The need for the QoS concept arises from the fact that the available bandwidth is not always sufficient to transmit all of the pending data packets reliably and on time. Load peaks can quickly occur when running FTP downloads, exchanging e-mails and using IP telephones over the data line all at the same time. In order to meet the needs for data transmission even in these situations, certain data packets need to be treated preferentially. This of course requires the device to recognize which data packets should be preferred.
There are two ways to signal the need for preferential treatment of data packets in the device:
- The application, such as the software of an IP phone, can mark the data packets accordingly. This mark, or "tag", is inserted into the header of the IP packets. The two types of tagging "ToS" and "DiffServ" can, in simplified terms, take on the following states:
- ToS “Low Delay“
- ToS “High Reliability“
- DiffServ “Expedited Forwarding“
- DiffServ “Assured Forwarding“
Note: In the case of a VPN route, the IP header bits of the ToS or DiffServ field are also copied to the enclosing IP header of the IPSec VPN packet. This allows QoS to be used on VPN routes over the Internet as long as the provider supports preferential treatment of the corresponding packets in the WAN. - If the application itself is unable to tag the data packets appropriately, the device can handle this. This makes use of the functions available in the firewall, which classify the data packets by subnets or services (applications). These functions allow, for example, the data packets of an FTP connection or those of a specific company department (i.e. in a separate subnet) to be treated differently.
The following two options are available for the treatment of data packets that are classified by the firewall:
- Guaranteed minimum bandwidth
- Limited maximum bandwidth
