17-2
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 17 Quality of Service
About QoS
Supported QoS Features
The ASA supports the following QoS features:
•
Policing—To prevent classified traffic from hogging the network bandwidth, you can limit the
maximum bandwidth used per class. See
for more information.
•
Priority queuing—For critical traffic that cannot tolerate latency, such as Voice over IP (VoIP), you
can identify traffic for Low Latency Queuing (LLQ) so that it is always transmitted ahead of other
traffic. See
.
What is a Token Bucket?
A token bucket is used to manage a device that regulates the data in a flow, for example, a traffic policer.
A token bucket itself has no discard or priority policy. Rather, a token bucket discards tokens and leaves
to the flow the problem of managing its transmission queue if the flow overdrives the regulator.
A token bucket is a formal definition of a rate of transfer. It has three components: a burst size, an
average rate, and a time interval. Although the average rate is generally represented as bits per second,
any two values may be derived from the third by the relation shown as follows:
average rate = burst size / time interval
Here are some definitions of these terms:
•
Average rate—Also called the committed information rate (CIR), it specifies how much data can be
sent or forwarded per unit time on average.
•
Burst size—Also called the Committed Burst (Bc) size, it specifies in bytes per burst how much
traffic can be sent within a given unit of time to not create scheduling concerns.
•
Time interval—Also called the measurement interval, it specifies the time quantum in seconds per
burst.
In the token bucket metaphor, tokens are put into the bucket at a certain rate. The bucket itself has a
specified capacity. If the bucket fills to capacity, newly arriving tokens are discarded. Each token is
permission for the source to send a certain number of bits into the network. To send a packet, the
regulator must remove from the bucket a number of tokens equal in representation to the packet size.
If not enough tokens are in the bucket to send a packet, the packet waits until the packet is discarded or
marked down. If the bucket is already full of tokens, incoming tokens overflow and are not available to
future packets. Thus, at any time, the largest burst a source can send into the network is roughly
proportional to the size of the bucket.
Policing
Policing is a way of ensuring that no traffic exceeds the maximum rate (in bits/second) that you
configure, thus ensuring that no one traffic class can take over the entire resource. When traffic exceeds
the maximum rate, the ASA drops the excess traffic. Policing also sets the largest single burst of traffic
allowed.
Содержание ASA 5508-X
Страница 11: ...P A R T 1 Access Control ...
Страница 12: ......
Страница 60: ...4 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 4 Access Rules History for Access Rules ...
Страница 157: ...P A R T 2 Network Address Translation ...
Страница 158: ......
Страница 204: ...9 46 Cisco ASA Series Firewall CLI Configuration Guide Chapter 9 Network Address Translation NAT History for NAT ...
Страница 232: ...10 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 10 NAT Examples and Reference DNS and NAT ...
Страница 233: ...P A R T 3 Service Policies and Application Inspection ...
Страница 234: ......
Страница 379: ...P A R T 4 Connection Management and Threat Detection ...
Страница 380: ......
Страница 400: ...16 20 Cisco ASA Series Firewall CLI Configuration Guide Chapter 16 Connection Settings History for Connection Settings ...
Страница 414: ...17 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 17 Quality of Service History for QoS ...