[nsp] design related question

Rubens Kuhl Jr. rubens at email.com
Sun Jun 13 18:14:05 EDT 2004

> Just want to hear your thoughts (pros and cons) on placing qos appliance
> between the below choke points.
> (a) appliance sitting between internal
> lan<->appliance<->dmz<->pix<->edge router<->wan cloud.

Con: lan-to-dmz traffic will place load on the appliance, and it's very
unlikely you would limit that.
Pro: firewall providing security to the qos appliance

> (b) appliance sitting between wan cloud<->edge
> router<->appliance<->dmz<->pix<->internal lan

Reverse the previous con/pro... but I think this is the way to go, just take
care to block access to the qos appliance on the edge router.

> Currently this appliance supports the following qos components w/ 45mbps
> support on eth0 and eth1:

> Any pointers to white papers, similar deployment, lesson learned or
> simply your feedback will be appreciated.

qos appliances don't have bandwidth limits only, the have packets/second,
total established sessions at a given time and new sessions/second limits
also. Beware of those limits, although lan-to-internet traffic usually don't
hit sessions or new sessions limits.


More information about the cisco-nsp mailing list