Hi all,
It seems a number of people on this forum are having issues with traffic prioritization. I've been using ASG for about a week and had similar questions/issues.
For the benefit of others, here is a short summary of what I have observed, and which doesn't seem to be fully explained in the documentation.
First, bandwidth guarantees and limits relate only to traffic outbound from the ASG. So, if you want to restrict HTTP traffic for web browsing, place the limit on the internal interface (you may also want to put a smaller restriction on the external interface to limit HTTP requests but they would be small by comparison).
The Guaranteed Bandwidth field has a misleading name, as it does not always guarantee the stated amount of bandwidth. My key observation is that bandwidth is not managed completely dynamically. It appears to be managed only at the point when TCP sessions are initially created (I haven't checked to see how this applies to non-TCP traffic).
Say, for example, that I wish to set a guaranteed bandwidth for SIP (VoIP) traffic so that my web downloads don't fully utilize my circuit and prevent me from making/receiving calls. I want to guarantee, say, 50kbit/s in each direction for SIP. So, I set up bandwidth pools for the SIP protocol on both external and internal interfaces, setting bandwidth to 50kbit/s on each.
Then, I go ahead and start a big HTTP download and expect that 50kbit/s would be available to my VoIP phone. Wrong. The circuit is fully utilized.
The reason seems to be that the ASG only guarantees 50kbit/s to SIP once the SIP session has started and if enough spare bandwidth exists at that time.
So, with the same configuration, if I start my phone call before my HTTP transfer then the SIP session will have it's 50kbit/s guaranteed and the HTTP session won't cut into it.
Back to the first scenario, where the HTTP download is started first, when the download ends, assuming the (crippled) SIP session is still open, bandwidth becomes available for SIP once again. If I then start a second download, 50kbit/s will be reserved for SIP because the SIP session started first.
In other words, you cannot use QoS on the ASG for full traffic prioritization. It works on a session-by-session basis rather than a packet-by-packet basis. This works fine if all your traffic has short, bursty sessions (or, presumably, is not session based such as UDP). However, if you have long-running high bandwidth sessions such as HTTP downloads then using guaranteed bandwidth settings are not enough.
In this example, I had to set a maximum bandwidth limitation on HTTP downloads (internal interface) so that if the download starts before the SIP session then it won't use more than its allocated maximum. This has two flaws. First, I limit my bandwidth unnecessarily when there is no SIP session open. Second, how do I adequately restrict all possible protocols? I can't just use my available bandwidth and subtract 50kbit/s. If I did, then another protocol (eg FTP) could use up that 50kbit/s. So, I have to limit all protocols (or all destinations other than my SIP server). But what limit do I choose? If HTTP is already using all but 50kbit/s then nothing is left and I'd have to use zero. So, I have to set my limits lower still and make a best guess for what protocols might be used at the same time and what bandwidth they will need.
So, traffic prioritization can be achieved - sort of. But only at the expense of limiting your bandwidth at all times to other traffic. And then, there is still no guarantee. It is a bandwidth reservation system, not a traffic prioritization system.
I hope this helps clarify QoS for others out there. Let me know if you disagree with the above, or have other suggestions for prioritization - I'm only a recent user of the ASG.
This thread was automatically locked due to age.
