We recommend a maximum limit on the configurable root bandwidth for the WAN interface. The hardware platform determines the recommended limit.

Certain virtual in-path network topologies where the LAN-bound traffic traverses the WAN interface might require that the appliance bypass LAN-bound traffic so that it is not included in the rate limit determined by the recommended maximum root bandwidth. Some deployment examples are WCCP or a WAN-side default gateway.

Figure: In-path configuration where the default LAN gateway is accessible over the appliance WAN interface and Figure: WCCP configuration where the default LAN gateway is accessible over the appliance WAN interface illustrate topologies where the default LAN gateway or router is accessible over the WAN interface of the appliance. If there are two clients in the local subnet, traffic between the two clients is routable after reaching the LAN gateway. As a result, this traffic traverses the WAN interface of the appliance.

 

In a QoS configuration for these topologies, suppose you have several QoS classes created and the root class is configured with the WAN interface rate. The remainder of the classes use a percentage of the root class. In this scenario, the LAN traffic is rate limited because RiOS classifies it into one of the classes under the root class.

You can use the LAN bypass feature to exempt certain subnets from QoS enforcement, bypassing the rate limit. The LAN bypass feature is enabled by default and comes into effect when subnet side rules are configured.