3 Replies Latest reply on Nov 7, 2014 11:18 AM by cj!

    Difference between different types of QoS

    bbrown21 New Member

      I was looking at some of the configuration guides for QoS, and one thing I notice they are missing is an explanation of how different types of QoS commands will perform under load.  Is there anything out there that documents the different types of QoS commands and how they work under load?  I've got a site that's using Comcast, and I'm trying to configure QoS to make sure the traffic to a particular website is given very high priority, while not making that bandwidth unavailable when not needed.

        • Re: Difference between different types of QoS
          cj! Beta_User

          Hi bbrown21:

           

          The guide Configuring QoS in AOS provides some great examples and explains how AOS processes QoS.  The application note Configuring an efficient QoS Map provides additional tips.  I recommend going over the introductions at the beginning and then find one of the examples similar to your need.

           

          QoS reserves bandwidth for priority traffic.  If your total traffic throughput is less than the available bandwidth, then QoS is unnecessary (and will not be active in an AOS unit even if configured).  But traffic throughput commonly saturates WAN connections and consumes all available bandwidth.  When this happens, properly-configured QoS should forward important traffic with priority while delaying other "best-effort" traffic until it can fit through.

           

          The documents explain an important concept:  Internet connection speeds are often provisioned by the carrier for speeds less than the physical link between the modem and firewall.  That is, your NetVanta 3400 series router links at 100Mbps to the modem, but the speed you're paying for may be less (50M down/10M up, for example).  The AOS unit needs to be aware of the actual Internet speed (10M up in this example).  Otherwise, QoS will not kick in until traffic throughput reaches 100M (oversimplification; default settings allow the unit 75% of the interface speed) and you need it to kick in when the provisioned 10M is saturated.  The guide will show you how to use command traffic-shape rate so the unit is aware of actual available bandwidth (web GUI examples are given as well).

           

          Also, QoS is an egress feature.  The 3400 series router will prioritize certain traffic outbound to Comcast based on your settings.  I'm not sure about your application.  For many websites, download performance is most noticeable.  Feel free to provide more detail about this project or let us know if you have more questions!

           

          Best,

          Chris

          1 of 1 people found this helpful
            • Re: Difference between different types of QoS
              bbrown21 New Member

              Thanks for the great reply.  I did have an older version of the document I was looking at, it just didn't make all of the different kinds of priorities clear for particular circumstances.  I'll post some snippets of what I currently have, which I think is what we want, but we're still getting a lot of feedback that the system is slowing down at particular times.

               

              To preface:  What I have is a doctor's office, who is accessing Electronic Health Records(EHR) through Comcast.  They are also sending images using GRE over IPSEC over the Comcast as well.  We have 50/10 Comcast.  It seems like most of the time I'm told that EHR is running slow, it coincides with images saturating the upload side of the Comcast link.  I'd like to make sure that when images are being sent, it's not causing significant slowdown for the EHR access.  Perhaps the best way to do this is to rate limit the image sending, instead of trying to give priority to the EHR?

               

               

               

               

              qos map QOS-Policy 10
                match ip list QOS-Integreat-acl
                priority percent 50
              !
              !
              interface eth 0/2
                description Comcast Uplink
                ip address  XX.XX.XX.XX 255.255.255.248
                ip mtu 1500
                ip access-policy Public
                ip crypto map vpn-set
                no rtp quality-monitoring
                traffic-shape rate 10000000
                qos-policy out QOS-Policy
                no shutdown
              !
              !
              ip access-list extended QOS-acl
                remark Identify EMR Traffic
                permit ip any  YY.YY.YY.YY 0.0.0.31
              
                • Re: Difference between different types of QoS
                  cj! Beta_User

                  I see.  One thing I noticed from your sample config is the ACL name is not the same as the match statement in the qos map.  I'm guessing it was just a typo in your post; probably not an issue in the real config.

                   

                  You could try limiting image upload.  Think of a way to identify that traffic and create an ACL (if it can be identified by source/destination IP or port).  Then change your qos map (or create a new sequence) to limit the bandwidth:

                  !

                  qos map QOS-Policy 10

                    match ip list QOS-Image-Transfer

                    priority percent 50

                  !

                  !

                  interface eth 0/2

                    description Comcast Uplink

                    ip address  XX.XX.XX.XX 255.255.255.248

                    ip mtu 1500

                    ip access-policy Public

                    ip crypto map vpn-set

                    no rtp quality-monitoring

                    traffic-shape rate 10000000

                    qos-policy out QOS-Policy

                    no shutdown

                  !

                  !

                  ip access-list extended QOS-Image-Transfer

                    remark Image upload traffic

                    permit ip any  host ZZ.ZZ.ZZ.ZZ [or whatever works in your case]

                  !

                  What do you think?

                   

                  Chris