Wondering if any QOS guru's can confirm the correct fix to my config...I feel like I am almost there, but really want to nail it. They kind of let me loose on this to test my chops, as normally this would fall to a more senior admin. I am not a total rookie, just passed my ENCOR exam, but still kinda green. This router is in production!, serving about 500-800 clients.
This is on an edge 4k router chopping up some bandwidth between a couple of static IP's (aaaaa and bbbbb) and 3 subnets from downstream that are natted at the router.
The static IP's seem to be working as intended. A separate access-list for each ip, corresponding to separate class-maps. These classes are applied to a policy-map outbound on the internet-facing interface, as well as the downstream subinterface that they are both using.
For the 3 subnets, they are each on their own subinterface. They are all meant to share a slice of the pipe. I have an access-list that matches this traffic and corresponds to a class-map which I appllied outbound on the 3 downstream subinterfaces. Clients download speeds have reflected that this was successful. I also appllied this class to the outbound policy-map on the internet-facing router interface.
This is the one gaping hole in my plan. I did not take in to account that these subnets are being translated at the router, and nothing was matching my access-list in the upstream direction.
The NAT is garden variety. I have a standard access-list 1 that matches these 3 /24 subnets, and doing overload on the internet-facing interface. I confirmed that they were all using that interfaces ip address as the inside global.
So if I create an access-list that matches on this inside global address, apply this to a class-map, and add this class to the policy-map applied outbound on the internet facing interface...that should capture all of these 3 subnets that have been natted??? Or should I be looking in to the "class class-default" avenue?
Please Help!
No comments:
Post a Comment