Bin some years since I was working with Cisco ASA and QoS. I am into Cisco ASA performance optimising and tuning, it`s lots of fun to play around with different settings and get as much performance out of the ASA.
The ASA supports the following QoS features:
- Priority queuing – To prioritize the packets that need prioritization like Voice over IP which is sensitive to latency. The ASA can only support Low Latency Queueing (LLQ).
- Policing – To prevent traffic to consum all the network bandwidth by one user or one application. The policies restrict the bandwidth and can be applied to inbound and outbound traffic to an interface. The options are either drop or permit when the traffic exeed the limits.
- Traffic shaping – Traffic that exceed the configured limits will be queued and sent when the traffic goes below the threshold. Traffic shaping will not drop packets that go over the threshold what is better for application which are sensitive to packet loss. Can be only applied to outgoing traffic on a physical interface and traffic shaping on ASA 5500-X models it is not supported.
Some information you need to keep in mind if you configure QoS on a Cisco ASA:
- Supported in single context mode only. Does not support multiple context mode. Very sad because I prefer using virtual security contexts on ASAs.
- QoS features can be only applied to physical interfaces (port-channel are not supported)
- The ASA does not locally mark/remark any classified traffic.
See the following supported feature combinations per interface:
- Standard priority queuing (for specific traffic) + Policing (for the rest of the traffic).
- Traffic shaping (for all traffic on an interface) + Hierarchical priority queuing (for a subset of traffic).
In my case I have a Cisco ASA 5515-X and will do standard priority queuing and policing for the rest of the traffic.
Please always read the Cisco ASA Configuration Guide to ensure that your configuration is correct and supported!
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Quality of Service Configuration :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Class of Service DSCP Marking (codepoint name) :: :: Premium 46 (EF) :: :: Business-1 26 (AF31) :: :: Business-2 18 (AF21) :: :: Standard 0 :: :: Management 34 (AF41) :: :: Routing Protocol 48 (IP-Precedence 6) :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: class-map premium-qos-traffic match dscp 46 exit class-map business-1-qos-traffic match dscp 26 exit class-map business-2-qos-traffic match dscp 18 exit policy-map transfer-uk-mpls_policy class premium-qos-traffic priority exit class business-1-qos-traffic police output 8388500 conform-action transmit exceed-action transmit exit class business-2-qos-traffic police output 10485760 655360 conform-action transmit exceed-action drop exit class class-default police output 2097000 655360 conform-action transmit exceed-action drop exit priority-queue transfer-uk-mpls exit service-policy transfer-uk-mpls_policy interface transfer-uk-mpls