[c-nsp] Policing Confusion
marco at linuxgoeroe.dhs.org
marco at linuxgoeroe.dhs.org
Mon Jan 5 09:21:52 EST 2009
> Aaron Riemer wrote:
>
>> ...I am trying to achieve is to police virus updates
>> from our server so that this traffic can only obtain
>> 128Kbps of the remote sites bandwidth.
>
> Attaching this as an outbound policy-map at the remote site will only
> affect traffic outbound from that site. You'll need to either use an
> outbound policy at your central site where the server is, or use an
> inbound policy at the remote site.
I think that an inbound policy at the remote end won't help. The
policing/shaping can only act when the packets have already been
transmitted across the link, eating up the bandwidth in the process. What
happens to them afterwards won't affect that (short of messing with TCP
windows by selectively delaying/dropping ACKs and higher-order stuff like
that, which simple policing won't address).
Regards,
Marco.
More information about the cisco-nsp
mailing list