Implementing QoS without QoS-capable switches on remote site (Juniper SSG)
Posted on 2013-06-19
I have a situation where we have a main site (data center) and several remote sites (hub sites).
All sites have Juniper SSG firewall (5,20,140,520) with site-to-site VPN tunnels in between the DC and the remote sites.
In the data center all hardware server, OS, switches and firewall is fully QoS capable.
In the remote sites, some have low-cost netgear switches which have no or only basic QoS functionality.
I have the need to prioritize traffic since we are migrating to a VMWare Mirage platform for the clients while also we need to guarantee traffic for Oracle and client access gets priority over web/mail traffic.
My question basically is which of the below approaches is required or even an alternative please ?
Thanks in advance !
1) I need to implement QoS everywhere: Client -> switch -> firewall -> VPN -> firewall -> switch -> server
2) I need to implement QoS everywhere except the client: switch -> firewall -> VPN -> firewall -> switch
3) I can implement QoS only between the firewall (based on policy/port traffic) and the queue will be handled by the firewall's