Speed Issue due to QoS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Speed Issue due to QoS

L4 Transporter

Hello,

 

I am experiencing speed issues that I believe may be related to the current QoS configuration on my PA-3020 firewall. I currently have 2 different QoS classes defined: Class 1 & 2. I have three applications under class 1, and one application under class 2. However, under the QoS profile assigned to my outbound internet links, I have an additional 2 classes defined. I have class 4 assigned with a guaranteed egress of 250mbps, and class 5 with a guaranteed egress of 49mbps.

I am wondering if these 2 additional classes still have bandwidth set aside for them (250mbps & 49mbps), despite the fact that there are no applications defined as class 4 or 5.

PAN-OS is 8.0.9

 

Thanks in advance.

3 REPLIES 3

L7 Applicator

Hi @Farzana

 

  • What internet connection do you have?
  • What guaranteed and max bandwidth did you configure for class 1, 2 and 4? (Class 5 will not be used if you did not configure a QoS policy for this class)
  • Where do you have this speed issues: Upload and/or download?
  • How did you configure the interface QoS?

(If possible it would probably be easier if you share screenshots of your QoS policy, QoS profile and the interface QoS configuration)

Hi @Remo,

 

Thank you for your response.

 

  1. We have two 400mb internet connections which are load balanced using ECMP on the PA-3020.
  2. We have 80mb configured for class 1 on our QoS profile for the outbound internet links.  We have 200mb configured for class 1 on our WAN connections.  There are also class 4 & 5 configured, but no QoS policies exist for these.
  3. Our speed issue is from our remote sites connected through our ISP MPLS (coming in on our WAN link).  There are many factors involved in this solution, so I’m just trying to rule out QoS as a potential cause.
  4. Screenshots are below.

QoS PolicyQoS PolicyQoS InterfacesQoS InterfacesQoS ProfileQoS Profile

Hi @Farzana

 

What speed issues do you have exactly? Could you explain a little more? Are these issues constantly, randomly, mostly at specific times or only on weekdays or als on the weekend?

 

What I see in your screenshots is that you don't really have a bandwidth limitation for incoming traffic configured. So theoretically 1 user (connected with Gbit) could utilize the full bandwidth on both ISP links with 2 big downloads.

 

QoS on Paloalto firewalls is only applied on egress interface. So even a user connects to Microsoft for downloading updates (your QoS policy 3), the big data transfer is incoming and not outgoing, the most of the traffic will be handled by the QoS interface config for ethernet1/3 and there the only limit is 1 Gbit (except if there is a lot of skype traffic than the update download can only consume up to 800 Mbit)

  • 3776 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!