17-6
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 17 Quality of Service
Configure QoS
Configure the Priority Queue for an Interface
If you enable priority queuing for traffic on a physical interface, then you need to also create the priority
queue on each interface. Each physical interface uses two queues: one for priority traffic, and the other
for all other traffic. For the other traffic, you can optionally configure policing.
Before You Begin
•
(ASASM) The ASASM does not support priority queuing.
•
(ASA 5512-X through ASA 5555-X) Priority queuing is not supported on the Management 0/0
interface.
Procedure
Step 1
Create the priority queue for the interface.
priority-queue
interface_name
Example:
hostname(config)# priority-queue inside
The
interface_name
argument specifies the physical interface name on which you want to enable the
priority queue, or for the ASASM, the VLAN interface name.
Step 2
Change the size of the priority queues.
queue-limit
number_of_packets
Example:
hostname(config-priority-queue)# queue-limit 260
The default queue limit is 1024 packets. Because queues are not of infinite size, they can fill and
overflow. When a queue is full, any additional packets cannot get into the queue and are dropped (called
tail drop
). To avoid having the queue fill up, you can use the
queue-limit
command to increase the queue
buffer size.
The upper limit of the range of values for the
queue-limit
command is determined dynamically at run
time. To view this limit, enter
queue-limit ?
on the command line. The key determinants are the memory
needed to support the queues and the memory available on the device.
The
queue-limit
that you specify affects both the higher priority low-latency queue and the best effort
queue.
Step 3
Specify the depth of the priority queues.
tx-ring-limit
number_of_packets
Example:
hostname(config-priority-queue)# tx-ring-limit 3
The default tx-ring-limit is 128 packets. This command sets the maximum number of low-latency or
normal priority packets allowed into the Ethernet transmit driver before the driver pushes back to the
queues on the interface to let them buffer packets until the congestion clears. This setting guarantees that
the hardware-based transmit ring imposes a limited amount of extra latency for a high-priority packet.
The upper limit of the range of values for the
tx-ring-limit
command is determined dynamically at run
time. To view this limit, enter
tx-ring-limit
?
on the command line. The key determinants are the
memory needed to support the queues and the memory available on the device.
Summary of Contents for ASA 5508-X
Page 11: ...P A R T 1 Access Control ...
Page 12: ......
Page 157: ...P A R T 2 Network Address Translation ...
Page 158: ......
Page 233: ...P A R T 3 Service Policies and Application Inspection ...
Page 234: ......
Page 379: ...P A R T 4 Connection Management and Threat Detection ...
Page 380: ......