Qos Concepts; Implementing Qos - Cisco PIX 500 Series Configuration Manual

QoS Concepts

QoS Concepts
QoS is a traffic-management strategy that lets you allocate network resources for both mission-critical
and normal data, based on the type of network traffic and the priority you assign to that traffic. In short,
QoS ensures unimpeded priority traffic and provides the capability of rate-limiting (policing) default
traffic.
For example, video and voice over IP (VoIP) are increasingly important for interoffice communication
between geographically dispersed sites, using the infrastructure of the Internet as the transport
mechanism. Firewalls are key to securing networks by controlling access, which includes inspecting
VoIP protocols. QoS is the focal point to provide clear, uninterrupted voice and video communications,
while still providing a basic level of service for all other traffic passing through the device.
For voice and video to traverse IP networks in a secure, reliable, and toll-quality manner, QoS must be
enabled at all points of the network. Implementing QoS lets you:
•
•
•
QoS provides maximum rate control, or policing, for tunneled traffic for each individual user tunnel and
every site-to-site tunnel. In this release, there is no minimum bandwidth guarantee.
The security appliance can police individual user traffic within a LAN-to-LAN tunnel by configuring
class-maps that are not associated with the tunnel, but whose traffic eventually passes through the
LAN-to-LAN tunnel. The traffic before the LAN-to-LAN tunnel can then be specifically policed as it
passes through the tunnel and is policed again to the aggregate rate applied to the tunnel.
The security appliance achieves QoS by allowing two types of traffic queues for each interface: a
low-latency queue (LLQ) and a default queue. Only the default traffic is subject to rate limiting.
Because QoS can consume large amounts of resources, which could degrade security appliance
performance, QoS is disabled by default.
Note You must consider that in an ever-changing network environment, QoS is not a one-time deployment,
but an ongoing, essential part of network design.

Implementing QoS

In general, provisioning QoS policies requires the following steps:
1.
2.
3.
The specification of a classification policy—that is, the definition of traffic classes—is separate from the
specification of the policies that act on the results of the classification.
Cisco Security Appliance Command Line Configuration Guide
24-2
Simplify network operations by collapsing all data, voice, and video network traffic onto a single
backbone using similar technologies.
Enable new network applications, such as integrated call center applications and video-based
training, that can help differentiate enterprises in their respective market spaces and increase
productivity.
Control resource use by controlling which traffic receives which resources. For example, you can
ensure that the most important, time-critical traffic receives the network resources (available
bandwidth and minimum delay) it needs, and that other applications using the link get their fair share
of service without interfering with mission-critical traffic.
Specifying traffic classes.
Associating actions with each traffic class to formulate policies.
Activating the policies.
Chapter 24 Applying QoS Policies
OL-12172-03