Basic QoS on RV340 for Home Network

MikeRobert60371 · ‎12-29-2020

Firstly, apologies for such a basic question in forums that are clearly designed more for enterprise level queries... I have spent a lot of time trying to find some resources online but I think due to the fact I'm using Cisco small business equipment in a home network (and the fact I have zero knowledge) is causing a real problem for me! Hopefully someone will take pity and help!

Equipment:

Virgin Modem (in modem mode) (Based in UK)

Cisco RV340

Cisco SG250-26HP

I have a number of smart home devices including alexas, ring, smart TVs etc and was hoping to limit the access of the smart home devices both from what I understand is best practice for security, and also in order to throttle the bandwidth they're taking.

I have a 600mb Virgin connection, although I fear this is the issue; seems to be excellent speeds but terrible latency on the line.

2 Questions;

1. How do I give priority to the playstation in order to try and improve my connection for gaming?

I set up a traffic class; all traffic originating from the ip 4 address and the ip6 address.

I then changed WAN Policing; had queue 1 as the playstation traffic class.

Is this right?

2. Should I have seperate vLans for the IoT items and is this best practice? Any references here would be appreciated.

Thank you in advance,

Mike

balaji.bandi · ‎12-29-2020

based on the marking it should take care of your requirement, the version to version this changes :

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/smb4261-configure-qos-quality-of-service-queue-mapping-on-the-rv320.html

you need to balance the bandwidth in terms of reservation, you can have 100% gaming, so all covered, you need to have Good Qos config in place

if gaming not used then that bandwidth can be shared wth others. rather dedicated the bandwidth.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MikeRobert60371 · ‎12-29-2020

Hi BB,

Thanks for the quick response; much appreciated. I have had a look at the link you suggested; although appears to be a different utility and I cannot seem to get similar options/settings in mine? User manual does refer to DSCP but in the QoS -> Traffic Classes section.

Presumably using DSCP is the best way to manage QoS / traffic?

Mike

Joseph W. Doherty · ‎12-29-2020

"Presumably using DSCP is the best way to manage QoS / traffic?"

It can be if you also presume traffic is properly marked with it. Unfortunately, many applications don't mark their traffic, and those that do often should be validated that the marking is what you desire.

Basically, DSCP, within the ToS byte, allows an "efficient" examination of a packet's QoS classification.

In Enterprise environments, when supporting QoS, we generally try to validate a packet's ToS ASAP, so it's often done on the edge port connecting to the host device. If a packet's ToS isn't valid, we either remark the packet's ToS or drop the packet.

BTW, this demarcation is a "trust" boundary, because on one side of it, we don't yet know whether the ToS value can be trusted, but on the other side, we do trust it.

Also BTW, you can have demarcations where ToS markings are changed, sometimes there's a one-for-one conversion, sometimes it's a one-to-many conversion (more granular classification) and sometimes it's a many-to-one conversion (less granular classification). Such a demarcation might also be a trust boundary, or not.

Lastly, if you pass ToS tagged packets onto the Internet, generally the Internet ignores them and/or doesn't provide any QoS support.

balaji.bandi · ‎12-29-2020

Sure you are in the right direction, sometimes QoS one first hand you will be not getting as expected,. but you can tweak based on understanding

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎12-29-2020

Hello,

your QoS approach sounds about right. When you define the traffic class, you want to be as specific as possible, so in addition to 'Source IP' and 'Destination IP', under 'Service/Application' you can also the specific ports PlayStation uses, rather than 'All Traffic'.
The PlayStation network servers typically use these ports:

TCP: 80, 443, 465, 993, 3478, 3479, 3480, 5223, 8080.
UDP: 3478, 3479.

Also, under 'WAN Bandwidth Management' specify the Upstream and Downstream kb/s values, as the percentages in the Policing Class Table are based on these values.

That said, a 600MB connection sounds like a lot. What model is the modem ?

Also, with regard to your IoT devices, which ones do you have ? You can do the same traffic classification as with your PlayStation. Below is a generic table with TCP ports used by common IoT devices:

Devices TCP ports

Amazon Echo 4070, 4071, 55442, 55443

August Doorbell 554, 8554, 19531

Belkin Cam 80, 81, 443, 9964, 49153

Belkin Motion 53, 49152

Belkin Switch 53, 49155

Dlink Cam 21, 23, 5001, 5004, 16119

Google Chromecast 8008, 8009, 9000

Google Home 8008, 8009, 9000, 10001

HP Printer 80, 443, 631, 3910, 3911, 8080, 9100, 9220, 53048

Hue bulb 80, 8080

iHome Plug 80

Netatmo Cam 80, 5555

Samsung Cam 80, 443, 554, 943, 4520, 49152

Smart Things 23, 39500

TPLink Cam 80, 554, 8080

TPLink Switch 80, 9999

Triby Speaker 80, 5080, 44395

Vivitar power 6668

Whithings Sleep 22, 7685, 7888

MikeRobert60371 · ‎12-29-2020

Hi Georg,

Wow, again thank you so much for the quick and detailed response.

Done the quick win re: WAN Bandwidth Management - thank you.

Also; yes to confirm, Virgin in the UK is not full fibre - it has a much better/faster download speed than upload speed - I think it's 600meg down, and 35meg up.

Joseph W. Doherty · ‎12-29-2020

First, I'll note I'm not familiar the QoS capabilities of either your Cisco SMB router or switch. Second, I'm unfamiliar with your Virgin Internet service or your "modem". That noted, I'm "somewhat" experienced with QoS, and also have "some" experience using Internet (US) cable services, both in "Enterprise" environments.

If your 600 Mbps Virgin service is anything like many US cable services, you may have a different "up" vs. "down" bandwidth allocations, often the former (up) providing (much) less bandwidth than the latter (down).

Also, anytime a port provides more bandwidth than what your provider allows (for example even if you have 600 Mbps up, I presume this is on a gig port), for egress QoS to be most effective you want to "shape" (not "police") to your provider's bandwidth allocation.

What "shaping" does, it creates an artificial bottleneck, that matches allocated bandwidth, so that you can manage your traffic when it exceeds the allocated bandwidth. (By manage, generally we prioritize some traffic over other traffic.)

BTW, if you cannot shape, a crude alternative is to "police" the non-critical traffic, to insure critical traffic obtains the bandwidth it needs. The first problem with this approach, the non-critical traffic cannot (usually) ever obtain additional bandwidth, even when it's available. Second problem, "knowing" the bandwidth to allocate for the non-critical traffic can be difficult.

On (US) cable systems, unfortunately, up bandwidth is actually shared bandwidth with other subscribers. I.e. your up bandwidth isn't guaranteed - also why latency can be so erratic. On some of Cisco's later DMVPN implementation, they offer "adaptive QoS", which tries to shape, dynamically, for the actually available bandwidth. Unfortunately, doubtful your equipment has this feature, and even if it did, its for (your) site-to-site traffic, not any Internet site traffic.

It the forgoing sounds bleak, well if your Virgin service works like I describe (i.e. variable, up bandwidth), it is bleak.

If your Virgin service provides "guaranteed" bandwidth, and if your equipment can "shape" you should be able to insure critical traffic gets that bandwidth, and assuming its sufficient for such traffic's needs, it should work well.

If you cannot shape, but can police, you may be able to also get your critical traffic to work well, but at the detriment to non-critical traffic.

PS:

I was just looking at referenced document, and a) it's unclear how the queues partition bandwidth (maybe the old PQ approach[?]) and b) likely only works/engages with physical port congestion. The latter, for the most part, making this QoS feature mostly useless whenever full port bandwidth isn't available on the link.

MikeRobert60371 · ‎12-29-2020

Thanks for the reply Joseph, but I don't understand most of what you've said...

Joseph W. Doherty · ‎12-29-2020

From which of my postings, or both?

Nothing understood, or some not understood? If the latter, if you note what was unclear I can try to explain it more simply.

In any case, to answer your original question number 1, how to provide priority to your playstation traffic depends on the QoS features of the device.

For example, on an Enterprise Cisco router, something like:

match-class playstation
match ... (whatever uniquely identifies this traffic, in your case, host IP might be sufficient)

policy-map QoS
class playstation
bandwidth percent 99
class class-default
bandwidth percent 1

interface x
service-policy output QoS

Would priortize your playstation traffic.

However, the above would only work (well) if your "up" bandwidth was the same as your port bandwidth.

As you note it's not, and maybe 35 Mbps, you would "shape" for your 35 Mbps and then priorize. For example, in addition/different from the above:

policy-map ShapeForUP
class class-default
shape 35000000000 !NB: may need to shape about 15% slower to allow for L2 overhead
service-policy QoS !NB: this might be incorrect syntax

interface x
service-policy output ShapeForUP

If you don't have shaping, you can try policing the "non-critical" traffic. For example, different from the original example, above:

policy-map QoS
class playstation
bandwidth percent 99
class class-default
bandwidth percent 1
police 1000000000 !NB: here you restrict traffic leaving other bandwidth for your playstation traffic

Again, don't know your device features, likely they don't support shaping, nor allow the equivalent of above.

Also, BTW, you'll likely have no control of your inbound traffic, which may, or may not, be detrimental to your playstation traffic.

Lastly, I haven't answered your second question. Likely no need for additional VLANs, unless you want additonal security control on traffic entering/leaving those VLANs, which again, on your SMB devices, might be feature lacking. Otherwise, VLANs would be are used to control broadcast/multicast domains, which from what you describe, also likely will not be an issue.

MikeRobert60371 · ‎12-30-2020

Hi Joseph,

Thanks again for your response.

OK I think I understand enough of the concept now. I think you're right that the shaping policy requires a license which I do not have for the RV340 so guess I'll have to go with trying to police the non-critical traffic.

Am I right in thinking the only way to access the command line interface is via a cable? Unfortunately my laptop doesn't have the serial connection... Is it possible to set up via the web interface?

Mike

Joseph W. Doherty · ‎12-30-2020

Sorry, again I'm unfamiliar with your device's console or command line capabilities.