[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 653
  • Last Modified:

Implementing QoS without QoS-capable switches on remote site (Juniper SSG)

Dear experts,

I have a situation where we have a main site (data center) and several remote sites (hub sites).


All sites have Juniper SSG firewall (5,20,140,520) with site-to-site VPN tunnels in between the DC and the remote sites.

In the data center all hardware server, OS, switches and firewall is fully QoS capable.
In the remote sites, some have low-cost netgear switches which have no or only basic QoS functionality.

I have the need to prioritize traffic since we are migrating to a VMWare Mirage platform for the clients while also we need to guarantee traffic for Oracle and client access gets priority over web/mail traffic.

My question basically is which of the below approaches is required or even an alternative please ?

Thanks in advance !

1) I need to implement QoS everywhere: Client -> switch -> firewall -> VPN -> firewall -> switch -> server
2) I need to implement QoS everywhere except the client: switch -> firewall -> VPN -> firewall -> switch
3) I can implement QoS only between the firewall (based on policy/port traffic) and the queue will be handled by the firewall's
0
ulensr
Asked:
ulensr
  • 2
1 Solution
 
ryan80Commented:
First off, unless you have a private line/ MPLS there will be no QOS over the internet. once you hit the ISP there will be no qos.

now within your network you can implement qos as needed.  If you feel that there will be contention on the switch you can replace it with something that can handle qos. it really depends on how much traffic you have and how the switch handles it. However I would imagine that the bottle neck is going to be WAN connection not the switch, so I would treat that as secondary.

I have not worked with Junipers before but a quick search shows it to be fairly straight forward. http://www.howtonetworking.com/Routers/ssg4.htm
http://hydra.ck.polsl.pl/~helot/ipad/DayOne-Book/DO_Deploying_Basic_QoS.pdf

You should be able to set the priority of the traffic higher or give it a specific amount of bandwidth.
0
 
ulensrAuthor Commented:
Thanks for your answer; although this doesn't completely solve my issue, your advice shows that technically there we do not meet the requirements.

With the approach of having LAN QoS as you adviced I think I can atleast prioritize the inside traffic of the data center and whatever is going outside.

Many thanks
0
 
ryan80Commented:
You  can certainly prioritize the traffic at the egress point, which will send out the important traffic first if there is contention, but once on the internet there is no guarantee.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now