QoS theory / functionality

Reply
Highlighted
L3 Networker

QoS theory / functionality

Hi,

 

We have an interface which is 100Mbps. There will never be more than 20 IP addresses connecting on this interface.

 

I wish to guarantee each connection 5Mbps and allow them to use the entire 100Mbps if the additional bandwidth is available.

 

I can create a QoS profile with a class specifing the guaranteed and max bandwidth, and assign it to a policy which lists the 20 IP addresses of hosts on the source network, however, it is unclear from the documentation if the guaranteed bandwidth is per host, or cumulative (everything hitting the QoS profile / policy).

 

In the scenario above, if I have 20 hosts, would each host get a guaranteed 5Mbps, or would all connections (every time the policy is hit) get a cumulative guarantee of 5Mbps?

 

How can I configure QoS so that each of my 20 hosts is guaranteed 5Mbps (across all sessions from that host).

 

Thanks,
Shannon

Highlighted
Community Team Member

Hi @SARowe_NZ,

 

Currently it will be shared (or cumulative as you call it).

 

There's an existing feature request for 'per-IP traffic shaping' (FR #5078).  Please reach out to your local SE and have him add your vote to this request.

 

Cheers !

-Kiwi

Highlighted
L3 Networker

Hey,

 

Thanks for that.

 

To clarify, is that shared per policy or per session? e.g. all sessions hitting a single policy would be allowed 5Mbps cumulatively, or each active session is allowed 5Mbps?

 

If per policy (cumulatively for all sessions hitting that policy), and given the low number of IP's we have in this scenario, I could simply create 20 policies, 1 for each IP?

 

Cheers,

Shannon

Highlighted
L3 Networker

Hmm found this today which I had not previously seen.

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Provide-Quality-of-Service-to-a-S...

 

Think that has answered my own question. Looks like if I create 1 policy per IP address I can guarantee each IP 5Mbps.

 

Cheers,

Shannon

Highlighted
L7 Applicator

Hi Shannon

 

resources are shared per class within the same profile, so you could split your profile up into 8 slices (each class splits it's resources among all sessions in the class)

 

another way to achieve 20 separate segments is to create 20 separate profiles and assign each source IP one profile. the drawback is that this will simultaneously limit the egress maximum to 5mbps

 

so you can either leverage the full bandwidth for everyone and have up to 8 'classes', or you can have 20 profiles but no one will ever be able to get more than 5mbps

reaper - PANgurus.com
Find my book at amazon.com/dp/1789956374
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!