TABLE OF CONTENTS

Introduction........................................................................................................................................................... 1

Why QoS ................................................................................................................................................................ 1

Applying Efficient QoS ........................................................................................................................................... 1

Terminologies & Concepts ..................................................................................................................................... 1

Classification ..............................................................................................................................................................1
Bandwidth Limiting ....................................................................................................................................................2
Strict.......................................................................................................................................................................2
Committed .............................................................................................................................................................2
Scheduler ...................................................................................................................................................................3
Congestion management...........................................................................................................................................3
Packet Marking ..........................................................................................................................................................3

QoS Implementation ............................................................................................................................................. 3

Policy..........................................................................................................................................................................3
Parameters ............................................................................................................................................................4
Identity ......................................................................................................................................................................4
User........................................................................................................................................................................4
Group .....................................................................................................................................................................5
Firewall ......................................................................................................................................................................5
Application .................................................................................................................................................................6
Web Category ............................................................................................................................................................6

Summary ............................................................................................................................................................... 8
QoS Cyberoam Certified Network & Security Professional

Introduction
Cyberoam does not only identify the applications, but also controls and ensures that the application
are given the right kind of treatment, so that they perform as required by the organizations network
administrator. This module will provide knowledge about QoS terminology, models, options and how
QoS is configured on CyberoamOS.

Why QoS
QoS is required for an organization because bandwidth is finite. Being finite, some traffic can be
susceptible to packet-loss, or latency. Also, some traffic can be bandwidth demanding or vital to
internal organization network. QoS comes in as a handy tool for optimizing the applications in an
organizations network. QoS has the capability to regulate the selected packet flows in network. QoS is
one of basic features provided by any network device. However, CyberoamOS extends the QoS to a
network, subnet, user, and application, making it Application Quality of Service and User Quality of
Service.

Applying Efficient QoS

Implementing a very well developed QoS is half applied if applications cannot be identified like by
CyberoamOS application Firewall engine. From previous module, we know that Cyberoam can identify
any type of application even if they are hybrid, or tunneling apps. QoS in CyberoamOS hence can
identify bandwidth demanding traffic and traffic that can susceptible to packet-loss or latency. For an
example, an organization might want to guarantee bandwidth to revenue generating traffic, such as E-
Commerce, by making sure that customers do not experience interruptions or delay in transactions.
On the other hand, organization also needs low latency and no packet-loss for VoIP (Voice Over IP)
traffic used by support and sales. It is also primarily required to limit the bandwidth used by non
productive applications like YouTube, etc.

Terminologies & Concepts

To understand QoS in CyberoamOS appropriately, it is required to understand a few terminologies
below.
Bandwidth Limitation and Classification
Scheduler, priority queues and forwarding class
Marking the packets
Policing and shaping traffic

Classification

CyberoamOS recognizes packets in different classes. There are predefined classes in CyberoamOS
which map to a priority queue. Classification is a necessity for functioning of QoS. In Cyberoam
devices, packets will be assigned a QoS after the session is initiated, and the application and identity
is determined.
Competitive firewall appliances classify packets based on IP or DCSP markings, this type of
classification is good with general network scenarios, but not from the application and identity point of
view. A QoS profile on Cyberoam has eight classes. Each class maps to a priority queue which is
listed in the table below.

1
Cyberoam Certified Network & Security Professional QoS

QoS Class Profile Priority Queue

Class 0 Real Time
Class 1 Business Critical
Class 2 Normal
Class 3 Normal
Class 4 Normal
Class 5 Normal
Class 6 Bulky
Class 7 Best Effort

The screen below shows the priority classes from Cyberoam QoS policy, to see the classes navigate
to QoS -> Policy -> Add -> Priority

Bandwidth Limiting

At the outgoing interface (egress), a class from the QoS Class Profile is used to bond the packet with
the priority queue. Cyberoam does not only link the packet with the priority queue, but also provides
strict and committed bandwidth.

Strict

In a Strict Bandwidth policy, Cyberoam does not guarantee the bandwidth to the user; however, if the
bandwidth is available, the user will get the value specified at the time of policy creation. For an
example, if user john has been allocated a strict bandwidth policy of 2Mbps, john will get speeds up to
2Mbps, depending on the traffic in the network. If the network is free, john will get 2 Mbps, but if the
network is loaded with heavy traffic john will get bandwidth which is not more than 2 Mbps (depending
on the traffic).

Committed

In a Committed Bandwidth policy, Cyberoam guarantees the value specified at the time of creation to
the user. Also, on a committed bandwidth, a burst limit can be specified. The burst limit is the
maximum bandwidth that can be given to the user. Total bandwidth allotted to the user is the sum of
committed bandwidth value and burst limit. For an example, if the user john is allocated with
committed bandwidth of 2 Mbps and burst limit is 2 Mbps, john will get 2 Mbps at any point of time
guaranteed. However, if john requires more bandwidth and there is unutilized bandwidth, john will get
the burst limit specified. It should be noted that the burst limit though 2 Mbps, can vary depending on
the traffic in the network. Therefore total bandwidth for john is 4Mbps, out of which 2 Mbps is
guaranteed and 2 Mbps is variable on the network dependency.

2
QoS Cyberoam Certified Network & Security Professional

Scheduler

On CyberoamOS scheduler algorithm determines how often the queue is services. The selects the
next packet to de-queue based on the priority. CyberoamOS uses Linux algorithms HSFC
(Hierarchical Fair Service Curve) and HTB (Hierarchical Token Bucket).

Congestion management

When a queue is filling faster than it can be cleared, Cyberoam drops the packets when the queue
becomes full.

Packet Marking

If any upstream or downstream device marks DSCP bits, CyberoamOS can maintain and alter those
bits. In case, a packet is not marked with DSCP bits, CyberoamOS can mark the packet and send it to
next hop/destination. QoS should not be confused with packet marking as they are separate
functionalities of CyberoamOS. Whether or not QoS is configured, CyberoamOS continues to mark the
flows according to policy.

QoS Implementation
QoS in CyberoamOS can be applied to Identity (User/Group), firewall rule, application, web category,
and schedule.

Policy

To create a QoS policy, go to QoS -> Policy -> Add

3
Cyberoam Certified Network & Security Professional QoS

Parameters

Name: Specify the name of policy

Policy Based on: Specify whether the policy will be applied to User, Firewall Rule, Web Category, or
Application.
Policy type: Choose Strict or Committed
Implementation on: Choose Total (Upload as well as download) or Individual (Upload and download
are selected differently)
Priority: Select the DSCP Marking
Total Bandwidth (in KB): Specify the bandwidth in KB (Kilo Bytes)
Bandwidth Usage: Select if the usage is for a single user, or all the users that fall in this policy.

Identity

User

A QoS policy can be applied to the user, for this go to Identity -> Users -> User -> Add

4
QoS Cyberoam Certified Network & Security Professional

Group

To Apply a QoS policy on a group, go to Identity -> Groups -> Select the group

Firewall

To apply a QoS policy to a firewall, first create a policy based on firewall from QoS -> Policy -> Add

Go to Firewall -> Rule -> QoS & Routing Policy

5
Cyberoam Certified Network & Security Professional QoS

Application

To apply QoS on application, go to Firewall -> Rule -> Security Policies, and select application filter
In the QoS & Routing Policy, Select the QoS policy.

Web Category

To apply QoS on Web Category, select Web Filter Policy from Firewall wall and apply QoS policy from
the QoS & Routing Policy.

6
QoS Cyberoam Certified Network & Security Professional

QoS Configuration

QoS settings can be done from web admin console. Go to QoS > Settings.
(KB Link: http://kb.cyberoam.com/default.asp?id=2743&SID=&Lang=1)

7
Cyberoam Certified Network & Security Professional QoS

Summary
QoS allows Traffic shaping and bandwidth management. In this module we have learnt
Need for QoS
Classification
Bandwidth Limiting
Scheduler
Congestion management
Packet Marking
Implementation of QoS in CyberoamOS