How to Provide Quality of Service to a Single IP adress

Steps to provide Quality of Service (QoS) for a single IP address or group of IP's.

1. Create a profile.  Device > Network  > QoS Profile

     I have created 2 classes each for a 2 different users and they have different bandwidth restrictions as shown below.

         

1. Assign the profile to the interface where we are limiting the Bandwidth, in the example the interface ethernet1/3 is the Untrust Interface.  Device > Network Tab > QOS

   QoS profile is assigned to the clear text traffic.

   

2. Create the QoS Rules.  Select the user IP address and  define a class for the user.  In the QoS profile, set the Bandwidth limitation for this class.  Device > Policies > QOS Rules

   Test with the IP 192.168.141.41 (QOS Rule User2)

   User 1 with IP ending .40 gets max egress bandwidth of 2MB and user 2 with IP ending .41 gets 10MB as per the classes defined in the first image.

   

3. Results can be tested by looking at the Statistics in the web interface.  Device > Network > QOS

   

Troubleshooting commands

 

Displays the sessions related to QoS only.

show session all filter qos-class 2

show session all filter qos-rule User2

 

To find the throughput of the QoS traffic,

show qos interface ethernet1/3 throughput 0

Where 0 is the Qid for the default group.

 

QoS throughput for interface ethernet1/3, node default-group (Qid 0):

class 1:      299 kbps

class 4:        6 kbps

 

A sample QoS Session shows all the details.

show session id  26680

Session           26680

        c2s flow:

                source:      192.168.141.41 [L3-T]

                dst:         204.160.102.126

                proto:       6

                sport:       31160           dport:      80

                state:       ACTIVE          type:       FLOW

                src user:    unknown

                dst user:    unknown

                qos node:    ethernet1/3, qos member N/A Qid 0

 

        s2c flow:

                source:      204.160.102.126 [L3-U]

                dst:         172.17.128.141

                proto:       6

                sport:       80              dport:      27607

                state:       ACTIVE          type:       FLOW

                src user:    unknown

                dst user:    unknown

 

        start time                    : Sat Jun 30 15:21:55 2012

        timeout                       : 30 sec

        time to live                  : 18 sec

        total byte count(c2s)         : 837

        total byte count(s2c)         : 506

        layer7 packet count(c2s)      : 6

        layer7 packet count(s2c)      : 5

        vsys                          : vsys1

        application                   : web-browsing

        rule                          : rule1

        session to be logged at end   : True

        session in session ager       : True

        session synced from HA peer   : False

        address/port translation      : source + destination

        nat-rule                      : In-Out(vsys1)

        layer7 processing             : enabled

        URL filtering enabled         : False

        session via syn-cookies       : False

        session terminated on host    : False

        session traverses tunnel      : False

        captive portal session        : False

        ingress interface             : ethernet1/4

        egress interface              : ethernet1/3

        session QoS rule              : User2 (class 2)

 

owner: ssunku