can somebody explain how QoS is applied on traffic through the PA.
I know that I configure a QoS Profile, bind it to an interface and create a QoS policy,
and that all belongs to the egress traffic of an interface.
But what happens if I configure for example a profile with class 8 set to 1 Mbit max bandwidth.
Are there buffers which are filled to handle this, or were those packets dropped which increase this limit?
How big are those buffers?
What happens if the buffers are full?
From what I heard the buffers vary between the hardware models, (no surprice there really). The WFQ ratio should be 24:1 I'm told. When the queues fill upp packets start getting dropped. This can be seen by issuing "show qos interface intname counter".
Hopefully Palo will release an official document describing QoS in greater detail and differences between their hardware.
Keep in mind the following.
We only QOS packets as they exit the Paloalto. If you want to restrict Downlods from the intenet you need to do this on the LAN/Trust.
When you create a QOS profile, if no MAX speed is configured in the policy then we assumethe negotiated speed is the maximum and this will affect buffer allocation. So if Eth1 effectively connects to a T1 with 1.5M/sec, you should set the max egress speed to 1.5M.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!