Filter
Top Products
25-3
Cisco ASDM User Guide
OL-16647-01
Chapter 25 Configuring QoS
QoS Overview
For traffic shaping, a token bucket permits burstiness but bounds it. It guarantees that the burstiness is
bounded so that the flow will never send faster than the token bucket capacity, divided by the time
interval, plus the established rate at which tokens are placed in the token bucket. See the following
formula:
(token bucket capacity in bits / time interval in seconds) + established rate in bps = maximum flow speed
in bps
This method of bounding burstiness also guarantees that the long-term transmission rate will not exceed
the established rate at which tokens are placed in the bucket.
Policing Overview
Policing is a way of ensuring that no traffic exceeds the maximum rate (in bits/second) that you
configure, thus ensuring that no one traffic flow or class can take over the entire resource. When traffic
exceeds the maximum rate, the security appliance drops the excess traffic. Policing also sets the largest
single burst of traffic allowed.
Priority Queueing Overview
LLQ priority queueing lets you prioritize certain traffic flows (such as latency-sensitive traffic like voice
and video) ahead of other traffic.
The security appliance supports two types of priority queueing:
• Standard priority queueing—Standard priority queueing uses an LLQ priority queue on an interface
(see the “Creating the Standard Priority Queue for an Interface” section on page 25-5), while all
other traffic goes into the “best effort” queue. Because queues are not of infinite size, they can fill
and overflow. When a queue is full, any additional packets cannot get into the queue and are
dropped. This is called tail drop. To avoid having the queue fill up, you can increase the queue buffer
size. You can also fine-tune the maximum number of packets allowed into the transmit queue. These
options let you control the latency and robustness of the priority queuing. Packets in the LLQ queue
are always transmitted before packets in the best effort queue.
• Hierarchical priority queueing—Hierarchical priority queueing is used on interfaces on which you
enable a traffic shaping queue. A subset of the shaped traffic can be prioritized. The standard priority
queue is not used. See the following guidelines about hierarchical priority queueing:
–
Priority packets are always queued at the head of the shape queue so they are always transmitted
ahead of other non-priority queued packets.
–
Priority packets are never dropped from the shape queue unless the sustained rate of priority
traffic exceeds the shape rate.
–
For IPSec-encrypted packets, you can only match traffic based on the DSCP or precedence
setting.
–
IPSec-over-TCP is not supported for priority traffic classification.