This post is also available in: Português English Español
For the vast majority of companies, Internet access is essential, since the lack of this feature can jeopardize a significant part of the operations. Payments, purchases, videoconferences, access to services and files in the cloud are examples of routine activities in corporate environments that rely directly on the Internet.
With the reduction of the price practiced by the operators, it became common in the corporate environment to acquire multiple Internet links in order to guarantee the availability of access to the worldwide network even with the compromise of one or more links.
Having redundant links associated with an effective contingency plan is an important strategy to minimize the impact of a disaster on one of the Internet connections. However, only this action is not enough to guarantee the quality of the accesses, either in normal operation or in contingency.
Regardless of the number of links and bandwidths, it is necessary to apply controls that prevent the indiscriminate use of the network, considering that, without these controls, critical operations that depend on Internet access will compete equally with accesses less important or even undue, such as streaming services, social networking, and file downloads.
In addition to using access control techniques such as firewall,application controland web proxy, to restrict improper access, it is also necessary to ensure quality for the most important services. In this context, QoS (Quality of Service) has an essential role.
IP networks and we include here the Internet, use the best effort model (Best-Effort) for data transmission. In this model, the transmission occurs without any prioritization criteria. QoS, or Quality of Service, is a set of resources that allows differentiated treatment of specific types of data flows, through the definition of priorities and band reserves.
QoS Techniques
There are a number of possibilities for implementing QoS for the most varied needs. Among Internet service providers, models such as integrated services (IntServ), differentiated services (DiffServ) and MPLS are quite widespread. In companies where control of the intermediate points between the origin and destination of the connections is not common, it is most usual to implement QoS techniques in edge equipments, which interface the local network with the Internet, especially in UTM firewalls.
Among the most common QoS techniques applied in corporate networks, we can highlight:
- Prioritization: in this technique, the traffic is classified and receives different priorities according to type, origin or destination. In situations of congestion, packets with higher priority are sent to the detriment of others.
- Resource reservation: it allows dividing the resources of the network between traffic of different types, origins or destinies, defining limits and guarantee of band.
It is important to note that prioritization and resource reservation can be applied separately or together, according to the needs of the network. However, they must respect one premise: the controls are always applied on the outgoing traffic of the equipment. This is because only after processing the packages can you classify them and define an action: keep going with default routing, delay its delivery (queuing it), or discard it according to previously established QoS rules. As for the incoming traffic, we do not have control of the sent packets, in which case it remains to accept or reject it.
QoS on UTM firewalls
There is no standardization regarding the implementation and naming of QoS in UTM firewalls. Some vendors abstract the technical concepts and greatly facilitate the implementation; others require a greater degree of user knowledge, providing a multitude of configuration options. Some terms commonly used to refer to quality of service settings, in addition to QoS, are traffic shaping, bandwidth control, traffic policing, queuing, among others.
In general, the QoS settings in firewalls are performed in three steps:
- Control type definition. It refers to the QoS technique used, and may be limited to choose between prioritization and reservation of resources or to enable more refined configurations, such as the type of queuing algorithm (PRIQ, CBQ, HFSC) and congestion control mechanisms , ECN).
- Definition of profiles.It is related to categorization and parameterization of traffic flows for the controls to be applied. Concepts such as queues, pipes, and classes are commonly used for categorizing flows. Depending on the type of control you choose, you can define band reserves, warranties, limits and priorities.
- Association of profiles and traffic.In order for the controls to be applied, it is necessary to sort the traffic and then relate them to the profiles. In firewalls, this association can be configured in a specific section for this purpose within the product or directly in rules of access control, where it already has information of source and destination addresses, protocol, port and application, facilitating the classification of traffic.
Regardless of the firewall or technical solution to be used, an efficient QoS policy is essential to ensure the quality of access to the most important services to the business.
Keep reading
[latest_post type=’boxes’ number_of_posts=’3′ number_of_colums=’3′ order_by=’date’ order=’ASC’ category=’problem-recognition’ text_length=’100′ title_tag=’h4′ display_category=’0′ display_time=’0′ display_comments=’0′ display_like=’0′ display_share=’0′]
This post is also available in: Português English Español