58-10
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter58 Configuring QoS
Configuring QoS
Configuring a Service Rule for Traffic Shaping and Hierarchical Priority Queuing
You can configure traffic shaping for all traffic on an interface, and optionally hierarchical priority
queuing for a subset of latency-sensitive traffic.
Guidelines
One side-effect of priority queuing is packet re-ordering. For IPsec packets, out-of-order packets
that are not within the anti-replay window generate warning syslog messages. These warnings are
false alarms in the case of priority queuing. You can configure the IPsec anti-replay window size to
avoid possible false alarms. See the Configuration > VPN > IPsec > IPsec Rules > Enable
Anti-replay window size option in the “Adding Crypto Maps” section on page68-12.
For hierarchical priority queuing, you do not need to create a priority queue on an interface.
Restrictions
For hierarchical priority queuing, for encrypted VPN traffic, you can only match traffic based on the
DSCP or precedence setting; you cannot match a tunnel group.
For hierarchical priority queuing, IPsec-over-TCP traffic is not supported.
Traffic shaping is not supported on the multi-processor models.
For traffic shaping, you can only use the class-default class map, which is automatically created by
the ASA, and which matches all traffic.
You cannot configure traffic shaping and standard priority queuing for the same interface; only
hierarchical priority queuing is allowed. See the “How QoS Features Interact” section on page 58-4
for information about valid QoS configurations.
You cannot configure traffic shaping in the global policy.
Detailed Steps
Step1 Configure a service policy on the Configuration > Firewall > Service Policy Rules pane according to
Chapter 36, “Configuring a Service Policy.”
You can configure QoS as part of a new service policy rule, or you can edit an existing service policy.
Step2 In the Rule Actions dialog box, click the QoS tab.
Step3 Click Enable traffic shaping, and configure the following fields:
Average Rate—Sets the average rate of traffic in bits per second over a given fixed time period,
between 64000 and 154400000. Specify a value that is a multiple of 8000.
Burst Size—Sets the average burst size in bits that can be transmitted over a given fixed time period,
between 2048 and 154400000. Specify a value that is a multiple of 128. If you do not specify the
Burst Size, the default value is equivalent to 4-milliseconds of traffic at the specified Average Rate.
For example, if the average rate is 1000000 bits per second, 4 ms worth = 1000000 * 4/1000 = 4000.
Step4 (Optional) To configure priority queuing for a subset of shaped traffic:
a. Click Enforce priority to selected shape traffic.
b. Click Configure to identify the traffic that you want to prioritize.
You are prompted to identify the traffic for which you want to apply priority queuing.