Configuration of WAN Quality of Service (QoS) Queue Settings on the ISA500 Series Integrated Security Appliances

Objective

Quality of Service (QoS) enables the network device to provide better service to the selected network traffic. It helps to prioritize the traffic based on the type of data and delay sensitive data, such as voice data and live stream, which are given higher priority compared to other data types. QoS also helps with bandwidth management. Congestion management is one of the QoS techniques that offer better network service to the selected traffic during high network traffic. Congestion management uses queuing on the interface of network devices to accommodate temporary congestion that stores the excess packets in buffers until bandwidth becomes available. The configuration of queues ensures that the higher priority traffic gets serviced in times of congestion.

The objective of this document is to explain how to configure the queues on the WAN interface of the ISA500 Series Integrated Security Appliances to handle the egress (outgoing) traffic.

Applicable Devices

• ISA500 Series Integrated Security Appliances

Software Version

• v1.1.14

WAN Queue Settings

Note: You may need to enable WAN QoS to configure the queue settings on the WAN interface. To find out more about how to enable the WAN QoS, please refer to the article, General Quality of Service (QoS) Settings on ISA500 Series Integrated Security Appliances.

Configuration of WAN Queue Settings

Step 1. Log in to the ISA500 Series Configuration Utility and choose Networking > QoS > WAN QoS > Queue Settings. The Queue Settings page opens:

The security appliance supports two WAN interfaces and each WAN interface contains six queues (Q1 to Q6) which are listed under the Name column of Queue Settings table. The Queue Settings page allows you to configure the queue settings for each WAN port separately.

Any one of the following three queue settings configurations is possible on the WAN port, and each can be done for a particular WAN interface.

• Strict Priority (SP) — Traffic in the highest priority queue (Q1) is transmitted first, followed by the next lowest in the queue when traffic in each queue is completed. The queue with the highest number is given the highest priority so that traffic is sent first from the highest numbered queue.

• Weighted Round Robin (WRR) — Traffic in the queue is transmitted on the basis of weights assigned to the queue. More packets are sent from a queue with a higher weight.

• Low Latency Queuing (LLQ) — Includes both the SP and WRR queue techniques to provide Strict Priority Queuing (PQ) to Class-Based Weighted Fair Queuing (CBWFQ). Q1 (the highest priority queue) is configured under the SP mode and the queues from Q2 to Q6 are configured under the WRR mode. The delay sensitive data (such as voice) is given preference and are sent via Q1 over the other traffic.

Strict Priority WAN1 Queue Settings

Step 1. Click the Strict Priority (SP) radio button under the WAN1 Queue area to configure the queues of WAN1 based on the strict priority settings.

Step 2. (Optional) For easy identification of the priority of the queues, enter the brief description about the priority for each queue in the corresponding queue fields under the Queue Description column of the Queue Settings table.

Step 3. Scroll down the Queue Settings page, and click Save to save the current settings.

Weighted Round Robin (WRR) WAN1 Queue Settings

Step 1. Click the Weighted Round Robin (WRR) radio button under the WAN1 Queue area to configure the queues of WAN1 based on the WRR queue settings.

Step 2. Enter the percentage (weight) for each queue in the corresponding fields under the Weighted Round column of Queue Settings table.

Step 3. (Optional) For easy identification of the priority of the queues, enter the brief description about the priority for each queue in the corresponding queue fields under the Queue Description column of the Queue Settings table.

Step 4. Scroll down the Queue Settings page and click Save to save the current settings.

Low Latency Queuing (LLQ) WAN1 Queue Settings

Step 1. Click the Low Latency Queuing (LLQ) radio button under the WAN1 Queue area to configure the queues of WAN1 based on the LLQ settings.

Note: A WAN port supports up to bandwidth of 10,000,000 Kbps.

Step 2. Under the Low Latency Queuing column of Queue Settings table, enter the desired amount of bandwidth (Kbps) in the Q1 field (Q1 is the highest priority queue).

Step 3. Under the Low Latency Queuing column of the Queue Settings table, enter the desired percentages (weights) in the fields corresponding from Q2 to Q6. The remaining bandwidth (the bandwidth of Q1 subtracted from the maximum bandwidth) is allocated to the queues (Q2 to Q6) based on the configured weights.

Step 4. (Optional) For easy identification of the priority of the queues, enter the brief description about the priority for each queue in the corresponding queue fields under the Queue Description column of the Queue Settings table.

Step 5. Scroll down the Queue Settings page, and click Save to save the current settings.

Note: To configure WAN2, follow the same procedure as in the configuration of WAN1 Queue.

Random Early Detection

Note: This particular setting must be configured regardless of what you have chosen previously.

Step 1. Click the On radio button to enable the random early detection feature on the security appliance. Otherwise, click Off to disable the feature. The Random Early Detection (RED) is the congestion avoidance technique that utilizes the TCP congestion control mechanism. The packets are dropped randomly prior to high congestion which signals the TCP source to slow down the transmission rate until all the packets have reached the destination.

Step 2. Click Save to save the settings.