Scribd
Upload
38 views

Cyberoam Certified Network & Security Professional (CCNSP) : Learning

Cyberoam

Uploaded by

Ziad Abdo
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
38 views

Cyberoam Certified Network & Security Professional (CCNSP) : Learning

Cyberoam

Uploaded by

Ziad Abdo
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 21

Cyberoam Certified Network & Security Professional (CCNSP)

Learning
training.cyberoam.com training.cyberoam.com
© Copyright 2012 Cyberoam Technologies Pvt. Ltd. All Rights Reserved.
Module 10 – QoS

Learning
training.cyberoam.com
QoS > Agenda

• Introduction
• Terminologies
• Implementation

Learning
training.cyberoam.com
QoS

• QoS is required for an organization because bandwidth is


finite.
• Being finite, some traffic can be susceptible to packet-loss, or
latency.
• QoS has the capability to regulate the selected packet flows
in network.
• CyberoamOS extends the QoS to a network, subnet, user,
and application, making it Application Quality of Service and
User Quality of Service.

Learning
training.cyberoam.com
QoS > Agenda

• Introduction
• Terminologies
• Implementation

Learning
training.cyberoam.com
Terminologies & Concepts

• To understand QoS in CyberoamOS appropriately, it is


required to understand
– Classification
– Scheduler, priority queues and forwarding class
– Marking the packets
– Policing and shaping traffic

Learning
training.cyberoam.com
Classification

• CyberoamOS recognizes packets in different classes.


• There are 8 predefined classes in CyberoamOS which map
to a priority queue.

QoS Class Profile Priority Queue


Class 0 Real Time
Class 1 Business Critical
Class 2 Normal
Class 3 Normal
Class 4 Normal
Class 5 Normal
Class 6 Bulky
Class 7 Best Effort

Learning
training.cyberoam.com
Bandwidth Limiting > Strict

• In a Strict Bandwidth policy, Appliance does not guarantee


the bandwidth to the user; however, if the bandwidth is
available, the user will get the value specified at the time of
policy creation.
– For an example, if user john has been allocated a strict bandwidth policy of
2Mbps, john will get speeds up to 2Mbps, depending on the traffic in the
network. If the network is free, john will get 2 Mbps, but if the network is
loaded with heavy traffic john will get bandwidth which is not more than 2
Mbps (depending on the traffic).

Learning
training.cyberoam.com
Bandwidth Limiting > Committed

• In a Committed Bandwidth policy, Appliance guarantees the


value specified at the time of creation to the user and a burst
limit can be specified which is the maximum bandwidth that
can be given to the user.
• Total bandwidth allotted to the user is the sum of committed
bandwidth value and burst limit.
– For an example, if the user john is allocated with committed bandwidth of 2
Mbps and burst limit is 2 Mbps, john will get 2 Mbps at any point of time
guaranteed. However, if john requires more bandwidth and there is unutilized
bandwidth, john will get the burst limit specified. It should be noted that the
burst limit though 2 Mbps, can vary depending on the traffic in the network.

Learning
training.cyberoam.com
Bandwidth Limiting > Scheduling

• On CyberoamOS scheduler algorithm determines how often


the queue is serviced.
• The scheduler selects next packet to de-queue based on the
priority.
• CyberoamOS uses Linux algorithms HSFC (Hierarchical Fair
Service Curve) and HTB (Hierarchical Token Bucket).

Learning
training.cyberoam.com
QoS Configuration

• Policy
– Parameters
– Strict/Committed
– Implementation
– Priority

Learning
training.cyberoam.com
Congestion Management and Packet Marking

• Appliance drops the packets when the queue becomes full.


• If any upstream or downstream device marks DSCP bits,
CyberoamOS can maintain and alter those bits.
• In case, a packet is not marked with DSCP bits,
CyberoamOS can mark the packet and send it to next
hop/destination.
– Note: QoS should not be confused with packet marking as they are separate
functionalities of CyberoamOS.

Learning
training.cyberoam.com
Congestion Management and Packet Marking

Learning
training.cyberoam.com
QoS > Agenda

• Introduction
• Terminologies
• Implementation

Learning
training.cyberoam.com
QoS Implementation > Identity (User / Group) > User

• QoS policy can be applied to the user


– Identity -> Users -> User -> Add

Learning
training.cyberoam.com
QoS Implementation > Identity (User / Group) > Group

• To Apply a QoS policy on a group


– Identity -> Groups -> Select the group

Learning
training.cyberoam.com
QoS Implementation > Firewall

– To create a policy based on firewall from QoS -> Policy -> Add

– To create a policy based on firewall from Firewall -> Rule -> QoS (Section)

Learning
training.cyberoam.com
QoS Implementation > Application

• To apply QoS on application,


– Firewall -> Rule -> Security Policies, and select application filter

Learning
training.cyberoam.com
QoS Implementation > Web Category

• To apply QoS on Web Category,


– select Web Filter Policy from Firewall wall and apply QoS policy from “QoS &
Routing Policy” section.

Learning
training.cyberoam.com
Lab

• Lab #24 Create 1 Mbps QoS policy for a user

Learning
training.cyberoam.com
Next -> Module 11 (Network High Availability)

Learning
training.cyberoam.com

You might also like