QoS Deployment
Deploying QoS
This section covers topology restrictions.
QoS Topology Restrictions
QoS can manage up to the maximum number of external interfaces supported by the firewall, subject to these restrictions:
- All of the traffic on a managed line must go through the gateway.
- Each managed line must be connected (directly or indirectly via a router) to a separate physical interface on the QoS gateway. Two managed lines cannot:
- Share a physical interface to the QoS gateway.
- Be connected to the same router.
In this example configuration, the routers can pass traffic to each other through the hub without the QoS gateway being aware of the traffic.
Number
|
Description
|
Number
|
Description
|
1
|
Private localnet
|
4
|
Router
|
2
|
QoS enabled gateway
|
5
|
Internet
|
3
|
Hub
|
|
|
In addition, you cannot manage two lines connected to a single router since traffic may pass from one line to the other directly through the router, without the QoS gateway being aware of the traffic:
Number
|
Description
|
Number
|
Description
|
1
|
Private localnet
|
4
|
Router
|
2
|
QoS enabled gateway
|
5
|
Internet
|
3
|
Router
|
|
|
An example of a correct configuration is:
Number
|
Description
|
Number
|
Description
|
1
|
Private localnet
|
4
|
Router
|
2
|
QoS enabled gateway
|
5
|
Internet
|
3
|
Router
|
|
|
Sample Bandwidth Allocations
Frame Relay Network
Number
|
Description
|
Number
|
Description
|
1
|
Database Server
|
4
|
T1
|
2
|
Web Server
|
5
|
Branch Offices
|
3
|
T1
|
6
|
Internet
|
The example shows that the branch offices communicate with the central site and the opposite. They do not communicate directly with each other or with the Internet except through the central site. The Web server makes important company documents available to the branch offices, but the database server supports the company's mission-critical applications.
The problem is that most of the branch office traffic is internal and external Web traffic, and the mission-critical database traffic suffers as a result. The network administrator has considered upgrading the 56K lines, but is reluctant to do so, not only because of the cost but also because upgrading would probably not solve the problem. The upgraded lines would still be filled mostly with Web traffic.
The goals are as follows:
- Allocate the existing bandwidth so that access to the database server gets the largest share.
- Take into account that the branch offices are connected to the network by 56K lines.
These goals are accomplished with the following Rule Base:
Main Rules
Rule Name
|
Source
|
Destination
|
Service
|
Action
|
Office 1
|
Office 1
|
Any
|
Any
|
Weight 10
Limit 56KBps
|
Office n
|
Office n
|
Any
|
Any
|
Weight 10
Limit 56KBps
|
Default
|
Any
|
Any
|
Any
|
Weight 10
|
Each office has sub-rules, as follows:
Office Sub-Rules
|
|
|
|
|
Rule Name
|
Source
|
Destination
|
Service
|
Action
|
Start of Sub-Rule
|
Database Rule
|
Any
|
Database server
|
Database service
|
Weight 50
|
Web Rule
|
Any
|
Web Server
|
http
|
Weight 10
|
Branch Offices
|
Any
|
Any
|
Any
|
Weight 10
|
End of Sub Rule
|
The sub-rules give database traffic priority over Web traffic and other traffic.
Assumptions
The following assumptions are made in this example:
|
