CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Results 1 to 2 of 2

Thread: QoS in R77.30

  1. #1
    Join Date
    2016-10-03
    Posts
    1
    Rep Power
    0

    Default QoS in R77.30

    Hello.

    I have a requirement to set QoS on our internet connection for Video Confrencing. I have a pair of 4600 appliances running R77.30 as a failover ClusterXL. I have enabled QoS via GAIA command line. I have defined the link speed on the interface (external only) and then set a simple policy of

    VC weight 50, source of the VC devices and destination any, port https
    Default weight 10

    The VC devices are set to only use https.

    This appears to do nothing at all! The VC devices measure and display their download and upload rates and are highly effected by other traffic on the internet.

    I have tried changing the weight rules to guarantee bandwidth to the VC QoS rule and that still doesn't make the download and upload rate consistent.

    The only way I have been able to make it work is by setting a Limit value to the default rule and then the VC rule gets whatever is left, but this is not an ideal solution.

    Has anybody used QoS on R77.30? If so any ideas what I am doing wrong?

    There are also Class of Service entries that can be added to the interface and Policies for a Low Latency Queue. I have tried setting this up, but getting the values for this seemed a difficulty. So I figured lets just try the basics first and get the traffic prioritised.

    The log entries in SmartViewer seem totally confusing too! They never seem to show the QoS policy and weighting values when weighting is used (not sure if they are meant to show the weighting, but that would be useful). I have also yet to see an entry with the correct policy rule name in there when guarantees were specified. I have only seen them appear when the limit is specified. So I can see some traffic does get fitted into the VC policy rule.

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    14

    Default Re: QoS in R77.30

    Quote Originally Posted by RicohNZ View Post
    Hello.

    I have a requirement to set QoS on our internet connection for Video Confrencing. I have a pair of 4600 appliances running R77.30 as a failover ClusterXL. I have enabled QoS via GAIA command line. I have defined the link speed on the interface (external only) and then set a simple policy of

    VC weight 50, source of the VC devices and destination any, port https
    Default weight 10

    The VC devices are set to only use https.

    This appears to do nothing at all! The VC devices measure and display their download and upload rates and are highly effected by other traffic on the internet.

    I have tried changing the weight rules to guarantee bandwidth to the VC QoS rule and that still doesn't make the download and upload rate consistent.

    The only way I have been able to make it work is by setting a Limit value to the default rule and then the VC rule gets whatever is left, but this is not an ideal solution.

    Has anybody used QoS on R77.30? If so any ideas what I am doing wrong?

    There are also Class of Service entries that can be added to the interface and Policies for a Low Latency Queue. I have tried setting this up, but getting the values for this seemed a difficulty. So I figured lets just try the basics first and get the traffic prioritised.

    The log entries in SmartViewer seem totally confusing too! They never seem to show the QoS policy and weighting values when weighting is used (not sure if they are meant to show the weighting, but that would be useful). I have also yet to see an entry with the correct policy rule name in there when guarantees were specified. I have only seen them appear when the limit is specified. So I can see some traffic does get fitted into the VC policy rule.
    First off make sure the bandwidth defined on the external interface indicates the true amount of Internet circuit bandwidth available upstream and not just the link speed of the external interface itself (i.e. 1Gbps).

    Next you will want to configure per-connection guarantees in your QoS rule matching the video conferencing traffic in addition to the weight; weights alone will not be sufficient to do what you want. Determine how much bandwidth each video connection needs and then be sure to set a ceiling to the number of guaranteed connections. Video connections in excess of the ceiling will get bandwidth allocated only by weight and will probably be degraded. When setting up per-connection guarantees you need to envision a scenario where all guaranteed connections up to the maximum are active, and ensure you are not guaranteeing more than 50% of your total upstream bandwidth as this can leave very little bandwidth for allocation solely by weight for everything else.
    --
    Third Edition of my "Max Power 2020" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •