I have an interesting case. We are a main interconnect for our ISP and currently interface two 10g connections. We (they) are also Internet2 (I2) members, so much of our campus traffic can freely flow to those exchange peers without incurring a hit on our "ISP provisioned rate."
We are also peered with other sites on our ISP ring, we pass a lot of traffic back and forth as we are each other's DR. Any traffic between these sites also does not incur a count against our provisioned rate. Thus, only Internet1 (I1) destined traffic is subject to the rate.
The ISP does not throttle, shape or QoS. It is left to us to comply, which we've done well with thus far. They basically just ding us on overage rates sustained above 95% of the provisioned rate, which I don't believe has ever happened. And also, it is only on egress I1. Ingress I1 does not incur the same limit restrictions.
However, I just discovered that the Palo links to the edge have an egress QoS value set at our provisioned limited rate as the Max for all classes, thereby impacting all interconnect traffic, I2 and I1 equally. Palo does not let you create QoS egress exceptions based on subnet destinations in the Network QoS profile; you can create exceptions to the profile based on source networks.
What would be your ideal method of chopping up this traffic by destination and rate limit only the I1 stuff for egress? I am pretty sure I figured it out, but would be curious if I'm not so unique in my specific quandary and could take some pointers from other I2 member engineers.
No comments:
Post a Comment