QoS for slow ISP connection

SOLVED
eddiex
Here to help

QoS for slow ISP connection

Hello,

I am working on a project that connects our branch office back to main company building via site to site VPN by PaloAlto firewall. All branch office traffic goes through the VPN.

The branch office has a very slow internet connection (10M), so QoS is important for VoIP.

 

Current setup.

Main company (ISP 1G uplink)

PaloAlto firewall

Cisco 6509E as core

Meraki MS350s+MS250s

Phone servers

 

Branch office (ISP 10M uplink)

PaloAlto firewall to do site to site VPN

Meraki MS125

IP phones

 

I am wondering whether the QoS should be setup on my Meraki MS or the PaloAlto firewall.

Thank you everyone.

 

 

 

 

1 ACCEPTED SOLUTION
Bruce
Kind of a big deal

Your primary problem will be QoS between the two sites since that'll be the smallest bandwidth by a long way - so you need QoS on the PAN devices. If you're also using the 10Mbps internet link at the branch office for general internet traffic then you still may have problems though. QoS doesn't apply to traffic on the internet, it is ignored by everything. So although you can use QoS markings and prioritization as traffic leaves the sites, both head office and the branch, it has no impact as the traffic traverses the internet or as it comes into the site.

View solution in original post

4 REPLIES 4
Bruce
Kind of a big deal

Your primary problem will be QoS between the two sites since that'll be the smallest bandwidth by a long way - so you need QoS on the PAN devices. If you're also using the 10Mbps internet link at the branch office for general internet traffic then you still may have problems though. QoS doesn't apply to traffic on the internet, it is ignored by everything. So although you can use QoS markings and prioritization as traffic leaves the sites, both head office and the branch, it has no impact as the traffic traverses the internet or as it comes into the site.

Thank you very much for the clarification.

The branch office does use 10M ISP for everything. All branch traffic(internet and corp data) go back to the VPN tunnel back to main office. So, if the branch office need go to Google, it will first tunnel back to main office, and then go out to the internet through the main office's firewall. Like full tunneling. In this case, will QoS makes any impact?

Thank you very much for the clarification.

The branch office does use 10M ISP for everything. All branch traffic(internet and corp data) go back to the VPN tunnel back to main office. So, if the branch office need go to Google, it will first tunnel back to main office, and then go out to the internet through the main office's firewall. Like full tunneling. In this case, will QoS makes any impact? Thanks

Inderdeep
Kind of a big deal
Kind of a big deal

@eddiex : I am agree with @Bruce @the qos should be on Palo Alto devices as the traffic segregated there. You can configure on access switches but no sense to do that.

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels