[nsp] design related question
Rubens Kuhl Jr.
rubens at email.com
Sun Jun 13 18:14:05 EDT 2004
> Just want to hear your thoughts (pros and cons) on placing qos appliance
> between the below choke points.
>
> (a) appliance sitting between internal
> lan<->appliance<->dmz<->pix<->edge router<->wan cloud.
Con: lan-to-dmz traffic will place load on the appliance, and it's very
unlikely you would limit that.
Pro: firewall providing security to the qos appliance
> (b) appliance sitting between wan cloud<->edge
> router<->appliance<->dmz<->pix<->internal lan
Reverse the previous con/pro... but I think this is the way to go, just take
care to block access to the qos appliance on the edge router.
> Currently this appliance supports the following qos components w/ 45mbps
> support on eth0 and eth1:
> Any pointers to white papers, similar deployment, lesson learned or
> simply your feedback will be appreciated.
qos appliances don't have bandwidth limits only, the have packets/second,
total established sessions at a given time and new sessions/second limits
also. Beware of those limits, although lan-to-internet traffic usually don't
hit sessions or new sessions limits.
Rubens
More information about the cisco-nsp
mailing list