I have the below topology . video conference device is connected in distribution .
All the devices are cisco . Actually I want to prioritize and reserve 10 mb for the vc .
Marking the vc network as real time will help . I have never seen the dataplane going high in palo alto .
The real congestion is facing at internet router .In that case what I can do ?
Based on your description, I think setting up QoS egress bandwidth guarantee would help on the PA side.
naturally once the traffic hits the internet no one can help further, but at least the PA bandwidth would be reserved.
Generally classification is not read or honored on internet path routers. So there is not real advantage to marking traffic as it enters the internet. Really does not matter what brand you have. On the public internet we don't honor client traffic markings at all.
This QoS bandwidth reservation will keep your own internal traffic from crowding out the traffic type. This you can control.
Thanks for the reply . The internet router which I mentioned in the diagram is located in premise.
If I do classification on the router , atleast can I control the congestion happening on the interface which is connected to the ISP ?
Maybe a dumb question :)
Yes, that all will work as per the standards for both the PA and the routers you control.
Best practice is to mark the dscp code as close to ingress as practical then have all devices in the path honor the classifications.
As a practical matter of course it only comes into play when you have congested links.
In between internet router , there is cisco firewall and switch between .
What actually I found switch cpu is going very high and found some drops on the interface ,
In that case do I need to apply qos on the switch also ?
High CPU on a switch isn't necissary an issue. If you run 'show processes cpu history' in EXEC and see what your CPU utilization history is. Is the CPU constantly busy or is it just spiking? Are the spikes lining up with a known event or activity pattern? Are you having any larger issues within Layer2 that could be causing higher CPU utilization across the board? If your substained CPU baseline is higher than 60% I would say this could be causing issues on a broader scope.
As far as the drops go, QoS helps with conjested links. So you won't get rid of the interface drops, you'll simply ensure that traffic you care about has a higher chance of getting processed through the queue before a drop takes place. If you have a highly conjested link on a switch struggling to process traffic in a timely manner you could still see drops with QoS in place if it can't process the traffic in the queue.
Also as @pulukas already pointed out; if you are applying QoS it should be applied across the entire path.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!