Steps to provide Quality of Service (QoS) for a single IP address or group of IP's.
- Create a profile. Device > Network > QoS Profile
I have created 2 classes each for a 2 different users and they have different bandwidth restrictions as shown below.
- Assign the profile to the interface where we are limiting the Bandwidth, in the example the interface ethernet1/3 is the Untrust Interface. Device > Network Tab > QOS
QoS profile is assigned to the clear text traffic.
- Create the QoS Rules. Select the user IP address and define a class for the user. In the QoS profile, set the Bandwidth limitation for this class. Device > Policies > QOS Rules
Test with the IP 192.168.141.41 (QOS Rule User2)
User 1 with IP ending .40 gets max egress bandwidth of 2MB and user 2 with IP ending .41 gets 10MB as per the classes defined in the first image.
- Results can be tested by looking at the Statistics in the web interface. Device > Network > QOS
Troubleshooting commands
Displays the sessions related to QoS only.
show session all filter qos-class 2
show session all filter qos-rule User2
To find the throughput of the QoS traffic,
show qos interface ethernet1/3 throughput 0
Where 0 is the Qid for the default group.
QoS throughput for interface ethernet1/3, node default-group (Qid 0):
class 1: 299 kbps
class 4: 6 kbps
A sample QoS Session shows all the details.
show session id 26680
Session 26680
c2s flow:
source: 192.168.141.41 [L3-T]
dst: 204.160.102.126
proto: 6
sport: 31160 dport: 80
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown
qos node: ethernet1/3, qos member N/A Qid 0
s2c flow:
source: 204.160.102.126 [L3-U]
dst: 172.17.128.141
proto: 6
sport: 80 dport: 27607
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown
start time : Sat Jun 30 15:21:55 2012
timeout : 30 sec
time to live : 18 sec
total byte count(c2s) : 837
total byte count(s2c) : 506
layer7 packet count(c2s) : 6
layer7 packet count(s2c) : 5
vsys : vsys1
application : web-browsing
rule : rule1
session to be logged at end : True
session in session ager : True
session synced from HA peer : False
address/port translation : source + destination
nat-rule : In-Out(vsys1)
layer7 processing : enabled
URL filtering enabled : False
session via syn-cookies : False
session terminated on host : False
session traverses tunnel : False
captive portal session : False
ingress interface : ethernet1/4
egress interface : ethernet1/3
session QoS rule : User2 (class 2)
owner: ssunku