[c-nsp] Policing Confusion

Mon Jan 5 18:48:35 EST 2009

Thanks for all the comments guys you have clarified this for me. 

It is a bit dissapointing to know that you cant really manipulate the
types of traffic inbound only outbound. I understand why though.

Thanks,

Aaron.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
marco at linuxgoeroe.dhs.org
Sent: Monday, 5 January 2009 11:22 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Policing Confusion

> Aaron Riemer wrote:
>
>> ...I am trying to achieve is to police virus updates
>> from our server so that this traffic can only obtain
>> 128Kbps of the remote sites bandwidth.
>
> Attaching this as an outbound policy-map at the remote site will only
> affect traffic outbound from that site. You'll need to either use an
> outbound policy at your central site where the server is, or use an
> inbound policy at the remote site.

I think that an inbound policy at the remote end won't help. The
policing/shaping can only act when the packets have already been
transmitted across the link, eating up the bandwidth in the process.
What
happens to them afterwards won't affect that (short of messing with TCP
windows by selectively delaying/dropping ACKs and higher-order stuff
like
that, which simple policing won't address).

                Regards,

                       Marco.

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

LEGAL DISCLAIMER: This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.