1 of 1 people found this helpful
The guide Configuring QoS in AOS provides some great examples and explains how AOS processes QoS. The application note Configuring an efficient QoS Map provides additional tips. I recommend going over the introductions at the beginning and then find one of the examples similar to your need.
QoS reserves bandwidth for priority traffic. If your total traffic throughput is less than the available bandwidth, then QoS is unnecessary (and will not be active in an AOS unit even if configured). But traffic throughput commonly saturates WAN connections and consumes all available bandwidth. When this happens, properly-configured QoS should forward important traffic with priority while delaying other "best-effort" traffic until it can fit through.
The documents explain an important concept: Internet connection speeds are often provisioned by the carrier for speeds less than the physical link between the modem and firewall. That is, your NetVanta 3400 series router links at 100Mbps to the modem, but the speed you're paying for may be less (50M down/10M up, for example). The AOS unit needs to be aware of the actual Internet speed (10M up in this example). Otherwise, QoS will not kick in until traffic throughput reaches 100M (oversimplification; default settings allow the unit 75% of the interface speed) and you need it to kick in when the provisioned 10M is saturated. The guide will show you how to use command traffic-shape rate so the unit is aware of actual available bandwidth (web GUI examples are given as well).
Also, QoS is an egress feature. The 3400 series router will prioritize certain traffic outbound to Comcast based on your settings. I'm not sure about your application. For many websites, download performance is most noticeable. Feel free to provide more detail about this project or let us know if you have more questions!
Thanks for the great reply. I did have an older version of the document I was looking at, it just didn't make all of the different kinds of priorities clear for particular circumstances. I'll post some snippets of what I currently have, which I think is what we want, but we're still getting a lot of feedback that the system is slowing down at particular times.
To preface: What I have is a doctor's office, who is accessing Electronic Health Records(EHR) through Comcast. They are also sending images using GRE over IPSEC over the Comcast as well. We have 50/10 Comcast. It seems like most of the time I'm told that EHR is running slow, it coincides with images saturating the upload side of the Comcast link. I'd like to make sure that when images are being sent, it's not causing significant slowdown for the EHR access. Perhaps the best way to do this is to rate limit the image sending, instead of trying to give priority to the EHR?
qos map QOS-Policy 10 match ip list QOS-Integreat-acl priority percent 50 ! ! interface eth 0/2 description Comcast Uplink ip address XX.XX.XX.XX 255.255.255.248 ip mtu 1500 ip access-policy Public ip crypto map vpn-set no rtp quality-monitoring traffic-shape rate 10000000 qos-policy out QOS-Policy no shutdown ! ! ip access-list extended QOS-acl remark Identify EMR Traffic permit ip any YY.YY.YY.YY 0.0.0.31
I see. One thing I noticed from your sample config is the ACL name is not the same as the match statement in the qos map. I'm guessing it was just a typo in your post; probably not an issue in the real config.
You could try limiting image upload. Think of a way to identify that traffic and create an ACL (if it can be identified by source/destination IP or port). Then change your qos map (or create a new sequence) to limit the bandwidth:
qos map QOS-Policy 10
match ip list QOS-Image-Transfer
priority percent 50
interface eth 0/2
description Comcast Uplink
ip address XX.XX.XX.XX 255.255.255.248
ip mtu 1500
ip access-policy Public
ip crypto map vpn-set
no rtp quality-monitoring
traffic-shape rate 10000000
qos-policy out QOS-Policy
ip access-list extended QOS-Image-Transfer
remark Image upload traffic
permit ip any host ZZ.ZZ.ZZ.ZZ [or whatever works in your case]
What do you think?