Centralized Configuration

The VPN Gateway CoS configuration information is controlled through the AT&T Administration Server. The enablement of CoS is accomplished at the VPN Gateway Device Profile level. When CoS is enabled, the administrator has the ability to configure CoS settings for each VPN Gateway profile or they can be defined at the model level. The following profiles must be defined:

  • CoS Package
  • CoS Bandwidth Settings
  • CoS Policy

These can be defined for either or both the broadband interface and dial interface. At least one set of CoS configuration values (broadband or dial) must be configured when CoS is enabled.

CoS Package

The CoS Package configuration defines the relationship between the individual traffic shaping queues and the CoS classes. A package defines:

  • What percentage of the bandwidth to allocate to each traffic shaping queue.
  • What priority to give to each of the traffic shaping queue relative to each other.
  • Which class is associated with each traffic shaping queue, also associating class markings with the traffic shaping queue.
  • Which class is considered to be the default. This is the class that includes all traffic that does not specifically match a filter.
  • The upstream/downstream burst rates configured for each traffic shaping queue. These values are used to determine how much traffic is actually sent each time the shaper queue is scheduled to send traffic.

CoS Bandwidth Settings

There are 2 types of CoS bandwidth settings: Automatic Bandwidth settings and Static Bandwidth settings.

The Automatic Bandwidth settings ease enablement time and cost. The VPN Gateway can proactively run an automatic bandwidth determination test.

If the bandwidth is known to be a guaranteed static bandwidth, or the test is giving inaccurate results, the administrator can statically define the upstream and downstream bandwidth settings. The static settings are only expected to be an override situation for the automatic bandwidth measurement test; they are not considered to be the normal/expected configuration method.

CoS Policy

The CoS policy is configured using the same the AT&T Administration Server panels as used for the firewall rules. The CoS Policy includes a set of class of service rules defining the filters used to determine to which class each packet belongs.

The formats of the rules are very similar to the firewall rules where you can specify things like:

  • Direction: inbound/outbound/both
  • Protocol: (TCP/UDP/ICMP…)
  • ICMP Type (for ICMP protocol only)
  • Source/Destination address and mask OR- VLAN ID(v4.6+)
  • Source and Destination ports (port ranges allowed)

The CoS Class Identifier field is an additional field used to map rules to the CoS shaper class. This must be a previously created Class Name.

To simplify CoS enablement, CoS rules can be assigned to source or destination VLAN IDs (instead of source and destination IP Addresses) in the AT&T Administration Server and assigned to all VPN Gateway devices using that VLAN ID in an AT&T Administration Server Account or Model.