configured bandwidth, any unused bandwidth is shared among the other classes.
An example to this effect is also listed below:
Two classes are defined: tom_traffic1 and tom_traffic2. The class tom_traffic1 is ensured a bandwidth of 256 Kbps, and the output is shaped to 384 Kbps. The class tom_traffic2 is ensured a bandwidth of 384 Kbps, but if enough bandwidth is available on the interface, the class can obtain throughput up to a peak of 512 Kbps.
Router(config)# policy-map tom
Router(config-pmap)# class tom_traffic1
Router(config-pmap-c)# shape average 384000
Router(config-pmap-c)# bandwidth 256
Router(config-pmap)# class tom_traffic2
Router(config-pmap-c)# shape peak 512000
Router(config-pmap-c)# bandwidth 384
Router(config-pmap-c)# configure terminal
Router(config)# interface Serial 3/3
Router(config-if)# service in tom
Hope this helps.
Dig Deeper on Network Infrastructure
Related Q&A from Sudhanshu Gupta
One difference between managed and unmanaged switches is complexity. A managed switch is more complex and requires more skills, but it offers better ... Continue Reading
Unmanaged Linksys switches don't know where to send BootP and DHCP requests. Find out what to do to fix the problem of unmanaged switches and DHCP ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.