QoS: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
 
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<span style="display:none" class="helpSource network_qos">QoS</span>
<span style="display:none" class="helpSource network_qos">QoS</span>
<span style="display:none" class="helpSource network_advanced_qos">QoS</span>


== About QoS ==
== About QoS ==
Line 42: Line 43:
# Because packets are often approximately 1500 bytes (the MTU size), the lower priorities must either send the packet or not send the packet. Splitting the packet and sending a portion is not an option. As such the packet will be sent to prevent starvation but may actually exceed the 1% reservation at times. This is especially true on small links with very little bandwidth. As such the ''granularity'' of the limits and reservations on small links may be slightly skewed.
# Because packets are often approximately 1500 bytes (the MTU size), the lower priorities must either send the packet or not send the packet. Splitting the packet and sending a portion is not an option. As such the packet will be sent to prevent starvation but may actually exceed the 1% reservation at times. This is especially true on small links with very little bandwidth. As such the ''granularity'' of the limits and reservations on small links may be slightly skewed.
# WANs are treated completely separately. Rules run on all traffic, regardless of which WAN the traffic is going out. However the bandwidth setting on each WAN is separate and they are treated as separate resources that are divided amongst traffic independently.
# WANs are treated completely separately. Rules run on all traffic, regardless of which WAN the traffic is going out. However the bandwidth setting on each WAN is separate and they are treated as separate resources that are divided amongst traffic independently.
# All sessions within the same priority are given equal treatment using ''Stochastic Fairness Queueing'' or SFQ.
 


== Settings ==
== Settings ==
Line 48: Line 49:
This section reviews the different settings and configuration options available for QoS.
This section reviews the different settings and configuration options available for QoS.


* '''Queue Discipline''' is the [https://www.coverfire.com/articles/queueing-in-the-linux-network-stack/ queueing discipline]. The queue discipline is the algorithm used to "queue" packets that are ready to be transmitted. The default is ''Fair/Flow Queueing + Codel'' or ''fq_codel'' because it is the most modern and most performant and minimizes [[Buffer Bloat]]. Another commonly used and good algorithm is ''sfq'' or ''Stochastic Fairness Queueing'' (the old default). ''pfifo'' or ''First in First out'' is the simplest but is not optimal as all packets are treated equally.


* '''Enabled''': Controls whether QoS is enabled or disabled. The default setting is unchecked, which means QoS is disabled and no rules have any effect. '''WAN Bandwidth should be set before enabling QoS'''.
* '''Enabled''': Controls whether QoS is enabled or disabled. The default setting is unchecked, which means QoS is disabled and no rules have any effect. '''WAN Bandwidth should be set before enabling QoS'''.
Line 54: Line 56:




* '''WAN Bandwidth''': The '''most critical''' setting to configure correctly. This should be set to 85-95% of your '''actual line speed''' - we recommend contacting your ISP to get the proper numbers.
* '''WAN Bandwidth''': The '''most critical''' setting to configure correctly. This should be set to 85-95% of your '''actual line speed''' - we recommend contacting your ISP to get the proper numbers and testing to verify.
:Finding the right settings for the WAN Bandwidth may take some experimentation. If the bandwidth limit is set too high QoS will have no effect at all. If the bandwidth setting is too low, traffic will be unnecessarily limited to a lower bandwidth. Remember, traffic only receives preferential treatment when the set bandwidth limit is saturated. For testing it is useful to start several downloads while testing the performance of high priority traffic.
 
:Finding the right settings for the WAN Bandwidth may take some experimentation. If the bandwidth limit is set too high QoS will have no effect at all. If the bandwidth setting is too low, traffic will be unnecessarily limited to a lower bandwidth. Remember, traffic only receives preferential treatment when the set bandwidth limit is saturated.  
 
:The QoS limits are configured correctly when the network has slightly less throughput than when QoS is disable entirely. Depending on your hardware, the QoS settings may not match the ISP-provided or testing Mbit numbers exactly. Experimentation is required.


[[Image:qos_bandwidth.png|center|frame|WAN Bandwidth]]
[[Image:qos_bandwidth.png|center|frame|WAN Bandwidth]]
Line 66: Line 71:


* '''QoS Custom Rules''': This provides a simple way to create custom rules to prioritize or de-prioritize certain traffic.
* '''QoS Custom Rules''': This provides a simple way to create custom rules to prioritize or de-prioritize certain traffic.
:As the note warns, QoS Custom Roles '''only match on bypassed traffic''' - they will do '''nothing''' if the traffic is not bypassed. If you want to prioritize scanned sessions, use [[Bandwidth Control]]. Default rules exists for VoIP traffic, which is also bypassed by default. Here's a list of the qualifiers you can use to build Custom QoS Rules:
:As the note warns, QoS Custom Rules '''only match on bypassed traffic''' - they will do '''nothing''' if the traffic is not bypassed. If you want to prioritize scanned sessions, use [[Bandwidth Control]]. Default rules exists for VoIP traffic, which is also bypassed by default. Here's a list of the qualifiers you can use to build Custom QoS Rules:




Line 101: Line 106:
| The MAC Address of the source of the traffic.
| The MAC Address of the source of the traffic.
|}
|}
[[Image:qos_custom_rules.png|center|frame|QoS Custom Rules]]


* '''QoS Priorities''': This table allows customization of how each priority is treated and how they are prioritized relative to other priorities. It is recommended to keep the default values.
* '''QoS Priorities''': This table allows customization of how each priority is treated and how they are prioritized relative to other priorities. It is recommended to keep the default values.
Line 129: Line 130:
* '''QoS Current Sessions''' shows a table of all current active sessions and the assigned priority of each.
* '''QoS Current Sessions''' shows a table of all current active sessions and the assigned priority of each.
:This is useful for testing to assure that priorities are being given the correct priority. Please note that sessions are assigned priorities at creation time, so if rules are changed active sessions will keep their current priority - only new sessions will be run against the new rules.
:This is useful for testing to assure that priorities are being given the correct priority. Please note that sessions are assigned priorities at creation time, so if rules are changed active sessions will keep their current priority - only new sessions will be run against the new rules.


== Related Topics ==
== Related Topics ==

Latest revision as of 14:35, 9 July 2021

About QoS

Quality of Service (QoS for short) is a mechanism to ensure high-quality performance to latency- and bandwidth-sensitive applications. It allows for the prioritization and differential treatment of traffic based on rules. Most often this is used to improve the performance of latency and bandwidth sensitive applications and traffic (like VoIP) at the cost of less important traffic such as peer-to-peer. QoS can greatly improve the performance of the network traffic and important protocols, especially when the upload or download bandwidth is saturated. However QoS can also be detrimental to network performance if configured incorrectly. It is advised to read this section in its entirety before enabling QoS.


QoS settings can be found at Config > Network > Advanced > QoS.




The 7 Priorities

The 7 priorities in the default configuration can be thought of as two sets - the top four priorities: Very High, High, Medium and Low can all consume all available bandwidth if no higher priority class wishes to use it. Use these to prioritize traffic above normal, such as VoIP or important business traffic. The bottom three priorities Limited, Limited More, and Limited Severely are always limited regardless of other priorities' bandwidth consumption, because their download and upload limits are set to less than 100%. These should be used in situation where the goal is to restrict traffic regardless of if there is more bandwidth available.




Examples

Below are a few examples going from simple to more complex.

  1. The network is completely idle except for one Medium priority download. This download is given all the available bandwidth and happens at full speed because no other priorities are using any traffic and the Medium download limit is 100%.
  2. The network is completely idle except for one Low priority download. This download is given all the available bandwidth and happens at full speed because no other priorities are using any traffic and the Low download limit is 100%.
  3. The network is completely idle except for one Limited More priority download. This download is given only half the available bandwidth because the reservation of Limited More is only 50%. The other 50% remains unused.
  4. The network is fully saturated and all seven priorities have several active downloads running. All Very High Priority downloads equally split 60% of the download bandwith (the Very High reservation). All the other priorities split their reservations in a similar fashion all the way down to Limited Severely which splits the 1% reservation between all Limited Severely Sessions.
  5. One Medium priority download and one Low priority download are running simultaneously. Because the other priorities are not using any of the reservations the left over is split relative to the Medium and Low reservations (5:12 or roughly 1:2.5). As such the Medium priority download runs roughly 2.5 times faster than the Low priority download and together they consume all available bandwidth. (example: Low priority runs at 100kB/sec while the Medium runs at 250kB/sec and the total available bandwidth is 350kB/sec)
  6. Two Limited Severely downloads are taking place simultaneously. All sessions in the same priority share the resources of that priority so the two sessions split the priority's resources. Because all other priorities are not in use the two split the bandwidth limit (10%) and each download runs at 5% of the total available bandwidth.
  7. There are two WAN interfaces and WAN Balancer is balancing traffic across the WANs. One Medium priority download is happening on WAN1 and one Low priority download is happening on WAN2. The Medium priority download is given 100% of the WAN1's bandwidth and the Low priority download is given 100% of WAN2's bandwidth.
  8. There are two WAN interfaces and WAN Balancer is balancing traffic across the WANs. One Medium priority download is happening on WAN1 and one Limited More priority download is happening on WAN2. The Medium priority download is given 100% of the WAN1's bandwidth and the Limited More priority download is given 50% of WAN2's bandwidth.




Special Notes

  1. Any given TCP download uses upload bandwidth to communicate to the sender that the data is being received. Usually this upload bandwidth is only a little, but sometimes if there is very little upload bandwidth available it can actually be the limiting factor in the total rate of the download. The receiver can only communicate with the sender to tell it that data is being received sporadically and as such the sender will slow down. This is especially common with asymmetric links, especially if other uploads are in progress.
  2. Because packets are often approximately 1500 bytes (the MTU size), the lower priorities must either send the packet or not send the packet. Splitting the packet and sending a portion is not an option. As such the packet will be sent to prevent starvation but may actually exceed the 1% reservation at times. This is especially true on small links with very little bandwidth. As such the granularity of the limits and reservations on small links may be slightly skewed.
  3. WANs are treated completely separately. Rules run on all traffic, regardless of which WAN the traffic is going out. However the bandwidth setting on each WAN is separate and they are treated as separate resources that are divided amongst traffic independently.


Settings

This section reviews the different settings and configuration options available for QoS.

  • Queue Discipline is the queueing discipline. The queue discipline is the algorithm used to "queue" packets that are ready to be transmitted. The default is Fair/Flow Queueing + Codel or fq_codel because it is the most modern and most performant and minimizes Buffer Bloat. Another commonly used and good algorithm is sfq or Stochastic Fairness Queueing (the old default). pfifo or First in First out is the simplest but is not optimal as all packets are treated equally.
  • Enabled: Controls whether QoS is enabled or disabled. The default setting is unchecked, which means QoS is disabled and no rules have any effect. WAN Bandwidth should be set before enabling QoS.
  • Default Priority: This is the priority assigned to traffic which matches no QoS rule. It is advised to leave this at the default setting of Medium.


  • WAN Bandwidth: The most critical setting to configure correctly. This should be set to 85-95% of your actual line speed - we recommend contacting your ISP to get the proper numbers and testing to verify.
Finding the right settings for the WAN Bandwidth may take some experimentation. If the bandwidth limit is set too high QoS will have no effect at all. If the bandwidth setting is too low, traffic will be unnecessarily limited to a lower bandwidth. Remember, traffic only receives preferential treatment when the set bandwidth limit is saturated.
The QoS limits are configured correctly when the network has slightly less throughput than when QoS is disable entirely. Depending on your hardware, the QoS settings may not match the ISP-provided or testing Mbit numbers exactly. Experimentation is required.
WAN Bandwidth


  • QoS Rules: Built-in rules to provide priorities for some typically important packets and traffic types. If you're not sure, just leave these at the default.
QoS Rules


  • QoS Custom Rules: This provides a simple way to create custom rules to prioritize or de-prioritize certain traffic.
As the note warns, QoS Custom Rules only match on bypassed traffic - they will do nothing if the traffic is not bypassed. If you want to prioritize scanned sessions, use Bandwidth Control. Default rules exists for VoIP traffic, which is also bypassed by default. Here's a list of the qualifiers you can use to build Custom QoS Rules:


Name Legal Value Description
Destination Address IP Matcher The Destination IP of the traffic.
Destination Port Port Matcher The Destination Port of the traffic.
Destined Local This will match on any IP the Untangle holds, including aliases.
Only recommended if your WAN interface(s) are Dynamic.
Protocol Checkboxes The protocol that should be forwarded - check all that apply.
Source Interface Radio Buttons The Source Interface of the traffic - choose only one.
Source Address IP Matcher The Source Address of the traffic.
Source MAC Address XX:XX:XX:XX:XX:XX The MAC Address of the source of the traffic.
  • QoS Priorities: This table allows customization of how each priority is treated and how they are prioritized relative to other priorities. It is recommended to keep the default values.
QoS Priorities


  • Download Limit can be any value between 1% to 100%. It limits the maximum amount of download bandwidth available to this priority under any circumstance.
  • Upload Limit can be any value between 1% to 100%. It limits the maximum amount of upload bandwidth available to this priority under any circumstance.
  • Download Reservation can be any value between 1% to 100%. It guarantees the minimum amount of bandwidth available to this priority should it be needed under any circumstance.
  • Upload Reservation can be any value between 1% to 100%. It guarantees the minimum amount of bandwidth available to this priority should it be needed under any circumstance.
Some amount of bandwidth is always guaranteed (by the reservation) to each priority. This is to prevent any priority from being fully starved and being disconnected from the internet because higher priorities are using all the bandwidth. When a higher class is not using its reservation, the leftover is re-assigned to the lower classes based on the ratio of their reservations. For Example, by default the Medium priority is limited to 100% of the download bandwidth and is guaranteed at least 12% of the download bandwidth.
  • QoS Statistics is a status readout of recent activity. The statistics are reset at reboot and when settings are saved.
It is useful for diagnosing which rules are being matched and that the proper priorities are getting assigned. It is also useful to test the total usage of each priority. The statistics are broken up by WAN interface, for example External - Outbound shows the priority byte counts of all traffic going out the External WAN while External - Inbound shows the priority byte counts of all traffic coming in the External WAN.
QoS Statistics


  • QoS Current Sessions shows a table of all current active sessions and the assigned priority of each.
This is useful for testing to assure that priorities are being given the correct priority. Please note that sessions are assigned priorities at creation time, so if rules are changed active sessions will keep their current priority - only new sessions will be run against the new rules.

Related Topics

Here are several other relevant QoS links which are worthwhile reading that may give the curious administrator more insight.

QoS FAQs

How are multiple WANs handled?

WANs are treated completely separately, however the same set of rules are evaluated on all traffic. The bandwidth settings of each WAN must be set correctly and independently, but there is no need to maintain separate rule sets beyond that.


Why is my internet slow when I enable QoS?

Likely because your WAN bandwidth settings are too low. Verify your settings for WAN Bandwidth are correct.


QoS is not helping my high-priority applications. Why?

This is likely because your WAN Bandwidth settings are too high and QoS is having no effect or you simply do not have enough bandwidth to support your high-priority applications regardless of low-priority traffic. Verify your settings for WAN Bandwidth are correct.

Why do custom rules only match bypassed traffic?

Non-bypassed traffic is handled differently because it goes through the Untangle network stack - not the normal linux packet flow. You can use the Bandwidth Control application to assign priorities to non-bypassed traffic.


Does QoS work on non-WAN interfaces?

No, only WAN interfaces have limits and are subject to QoS manipulation. If you have a DMZ with local servers all communication between that network and the internal network is not subject to QoS.


Can I limit users to specific speeds, such as 5k/s?

You can modify the QoS Priorities table to limit a priority to a certain percentage of your overall line speed, then assign that priority to a user or several users. Please note the bandwidth limits will be shared for the entire priority, so this solution does not scale to many users.

Does QoS work with PPPoE interfaces?

Yes, but many PPPoE connections have comparatively low bandwidth so QoS may not be very effective.