Table of Contents
Advertisement
DNS queries, based on UDP, lose a large number of packets due to the definition of UDP – which
does not provide mechanisms for managing transmission errors – and the overwhelming
presence of TCP traffic that drowns out UDP traffic in the mass of TCP packets.
To preserve such traffic, and in particular DNS traffic, the creation of a PRIQ QoS rule is
recommended. This rule will help to diminish frequent packet loss, as well as latency that may
occur on this type of traffic, which requires high responsiveness (this is the precise reason for
DNS queries being done on UDP).
Defining the QoS rule for DNS
Name
Type Priority Bp min Bp max Min inv. Max inv. Color Comments
Priority queue (1 item)
QoS_DNS
Using the QoS rule in the filter policy
To view QoS in the Filtering tab, in the Filtering and NAT module, double-click on the Action column
once you have set up your filter rule (see the document on Filtering and NAT or go to the menu
Security Policy\Filtering and NAT module\Action column).
Effects on traffic
Decreases the number of lost packets if the rule has level 1 priority (and is the only such
l
rule).
Reduces latency.
l
Example 2: Restricting HTTP traffic
HTTP traffic consumes more bandwidth from the internet link and local network than any other
type of internet traffic. Heavy use of the internet may cause congestion of network traffic and
decrease in overall performance, making it bothersome to use the network.
We recommended limiting HTTP traffic using a CBQ QoS rule that defines the maximum throughput
allowed. Fortunately, the situation can be remedied. This rule will allow preserving the network's
bandwidth and reducing the impact of using the internet on the network's overall performance.
Defining the QoS rule for HTTP
Name
Type Priority Bp min Bp max Min inv. Max inv.
Class-based queue (1 item)
QoS_HTTP
Using the QoS rule in the filter policy
To view QoS in the Filtering tab, in the Filtering and NAT module, double-click on the Action
column once you have set up your filter rule (see the document on Filtering and NAT or go to the
menu Security Policy\Filtering and NAT module\Action column).
Effects on traffic
Lowers the risk of network congestion.
l
Reduces the impact of traffic on the network's overall performance.
l
Example 3: Guaranteeing a minimum level of service
Page 293/448
1
0kb
512kb
SNS - USER CONFIGURATION MANUAL V.3
Prioritization of DNS traffic
Color Comments
0kb
512kb
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
QUALITY OF SERVICE (QOS)
Restriction on HTTP traffic
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
