Cisco ASA 5505 Configuration Manual page 1061

Chapter 49 Configuring QoS
For traffic shaping, a token bucket permits burstiness but bounds it. It guarantees that the burstiness is
bounded so that the flow will never send faster than the token bucket capacity, divided by the time
interval, plus the established rate at which tokens are placed in the token bucket. See the following
formula:
(token bucket capacity in bits / time interval in seconds) + established rate in bps = maximum flow speed
in bps
This method of bounding burstiness also guarantees that the long-term transmission rate will not exceed
the established rate at which tokens are placed in the bucket.
Information About Policing
Policing is a way of ensuring that no traffic exceeds the maximum rate (in bits/second) that you
configure, thus ensuring that no one traffic flow or class can take over the entire resource. When traffic
exceeds the maximum rate, the adaptive security appliance drops the excess traffic. Policing also sets the
largest single burst of traffic allowed.
Information About Priority Queueing
LLQ priority queueing lets you prioritize certain traffic flows (such as latency-sensitive traffic like voice
and video) ahead of other traffic.
The adaptive security appliance supports two types of priority queueing:
•
•
OL-20339-01
Standard priority queueing—Standard priority queueing uses an LLQ priority queue on an interface
(see the "Creating the Standard Priority Queue for an Interface" section on page
other traffic goes into the "best effort" queue. Because queues are not of infinite size, they can fill
and overflow. When a queue is full, any additional packets cannot get into the queue and are
dropped. This is called tail drop. To avoid having the queue fill up, you can increase the queue buffer
size. You can also fine-tune the maximum number of packets allowed into the transmit queue. These
options let you control the latency and robustness of the priority queuing. Packets in the LLQ queue
are always transmitted before packets in the best effort queue.
Hierarchical priority queueing—Hierarchical priority queueing is used on interfaces on which you
enable a traffic shaping queue. A subset of the shaped traffic can be prioritized. The standard priority
queue is not used. See the following guidelines about hierarchical priority queueing:
Priority packets are always queued at the head of the shape queue so they are always transmitted
–
ahead of other non-priority queued packets.
Priority packets are never dropped from the shape queue unless the sustained rate of priority
–
traffic exceeds the shape rate.
For IPSec-encrypted packets, you can only match traffic based on the DSCP or precedence
–
setting.
– IPSec-over-TCP is not supported for priority traffic classification.
Cisco ASA 5500 Series Configuration Guide using ASDM
Information About QoS
49-5), while all
49-3