Configuring Application QoS

This section describes how to configure application QoS. Application QoS rules allow you to set the max and min bandwidth for the specified application.

Creating an Application QoS Rule

To create an application QoS rule, take the following steps:

  1. On the Navigation pane, click Configure > Content > QoS to visit the QoS Configuration page.
  2. Click New.
  3. On the Basic tab in the Application QoS dialog, configure basic options for the application QoS rule.
    The options are described as below:
    Type Description
    Rule name Specifies a name for the rule.
    Apply to

    Specifies a QoS object which can be an interface or security zone.

    • Interface: Specifies an interface the rule will be applied to.
    • Zone: Specifies a security zone the rule will be applied to.
    Match condition Application: Select an application you want to match from or type the application name into the Application combo box.
    Add: Click Add to add the selected application to the list below. You can add multiple applications as needed.
    Delete: Click Delete to delete the selected application.

    More: Click More, and in the Advanced dialog, add more matching conditions, including:

    • Ingress interface: Specifies an ingress interface as the matching condition.
    • QoS tag: Specifies a QoS tag as the matching condition. The value range is 1 to 1024. You can configure a QoS tag when creating a policy rule. For more information about the configuration, refer to Configuring a Policy Rule.
    • DSCP: Specifies a DSCP as the matching condition. The DSCP can be either an integer (0 to 63) or a keyword (such as af11, cs2). At most 10 DSCP matching conditions are supported.
    • IP precedence: Specifies an IP precedence as the matching condition. The value range is 0 to 7. At most 10 IP precedence matching conditions are supported.
    • CoS: Specifies a CoS as the matching condition. The value range is 0 to 7. At most 10 CoS matching conditions are supported.
    • IP range: Specifies an IP range as the matching condition.
    • Address entry: Specifies an address entry as the matching condition.
    • Role: Specifies a role as the matching condition.
    • User: Specifies a user as the matching condition.
    • User group: Specifies a user group as the matching condition.

    Note: At most 10 matching conditions are supported.
    Output BW

    Specifies a restriction method, value and restriction schedule for the bandwidth.

    • Min BW: Specifies a min bandwidth. The value must be smaller than the actual bandwidth value of the interface. The value range is 32 to 1000000 Kbps.
    • Max BW: Specifies a max bandwidth. The value must be smaller than the actual bandwidth value of the interface. The value range is 32 to 1000000 Kbps.
    • Schedule: Specifies a schedule during which the bandwidth restriction will take effect.
    Add: Click Add to add the configured entry to the list below.
    Delete: Click Delete to delete the selected entry.

    Advanced: Click Advanced, and in the Advanced dialog, configure options. The available options may vary from the selected bandwidth types and sub types.

    In the Bandwidth section, you can specify Max BW or Min BW as the bandwidth restriction method. For Max BW, you can select Shaping or Policing from the Type drop-down list as needed; for Min BW, you can select Min BW or LLQ BW priority(Priority) from the Type drop-down list.

    Max BW - Shaping: Traffic shaping working on egress interfaces is used to smooth the egress traffic according to the desired rate configuration. The configuration parameters include:

    • CIR - Specifies a committed information rate (for putting tokens into the token bucket), i.e., the average rate of the permitted traffic, and also the max bandwidth of the restricted object. The value must be smaller than the actual bandwidth value of the interface. The value range is 32 to 1000000 Kbps.
    • CB - Specifies a committed burst size (the size of the first token bucket), i.e. the max traffic for each burst. The value must be larger than the size of the longest packet, and smaller than the actual bandwidth value of the interface. The value range is 2048 to 51200000 bytes.
    • EB - Specifies an excess burst size (the size of the second token bucket), i.e., the max traffic for the excess burst. The value must be smaller than the actual bandwidth value of the interface. The value range is 2048 to 51200000 bytes.
    • Schedule - Specifies a schedule during which the bandwidth restriction will take effect.

    Max BW - Policing: Traffic policing is used to control the traffic and apply specified actions to Conform and Exceed traffic. The configuration parameters include:

    • CIR - Specifies a committed information rate (for putting tokens into the token bucket), i.e., the average rate of the permitted traffic, and also the max bandwidth of the restricted object. The value must be smaller than the actual bandwidth value of the interface. The value range is 32 to 1000000 Kbps.
    • CB - Specifies a committed burst size (the size of the first token bucket), i.e. the max traffic for each burst. The value must be larger than the size of the longest packet, and smaller than the actual bandwidth value of the interface. The value range is 2048 to 51200000 bytes.
    • EB - Specifies an excess burst size (the size of the second token bucket), i.e., the max traffic for the excess burst. The value must be smaller than the actual bandwidth value of the interface. The value range is 2048 to 51200000 bytes.
    • Conform action - Specifies an action for the packets that conform with the specifications. Select one of the actions below from the drop-down list:
      Drop: Drops the packets.
      Transfer: Keeps the packets intact and transfers.
      Set DSCP and transmit: Sets a DSCP for the packets and transmits.
      Set IP precedence and transmit: Sets an IP precedence for the packets and transmits.
    • Exceed action - Specifies an action for the packets that exceed the excess burst size. The options are the same with those of the above Conform action.
    • Violate action - Specifies an action for the packets that violate the specification. The options are the same with those of the above Conform action.
    • Schedule - Specifies a schedule during which the bandwidth restriction will take effect.

    Min BW - Min BW: Configures a min bandwidth for the restricted object. The configuration parameters include:

    • Bandwidth - Specifies a min bandwidth value, the value range is 32 to 1000000 Kbps; or specifies a min bandwidth percentage in the interface's total bandwidth, the value range is 1 to 100.
    • Schedule - Specifies a schedule during which the bandwidth restriction will take effect.

    Min BW - LLQ BW priority (Priority): Configure a min bandwidth for the restricted object. Low Latency Queuing (LLQ) is a comprehensive algorithm of Priority Queuing (PQ), Custom Queuing (CQ) and Weighted Fair Queuing. LLQ is usually used for voice and interactive video stream. The total bandwidth configured for LLQ should not be more than 33% of total application bandwidth. The configuration parameters include:

    • Bandwidth - Specifies a min bandwidth value, the value range is 32 to 1000000 Kbps; or specifies a min bandwidth percentage in the interface's total bandwidth, the value range is 1 to 100.
    • Schedule - Specifies a schedule during which the bandwidth restriction will take effect.
    Input BW

    Specifies a max bandwidth and restriction schedule.

    • Max BW: Specifies a max bandwidth. The value must be smaller than the actual bandwidth value of the interface. The value range is 32 to 1000000 Kbps.
    • Schedule - Specifies a schedule during which the bandwidth restriction will take effect.
    Add: Click Add to add the configured entry to the list below.
    Delete: Click Delete to delete the selected entry.

    Advanced: Click Advanced, and in the Advanced dialog, configure options.

    Max BW - Policing: Traffic policing is used to control the traffic and apply specified actions to Conform and Exceed traffic. The configuration parameters include:

    • CIR - Specifies a committed information rate (for putting tokens into the token bucket), i.e., the average rate of the permitted traffic, and also the max bandwidth of the restricted object. The value must be smaller than the actual bandwidth value of the interface. The value range is 32 to 1000000 Kbps.
    • CB - Specifies a committed burst size (the size of the first token bucket), i.e. the max traffic for each burst. The value must be larger than the size of the longest packet, and smaller than the actual bandwidth value of the interface. The value range is 2048 to 51200000 bytes.
    • EB - Specifies an excess burst size (the size of the second token bucket), i.e., the max traffic for the excess burst. The value must be smaller than the actual bandwidth value of the interface. The value range is 2048 to 51200000 bytes.
    • Conform action - Specifies an action for the packets that conform with the specifications. Select one of the actions below from the drop-down list:
      Drop: Drops the packets.
      Transfer: Keeps the packets intact and transfers.
      Set DSCP and transmit: Sets a DSCP for the packets and transmits.
      Set IP precedence and transmit: Sets an IP precedence for the packets and transmits.
    • Exceed action - Specifies an action for the packets that exceed the excess burst size. The options are the same with those of the above Conform action.
    • Violate action - Specifies an action for the packets that violate the specification. The only available option is Drop, i.e., dropping the packet.
    • Schedule - Specifies a schedule during which the bandwidth restriction will take effect.
  4. On the Advanced tab, configure advanced options for the application QoS rule.
    Function Description
    WRED The Weighted Random Early Detection (WRED) is disabled by default. You can enable this mechanism for input and output bandwidth. Select the Enable check box behind Input or Output to enable WRED, and select one of the options below from the drop-down list:
    • Based on DSCP - WRED calculates the possibility of dropping the packets based on DSCP.
    • Based on IP precedence - WRED calculates the possibility of dropping the packets based on IP precedence. This is the default options.
    Packet marking

    This function is disabled by default. Select the Enable check box behind Input to enable packet marking for the input bandwidth, and configure the options below as needed:

    • IP QoS priority - Allocates different priorities for the bandwidth within each IP based on the types of applications. The IP QoS priority should be used in combination with IP-based QoS to realize the following effect: the bandwidth is restricted, at the same time important bandwidth is allocated with higher priority, and has the priority in processing. StoneOS supports 5 IP QoS priorities (1 to 5) among which 1 is the highest, and 3 is the default. The IP QoS priority is only valid within the device. Once the packets leave the Hillstone device, the marked IP QoS priority will be invalid.
    • CoS - Specifies a Layer 2 CoS for the sent packets, so that the device and implement QoS management on the packets based on the marked CoS.
    • DSCP/IP Precedence - Specifies a DSCP value or IP precedence for the packets. All the other QoS functions can operate on the packets based on the configured DSCP value or IP precedence.
    Fine-grained control

    You can nest an IP QoS rule or role QoS rule for input/output bandwidth's application QoS rule. After that StoneOS will allocate different IPs or roles for different application bandwidth based on the specified IP or role QoS rule, thus realizing fine-grained control over application QoS.

    • Nest IP QoS rule: Select IP QoS from the Type drop-down list, and click Nest IP QoS rule. In the Nest IP QoS dialog, configure options. The available options are the same with those of IP QoS configuration.
    • Nest role QoS rule: Select Role QoS from the Type drop-down list, and click Nest role QoS rule. In the Nest Role QoS dialog, configure options. The available options are the same with those of role QoS configuration.

    Tip: After configuring nest QoS, you can select a QoS rule from the fine-grained rule list and click Edit/Delete to edit/delete the rule.
  5. Click OK to save your settings.

Editing an Application QoS Rule

To edit an application QoS rule, take the following steps:

  1. On the Navigation pane, click Configure > Content > QoS to visit the QoS Configuration page.
  2. Select the application QoS rule you want to edit from the rule list, and click Edit. In the Application QoS dialog, modify according to your need.
  3. Click OK to save your changes.

Deleting an Application QoS Rule

To delete an application QoS rule, take the following steps:

  1. On the Navigation pane, click Configure > Content > QoS to visit the QoS Configuration page.
  2. Select the application QoS rule you want to delete from the rule list, and click Delete.

Enabling/Disabling an Application QoS Rule

To enable/disable an application QoS rule, take the following steps:

  1. On the Navigation pane, click Configure > Content > QoS to visit the QoS Configuration page.
  2. Select the application QoS rule you want to enable/disable from the rule list, and click Enable/Disable.

Viewing an Application QoS Rule

To view an application QoS rule, take the following steps:

  1. On the Navigation pane, click Configure > Content > QoS to visit the QoS Configuration page.
  2. Select Interface, Zone or ALL from the Apply to drop-down list.

All the configured QoS rules for the selected interface/zone or all the interfaces/zones are listed in the application QoS list.

Adjusting Priority

For the QoS rules that are bound to the same interface or security zone, StoneOS will match the rules displayed in the QoS rule list in a descending order, i.e., the upper the rule is, the higher its priority is.

To adjust a QoS rule's position, take the following steps:

  1. On the Navigation pane, click Configure > Content > QoS to visit the QoS Configuration page.
  2. Click Priority on the upper-right of the application QoS rule rlist.
  3. In the Adjust Priority dialog, select an application QoS rule and click Up, Down, Top or Bottom to move the rule.
  4. Click OK to save your changes.

Configuring an IP Address Whitelist

QoS supports IP address whitelist. With whitelist configured, StoneOS will not set any QoS restriction on the specified traffic.

To configure an IP address whitelist, take the following steps:

  1. On the Navigation pane, click Configure > Content > QoS to visit the QoS Configuration page.
  2. On the Application QoS tab, select an IP range or address entry that is not restricted by the QoS rule from the Whitelist drop-down list:
    IP range - Type the start IP and end IP into the boxes.
    Address entry - Select an address entry from the drop-down list.
  3. Click OK to save your settings.

Specifying a Schedule

To specify a schedule during which the application QoS rule will take effect, take the following steps:

  1. On the Navigation pane, click Configure > Content > QoS to visit the QoS Configuration page.
  2. On the Application QoS tab, select a schedule from the Schedule drop-down list, and click OK.
  3. Click OK to save your settings.

Related Topics:

Application QoS Configuration Example