We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Create a QoS Profile

  • Last updated on

When deploying traffic shaping, consider the CPU resources of the system. Especially on low-end machines, shaping on highly used links may cause performance degradation, resulting in high CPU loads and reduced network connectivity. Depending on the system configuration, Barracuda Networks recommends a maximum interface shaping bandwidth of 10 MB/s on systems with a CPU clock of 800MHz or lower.

QoS profiles are constructed of a root virtual interface, which may be attached to a real network interface and an arbitrary number of subnodes forming a tree. The output of any number of virtual interfaces can be fed into the input of a superordinate virtual interface.

A new virtual interface can be created on the subordinate level of an existing virtual interface. Each and every virtual interface of a QoS profile can be configured individually. QoS profiles are built as templates and will only operatively perform traffic shaping when they are referred to by a physical network interface.

This way, the same QoS profile can be reused for several physical network interfaces. As a result, the limiting bandwidth rates are configured in relative numbers (percent), which become absolute values when assigning a physical network interface with absolute bandwidth values. When assigning QoS profiles to physical network interfaces, it is possible to decide if inbound and/or outbound traffic should be performed by the traffic shaping mechanism. With the assignment the effective rates (in- and outbound) of the physical network interfaces are specified. Note that these rates do not need to be identical with the rate the interface is capable of, but they should rather specify the expected effective bandwidth (for example, a 2 Mbit provider line accessed over a
100Mbit Ethernet interface).

In this article:

Step 1. Create a QoS Profile

To create a QoS profile, complete the following steps:

  1. Open the Traffic Shaping page (Config > Full Config > Box > Traffic Shaping).
  2. Click Lock.
  3. Click the QoS Profile tab.
  4. In the Virtual Interface list, right-click and select Add new QoS Profile.
  5. In the Profile Name field, enter a name for the QoS profile.
  6. In the Outbound section, select an Operation Mode for traffic that is sent over the device:
    • Shape – The virtual interface limits traffic according to the Outbound settings.
    • Passthrough – Packets are immediately passed to the next tree node or to the associated network interface.
    • Drop – Packets are immediately discarded.
    • Priority – Packets are passed through the shaping tree without being queued.

  7. In the Priority Weights fields, you can specify the relative weight of the three priorities: class1class2, and class3.

    These weights specify the ratio of the traffic being propagated, assuming that the input traffic is evenly distributed.

  8. In the Inbound section, select an Operation Mode and specify the Priority Weights for the inbound traffic (traffic that is received by the device). If you want inbound traffic to be handled with the same settings as outbound traffic, select As-Outbound.
  9. Click OK.
  10. Click Send Changes and Activate.

Step 2. Create a Virtual Interface

To create a virtual interface, complete the following steps:

  1. Open the Traffic Shaping page (Config > Full Config > Box > Traffic Shaping).
  2. Click Lock.
  3. Click the QoS Profile tab.
  4. In the Virtual Interface list, right-click the new QoS Profile and select Add new virtual interface.
  5. In the Virtual Interface Name field, enter a descriptive name.
  6. In the Outbound section, select an Operation Mode for traffic that is sent over the device:
    • Shape – The virtual interface limits traffic according to the Outbound settings.
    • Passthrough – Packets are immediately passed to the next tree node or to the associated network interface.
    • Drop – Packets are immediately discarded.
    • Priority – Packets are passed through the shaping tree without being queued.

  7. In the Assumed Rate field, enter the bandwidth limit (%) for the virtual interface. This value represents a hard bandwidth limit for this virtual interface. Do not produce values lower than 512 kbit.
  8. When a datagram is passed to the next node in the tree, you can adjust the c settings before processing is continued.
  9. From the Priority Adjustment list, specify the adjustment of priority weights when packets are passed to the next virtual interface.
  10. The Queue Size (Bytes) field is the hardcoded size of the virtual interface's internal queue (in bytes).

  11. In the Inbound section, select an Operation Mode, enter an Assumed Rate, adjust the Assumed Rate, and specify the Queue Size (Bytes).
  12. Click OK.
  13. Click Send Changes and Activate.

Step 3. Create a QoS Band

In order to assign traffic prioritization to the physical interface, you must apply the virtual interface to an existing QoS Band.

  1. Open the Traffic Shaping page (Config > Full Config > Box > Traffic Shaping).
  2. Click Lock.
  3. Click the QoS Band tab.
  4. Right-click the QoS Band table and select Add new QoS Band.
  5. In the Name field, enter a descriptive name. (The ID field specifies the index number of the new QoS band.)
  6. Click OK.
  7. In the QoS Band Rule window, you can edit the following settings to specify the priority, interface, and conditions for traffic that is handled by the QoS band:
    • Priority – From this list, select the priority class that is assigned to data packets that are handled by the QoS band.
    • Virtual Device – From this list, select the virtual interface into which the data packets will be fed, should this rule apply.
    • TOS – To specify a value that must be matched by the TOS in the IP header, select this check box.
    • Traffic Limit – To specify a data limit that must not be exceeded by network sessions, select this check box.
    • Time Period – To specify specific dates and times during which this rule can be applied, select this check box.
    • Weekday/Hour – To specify specific weekdays and times during which this rule can be applied, select this check box.
  8. Click OK.
  9. Click Send Changes and Activate.

4. Assign the QoS Profile to the Physical Interface

To apply traffic shaping settings to a physical interface, such as port1, complete the following steps:

  1. From the Interface table, double-click the interface to which the QoS profile should be assigned to.
  2. From the Assigned Profile list, select the new QoS profile.
  3. In the Rate section of the Interface Tree Mapping window, select Enable Shaping and enter a limit for the inbound and outbound bandwidth.
  4. Click OK.
  5. Click Send Changes and then click Activate.

5. Apply Traffic Shaping to the Firewall Rules

To apply traffic shaping to an access or application rule, complete the following steps:

  1. Navigate to the Forwarding Rules page (Config > Full Config > Box > Virtual Servers > your virtual server > Assigned Services > Firewall).
  2. Click Lock.
  3. Create or double-click the access or application rule to which you are applying the QoS Band. For example, LAN-2-INTERNET-https.
    • To apply the QoS Band to an access rule:

      • Select the QoS Band from the QoS Band (Fwd) and QoS Band (Reply) list in the Policy section. For more information, see How to Create and Apply QoS Bands.

        The outbound and inbound rate of a virtual interface is ignored when the QoS Band policy in the corresponding firewall rule is set to No-Shaping.

    • To apply the QoS Band to an application rule:

      • Select the Change QoS Band (Fwd) check box in the Policy section and select the QoS Band from the list.

  4. Click OK.
  5. Click Send Changes and then click Activate.

You can also apply traffic shaping settings to multiple rules. In the rule editor window for the rules, specify the following settings:

  • In the Rule Settings section, configure the Forward Band and Reverse Band settings.
  • In the TCP Policy section, configure the Syn Flood Protection setting. 

For more information, see How to Edit, Copy, Clone, Deactivate, or Delete Firewall Rules.

Last updated on