Barracuda Networks has made getting started with Traffic Shaping and Quality of Service (QoS) incredibly simple, easy and straightforward with their CloudGen/NextGen Firewall and NextGen Admin utility. 

• I know your inclination is not to believe me and of course that leaves me with a steep hill to climb to prove the original premise of this blog.
• I also see a lot of you are thinking:
  • "Why do I even need QoS?”
  • “It's difficult to understand and just too much work.”

The Challenge

I have been wondering how best to start this blog series.  Let me begin our journey together by introducing a particular challenge that is eventually recognized by all network administrators.  It is not an issue of if you will run into it, but a matter of when, and it is called network congestion.

What is Network Congestion

Network congestion occurs when there is a traffic bottleneck in a network, where a large volume of packets has entered the Firewall and the exit interface can't immediately forward the packets. The excess packets must be temporarily stored (queued) in memory.  When the queue is filled to capacity, the newly arriving packets are dropped because there is nowhere else to hold them.

Understand the Nature of Traffic and Applications

When congestion occurs, the Quality of Service challenge is to understand that certain types of traffic and applications must be allocated more bandwidth than others, and most real-time UDP based applications cannot handle packet loss due to a packet being dropped or excess jitter. 

Example:  During congestion, business-critical traffic must be allocated enough bandwidth to maintain a practical service level, versus a background file transfer like OneDrive that does not usually care if it takes 1 minute or 2 minutes to complete.  However, real-time applications like Voice over IP can only handle up to 150 milliseconds of delay between packets to be deemed acceptable according to the ITU-T 's G.114 standard.

The Most Common Traffic Bottleneck

Your first QoS Policy will probably be at the internet edge

As shown in the diagram above, the most common traffic bottleneck is at the internet edge.  The next challenge is to decide which device should control the network congestion. You essentially have two choices: either the ISP/Edge Router or your Barracuda CloudGen Firewall: 

• The ISP/Edge Router by default is probably going to treat all traffic the same when making a traffic selection/forwarding decision, or with additional configuration, it may look at the OSI Layer 3 Protocol (TCP/UDP/ICMP) and Layer 4 Port.

• The Barracuda F-Series CloudGen Firewall has implemented the latest technology in next-generation firewalling using OSI Layer 7 – the Application Layer. This feature provides the ability to prioritize traffic based on the applications needed to put your customers first.  When congestion occurs, you will be prioritizing bandwidth, putting your most critical applications first.

I hope you already know my recommendation -- use the Layer 7 capabilities of the Barracuda Firewall.

The Barracuda Next-Generation Firewall

Prioritize Traffic Based on Applications and Sub-Applications

When Network Administrators begin the process of investigating and implementing a QoS policy, they tend to feel a little overwhelmed and uncertain as to how to proceed.  One of the things I love about the Barracuda CloudGen Firewall is how Barracuda figured out a way to create the most natural, comfortable and straightforward method for managing and implementing a QoS policy.  The coolest of these abilities is to go beyond the Layer 7 application like Facebook, and create a policy based on the sub-application -- like Facebook Games or Facebook Chat and Messenger, to name a few.  Can you say WOW, I want that feature?  Or better yet, I need that feature!

Check out Barracuda’s on-line Application Explorer to see the current list of applications, protocols, file content types, user agents and application categories that can be identified by Barracuda Networks.

What’s Next?

In the next few blogs, I will investigate the many QoS and Traffic Shaping features built into the Barracuda CloudGen Firewall.  Once the background knowledge is in place, I will follow up on the blogs with a series of short web-seminars with integrated live presenter demos.

In the next series of blogs, we will begin to investigate:

• What’s Cool about Barracuda Networks - Quality of Service (QoS)
• What’s Cool about Barracuda Networks - Traffic Shaping
• What’s Cool about Barracuda Networks - Application Control
• What’s Cool about Barracuda Networks - SSL Intercept

Where Can I Go to Learn More?

If you would like to learn more about the Barracuda CloudGen F-Series Firewall (formerly known as the NextGen Firewall) with guidance on how to get up and running faster, check out Fast Lane’s NextGen Firewall F – Foundation (NGF01) Course.  In this class, you will learn how to install, configure and maintain the features and functions of the CloudGen Firewall including QoS, high availability, central administration with the NextGen Control Center, and much more. 

The goal of all Barracuda CloudGen Firewall classes is to learn how to fully protect your critical network resources and applications with Authorized Barracuda Training.  Fast Lane’s Barracuda CloudGen Firewall training is always hands-on and offers practical tips and problem-solving strategies for your network.

Signing off for now,

Patrick (pathmandu) Basso

Barracuda Certified Engineer + Trainer

Email:              patrick@ubernet.us

Web Site:       barracuda.ubernet.us

“Our mission is to provide knowledge and understanding -- because understanding the knowledge in our industry means you have the power to do great things!”