Incorrect QoS Configuration Caused Network Traffic Outage

Incorrect QoS Configuration Caused Network Traffic Outage

51910
Created On 09/25/18 17:39 PM - Last Modified 04/17/25 18:59 PM


Symptom


Issue

QoS implementation caused an outage when trying to restrict the bandwidth with QoS profile for a particular class.

Details

The example below shows an incorrectly configured profile which is attached to the QoS interface.

QoS-Profile-Mistake.JPG.jpg

In this example scenario, a 10Gb interface is used and the screenshot above shows a QoS profile configured with Egress Max of 100Mbps. The Egress Max under the Profile section configures the maximum egress bandwidth for all classes of traffic passing through the 10Gb interface.

This would most likely cause heavy congestion, and an outage behavior would be reported by the users.

Environment


  • Palo Alto Networks Firewall
  • QoS configured

 

Resolution


When configuring a QoS profile, the Egress Max should be carefully set, taking the overall bandwidth of the interface into consideration. The intended goal is to restrict class 7 traffic with an Egress Max of 100 and Egress Guaranteed of 10, while all other traffic would take the remaining interface bandwidth.

The screenshot below shows a correct configuration with the Egress Max of the profile set to 10000Mbps, and class7 traffic configured with Egress Max of 100 and Egress Guaranteed of 10:

QoS-Profile-Corrected.JPG.jpg

The QoS interface settings should also be configured with the correct value for Egress Max.

QoS-Profile-Interface.JPG.jpg

Note: Only desired classes can be defined in the QoS profile. The rest of the traffic would default to class 4.

owner: fkhan
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHbCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language