Use QoS to prioritize and adjust quality aspects of
network traffic. You can assign the order in which packets are handled
and allot bandwidth, ensuring preferred treatment and optimal levels
of performance are afforded to selected traffic, applications, and
users.
Service quality measurements subject to a QoS implementation
are bandwidth (maximum rate of transfer), throughput (actual rate
of transfer), latency (delay), and jitter (variance in latency).
The capability to shape and control these service quality measurements
makes QoS of particular importance to high-bandwidth, real-time
traffic such as voice over IP (VoIP), video conferencing, and video-on-demand
that has a high sensitivity to latency and jitter. Additionally,
use QoS to achieve outcomes such as the following:
Prioritize network and application traffic, guaranteeing
high priority to important traffic or limiting non-essential traffic.
Achieve equal bandwidth sharing among different subnets,
classes, or users in a network.
Allocate bandwidth externally or internally or both, applying
QoS to both upload and download traffic or to only upload or download traffic.
Ensure low latency for customer and revenue-generating traffic
in an enterprise environment.
Perform traffic profiling of applications to ensure bandwidth
usage.
QoS implementation on a Palo Alto Networks firewall begins with
three primary configuration components that support a full QoS solution:
a QoS
Profile, a QoS
Policy, and setting up the QoS
Egress Interface. Each of these options in the QoS configuration
task facilitate a broader process that optimizes and prioritizes
the traffic flow and allocates and ensures bandwidth according to
configurable parameters.
The figure QoS
Traffic Flow shows traffic as it flows from the source, is
shaped by the firewall with QoS enabled, and is ultimately prioritized
and delivered to its destination.
The QoS configuration options allow you to control the traffic
flow and define it at different points in the flow. The figure QoS
Traffic Flow indicates where the configurable options define
the traffic flow. A QoS policy rule allows you to define traffic
you want to receive QoS treatment and assign that traffic a QoS
class. The matching traffic is then shaped based on the QoS profile
class settings as it exits the physical interface.
Each of the QoS configuration components influence each other
and the QoS configuration options can be used to create a full and
granular QoS implementation or can be used sparingly with minimal
administrator action.
When a queue is filling faster than it can be emptied, the device has two choices as to
where to drop traffic. It can wait until the queue is full and simply drop packets as
they arrive (tail dropping), or it can detect incipient congestion and proactively begin
to drop packets based on a probability function that is tied to an average depth of the
queue. This technique is called random early drop (RED). PAN-OS uses a weighted RED
(WRED) algorithm.
Each firewall model supports a maximum number of ports that can
be configured with QoS. Refer to the spec sheet for your firewall model or use
the product comparison tool to
view QoS feature support for two or more firewalls on a single page.