Is it possible to throttle a given internal IP address to some maximum bandwidth? I have a 3 Mbit/s link and I want to make sure that our database replication system doesn't try to take more than 2 Mbit/s. Unfortunately the replication goes over SSH, so I can't easily separate it from developer's SSH terminal sessions. I want them to have low latency terminals, but I want bulk traffic also going over SSH to have a lower priority. I can mark the database replication SSH traffic based on the IP of the database. I toyed around with using trickle, but I would rather just have the firewall handle this detail.
Sometimes developers will do a bulk copy of data with SCP. If possible I would like to make sure that any one IP address on our network cannot slow everyone else down. ... of course, you can't look into an SSH stream and easily categorize the content; although, it seems to me that SSH streams that have not been using much bandwitdh should be rewarded with a higher-priority. Maybe this type of QOS is too sophisticated for the ASA.
I've been going over the QOS documentation and I understand how I can assign priority to certain categories of traffic, but I'm not sure how to get from there to solving my problem. The information might be here in the docs, but I'm missing the terminology. Correct me if I'm just using the wrong terms to ask what I want or if I'm looking at this in the wrong way.
Any pointers or examples?