topic Re: PIX QOS in Network Security

PIX QOS

alraycisco — Mon, 11 Mar 2019 13:58:05 GMT

Hi,

I am looking to configure QOS on my PIX running version 8.03 of the PIX software.

I would like to give priority to VPN tunnel traffic as well as certain other designated traffic, based on an acl. Ideally, I wouldn't want to police all other traffic by rate-limiting it.

My current config looks like this:

access-list acl_priority permit ip host external_ip any

class-map priority_traffic

match access-list acl_priority

class-map vpn_traffic

match tunnel-group x.x.x.x

policy-map priority_traffic

class priority_traffic

priority

class vpn_traffic

priority

service-policy priority_traffic interface outside

The thing I am unsure about is do I need to apply rate limiting (policing) under the default class or can I just leave it like this? Does the priority queue take as much bandwidth as it needs to? Also, with the above config, is traffic policed in the outbound direction only?

What I am hoping to acheive is, if the WAN connection is being hammered by large downloads, I would want the priority traffic to take precedence.

Thanks

Re: PIX QOS

Marwan ALshawi — Thu, 16 Oct 2008 12:18:16 GMT

first u need to enable the Priority queues on the physical interface with the command

priority-queue if_name

Priority queues are supported only on physical interfaces that have been configured with the

nameif command. Trunk interfaces and other logical interfaces are not permitted to have a

priority queue. Also, priority queues are not supported in multiple-security context mode

As soon as the priority queue is enabled for the first time, the queue limit is set to a

calculated default value. The limit is the number of 256-byte packets that can be transmitted

on the interface over a 500-ms period. Naturally, the default value varies according to the

interface speed, but it always has a maximum value of 2048 packets

Packets in the priority queue are serviced and sent out before any packets from

the normal queue. Therefore, the priority queue is not affected by the volume or types of traffic

contained in the normal queue. The priority queue can be used to provide premium service to

delay- and jitter-intolerant applications such as streaming video and voice

good luck

if helpful Rate

Re: PIX QOS

alraycisco — Thu, 16 Oct 2008 14:39:26 GMT

Hi,

Thanks for the reply.

Sorry I forgot to add that I'd enabled the priority queue on the interface.

The traffic I'm wanting to give priority to isn't delay and jitter intolerant, it's just traffic that I don't want to be affected by other internet traffic.

So with the example of the ACL, would the traffic that is natted to that public IP receive priority over all other internet traffic? How are uploads affected vs downloads?

Your help is much appreciated.

Thanks