QoS for home use

bayates826 · ‎08-29-2015

Hello,

I'm wondering if I can get some input on some quality of service configurations I have in place on my home network and maybe provide some input. The set up I have is a Cisco 2821 router sitting between my internet connection and a 2940 switch for my networking devices. I use these to get some practice with, but they also serve my home network (just an explanation as to why I have these things in my house).

So what I am trying to is prioritize different types of traffic so that the applications I use the most do not suffer because of other traffic in the background. I have three class-maps set to use NBAR as well as ACLs to classify my different traffic types. 1 = Skype and Games, 2 = Testing stuff (was supposed to be a games list), and 3 = Torrents. My goal is to make sure that any torrents or downloads will take a major backseat to anything else happening and my Skype and Gaming traffic will always function normally.

Here is what I have so far.

class-map match-all Torrent
match protocol bittorrent
match protocol napster
match protocol secure-nntp
match protocol edonkey
match protocol gnutella
match protocol gopher
match protocol kazaa2
match protocol fasttrack
class-map match-all Skype
match protocol skype
match access-group name Rocket_League
match access-group name H1Z1
class-map match-all Gaimz
match protocol rtcp
match protocol rtp
match protocol rtsp
match protocol http
match protocol secure-http
match protocol secure-ftp
match protocol ftp
!
!
policy-map QoS
class Skype
priority percent 33
class Gaimz
bandwidth remaining percent 81
class Torrent
bandwidth remaining percent 9

//Output omitted//

ip access-list extended H1Z1
permit udp any eq 65266 any
permit udp any eq 20169 any
ip access-list extended Rocket_League
permit udp any eq 40230 any
permit udp any eq 42449 any

//Output omitted//

interface GigabitEthernet0/0
description Default Gateway
ip address 10.88.88.88 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
duplex auto
speed 100
service-policy output QoS
!
interface GigabitEthernet0/1
description Internet
ip address 192.168.1.253 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed 10
service-policy output QoS

I've tried starting up some torrents and trying to use Skype and play one of my games. Skype seemed to be fine although I rarely have an issue with it any ways even before I started messing with this stuff, but my games performed as I would expect with downloads going on.

My concern is that that the QoS is only really useful if the link is congested. Since my interfaces are both either 10Mb or 100Mb and my internet connection is only 4Mb maximum this congestion will never occur. This is how I understood this, but I could be wrong.

Also I understand that the games I have configured use different port #s all the time so I'm looking for a better way to classify this traffic.

So my question is if my configuration should be fine or if there is a better way to do this on a slow internet connection.

Thanks,

Anthony Brandelli · ‎08-29-2015

First thing to check, are things being matched as expected? show policy-map interface XX to see the matches for the class maps.

Next you need to understand how QoS determines there is congestion occurring, ~~it does this using the bandwidth interface subcommand. Set the bandwidth interface subcommand to be what your upload/outbound speed to the internet is~~. ~~Without this the router can't reliably determine when there is congestion.~~

Another thing I would suggest is removing the QoS from the LAN interface of the router, I'm not sure you will find much value in this because the bottleneck is your internet connection.

Finally, it's debatable whether you really want to put skype in the priority queue using the priority command.

EDIT: See my last post about looking at shapers, I have no idea where I came up with the above striked out text. The bandwidth command is used for routing metric and auto QoS setup, not when your CBWFQ engages. The bandwidth command plays into the percentage calculations.

bayates826 · ‎08-29-2015

I will put the bandwidth command in there. I had wondered if this made a difference for QoS, but I'd only knew of it to change the routing metrics. I will throw that on an interface.

Would removing the QoS from the LAN interface affect download QoS since I can only apply the service policy as an output? Wouldn't the policy on my internet interface govern the rates which I can upload and then the policy on my LAN interface govern my downloads?

I understood the priority queue makes sure that it is the first traffic out. I'm just wondering why this would be debatable to have Skype in there since it is my most important application.

I checked my policy-map on both interfaces. It looks like Skype is being matched pretty well, but after testing Torrents have no matches. I'm going to need another way to classify those.

GigabitEthernet0/0

Service-policy output: QoS

Class-map: Skype (match-all)
70163 packets, 4311232 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol skype
Match: access-group name Rocket_League
Match: access-group name H1Z1
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 33 (%)
Bandwidth 33000 (kbps) Burst 825000 (Bytes)
(pkts matched/bytes matched) 70163/4311232
(total drops/bytes drops) 0/0

Class-map: Gaimz (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol rtcp
Match: protocol rtp
Match: protocol rtsp
Match: protocol http
Match: protocol secure-http
Match: protocol secure-ftp
Match: protocol ftp
Queueing
Output Queue: Conversation 265
Bandwidth remaining 81 (%)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: Torrent (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol bittorrent
Match: protocol napster
Match: protocol secure-nntp
Match: protocol edonkey
Match: protocol gnutella
Match: protocol gopher
Match: protocol kazaa2
Match: protocol fasttrack
Queueing
Output Queue: Conversation 266
Bandwidth remaining 9 (%)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
27613697 packets, 30956690122 bytes
5 minute offered rate 1103000 bps, drop rate 0 bps
Match: any

GigabitEthernet0/1

Service-policy output: QoS

Class-map: Skype (match-all)
320020 packets, 44377386 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol skype
Match: access-group name Rocket_League
Match: access-group name H1Z1
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 33 (%)
Bandwidth 3300 (kbps) Burst 82500 (Bytes)
(pkts matched/bytes matched) 39/5447
(total drops/bytes drops) 0/0

Class-map: Gaimz (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol rtcp
Match: protocol rtp
Match: protocol rtsp
Match: protocol http
Match: protocol secure-http
Match: protocol secure-ftp
Match: protocol ftp
Queueing
Output Queue: Conversation 265
Bandwidth remaining 81 (%)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: Torrent (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol bittorrent
Match: protocol napster
Match: protocol secure-nntp
Match: protocol edonkey
Match: protocol gnutella
Match: protocol gopher
Match: protocol kazaa2
Match: protocol fasttrack
Queueing
Output Queue: Conversation 266
Bandwidth remaining 9 (%)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
21416681 packets, 4436883448 bytes
5 minute offered rate 28000 bps, drop rate 0 bps
Match: any

Anthony Brandelli · ‎08-29-2015

You can only do meaningful QoS on outbound traffic, so in a way you could regulate your download speeds by applying an outbound policy map on your LAN interface, but this would only matter to the router, and not your internet connection. In other words, once it's on the wire on it's way to you you can only do so much. Your internet connection is rate limited/shaped somewhere upstream so your router can queue these things but it's already passed through that upstream device.

The priority queue in this case does mean that the packets in this queue get serviced before others, but only to a point, because a policer is used to stop other queues from being starved. The priority queue is generally reserved for well behaved applications like VOIP codes and certain video codecs. I'm not saying skype won't work in here, I'm just not sure how bursty skype is, and how it would deal with being policed.

(http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-packet-marking/10100-priorityvsbw.html)

Hope I worded this in a way that's understandable.

bayates826 · ‎08-29-2015

You worded it well I understand it. Considering that I'm pretty sure that the Skype class has been working and I haven't had an issue with it the I'll probably leave it on unless it starts causing problems.

I understand that the download traffic would have already eaten the bandwidth of my internet connection by the time it reaches the router. This was something I struggled with understanding before I started configuring this. My hope for the qos on the lan interface is that it will cause the tcp windowing to drop and cause the downloads to operate at a lower speed.

Now I'm still fuzzy on if this configuration will drop these additional packets or if they are just queued. I'm not sure if what I'm expecting makes sense, but I don't know if I need to specify some policing for this to happen or if it is just done by default.

either way I'll have to change the class map to match the download traffic to even test what I have.

Joseph W. Doherty · ‎09-01-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Unless your egress supports your full port speed, you'll need a hiearchical policy with a shaper in the parent to "trigger" your egress QoS. (Also, I believe most low end shaper's don't account for L2 overhead, and if/when they don't you need to shape at an even slower rate to allow for it.)

Regarding ingress, unless you LAN egress is slower than WAN ingress, again, your QoS won't "trigger". So, also again, you could shape, and/or you could use an ingress policy on your WAN interface that polices. (For some traffic, such as TCP, you can also shape returning ACKs, to regulate ingress bandwidth consumption.)

BTW, ingress bandwidth management is extremely difficult to well manage on Cisco router at a downstream interface.

bayates826 · ‎08-31-2015

So I found the problem with my Torrent Class-map. I had it configured to match-all instead of match-any so after correcting that I'm getting successful matches on that class-map.

As far as I can tell through show commands everything seems to be working. I can tell a difference in web browsing and video streaming while downloads are in progress so this is a plus, but my games still perform poorly. I'm just going to guess it is because these routers aren't meant for such use. I'm sure it has to do with the downloads automatically eating away my bandwidth before QoS is even considered and since the gaming traffic is sporadic the policy-map rightfully lets the downloads use the bandwidth that the games aren't using at that moment. I'm also thinking it might actually have something to do with the priority queue that you mentioned before as well.

Anthony Brandelli · ‎08-31-2015

Good catch on the match-any.

Getting a working QoS configuration does take time and testing, and often will need the use of traffic generators to help simulate the expected traffic easier and more consistently. One thing that also complicates this with residential services is that bandwidth is often not guaranteed and is shared, so you will find fluctuations in throughput which doesn't help QoS at all.

As far as games latency is extremely important, so even if the packets are queued for an extremely short period this can cause noticeable issues.

Finally, as was noted inbound/downloads are also a problem for doing good, useful QoS.

Never hurts to play around and see if other configs will work better, shapers can be a useful tool in class maps too.