QoS Policies Template
QoS Policydetermines how flows are queued and marked.
The QoS Policy’s SET actions determine two things:
What traffic class a shaped flow—whether optimized or pass-through—is assigned
Whether to trust incoming DSCP markings for LAN QoS and WAN QoS, or to remark them as they leave for the WAN
Use theShaperto define, prioritize, and name traffic classes.
Think of it as the Shaperdefinesand the QoS Policyassigns.
Priority
使用这个模板,您可以创建规则与公关iority from1000 – 9999. When the template is applied to an appliance, Orchestrator will delete all rules having a priority in that range before applying its policies.
If you access an appliance directly, you can create rules with higher priority than Orchestrator rules (1 – 999) and rules with lower priority (10000 – 19999and25000 – 65534).
NOTE:The priority range from20000to24999is reserved for Orchestrator.
When adding a rule, the priority is incremented by ten from the previous rule. The priority can be changed, but this default behavior helps to ensure you can insert new rules without having to change subsequent priorities.
Match Criteria
These are universal across all policy maps—Route,QoS,Optimization,NAT(Network Address Translation), andSecurity.
If you expect to use the same match criteria in different maps, you can create anACL(Access Control List), which is a named, reusable set of rules. For efficiency, create them inConfiguration > Templates & Policies > ACLs > Access Lists, and apply them across appliances.
The available parameters areApplication,Address Map(for sorting by country, IP address owner, or SaaS application),Domain,Geo Location,Interface,Protocol,DSCP,IP/Subnet,Port, andTraffic Behavior.
To specify different criteria for inbound versus outbound traffic, select theSource:Destcheck box.
Source or Destination
An IP address can specify a subnet; for example, 10.10.10.0/24 (IPv4) or fe80::204:23ff:fed8:4ba2/64 (IPv6).
To allowany IP address, use 0.0.0.0/0 (IPv4) or ::/0 (IPv6).
Ports are available only for the protocolstcp,udp, andtcp/udp.
To allowany port, use0.
Wildcard-based Prefix Matching
When using a range or a wildcard, the IPv4 address must be specified in the 4-octet format, separated by the dot notation. For example,A.B.C.D.
Range is specified using a dash. For example,128-129.
Wildcard is specified as an asterisk (*).
Range and Wildcard can both be used in the same address, but an octet can only contain one or the other. For example,10.136-137.*.64-95.
A wildcard can only be used to define an entire octet. For example,10.13*.*.64-95is not supported. The correct way to specify this range is10.130-139.*.64-94.
The same rules apply to IPv6 addressing.
CIDR notation and (Range or Wildcard) are mutually exclusive in the same address. For example, use either192.168.0.0/24or192.168.0.1-127.
These prefix-matching rules only apply to the following policies: Router, QoS, Optimization, NAT, Security, and ACLs.
Handle and Mark DSCP Packets
DSCP markings specify end-to-end QoS policies throughout a network.
The default values forLAN QoSandWAN QoSaretrust-lan.
Apply DSCP Markings to Optimized (Tunnelized) Traffic
The appliance encapsulates optimized traffic. This adds an IP outer header to packets for travel across the WAN. This outer header contains theWAN QoSDSCP marking.
LAN QoS– The DSCP marking applied to the IP header before encapsulation.
WAN QoS– The DSCP marking in the encapsulating outer IP header. The remote appliance removes the outer IP header.
Apply DSCP Markings to Pass-through Traffic
The appliance applies the QoS Policy’s DSCP markings to all pass-through flows—shaped and unshaped.
Pass-through traffic does not receive an additional header, so it is handled differently:
The Optimization Policy’sLAN QoSSet Action is ignored.
The specifiedWAN QoSmarking replaces the packet’s existingLAN QoSDSCP marking.
When the packet reaches the remote appliance, it retains the modified QoS setting as it travels to its destination.
