17-4
Cisco ASA Series Firewall CLI Configuration Guide
 
Chapter 17      Quality of Service
  Configure QoS
Additional Guidelines and Limitations
• QoS is applied unidirectionally; only traffic that enters (or exits, depending on the QoS feature) the 
interface to which you apply the policy map is affected. See Feature Directionality, page 11-4 for 
more information.
• For priority traffic, you cannot use the class-default class map.
• For priority queuing, the priority queue must be configured for a physical interface or, for the 
ASASM, a VLAN.
• For policing, to-the-box traffic is not supported.
• For policing, traffic to and from a VPN tunnel bypasses interface policing.
• For policing, when you match a tunnel group class map, only outbound policing is supported.
Configure QoS
Use the following sequence to implement QoS on the ASA.
Step 1 Determine the Queue and TX Ring Limits for a Priority Queue, page 17-4.
Step 2 Configure the Priority Queue for an Interface, page 17-6.
Step 3 Configure a Service Rule for Priority Queuing and Policing, page 17-7.
Determine the Queue and TX Ring Limits for a Priority Queue
Use the following worksheets to determine the priority queue and TX ring limits.
• Queue Limit Worksheet, page 17-4
• TX Ring Limit Worksheet, page 17-5
Queue Limit Worksheet
The following worksheet shows how to calculate the priority queue size. Because queues are not of 
infinite size, they can fill and overflow. When a queue is full, any additional packets cannot get into the 
queue and are dropped (called tail drop). To avoid having the queue fill up, you can adjust the queue 
buffer size according to Configure the Priority Queue for an Interface, page 17-6.
Tips on the worksheet:
• Outbound bandwidth—For example, DSL might have an uplink speed of 768 Kbps. Check with your 
provider.
• Average packet size—Determine this value from a codec or sampling size. For example, for VoIP 
over VPN, you might use 160 bytes. We recommend 256 bytes if you do not know what size to use.
• Delay—The delay depends on your application. For example, the recommended maximum delay for 
VoIP is 200 ms. We recommend 500 ms if you do not know what delay to use.