(Traditional routers, firewalls, load balancers)

I have the opportunity to speak with a lot of people who manage networks for a living. One thing I continue to hear is, “Why not just use my router, firewall or load balancer to do QoS?” For me, it’s an easy answer – they’re simply not designed for that purpose. But then I’m reminded – they all have some level of this feature, don’t they?

You Might Also Like: How to Alter Your Network Personality and Ensure Key App Performance

There are many options in the market that support different types of Quality of Service (QoS). In this blog we will focus on 5 of them.


Routers give you outbound queuing – 3 levels in most, a few more in others. They let you place specific protocols or ports into buckets to allow precedence in the network. This is done in the OUTBOUND direction. What this means is that you need to configure both sides of the network for it to work effectively. Think of it this way: When users request YouTube or Netflix, there is a small amount of data that is sent. This is the OUTBOUND direction. Then YouTube or Netflix start streaming INBOUND into the network. So if you consider using queues on your router, think about what direction the data is flowing.

2. CoS (Class of Service)

WAN carriers provide QoS within their networks called Class of Service (CoS) and most will charge for this added service. CoS allows WAN administrators to place important applications into “Classes” so that they are carried over the network with priority over other apps. This service only works “within” the carrier network, so Internet connections don’t benefit from this. But if you control data over networks like MPLS then this might be an option. When applications share ports (CoS is based on port, like HTTP port 80) then you can’t guarantee critical applications get priority. Any app using the same port gets priority. Additionally, you only get the option to prioritize a very limited number of classes, making this functionality very limited.

3. Port Blocking

I guess firewalls provide a level of QoS. They react to “allows” and “Denys” through an access list or policy set for specific applications and are most effective at ports and protocols vs. applications. If your primary need were to stop applications from entering or leaving your network, then using a simple firewall rule set would accomplish this. BUT if you are trying to block P2P applications like BitTorrent then you’ll need an alternate solution. P2P applications obfuscate their port number and will end up on “Allowed” ports into the network.

4. Adding Layer 7 QoS into a Load Balancer

Some Load Balancers now offer the addition of integrating Layer 7 signature databases into their OS, allowing them to identify with applications. They also provide some reporting, but have limited policy enforcement for QoS. The number one issue of going this route is that it comes at a cost to system performance. In most cases, you won’t be able to simply upgrade to this feature without an appliance overhaul.

5. Remove QoS and Upgrade QoS

Believe it or not, this is nearing the top of the list of things to do for IT professionals. I bring this up because there is a new mindset that QoS has no value when there is enough bandwidth. If your network were static and never changing then I would concede and say, “You are correct.” But that’s just not a reality in any network that offers Internet access in one form or another. Users want to be connected 100% of the time, and the data they are accessing is continually changing. High Definition video, high quality voice, streaming, and cloud – the list goes on and on. So adding 10x bandwidth is simply a Band-Aid. There are thousands, no millions; of analogies I could throw at this claim to dispute it. Bandwidth will not solve user complaints or performance issues. Period.

So What Do you Need?

What you need is a true QoS solution. QoS applications and appliances are purpose-built to correctly identify and control applications. They have deep packet inspection up through layer 7 in the OSI model to ensure that applications don’t officiate themselves and hide in other well-known applications that might be allowed through firewalls and routers.

Exinda delivers one of the industries most robust application signature databases available today. This gives their system the ability to correctly identify and control well over 2,600 applications. And for applications that it doesn’t know about, you can build custom layer 7 applications within the user interface.

Policies are simple to deploy. You can use the default wizard or build one from scratch.



Most people get 80% of their policy comfort from using the wizard while only needing to modify just a few rule sets to meet their specific business needs. Configuration can contain just about any layer 3-7 information you need to control.

The reality is that today’s routers, firewalls and load balancers just don’t come close to delivering application QoS the way purpose-built appliances do. Would you really use your router to deliver firewall functions in your network? Use a firewall to load balance between different carrier connections? So why try to use them for something they were not intended to do? Exinda is at the top of the list when it comes to ease of configuration and effectiveness of control – an integrated approach for reporting, control, acceleration and recommendations delivers a solid orchestrated solution.

Learn More:

Want to learn more about how Exinda can help you meet rising user expectations for network and application performance. Register today for a live demo. Hosted every Wednesday at 2PM ET.