07-02-2023 09:12 PM
Hi guys
here is my scenario: i want using FTD device as a rate limiting box only, by using FTD QoS feature and network rule condition by defining 5 or 6 IP address subnet (x.x.x.0/24) and limit them to specific download speed.
if a i add a blocks of ip address to QoS rule with download limitation like 30Mb,how does FTD behave?
does it assign 30Mb download limitation to each ip address (x.x.x.0/32) that is define in network condition or it will share 30Mb between all ip address blocks?
thanks for helping
07-04-2023 03:20 PM
30Mb,how does FTD behave?
the traffic after this limit is drop
07-04-2023 11:17 PM
in my case, i create a QoS rule that in network condition i insert 192.168.0.0/24 in source section, with download rate limitation 30Mb. now my question is, if my clients in 192.168.0.0/24 range start to using internet at a Sametime, will firepower give 30Mb to each of them (client 192.168.0.10=30Mb, client 192.168.0.11=30Mb) or firepower will share this 30Mb to all of them.
thanks
07-05-2023 06:45 AM
all subnet 192.168.0.0/24 will have total 30Mb not each host IP in this subnet will have 30Mb
you can more tune your QoS condition.
07-05-2023 06:53 AM
@MHM Cisco World
how can i configure my FP to achieve to this goal? i do not want use /32 for each of my client.
07-05-2023 06:55 AM
first friend remove solution from my previous post, this let other read and write there idea about this case.
for me I dont stop I search for way to solve QoS per Host.
thanks a lot
MHM
07-05-2023 07:24 AM
@MHM Cisco World Kindly share your test results or share the source of this information. In fact, it is not documented in official documentation whether FTD QoS is per-flow (or microflow if you will) or per-class.
So far as I know, QoS is pushed to the datapath in a form of the following Lina CLI and is verified as follows, so it's not easy to judge if it works per flow or per class (per rule). It is only known that connection events have rate-limiting statistics in them, which means that statistics is per flow.
policy-map ...
match flow-rule qos <rule-ID>
show conn flow-rule qos <rule-ID>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide