QoS

From UntangleWiki

1 About Untangle QoS
2 Enabling Untangle QoS
3 Monitoring Untangle QoS
4 Known Issues

About Untangle QoS

QoS (quality of service) makes tradeoffs between bandwidth (throughput) and latency. The more bandwidth that's used, the higher the latency. The less bandwidth used, the lower the latency.

To see this tradeoff, consider a typical bank. The bank has a fixed number of teller windows and a fixed number of teller clerks. Of course, you can always expand the bank to add more teller windows and teller clerks (in other words, increase the bandwidth), but the goal is to make use of the bank's current capacity. The solution is to have a certain number of customers wait in line while other customers are serviced immediately. For example, merchants are serviced through a fast, VIP (Very Important Person) line while personal banking customer go through the slower lines.

QoS implements the tradeoffs between bandwidth and latency in a network. QoS is the process of assigning priorities to traffic based on:

Port
Protocol
IP Address

The higher the priority for a specific traffic type, the faster the Untangle Server's virtual machine begins to process that traffic. Such prioritization achieves the following goals:

Enables you to make the most use of the limited bandwidth that your ISP provides without having to upgrade your Internet connection (pay more for more bandwidth).
When there's network congestion or during peak congestion periods, Untangle Server's virtual machine processes traffic in the most ideal and efficient manner.

[edit]

Enabling Untangle QoS

Untangle QoS provides many default rules:

(Non-editable) Ping, TCP ACK and Gaming. You cannot edit these default rules because they're either lower-level protocols, or they comprise numerous subrules that Untangle pre-configured to save you time. You can, however, set the priority for these non-editable default rules.
(Editable) VoIP (SIP), VoIP (IAX), DNS, and SSH. You can edit these default rules.

Note: As you optimize for protocols, you become more vulnerable to denial-of-service attacks. Untangle Server's Attack Blocker protects you against such threats while still enabling you the Quality of Service that you desire. Attack Blocker protects against ack (or SYN) flooding and ping-of-death attacks.

To enable QoS:

From the Navigation pane, choose Config > QoS.
Specify your Internet connection speeds and priorities for non-editable default rules.

Enabled If selected, enables Untangle QoS. Enabling each individual default rule does not automatically enable Untangle QoS.

Internet Download Bandwidth Your Internet connection's maximum download speed as set by your ISP. If you don't know the speed, use Speakeasy's Speed Test tool.

Limit Download to Untangle Server automatically suggests a download limit; however, you can adjust the recommended settings. Best practice is to use a download speed that's 80-90% of your actual download speed.

Internet Upload Bandwidth Your Internet connection's maximum upload speed as set by your ISP. If you don't know the speed, use Speakeasy's Speed Test tool.

Limit Upload to Untangle Server automatically suggests an upload limit; however, you can adjust the recommended settings. Best practice is to use an upload speed that's 90-95% of your actual upload speed.

Ping Priority Default rule for ICMP protocol of Ping requests. By default, the rule is set to Normal.

ACK Priority Default rule for ACK (TCP) provides acknowledgments of downloaded packets. This rule speeds up downloads when upload bandwidth is saturated.
Acknowledgments are uploads. If you were talking with someone over VoIP, for example, you want VoIP packets that you download to be acknowledged as quickly as possible so there is no delay in your conversation. You want these acknowledgments to be given high priority because they're time sensitive. In short, speeding up acknowledgments makes for a better VoIP experience. So, by default, the rule is set to High.

Gaming Priority Default rule consists of rules for PS3, Wii, XBox Live, and Microsoft DirectX gaming protocols. By default, the rule is set to Normal.

Do one of the following:

For each of the default rules that you want to enable, select the On check box, then choose a Priority.
Click the Add button to add a new rule or to change the filter conditions for the editable default rules.

You can filter based on any of the following conditions:

Destination Address Destination IP address of the traffic if the traffic is not redirected. You indicate a wildcard by not specifying the value. To learn about IP address syntax, go to Networking and Web Address Syntax.

Destined Local The traffic is destined to any of the Untangle Server's IPs.

Destination Port Original destination port of the traffic. To learn about port syntax, go to Networking and Web Address Syntax.

Protocol Network protocol of the traffic. Use UDP on SIP port to improve VoIP. SIP is an application protocol that establishes VoIP sessions between caller and sender. This filter is the most common..

Source Address Source IP address of the traffic. Use when one computer is less important than all others. Perhaps you have a system that guests use to browse the Internet while they're waiting in the lobby. Perhaps a subnet is less important. Use CIDR notation for this field, to learn about IP address syntax, go to Networking and Web Address Syntax. Bypassed traffic only

Source Interface Interface from which the Untangle Server receives traffic. Valid values are External, Internal, DMZ, eth3-6. For information about the Untangle Server's network interfaces, see the discussion in Network Interfaces. Bypassed traffic only

Source Port Source Port number of traffic bound outward from the external interface. For example use Source Port 80 to adjust the priority of a webserver. Bypassed traffic only

Figure, Creating QoS Rules

Click Save.

Note: Another way to speed up your network performance is to bypass Untangle's filtering of selected traffic. To do this, create a bypass rule for the condition on which you want to filter traffic to pass straight through. Go to Creating User Bypass Rules.

[edit]

Monitoring Untangle QoS

To monitor QoS:

From the Navigation pane, choose Config > QoS.
Scroll down to the QoS Statistics section, and click Refresh. Refresh retrieves real-time information.

Monitor the following statistics:

Priority The High/Normal/Low priority queue.

Rate The maximum bandwidth in bits per second allocated to a given priority queue.
Higher priority has a higher maximum rate and larger bursts. Lower priority is limited to a slower rate and smaller bursts so that lower priority interferes less with high priority.

Burst The number of bits sent at one time when there is bandwidth available. That is how big the chunks are when processing the queues.
Higher priority has a higher maximum rate and larger bursts. Lower priority is limited to a slower rate and smaller bursts so that lower priority interferes less with high priority.

Sent The number of bytes sent through the High/Normal/Low priority queues. Verify that high priority traffic increasing in number of bytes.

Tokens A Measure of how much data can be sent over the smoothing period, about 10 seconds. If close to zero or negative then the queue has been saturated, which is bad for the high priority queue and maybe bad for the normal queue; however, this is expected behavior for the low priority queue.
Monitor tokens, which indicate that the connection is saturated—that you don't have enough bandwidth. A token is an outbound packet that hasn't exited the Untangle's Linux kernel yet. Untangle QoS is monitoring the networking queues 1000 times a second. Monitor tokens, which indicate that the connection is saturated—that you don't have enough bandwidth. A token is an outbound packet that hasn't exited the Untangle's Linux kernel yet. Untangle QoS is monitoring the networking queues 1000 times a second.

CTokens A Measure of how much data can be sent in 1 millisecond (1/1000 seconds). If negative, the queue is in active use and may potentially be shaped at some point if it continues at this activity level.
Verify that both high and normal priority traffic are not getting dropped as indicated by a low or negative number of tokens. A negative number of CTokens indicates significant usage of that priority class's bandwidth. Verify that high and normal priority traffic is not getting dropped as indicated by a low or negative number of tokens. A negative number of CTokens indicates significant usage of that priority class's bandwidth.

[edit]

Known Issues

In 5.3 (Tahoe) traffic that is not bypassed can not match on source port, source address, or source interface. The rest of the matches (destination port, destination address, etc) work as expected. For bypassed traffic (typically VOIP) all matchers work as expected. This is documented here.
Untangle QoS is based on Linux Traffic Control (TC) tool. In the rare event that you are currently using TC, Untangle Server overwrites your QoS configuration as soon as you enable Untangle QoS. To avoid this problem, move your current TC scripts into /etc/untangle-net-alpaca/tc-rules.d

Retrieved from "http://wiki.untangle.com/index.php/QoS"

QoS

From UntangleWiki

Contents

About Untangle QoS

Enabling Untangle QoS

Monitoring Untangle QoS

Known Issues

Views

Personal tools

Navigation

Search

Toolbox

Enabled	If selected, enables Untangle QoS. Enabling each individual default rule does not automatically enable Untangle QoS.
Internet Download Bandwidth	Your Internet connection's maximum download speed as set by your ISP. If you don't know the speed, use Speakeasy's Speed Test tool.
Limit Download to	Untangle Server automatically suggests a download limit; however, you can adjust the recommended settings. Best practice is to use a download speed that's 80-90% of your actual download speed.
Internet Upload Bandwidth	Your Internet connection's maximum upload speed as set by your ISP. If you don't know the speed, use Speakeasy's Speed Test tool.
Limit Upload to	Untangle Server automatically suggests an upload limit; however, you can adjust the recommended settings. Best practice is to use an upload speed that's 90-95% of your actual upload speed.
Ping Priority	Default rule for ICMP protocol of Ping requests. By default, the rule is set to `Normal`.
ACK Priority	Default rule for ACK (TCP) provides acknowledgments of downloaded packets. This rule speeds up downloads when upload bandwidth is saturated. Acknowledgments are uploads. If you were talking with someone over VoIP, for example, you want VoIP packets that you download to be acknowledged as quickly as possible so there is no delay in your conversation. You want these acknowledgments to be given high priority because they're time sensitive. In short, speeding up acknowledgments makes for a better VoIP experience. So, by default, the rule is set to `High`.
Gaming Priority	Default rule consists of rules for PS3, Wii, XBox Live, and Microsoft DirectX gaming protocols. By default, the rule is set to `Normal`.

Destination Address	Destination IP address of the traffic if the traffic is not redirected. You indicate a wildcard by not specifying the value. To learn about IP address syntax, go to Networking and Web Address Syntax.
Destined Local	The traffic is destined to any of the Untangle Server's IPs.
Destination Port	Original destination port of the traffic. To learn about port syntax, go to Networking and Web Address Syntax.
Protocol	Network protocol of the traffic. Use UDP on SIP port to improve VoIP. SIP is an application protocol that establishes VoIP sessions between caller and sender. This filter is the most common..
Source Address	Source IP address of the traffic. Use when one computer is less important than all others. Perhaps you have a system that guests use to browse the Internet while they're waiting in the lobby. Perhaps a subnet is less important. Use CIDR notation for this field, to learn about IP address syntax, go to Networking and Web Address Syntax.	Bypassed traffic only
Source Interface	Interface from which the Untangle Server receives traffic. Valid values are External, Internal, DMZ, eth3-6. For information about the Untangle Server's network interfaces, see the discussion in Network Interfaces.	Bypassed traffic only
Source Port	Source Port number of traffic bound outward from the external interface. For example use Source Port 80 to adjust the priority of a webserver.	Bypassed traffic only

Priority	The High/Normal/Low priority queue.
Rate	The maximum bandwidth in bits per second allocated to a given priority queue. Higher priority has a higher maximum rate and larger bursts. Lower priority is limited to a slower rate and smaller bursts so that lower priority interferes less with high priority.
Burst	The number of bits sent at one time when there is bandwidth available. That is how big the chunks are when processing the queues. Higher priority has a higher maximum rate and larger bursts. Lower priority is limited to a slower rate and smaller bursts so that lower priority interferes less with high priority.
Sent	The number of bytes sent through the High/Normal/Low priority queues. Verify that high priority traffic increasing in number of bytes.
Tokens	A Measure of how much data can be sent over the smoothing period, about 10 seconds. If close to zero or negative then the queue has been saturated, which is bad for the high priority queue and maybe bad for the normal queue; however, this is expected behavior for the low priority queue. Monitor tokens, which indicate that the connection is saturated—that you don't have enough bandwidth. A token is an outbound packet that hasn't exited the Untangle's Linux kernel yet. Untangle QoS is monitoring the networking queues 1000 times a second. Monitor tokens, which indicate that the connection is saturated—that you don't have enough bandwidth. A token is an outbound packet that hasn't exited the Untangle's Linux kernel yet. Untangle QoS is monitoring the networking queues 1000 times a second.
CTokens	A Measure of how much data can be sent in 1 millisecond (1/1000 seconds). If negative, the queue is in active use and may potentially be shaped at some point if it continues at this activity level. Verify that both high and normal priority traffic are not getting dropped as indicated by a low or negative number of tokens. A negative number of CTokens indicates significant usage of that priority class's bandwidth. Verify that high and normal priority traffic is not getting dropped as indicated by a low or negative number of tokens. A negative number of CTokens indicates significant usage of that priority class's bandwidth.