SteelHead™ Deployment Guide : QoS Configuration Examples : Configuring QoS Using Best Practices
  
Configuring QoS Using Best Practices
This section describes an example network and the basic steps for configuring Riverbed QoS using the given specifications. This section includes the following topics:
  • Example QoS Scenario
  • Configuring QoS on the Data Center SteelHead
  • Configuring Applications
  • Creating QoS Profiles
  • Configuring Topology
  • Enabling QoS on the SteelHead
    • For more information on best practices, see QoS Enforcement Best Practices.
    Example QoS Scenario
    This scenario is the basis for the configuration described in Configuring QoS on the Data Center SteelHead.
    Figure 7‑1 shows a simple hub and spoke setup. The San Francisco data center provides the services for the remote sites, and has a connection to the Internet for browsing and MS Office 365 applications.
    Figure 7‑1. SteelHead Configuration Example
    The overall goal for implementing QoS is to protect VoIP traffic from all other traffic and to protect MS Office 365 traffic from Internet browsing in the data center.
    The data center:
  • hosts telephony services using the RTP protocol for voice.
  • hosts all other services that do not need special shaping or prioritization.
  • uses a SteelHead that:
  • is deployed physically in-path.
  • has an uplink on its in-path0_0 interface with 100 Mbps of bandwidth to the MPLS network.
  • serves the four remote branch offices—New York, London, Frankfurt, and Paris—which all connect to the MPLS network.
  • has an uplink on in-path0_1 to the Internet with a bandwidth of 15 Mbps for browsing and access to MS Office 365.
    •  
  • has the following QoS goals for outbound traffic:
  • for the New York, London, and Paris sites, VoIP (using RTP) traffic is prioritized and guaranteed 20% of the sites bandwidth.
  • for the Frankfurt site 30% of the sites bandwidth is guaranteed for a video conferencing system. Of these 30%, one-third of the bandwidth is guaranteed for voice and two-thirds of the bandwidth for video. The video conferencing system uses the RTP-Voice and RTP-Video protocol.
  • has the following goal for inbound traffic:
  • guarantee the same bandwidth for incoming VoIP calls (using RTP) from the remote sites as for outgoing VoIP calls.
  • protect MS Office 365 traffic from ordinary Internet browsing traffic in the data center.
    • Branch offices have:
  • a 20-Mbps link to the MPLS network for New York and London each.
  • a 10-Mbps link to the MPLS network for Paris
  • a 50-Mbps link to the MPLS network for Frankfurt.
    • Frankfurt has a video conferencing system installed and wants to guarantee 15Mbps of bandwidth for it. Of the 15 Mbps, 5 are guaranteed for voice and 10 for video.
  • SteelHeads that are deployed physically in-path.
    • Figure 7‑2 shows a graphical representation of the goal for implementing QoS results with the following site and profile structure.
    Figure 7‑2. Graphical Representation of the Goal for QoS Implementation
    From the point of view of the San Francisco data center, you can use this site and profile structure for outbound and inbound QoS.
    Configuring QoS on the Data Center SteelHead
    This section describes the overall work flow to configure QoS on the data center SteelHead. This example does not require QoS configuration of the SteelHeads in the branch offices.
    The work flow is as follows:
    Configure applications, if necessary.
    Configure QoS profiles for the sites for inbound and outbound traffic.
    Configure the topology and assign the QoS profiles to the sites.
    Enable QoS.
    Configuring Applications
    Applications must be known to the SteelHead so that you can configure QoS rules. You must configure or verify application definitions as the first step when configuring QoS. Configuring applications simplifies the work flow, so you do not have to jump between configuration pages.
    For more information about applications, see Application Definitions.
    The example QoS scenario has the following important applications:
  • RTP-Voice
  • RTP-Video
  • Office 365
    • To be able to protect these applications from other traffic, you need to ensure that the SteelHead can recognize them so you can use them to set up a QoS rule in the QoS profile later.
    To verify that an application is known to the SteelHead
    Choose Networking > App Definitions: Applications.
    Select Add.
    In the New Application screen, specify the first letters of the application name you want to verify into the Application Layer Protocol field.
    The applications RTP-Voice and RTP-Video are already known to the SteelHead (Figure 7‑3).
    Figure 7‑3. New Application
    Check for Office 365.
    Office 365 is known to the SteelHead (Figure 7‑4).
    Figure 7‑4. MS-Office 365 in AFE
    So for the example QoS scenario, you do not need to configure a new application, but can rely on the AFE. When you configure a real-life QoS environment, you will most likely make use of the Application Groups.
    You can use this process to create new applications, if the application you want is not in the AFE.
    To learn about Application Groups and creating new applications, see Applications.
    Creating QoS Profiles
    The QoS profile is the building block that contains the QoS classes and rules for traffic going to a site. You can assign a single QoS profile to many sites and you can use it to configure inbound and outbound QoS.
    For more information about profiles, see QoS Profiles.
    For the example QoS scenario, you must create three QoS profiles. One profile for the sites New York, London and Paris, one for Frankfurt, and one for incoming MS Office 365 traffic that must be protected from incoming Internet browsing traffic.
    To create a QoS Profile for New York, London, and Paris
    Choose Networking >Network Services: Quality of Service.
    Select Add a QoS Profile.
    The New Profile box opens and prompts for a profile name.
    If you already had created a profile earlier, you are able to use this as a template for a new profile. For this example, choose Blank Template, enter a name (PrioritizeVoIP) and click Save (Figure 7‑5).
    Figure 7‑5. Add a Profile Name
    The new profile appears in the QoS profiles table.
    Click Edit.
    The empty profile opens.
    You must configure the class. An empty profile always starts with the Root class, which represents the bandwidth of the uplink of a site.
    Sites and uplinks are configured later in the process and is described in Configuring Topology.
    In the QoS classes section of the page, click Edit, and then select Add Class.
    Configure a class for the VoIP traffic. Give the class a name, set the minimum bandwidth to 20%, and choose priority 1 for real-time traffic.
    Click Add Class (Figure 7‑6).
    Figure 7‑6. Add a VoIP Class
    Create the class for other traffic. Select Add Class, give the class a name and set the priority to 4, which is Normal priority.
    Click Add Class (Figure 7‑7).
    Figure 7‑7. Add OtherApps Class
    The configured classes are shown on the QoS Classes page (Figure 7‑8).
    Figure 7‑8. QoS Configured Classes
    Click Save.
    Next, configure the QoS rules to direct the traffic into the classes.
    In the QoS Rules section, select Add a Rule.
    RTP-Audio from the Application or Application Group drop-down menu.
    Select VoIP from the QoS Class drop-down menu (Figure 7‑9).
    Figure 7‑9. Add New RTP-Audio Rule
    Click Save.
    The new QoS rule is shown in the QoS Rules table.
    Now you need to edit the Any or Default Rule to point it to the OtherApp class you created.
    Expand the Any rule and change the QoS class by selecting OtherApps from the drop-down menu (Figure 7‑10).
    Figure 7‑10. Changing the QoS Class
    Click Save.
    The QoS Profile for New York, London, and Paris is now ready to use.
    The Frankfurt site requires an additional level of hierarchy to accommodate for the video conferencing traffic and also has different bandwidth requirements. However, in this example, you can use the existing PrioritizeVoIP profile as a template and modified accordingly.
    To create a QoS Profile for Frankfurt
    To edit the existing PrioritizeVoIP profile, choose Networking > Network Services: Quality of Service.
    In the QoS Profiles section of the page, select Add a QoS Profile.
    Enter a name and select to copy from the PrioritizeVoIP Profile from the drop-down menu (Figure 7‑11).
    The VideoConf profile appears in the QoS Profiles table.
    Figure 7‑11. Creating a Profile from Existing Profile
    Click Save.
    The VideoConf profile appears in the QoS Profiles table.
    Click Edit.
    Edit the QoS classes of the profile. Change the:
  • name of the VoIP class to VideoConference.
  • minimum bandwidth to 30% according to the example QoS scenario.
    • Before you can add a level of hierarchy to this class, edit all rules that point to it to point to the default class or delete the rule. A parent class cannot have a QoS rule assigned to it.
    Next, add a class for the voice part of the video conferencing system.
    Click Add Class, which is connected to the VideoConference class.
    Enter a name (Voice) for the class, set the minimum bandwidth to 33% according to the example QoS scenario, and select priority 1, which is real-time (Figure 7‑12).
    Figure 7‑12. Add Voice Class
    Click Add Class.
    Repeat the above steps to configure a class for the video part of the video conferencing system.
    Choose Video for the name of the class and configure the Priority to 2, which is interactive. Note that you do not have to set a minimum bandwidth, because you already guaranteed bandwidth to the voice part.
    Your class configuration now looks like (Figure 7‑13).
    Figure 7‑13. Finished QoS Class Configuration
    Click Save.
    Configure the QoS rules to direct the traffic into the classes.
  • Configure one rule for RTP-Audio to point to the Voice class.
  • Configure one rule for RTP-Video to point to the Video class.
    • The QoS Rules table now looks like (Figure 7‑14).
    Figure 7‑14. Finished QoS Rules Table
    The QoS profile for Frankfurt is now ready to use.
    Setting up a QoS profile is the same for inbound and outbound QoS. Internet traffic usually generates more incoming than outgoing traffic. That is why in this example QoS scenario, the incoming MS Office 365 traffic must be protected from incoming Internet browsing traffic.
    This procedure assumes you have read the beginning of this section and know the intermediary steps.
    To create a QoS profile and rules to protect MS Office 365
    Create a class for the MS Office 365 traffic.
    Set the minimum bandwidth to 20% and configure the priority to 3, which is business critical.
    Create a class for all other Internet traffic and set its priority to 5, which is low priority.
    The QoS classes in the MSOffice365 profile look like (Figure 7‑15).
    Figure 7‑15. QoS Class Setting for Office 365
    To configure the QoS rules, select Add a Rule and select MS-Office-365.
    Select O365 as QoS class.
    Click Save.
    Point the default rule to the WWWBrowsing class.
    The QoS rules table looks like (Figure 7‑16).
    Figure 7‑16. Configured QoS Rules Table
    The QoS profiles needed for the example QoS scenario are now configured.
    Configuring Topology
    The topology provides the SteelHead with a view onto the network it is connected to. The topology consists of the network, the sites, and the uplinks to the network for the sites. Additionally, the QoS profiles are linked to the sites.
    For more information about topology, see Topology.
    To configure the topology, choose Networking > Topology: Sites & networks. The My WAN network is configured by default.
    To configure networks
    Select Add a Network.
    According to the example, specify MPLS as the name in the New Network box (Figure 7‑17).
    The Public Network check box is used with the secure transport feature for SCC. For more details, see the SteelCentral Controller for SteelHead Deployment Guide.
    Figure 7‑17. Network Name
    Click Save.
    To configure the Local site
    Click Edit for the Local (Local) site.
    The local site is the physical location of the SteelHead you are connected to.
    According to the example, rename the site San Francisco.
    Specify the local subnets into the Subnets field.
    According to this example (because the uplink connects to the MPLS network), select MPLS as uplink inpath0_0 from the name drop-down menu.
    Enter the up and down bandwidth of the link to the MPLS network (Figure 7‑18).
    The configuration options for SteelHead Peers, Gateway IP, GRE Tunneling, and Probe are only used for the path selection feature and not needed for QoS.
    You can leave the default values in the primary uplink because you do not need to configure it for QoS. Because the local site is the site in which the SteelHead you are configuring is physically located, you cannot assign any QoS profiles to the local site.
    Figure 7‑18. MPLS Network
    Click Save.
    To configure the remote sites
    Select Add a Site.
    According to the example, specify New York.
    Specify the local subnets.
    Assign the QoS profiles by selecting PrioritizeVoIP as inbound as well as outbound QoS profile.
    Select Add New Uplink.
    Select MPLS from the Network drop-down box and enter the up and down bandwidth.
    According to the example QoS scenario, the bandwidth for the New York site is 20 Mbps for both.
    Your site configuration looks like Figure 7‑19.
    Figure 7‑19. Site Configuration
    Click Save.
    Repeat the same process for the London and Paris sites.
    According to the example QoS scenario, the sites New York, London and Paris, can all use the PrioritizeVoIP QoS profile. Remember to configure the correct up and down bandwidth for the Paris site.
    Configure the Frankfurt site.
    Use the same procedure as above. The differences are the bandwidth and the QoS profile. Select 50 Mbps as up and down bandwidth and assign the VideoConf profile as inbound and outbound QoS profile.
    Configure the DefaultSite.
    According to the example QoS scenario, you want to configure MS Office365 traffic to be protected from Internet browsing. Internet traffic in general is not bound to a specific site, and that is why you need to use the default site.
  • Select the MSOffice365 profile as inbound QoS profile.
  • Select Add New Uplink to the default site.
  • Specify a name.
  • Connect the uplink to the MPLS network.
  • Configure the up and down bandwidth to 15 Mbps.
    • Your default site configuration looks like Figure 7‑20.
    Figure 7‑20. Default Site Configuration
    Click Save.
    Your final Sites & Networks page looks like Figure 7‑21.
    Figure 7‑21. Final Sites & Networks Page
    Enabling QoS on the SteelHead
    Riverbed recommends as a best practice to first configure QoS on a SteelHead and then enable QoS as the final step. This order prevents unexpected network behavior while configuring QoS. However, to correctly classify traffic, the SteelHead must detect the three-way TCP handshake of the session carrying that traffic. Therefore, when you enable QoS, existing TCP/UDP session is not classified correctly and is classified to the default class.
    You must make sure to enable QoS at a time when network usage is low, or during a maintenance window.
    To enable QoS
    Choose Networking > Network Services: Quality of Service.
    Select Enable Outbound QoS Shaping and Enable Inbound QoS Shaping (Figure 7‑22).
    Figure 7‑22. Enable QoS Shaping
    Click Save.
    In the Manage QoS Per Interface section of the Quality of Service page, wan0_0 is enabled for inbound and outbound QoS by default.
    In summary, the Networking > Network Services: Quality of Service pages shows you a summary of what you have been configuring to set up QoS on the SteelHead. You can use this page to quickly check what is configured for QoS and if it is configured correctly (Figure 7‑23).
    Figure 7‑23. Quality of Service Page as a Summary