QoS Profile Configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

QoS Profile Configuration

L2 Linker

I'm doing my first PAN QoS configuration- it's for a SIP trunk to a carrier from our VoIP network. I've read through the procedures and wanted to do a sanity check for my approach:

 

1) I've configured my security rules for SIP to have QoS "Follow Client to Server Flow" to maintain the DSCP markings from carrier to VoIP internal network and vise-versa. 

 

2) I've defined on the Panorama my QoS Policy as that's where all our security and NAT policies are managed, so I figured I'd keep up with that approach. This policy marks RTP-BASE and RTP-Autdio traffic between our inside Border Controller and the carrier Border Controller as EF (which it should be marked  already as that) and assigned it as Class 1. The 2nd policy marks all SIP, SIP application, SIP Trunk, SIP Message) traffic between the two Border Controllers as CS3 (which it should be already) and assigned it as Class 3.

 

3) On the PAN appliance, I created a QoS Profile "VoIP"  with a Guaranteed Egress of 1 Gbps and max Egress of 1 Gbps. (It is a 1 Gbps ethernet interface). Within that QoS Profile is class 1 traffic (EF) with a guaranteed and max egress of 800.000 (800 Mbps) and class 3 at 100.000 (100 Mbps). I'm leaving the last 100 Mbps for everything else (this is only a SIP trunk so shouldn't have anything else). The last/bottom 100 Mbps for best-effort: Do I need to define what my best-effort traffic is? Or if a class isn't defined here and given egress bandwidth, it automatically becomes best effort?

 

4) The answer to number three will probably answer this- do the values of all the classes in a QoS Profile (in step 3 above) need to or should equal the "Egress Max) in the QoS interface "Physical Interfaec" tab?

 

THANKS for any help, direction or confirmation you can give!!!

 

Mike

1 REPLY 1

L1 Bithead

Hi Mike,

Do you have 1 Gbps link from ISP or just the interface speed is 1 Gbps ?

If the interface Gigabit Interface; however link is just for 400 Meg, this policy is not going to help.

Because QoS is enforced on traffic as it egresses the firewall, your QoS policy rule is applied to traffic after the firewall has enforced all other security policy rules, including Network Address Translation (NAT) rules. and applied to the egress interface.

Following link will help in configuration-

Applying QoS on Tunnel Interfaces - Knowledge Base - Palo Alto Networks

 

Regards,

Saurabh Bhansali

  • 2405 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!