A quality of service (QoS) policy classifies network traffic and allocates bandwidth based on traffic throttling rules and traffic classification rules. Use QoS policies in Smart Access Gateway (SAG) to prioritize critical traffic and control bandwidth distribution.
How QoS policies work
A QoS policy consists of two components:
Traffic classification rules identify which traffic to match. Each rule uses a 5-tuple (source CIDR block, destination CIDR block, source port, destination port, and protocol). Rules can also target specific applications or application groups through deep packet inspection (DPI).
Traffic throttling rules control how matched traffic consumes bandwidth. Each rule has a priority level (1 to 3, where 1 is highest) and a throttling mode (percentage-based or bandwidth-based).
When bandwidth is insufficient, SAG allocates bandwidth based on rule priority. Rules with a smaller priority value receive bandwidth first.
Throttling modes
| Throttling mode | How it works |
|---|---|
| By Percentage | Guarantees a minimum percentage of a bandwidth type for matched traffic. Set minimum and maximum percentages. |
| By Bandwidth | Specifies fixed minimum and maximum bandwidth values for matched traffic. |
When using By Percentage, select a bandwidth type:
Cloud Connect Network (CCN) Bandwidth -- bandwidth for data transfer from the on-premises network to Alibaba Cloud.
Total Internet Bandwidth -- bandwidth for data transfer from the on-premises network to the Internet.
Example: percentage-based throttling
Scenario: The bandwidth for data transfer from the on-premises network to the Internet is 20 Mbit/s. Audio traffic to the Internet requires 10--15 Mbit/s.
Configuration: Select Total Internet Bandwidth and create a 5-tuple that matches the audio traffic. Set the minimum percentage to 50% and the maximum to 75%. This guarantees at least 10 Mbit/s (50% of 20 Mbit/s) for audio traffic and caps it at 15 Mbit/s (75% of 20 Mbit/s).
Prerequisites
To apply a QoS policy, you must have:
An SAG instance deployed in the target region.
(If using application-aware QoS) The DPI feature enabled on the SAG instance. For more information, see Manage DPI.
Create a QoS policy
Log on to the SAG console.
In the top navigation bar, select the region where the SAG instance is deployed.
In the left-side navigation pane, click QoS Policies.
On the QoS Policies page, click Create QoS Policy.
In the Basic Information section, configure the following parameters.
Parameter Description QoS Policy Name Enter a name for the QoS policy. QoS Policy Description Enter a description for the QoS policy. In the Rule section, configure the throttling rule.
Parameter Description Priority Select a priority for the rule. Valid values: 1 to 3. A smaller value represents a higher priority. When bandwidth is insufficient, SAG allocates bandwidth to higher-priority rules first. Throttling Type Select a throttling mode: By Percentage or By Bandwidth. For guidance, see Throttling modes. In the Traffic Classification Rule section, click Create 5-tuple and configure the 5-tuple that defines which traffic the throttling rule applies to.
NoteIf you select an Application Group or an Application, the QoS policy becomes an application-aware QoS policy. Application-aware QoS policies can be applied only to SAG instances that have the DPI feature enabled. For more information, see Manage DPI.
If you select both an Application Group and an Application, the QoS policy applies to all applications in the specified application group and the specified Application.
Parameter Description 5-Tuple Name Enter a name for the 5-tuple. (Optional) 5-Tuple Description Enter a description for the 5-tuple. (Optional) Protocol Select a protocol for the data packets. The supported protocols listed here are for reference only. The console shows the definitive list. Effective Period Specify the beginning and end of the effective period of the 5-tuple. (Optional) Source CIDR Block Enter the source CIDR block from which the data packets are sent. Source Port Enter the source port from which the data packets are sent. Valid values: 1 to 65535 and -1. Set the source port range in one of the following formats: 1/200 and 80/80. A value of -1/-1 specifies all ports. Destination CIDR Block Enter the destination CIDR block to which the data packets are sent. Destination Port Enter the destination port to which the data packets are sent. Valid values: 1 to 65535 and -1. Set the destination port range in one of the following formats: 1/200 and 80/80. A value of -1/-1 specifies all ports. Application Group Select an application group to which the 5-tuple applies. An application group may contain multiple applications. After you select an application group, the 5-tuple applies to all applications in the group. The supported application groups listed here are for reference only. The console shows the definitive list. Application Select an application to which the 5-tuple applies. Select an application from the specified application group. The supported applications listed here are for reference only. The console shows the definitive list. Click Create.
Configuration examples
The following examples show common QoS configurations. All parameter values reference fields in Create a QoS policy.
Example 1: Prioritize video conferencing traffic to Alibaba Cloud
Goal: Guarantee bandwidth for video conferencing traffic from the on-premises network to Alibaba Cloud.
| Parameter | Value |
|---|---|
| Priority | 1 |
| Throttling Type | By Percentage |
| Bandwidth type | CCN Bandwidth |
| Minimum percentage | 40% |
| Maximum percentage | 60% |
| Protocol | UDP |
| Source CIDR Block | 192.168.1.0/24 |
| Source Port | -1/-1 |
| Destination CIDR Block | 10.0.0.0/8 |
| Destination Port | -1/-1 |
This configuration reserves 40--60% of the CCN Bandwidth for UDP traffic from the 192.168.1.0/24 subnet, which typically carries video conferencing data.
Example 2: Limit bandwidth for bulk file transfers
Goal: Prevent large file transfers from consuming all available Internet bandwidth.
| Parameter | Value |
|---|---|
| Priority | 3 |
| Throttling Type | By Bandwidth |
| Minimum bandwidth | 2 Mbit/s |
| Maximum bandwidth | 5 Mbit/s |
| Protocol | TCP |
| Source CIDR Block | 192.168.0.0/16 |
| Source Port | -1/-1 |
| Destination CIDR Block | 0.0.0.0/0 |
| Destination Port | -1/-1 |
This configuration caps bulk transfer traffic at 5 Mbit/s while guaranteeing at least 2 Mbit/s. Priority 3 (lowest) ensures higher-priority traffic is served first when bandwidth is constrained.
Example 3: Guarantee bandwidth for a specific application group
Goal: Use application-aware QoS to guarantee bandwidth for a specific application group identified by DPI.
| Parameter | Value |
|---|---|
| Priority | 2 |
| Throttling Type | By Percentage |
| Bandwidth type | Total Internet Bandwidth |
| Minimum percentage | 30% |
| Maximum percentage | 50% |
| Application Group | (Select the target group from the console) |
| Application | (Optional -- select a specific application) |
This configuration requires the DPI feature enabled on the SAG instance. For more information, see Manage DPI.
Delete a QoS policy
Log on to the SAG console.
In the top navigation bar, select the region where the SAG instance is deployed.
In the left-side navigation pane, click QoS Policies.
On the QoS Policies page, find the QoS policy that you want to delete and click Delete in the Actions column.
In the Delete QoS Policy message, confirm the QoS policy and click OK.
References
CreateQos: creates a QoS policy.
CreateQosPolicy: adds a traffic classification rule to a QoS policy.
CreateQosCar: adds a traffic throttling rule to a QoS policy.
DeleteQos: deletes a QoS policy.
DeleteQosPolicy: deletes a traffic classification rule from a QoS policy.
DeleteQosCar: deletes a traffic throttling rule from a QoS policy.