Applying Low Latency Queueing - Cisco FirePOWER ASA 5500 series Configuration Manual

Applying Low Latency Queueing

Applying Low Latency Queueing
The security appliance allows two classes of traffic: low latency queuing (LLQ) for higher priority,
latency-sensitive traffic (such as voice and video) and best effort, the default, for all other traffic. These
two queues are built into the system. The security appliance recognizes QoS priority traffic and enforces
appropriate QoS policies.
Because queues are not of infinite size, they can fill and overflow. When a queue is full, any additional
packets cannot get into the queue and are dropped. This is tail drop. To avoid having the queue fill up,
you can use the queue-limit command to increase the queue buffer size.
You can configure the low latency (priority) queue to fine-tune the maximum number of packets allowed
into the transmit queue (using the tx-ring-limit command) and to size the depth of the priority queue
(using the queue-limit command). This lets you control the latency and robustness of the priority
queuing.
Note The upper limit of the range of values for the queue-limit and tx-ring-limit commands is determined
dynamically at run time. To view this limit, enter help or ? on the command line. The key determinants
are the memory needed to support the queues and the memory available on the device. The range of
queue-limit values is 0 through 2048 packets. The range of tx-ring-limit values is 3 through 128 packets
on the PIX platform and 3 to 256 packets on the ASA platform.
Configuring Priority Queuing
You identify high priority traffic by using the priority command in Class mode. This command instructs
the security appliance to mark as high priority the traffic selected by the class map.
For priority queuing to occur, you must create a priority queue for named, physical interfaces that
transmit high priority traffic. To enable a priority queue on an interface, use the priority-queue
command in global configuration mode. You can apply one priority-queue command to each physical
interface defined by the nameif command. All other traffic is delivered on a best-effort basis.
In general, you can apply a priority-queue command to any physical interface that can be defined by
the nameif command. You cannot apply a priority-queue command to a VLAN interface. The
priority-queue command enters priority-queue mode, as shown by the prompt, which lets you configure
the maximum number of packets allowed in the transmit queue and the size of the priority queue.
You cannot enable both priority queuing and policing together. In other words, only packets with normal
Note
priority can be policed; packets with high priority are not policed.
Sizing the Priority Queue
The size that you specify for the priority queue affects both the low latency queue and the best-effort
queue. The queue-limit command specifies a maximum number of packets that can be queued to a
priority queue before it drops data. This limit must be in the range of 0 through 2048 packets.
Cisco Security Appliance Command Line Configuration Guide
24-8
Chapter 24 Applying QoS Policies
OL-10088-01