17-3
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 17 Quality of Service
Guidelines for QoS
Priority Queuing
LLQ priority queuing lets you prioritize certain traffic flows (such as latency-sensitive traffic like voice
and video) ahead of other traffic. Priority queuing uses an LLQ priority queue on an interface (see
Configure the Priority Queue for an Interface, page 17-6
), while all other traffic goes into the “best
effort” queue. Because queues are not of infinite size, they can fill and overflow. When a queue is full,
any additional packets cannot get into the queue and are dropped. This is called
tail drop
. To avoid
having the queue fill up, you can increase the queue buffer size. You can also fine-tune the maximum
number of packets allowed into the transmit queue. These options let you control the latency and
robustness of the priority queuing. Packets in the LLQ queue are always transmitted before packets in
the best effort queue.
How QoS Features Interact
You can configure each of the QoS features alone if desired for the ASA. Often, though, you configure
multiple QoS features on the ASA so you can prioritize some traffic, for example, and prevent other
traffic from causing bandwidth problems. You can configure:
Priority queuing (for specific traffic) + Policing (for the rest of the traffic).
You cannot configure priority queuing and policing for the same set of traffic.
DSCP (DiffServ) Preservation
DSCP (DiffServ) markings are preserved on all traffic passing through the ASA. The ASA does not
locally mark/remark any classified traffic. For example, you could key off the Expedited Forwarding
(EF) DSCP bits of every packet to determine if it requires “priority” handling and have the ASA direct
those packets to the LLQ.
Guidelines for QoS
Context Mode Guidelines
Supported in single context mode only. Does not support multiple context mode.
Firewall Mode Guidelines
Supported in routed firewall mode only. Does not support transparent firewall mode.
IPv6 Guidelines
Does not support IPv6.
Model Guidelines
•
(ASA 5512-X through ASA 5555-X) Priority queuing is not supported on the Management 0/0
interface.
•
(ASASM) Only policing is supported.
Summary of Contents for ASA 5508-X
Page 11: ...P A R T 1 Access Control ...
Page 12: ......
Page 157: ...P A R T 2 Network Address Translation ...
Page 158: ......
Page 233: ...P A R T 3 Service Policies and Application Inspection ...
Page 234: ......
Page 379: ...P A R T 4 Connection Management and Threat Detection ...
Page 380: ......