Lets supposed that I have a R2 with a LAN interface and  WAN interface

----fa0/0-R2---S0/0 ---


I've done the following configuration:

ip access-list extended HTTP-FROM-SERVER

permit tcp host eq www any


class-map CMAP-HTTP

match access-group name HTTP-FROM-SERVER


policy-map PMAP-HTTP


set dscp cs5


interface FastEthernet0/0

service-policy input PMAP-HTTP - -- Every traffic comes in that interface will be marked....


int s0/0

 service-policy output PMAP-HTTP --- Every traffic leaving that interface will be marked..


Is there any diference between apply the IN on the LAN or OUT on the WAN ?


Lets think that we dont have any frame-relay with diferents pvcs...the topology is simple like:








  • ets think that we dont have any frame-relay with diferents pvcs...the topology is simple like:


    Hi Renato,

    I think there is no major difference in this particular case but in the case of queueing like CBWFQ, WFQ or LLQ, you are not allowed to apply in inbound direction as the queueing works for outgoing traffic.


  • It may affect other processing going on for those packets within the router. If you mark the traffic as it comes in, your other control plane processes can match the packets either as QoS cs5 or with the access list info. If you only mark as it goes out, other processes can't use the QoS info to identify the traffic and must rely on the access list info. That isn't a reason in itself to use one over another, but its something to bear in mind.

    Another point is if you have multiple outgoing interfaces one method may be better than another. If the Q says to mark all outgoing web traffic with CS5 and account for additional interfaces being added in future, you would want to do it on ingress. If the Q says only mark traffic which goes out on a specific interface, mark it on egress.

  • The classification and marking phases of QOS are normally performed on traffic coming INBOUND from the edge switching domain (more often on access layer switches) , which is likely to be the LAN traffic. The reason behind that is because once you've done the classification according with your internal policies, you are able to work your traffic with the rest of the QOS tools (policing, prioritizing, shaping, congestion avoidance and so on) when your traffic is traversing your network domain.

  • The rule of thumb I've seen is "as close to the source as possible, if not *at* the source."  For instance, hopefully your voip equipment can mark its own packets.  Clearly there are cases where this isn't possible or simply doesn't make sense, kind of like the "rules" for where to apply ACLs on your network.

  • Thanks all of you guys....helped me =)

Sign In or Register to comment.