226| BranchSwitch Config for Cloud Services Switches AOS-W 6.5.3.x| User Guide
n Protecting higher-priority traffic: If you want to guarantee bandwidth for a company-critical
application or application group, you can add that application to an exception list, then apply a bandwidth
contract to all remaining traffic.
You can apply bandwidth contracts using one or both of these models. Each interface supports up to 64
bandwidth contracts. An interface bandwidth contract is applied to downstream traffic before a user-role
bandwidth contract is applied, and upstream traffic, the user-role bandwidth contract is applied before the
interface bandwidth contract.
For all traffic using compression and encryption, bandwidth contracts are applied after that traffic is
compressed and encrypted. If you apply more than one bandwidth contract to any specific category type, then
the bandwidth contracts are applied in the following order.
1. A contract that explicitly excludes an application
2. A contract that explicitly excludes an application category
3. A contract that applies to a specific application
4. A contract that applies to a specific application category
5. A generic bandwidth contract, not specific to any application or application category
For details on configuring this feature using the Smart Config WebUI, see WAN Configuration on page 251.
App and App Category Visibility
WAN uplinks are typically of relatively low bandwidth. The actual upstream/downstream bandwidth that a
WAN uplink provides is usually different from what the service provider provides. Hence, ensure that the traffic
transmitted by a Branch switch matches the actual rate provided by the service provider. This avoids
congestion in the link from the Branch switch to the WAN. Congestion may cause traffic to be dropped and if
the uplink has both high and low priority traffic, low priority traffic might not be dropped first. Hence, a Branch
switch classifies traffic into multiple priorities and shapes the egress traffic to match the actual upstream
bandwidth.
If there is any unused bandwidth in the downstream direction, a Branch switch allows the users to use the
unused bandwidth although this bandwidth exceeds the allocation of the user. A Branch switch ensure this by
using an ingress scheduler with minimum-bandwidth guarantees.
Minimum bandwidth guarantees are provided on per traffic class basis. Additional classification is done on the
traffic flows and these are assigned newer traffic classes. Use hardware assist or software scheduler to
schedule these new traffic classes to achieve minimum-bandwidth guarantees. Maximum bandwidth is
enforced with bandwidth contracts.
Allocate higher bandwidth to critical applications and schedule them with higher priority.
Due to the wide range of bandwidth possibilities, percentages are used to provision bandwidth for the
interface bandwidth contracts. Use the templates to configure multiple different bandwidth links across all
Branch switches. For example, 50 % for 500 Mbps for a 1 Gbps link or 50 mbps for a 100 mbps uplink.
On the WAN dashboard, for the AppRF window, currently the statistics/flows are detailed to view the AppRF
stats on a per-uplink basis.
Branch Integration with a Palo Alto Networks (PAN) Portal
Branch switch deployments can leverage their networks' existing PaloAlto infrastructure to access more
advanced security services, including antivirus services, malware detection and seamless integration with the
Palo Alto Networks WildFire
TM
cloud-based threat detection.
To Next Page
Loading...