Equipment Support > Hardware By Brand > Cisco > Getting an Internet 10Meg Ethernet from ATT

Getting an Internet 10Meg Ethernet from ATT

1) If you dont have another pressing need, i would use the 1841.
2) The correct approach to QOS depends on what you want, so ill offer 2 options:
A> Provide a minimum bandwidth guarantee to a class of service, but permit it to burst? (Eg guarantee 3mbps of http but permit it to burst to 10?)
B> Provided a set hard bandwidth class of service with no bursting? (Eg guarantee 3mbps of http and never exceed 3mbps)
3) Config examples for what in particular? Just QOS? Or the whole package of how to setup the 1841 facing ATT?

Another topic to consider in addition to all of this:
Do you have multiple upstream connections? Is there any reason to have the router in the picture at all if you arent actually doing any dynamic routing? The ASA supports a basic level of QOS that might be enough for your needs.

reply to teekblang
I second all of nosx's comments, but do want to stress the "depends on what you want." From the sounds
of things, it's just a 10Mbp (symmetrical?) pipe to the cloud? If so, setting hard limits now without
knowing what's on the network simply sets yourself up for trouble. Look into getting some historical
data via Netflow or similar to better plan out your QoS policy.

I have a personal preference for Cisco's (PQ)CBWFQ, simply as it's the most modern of all the QoS
options. Just search on Cisco.com for 'CBWFQ' for some config examples.

Regards

reply to teekblang
Thanks nosx and HELLFIRE. The info you guys provided are very helpful.

1. I prefer to put a router on the perimeter since ASA has a limited number of interfaces, like adding telco circuits via inexpensive hub/switch, and I can run a PRTG/MRTG to monitor via NETFLOW.

So there is no pressing need to use 2621 just want to make sure the horsepower is plenty for a 10 Meg pipe. I can use it (2621) later for an additional T1 circuit (inexpensive WIC-idsu-T1-v1) if we decide to put a backup/failover.

2. I like B. No bursting and no policing. "Shaping" is preferable.

3. A dual Fast-eth example facing a telco to make sure three types of traffic are allocated basedon IP address/Network and port.

reply to teekblang
@teekblang
1. I'd agree the 2621 and 1841 have a much wider variety of interface options (WIC cards) than the ASA5510
(Fe / GE) connectivity, so you'd want either one over the ASA for your edge device. Also, IOS supports a
richer set of QOS features (MQC, DSCP marking) than the ASA (ASA does do MQC but cannot mark packets by
itself).

You should note that the ASA does support Netflow as well -- check the ASA docs on Cisco for further details.

As for the 2621, I can only say that Cisco CLAIMS ~12Mbps max thruput, but you start throwing services
and features at it and the performance will drop significantly.

2. Conceptually, I find SHAPE and POLICE are virtually interchangeable. About the only difference between
them from a functional standpoint is SHAPE only works outbound, while POLICE works inbound and outbound.
Which one did you want?

There's also the 'rate-limit' option but I haven't used it much myself.

Regards

reply to teekblang
Thanks!

My 2621 is not XM, the high perfromance one so the best candidate right now is the 1841. I just hope it can handle the wire speed with a couple of ACL's turned on.

I am more into queuing than discarding, I think that is the difference between shaping and policing, and wanting desperately the need to separate the traffic base on dest/source and/or port.

My fellow workers have the right to browse and download stuff during their lunch break with their personal gadgets (using wifi and their own laptop/ipad) and visitors doing a demo, but I want to give them only 1.5M and that is it - they cannot go over and interfere with our production and business data (SFTP/FTPS/HTTPS/VPN-RDP-Remote desktopserv/printing remotely etc) The remaining BW will be divided and allocated strictly for business 24x7. I.E. Operations, R&D and Vendors.

Or should I go and buy 2811 or 2821 to route 10Meg circuit?

Thanks,
Tik

reply to teekblang
The XMs don't really change much on the 2600-series, they just upped the total RAM and flash.

What other services are you running on the 1841 right now?

If you want to limit 'guest' traffic like that, I'd say the easiest initial setup you should
go for is to separate them in their own subnet and police / shape based on that, something like:

ip access-list standard GUEST
  permit ip 192.168.2.0 255.255.255.0
 
class-map match-all GUEST_QOS_POLICY
  match access-group GUEST
 
policy-map MY_QOS_POLICY
  class GUEST_QOS_POLICY
     police [bps] [burst/bytes] [excess burst/bytes] exceed-action drop violate-action drop
  class class-default
 
int [outbound interface]
  service-policy MY_QOS_POLICY out
 

reply to teekblang
Thanks!!

The 1841 is just sitting on my desk doing nothing after an IOS upgrade. The circuit came in today so I am busy reading stuff.

I can start with what you have suggested. Basically the plan is control traffic in both direction using Cisco routers feature. if I let the VAR design this for me they MIGHT throw me an overpowered gear.

Besides learning is more fun.

reply to teekblang
I found that an 1841 can handle more than 100M-bps, (lower b) . So I will use 1841 for now.

1841 Router’s Max Firewall Throughput - from Miercom’s Product Testing Services

"Separately, we ran a “bench” test to see how much data the 1841 could route under ideal circumstances. Set-up: a single, bi-directional UDP flow between two 10/100 ports, big (1,460-byte) packets, and with firewall and NAT running and logging turned on: Using Spirent Smart-Flow v4.0, we saw over 130 Mbps total. Not a typical environment, but worth noting."

The 1841 is rated to more like about 35mbps. Im not sure what paid-advertising-agency published those numbers but they are not indicative of real world performance (as discussed frequently, and in depth in other threads)