QoS Guaranteed

Reply
Highlighted
L4 Transporter

QoS Guaranteed

Hi,

I would like to book (guaranteed egress) 5Mbps for streaming in one of my vlan. My outide-Internet (egress) interface is eth1/1.

The class for streaming is CLASS 1 (real time) right????

whats the difference between "clear text traffic" and "tunneled traffic"???

Im using a PA2020, i can do QoS for limited bandwith and guarranteed in this model, i have read somthing related to not allow qos in pa2020, right??

where i should guaranteed the traffic??? in my qos profile (class 1) or in "clear text traffic: Guaranteed Mbps???

Please check my config if it would work it....thanks

Profile with 5Mbps Guaranteed

qos profile.png

wos interface.png

I dont know the diference clear text-tunneled so i choosed clear text. I have configured my untrust interface as source interface and my vlan to apply this guaranteed traffic.

qosapply.png

Highlighted
L4 Transporter

To apply QoS for streaming on internet, the egress interface should be my untrust interface or my LAN interface?????

Highlighted
L7 Applicator

When you say "streaming 'on' internet", you are not offering enough information to get an answer.

Are you streaming "to" the internet, or are you streaming "from" the internet ?

QoS is applied on the egressing interface.

If you are streaming "to" the internet, the relevant interface is untrust (WAN).

If you are streaming "from" the internet, the relevant interface is trust (LAN).

Highlighted
L4 Transporter

i meant streaming like going to youtube. i think it must to be configured in egreess (untrust) interface like you said..

thanks

Highlighted
L7 Applicator

If you go to youtube, the content is delivered "to" you, so the traffic comes in from untrust, and exits trust towards your workstation. The correct interface to be configured is trust. We are not looking at the direction of the session, but which interface are packets egressing from. The stream is from the YouTube server to your Workstation. The egress is clearly your Trust interface.

Highlighted
L5 Sessionator

Hi,

Mivaldi is right.

On one hand, QoS is always apply for outgoing traffic from paloalto's interface point of view.

Mean if you want to limit your streaming traffic, you need to apply QoS on your trust interface.

If you apply your profile on your untrust int, you will imit your request to youtube (which make less sense)

On the other hand, QoS policy is based on session point of view. (From trust to untrust).

Carefull for application identification. Youtube or SSL ....

Doc: QoS in PAN-OS 4.1 (no change on other version)

Hope help

V.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!