How to assign different bandwidth for multiple subnets to limit upload using QoS

How to assign different bandwidth for multiple subnets to limit upload using QoS

43225
Created On 09/25/18 19:21 PM - Last Updated 04/21/20 00:46 AM


Symptom

Symptoms

How to assign different bandwidth for multiple subnets (more than 8) to limit upload using QoS.

 

  • Available class for QoS = 8.
  • There is a need for providing different bandwidth to more than 8 subnets.

Diagnosis

  • Create different different QoS profile using the same class.
  • Then write different different  QoS policies according to the traffic flow.





Resolution

 Case 1 - Limiting uploads

 

  • There are multiple subnets behind Lan interface for which we have to limit the upload to  216.57.196.78


Pic2.PNG

  • Create different different QoS profile using the same class.
  • Check the figure below.

 

3.PNG

 

One thing to note here is that we are limiting the uploads so there's no doubt that QoS needs to be applied on the egress, which is a WAN interface.

 

1.PNG

 

 

Now click on the other tab (clear text traffic).

 

Note: Remember that the source interface/sunbet will be the interface nearest the originator of the traffic. 

 

The key point here is that the source interface will be the interface which is nearest to originator of the traffic hence the Lan interface and the subnet will be the originator who is generating the actual traffic.

 

Egress interface and the source subnet are 2 different things.

 4.PNG

 

 

 

Now write the QoS policy as per your requirements.

 

I have written only 4 policies (all using class 2) but you can write multiple policies as per your needs, the concept will remain the same.

 

5.PNG

 

Case 2 - Limiting Downloads

 

Assigning different bandwidth for more than 8 subnets from any particular source (for download) cannot be done. Here's why:

We have 8 QoS classes so when it comes for assigning different different bandwidth we can use only 8 classes per source. (Use all the QoS classes in one profile.)
 
If you are limiing download based on the source subnet please

# Apply the QoS on the Egress interface which will be your LAN interface.
 
# Most important in this case the source interface / subnet will be your wan interface and the subnet will be the servers subnet / ip address.  (For example, vimeo servers ip address) 

 

Remember that the source interface will be the interface which is nearest the originator of the traffic and the source subnet will the severs ip / subnet.

 

Tips and tricks

Always check the C2S / S2C flow using  the session id.
 
For example, for download limit, you observe that the QoS profile will be applied in S2C flow, see the below snapshot.
 
Note: This  figure is just for reference; however, it is taken from live traffic with QoS applied in which we limited the download from 104.156.81.217 server. (called sources interface = WAN and source subnet = Vemio servers ip address in clear text traffic tab.)
 

7.PNG
In addition, here is the output of the clear text tab from the CLI (check the QoS id which will point to which QoS profile is applied to that session) the QoS ID is 1 over here and is applied to the above traffic for download.

 

Means QoS Mafra is the QoS profile in which we have limited bandwidth in any class, this is only to show you how the source subnet works.

 

We have also written QoS policy calling that particular class, which is not shown here. 

This was mainly to demonstrate the concetps of QoS and how we can use source subnet of clear text tab in QoS.

 

8.PNG

 

 

Thank you.

 

Tarang Srivastava



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClWaCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language