QoS for Remote Networks Using Guaranteed Bandwidth and Bandwidth Allocation Ratios
Table of Contents
QoS for Remote Networks Using Guaranteed Bandwidth and Bandwidth Allocation Ratios
Understand how guaranteed bandwidth and bandwidth allocation
works for QoS in a Prisma Access Remote Networks deployment.
Prisma Access divides compute location bandwidth using IPSec
Termination Nodes. Each IPSec termination node can provide you
with a maxmum of 1,000
Mbps of bandwidth. If you allocate more than 1,000 Mbps of
bandwidth to a compute location, Prisma Access provides you with
additional IPSec termination nodes.
The QoS settings you specify here apply only to outbound
traffic for remote networks, and do not affect secure inbound access traffic.
In the following example, you have allocated 1500 Mbps bandwidth
in the Canada Central compute location, which is the compute location
for the Canada Central and Canada East locations.
Since you allocated 1500 Mbps for the compute location, Prisma
Access gives you two IPSec termination nodes.
You should now determine whether you want to allocate your locations
to the same IPSec termination node, or to use separate IPSec termination
nodes. If you expect you will add more remote network locations
to this compute location, you could leave one IPSec termination
node available to onboard more remote networks at a later time.
For this example, you onboarded two remote
networks, also known as Remote Network Security Processing
Nodes (RN-SPNs), one in Canada East (RN-8) and one in Canada Central
(RN-9), using the same IPSec termination node for both locations.
You Enable QoS in the QoS area by selecting , clicking the gear
to edit the settings, selecting QoS, and
enabling QoS for the Canada Central compute location. See Configure Quality of Service in Prisma Access for the detailed steps.
In this example, you want the compute location to receive a guaranteed
bandwidth ratio of 60%; to do so, enter a Guaranteed
Bandwidth Ratio of 60% to the
Canada Central compute location. This action reserves 900 Mbps (60%
of the overall bandwidth allocation) for guaranteed bandwidth.
Prisma Access divides up the guaranteed bandwidth equally between
IPSec termination nodes; therefore, each IPSec termination node
receives 450 Mbps of guaranteed bandwidth (900 Mbps divided by the
total number of IPSec termination nodes). When you select Customize
Per Site, you can view the bandwidth that is allocated
for each location. By default, the Allocation Ratio is
divided equally between all remote networks in an IPSec termination node.
In the following example, since there are two remote networks in
the IPSec termination node, each remote network receives an Allocation Ratio of
50%.
If you select Customize Per Site and
then onboard additional remote networks in the same IPSec termination
node, the newly-onboarded sites receive an allocation ratio of 0,
and you must manually rebalance the allocation ratio between existing
sites and the newly-onboarded site.
If you do not Customize
Per Site, the bandwidth percentage automatically rebalances
when you add remote networks. For example, if you did not select Customize
Per Site and have four remote networks onboarded, each
of those remote networks have an allocation ratio of 25%. If you add
a fifth remote network, all five sites rebalance and receive a guaranteed
bandwidth of 20%.
