Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
665
Views
4
Helpful
6
Replies

cisco FTD QoS by Network Rule Conditions

soheil.amiri@Live.com
Level 1
Level 1

‎07-02-2023 09:12 PM

Hi guys

here is my scenario: i want using FTD device as a rate limiting box only, by using FTD QoS feature and network rule condition by defining 5 or 6 IP address subnet (x.x.x.0/24) and limit them to specific download speed.

if a i add a blocks of ip address to QoS rule with download limitation like 30Mb,how does FTD behave?

does it assign 30Mb download limitation to each ip address (x.x.x.0/32) that is define in network condition or it will share 30Mb between all ip address blocks?

thanks for helping

1 person had this problem
6 Replies 6

MHM Cisco World
VIP
VIP

‎07-04-2023 03:20 PM

30Mb,how does FTD behave?

the traffic after this limit is drop 

0 Helpful

soheil.amiri@Live.com
Level 1
Level 1
In response to MHM Cisco World

‎07-04-2023 11:17 PM

hi @MHM Cisco World 

in my case, i create a QoS rule that in network condition i insert 192.168.0.0/24 in source section, with download rate limitation 30Mb. now my question is, if my clients in 192.168.0.0/24 range start to using internet at a Sametime, will firepower give 30Mb to each of them (client 192.168.0.10=30Mb, client 192.168.0.11=30Mb) or firepower will share this 30Mb to all of them.

thanks

0 Helpful

MHM Cisco World
VIP
VIP
In response to soheil.amiri@Live.com

‎07-05-2023 06:45 AM

all subnet 192.168.0.0/24 will have total 30Mb  not each host IP in this subnet will have 30Mb
you can more tune your QoS condition. 

0 Helpful

soheil.amiri@Live.com
Level 1
Level 1
In response to MHM Cisco World

‎07-05-2023 06:53 AM

@MHM Cisco World 
how can i configure my FP to achieve to this goal? i do not want use /32 for each of my client.

 

MHM Cisco World
VIP
VIP
In response to soheil.amiri@Live.com

‎07-05-2023 06:55 AM

first friend remove solution from my previous post, this let other read and write there idea about this case. 
for me I dont stop I search for way to solve QoS per Host. 
thanks a lot 
MHM

0 Helpful

tvotna
Spotlight
Spotlight
In response to MHM Cisco World

‎07-05-2023 07:24 AM

@MHM Cisco World Kindly share your test results or share the source of this information. In fact, it is not documented in official documentation whether FTD QoS is per-flow (or microflow if you will) or per-class.

So far as I know, QoS is pushed to the datapath in a form of the following Lina CLI and is verified as follows, so it's not easy to judge if it works per flow or per class (per rule). It is only known that connection events have rate-limiting statistics in them, which means that statistics is per flow.

policy-map ...
match flow-rule qos <rule-ID>
show conn flow-rule qos <rule-ID>

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card