Well, the Thanksgiving break is over and I'm back in the office after being sick for a few days so I reckon it's time to get back to work... I'll probably post some details about the crazy goose hunting trip I took last weekend and how I ended up sick as it's a good story and worth sharing.
Anyhow, I've been talking to some customers lately about their implementations of traffic prioritization and/or traffic filtering and I ran across some interesting concepts/trends. First off, it seems that most people fall into one of two camps - they either try to filter out all non-essential traffic or they try to significantly prioritize essential traffic. The engineers that are fans of the "filter out non-essential traffic" method are blocking all user access to well known non-essential sites (YouTube) and or traffic types (streaming video from untrusted sites). In this camp you are probably still going to implement some traffic prioritization so that latency sensitive traffic such as voice and video are weighted correctly, but the overall need for traffic priorization is less.
In the second camp engineers aren't limiting access to specific sites or filtering certain traffic types but they are spending a significant amount of time implementing and tuning their traffic optimization strategies. This isn't to say that in these cases people aren't limiting access to some inappropriate content - but for the most part it's a live and let live type attitude. In this case not only is there a need to prioritize latency sensitive traffic but there's also a need to prioritize essential traffic over non-essential traffic. In rare cases I'm seeing where companies deploy completely separate connections for essential and non-essential traffic. For instance, one company deploys DS-3 connections to all of its larger sites for internet connectivity and leverages these connections to carry the VPN connections to its other sites and for business oriented web traffic. The DS-3 connections are very locked down - essential traffic only - but each site also has a T-1 that is wide open for generic internet browsing.
I tend to fall into the second camp as I'm not a big fan of "The Man" limiting where I can surf to and everybody has had those days where a funny YouTube video is all that has kept them from going postal. One of the more creative strategies I've seen is where non-essential traffic is either blocked or de-prioritized to the point that it's not usable during most business hours but during well known "break times" such as lunch and maybe a well established breather in the afternoon the gates are opened and the YouTube videos flow like Niagra Falls in the Spring Time.
Regardless of which camp you fall into, implementing and using a solid configuration management solution such as our Cirrus product will be a huge time saver in managing your bandwidth optimization strategies. In the case above where traffic prioritization is changed based upon time of day, this would be darn near impossible to do by hand but with a simple script Cirrus can do it automatically every day at the prescheduled times.
Anyways, would love to hear your thoughts on this subject...
Flame on...Josh
We tend to be in the "prioritize essential traffic" camp. Basically we have alot of bandwidth so we just make sure that the essential stuff like VoIP/VC gets the proper priority in the network. Trying to decided what to block and filter as "non-essential" seems to be a never-ending task. We do leverage the NetFlow data to look at those people streaming music, YouTube, etc and address that on an individual basis.
I do wish there was a way to actually monitor the QoS buckets in a device. I want to know if my buckets (different DSCP values) are over-utilized, under-utilized or not used at all. If a custom poller works or something that SW can add that would be a huge benefit.
BB