topic QoS cleartext match issue in General Topics

QoS cleartext match issue

raji_toor — Wed, 01 Feb 2023 06:27:41 GMT

We have setup similar to as below

I created/applied default QoS profiles on AE1 and AE5. However in order to be more granular I want to apply on individual subnets.

As in this example we want to use separate QoS profile for 10.129.0.0/16 subnet for traffic going to internet. I have tried to add subnet under cleartext on both AE1 and AE5, with and without source interface of ae1.3, with/without destination interface of AE5.100, but the traffic still matches the regular traffic and not cleartext policy. How do I make this work,

Re: QoS cleartext match issue

reaper — Wed, 01 Feb 2023 08:27:57 GMT

QoS is applied on the ingress of a packet, so if you want to limit upload you need to add the profile on AE1, if you want to limit download you need toi add the profile to AE5 (and if you want to control both you'll need a profile on both the interfaces)

this also means if you want to set up subnets in the cleartext section, you'll need to account for both direction: on AE3 you'll use source 10.129.0.0/16, on AE5 you need to set that as destination. On the download you are only able to set a destination interface, not subnet, so you'll need to ensure your QoS policy only triggers for that subnet and then apply a class (ie. 😎 thats not used for any other subnet so you dont limit download for other networks

hope that makes sense

Re: QoS cleartext match issue

raji_toor — Thu, 02 Feb 2023 19:40:21 GMT

@reaper Thank you for your insight. I was not taking into direction and where QoS will be applied.

Also for someone else's help. if you are using multiple virtual systems. Source and destination both need to be specified or the QoS policy won't match on external interface for downloads.

And unless class is changed from default to 4, all traffic still shows as matching to default-group when you look under statics, i observed.