Control | Description |
Enable QoS Shaping | Enables QoS classification to control the prioritization of different types of network traffic and to ensure that the SteelHead gives certain network traffic (for example, Voice over IP) higher priority than other network traffic. Traffic is not classified until at least one WAN interface is enabled. To disable QoS, clear this check box and restart the optimization service. |
Mode | Specify Flat or Hierarchical. Changing modes while QoS is enabled can cause momentary network disruptions. Use a hierarchical tree structure to • segregate traffic based on flow source or destination and apply different shaping rules and priorities to each leaf-class. • effectively manage and support remote sites with different bandwidth characteristics. |
Network Interfaces: Enable QoS on <interface> with WAN Bandwidth | Specify the interface bandwidth link rate in kilobits per second. The link rate is the bottleneck WAN bandwidth, not the interface speed out of the WAN interface into the router or switch. As an example, if your SteelHead connects to a router with a 100-Mbps link, do not specify this value—specify the actual WAN bandwidth (for example, T1 or T3). Important: Different WAN interfaces can have different WAN bandwidths; you must enter the bandwidth link rate correctly for QoS to function properly. |
Enable Local WAN Oversubscription | Optionally, select to allow the sum of remote site bandwidths to exceed the WAN uplink speed. Bandwidth oversubscription shares the bandwidth fairly when the network includes remote site bandwidths that collectively exceed the available bandwidth of the local WAN uplink interface speed. The link sharing provides bandwidth guarantees when some of the sites are partially or fully inactive. As an example, your data center uplink can be 45 Mbps with three remote office sites each with 20 Mbps uplinks. When disabled, you can only allocate bandwidth for the remote sites such that the total bandwidth does not exceed the bandwidth of any of the interfaces on that QoS is enabled. Note: Enabling this option can degrade latency guarantees when the remote sites are fully active. |
Enable QoS Marking | Identify traffic using marking values. You can mark traffic using header parameters, such as VLAN, DSCP, and protocols. In RiOS 7.0, you can also use Layer-7 protocol information through AppFlow Engine (AFE) inspection to apply DSCP marking values to traffic flows. In RiOS 7.0 and later, the DSCP or IP TOS marking only has local significance. This means you can set the DSCP or IP TOS values on the server-side appliance to values different to those set on the client-side appliance. |
Global DSCP | Specify a DSCP value from 0 to 63, or No Setting. If your existing network provides multiple classes of service based on DSCP values, and you are integrating a SteelHead into your environment, you can use the Global DCSP feature to prevent dropped packets and other undesired effects. |
Control | Description |
Add a New QoS Class | Displays the controls for adding a class. |
Name | Specify a name for the QoS class. |
Shaping Parameters: | |
Class Parent | Appears only when a QoS hierarchy is enabled. Select the parent for a child class. The class inherits the parent’s definitions: for example, if the parent class has a business critical latency priority, and its child has a real-time latency priority, the child inherits the business critical priority from its parent, and uses a real-time priority only with respect to its siblings. Select a class parent from the drop-down list. |
Latency Priority | Indicates how delay-sensitive a traffic class is to the QoS scheduler. Select the latency priority for the class from the drop-down list (highest priority to lowest): • Realtime - Specifies real-time traffic class. Give this value to your highest priority traffic: for example, VOIP or video conference. • Interactive - Specifies an interactive traffic class: for example, Citrix, RDP, Telnet and SSH. • Business Critical - Specifies the high priority traffic class: for example, Thick Client Applications, ERPs, and CRMs. • Normal Priority - Specifies a normal priority traffic class: for example, Internet browsing, file sharing, and email. • Low Priority - Specifies a low priority traffic class for all traffic that does not fall into any other service class: for example, FTP, backup, replication, other high-throughput data transfers, and recreational applications such as audio file sharing. • Best Effort - Specifies the lowest priority. These are minimum priority guarantees; if better service is available, it is provided. For example, if a class is specified as low priority and the higher priority classes are not active, then the low priority class receives the highest possible available priority for the current traffic conditions. This parameter controls the priority of the class relative to the other classes. The latency priority describes only the delay sensitivity of a class, not how much bandwidth it is allocated, nor how important the traffic is compared to other classes. Typically, you configure low latency priority for high-throughput, non-packet delay sensitive applications like FTP, backup, and replication. |
Minimum Bandwidth | Specify the minimum amount of bandwidth (as a percentage) to guarantee to a traffic class when there is bandwidth contention. All of the classes combined cannot exceed 100 percent. During contention for bandwidth, the class is guaranteed the amount of bandwidth specified. The class receives more bandwidth if there is unused bandwidth remaining. Excess bandwidth is allocated based on the relative ratios of minimum bandwidth. The total minimum guaranteed bandwidth of all QoS classes must be less than or equal to 100 percent of the parent class. A default class is automatically created with minimum bandwidth of 10 percent. Traffic that does not match any of the rules is put into the default class. Riverbed recommends that you change the minimum bandwidth of the default class to the appropriate value. You can adjust the value as low as 0 percent. The system rounds decimal numbers to 5 points. |
Maximum Bandwidth | Specify the maximum allowed bandwidth (as a percentage) a class receives as a percentage of the parent class maximum bandwidth. The limit is applied even if there is excess bandwidth available. The system rounds decimal numbers to 5 points. |
Upper Bandwidth | Specify the maximum allowed bandwidth (as a percentage) a class receives as a percentage of the parent class guaranteed bandwidth. The limit is applied even if there is excess bandwidth available. Upper Bandwidth does not apply to MX-TCP queues. |
Optimized Connection Limit | Optionally, specify the maximum number of optimized connections for the class. When the limit is reached, all new connections are passed through unoptimized. In hierarchical mode, a parent class connection limit does not affect its child. Each child class optimized connection is limited by the connection limit specified for their class. For example, if B is a child of A, and the connection limit for A is set to 5, while the connection limit for B is set to 10, the connection limit for B is 10. Connection Limit is supported only in in-path configurations. It is not supported in out-of-path or virtual-in-path configurations. Connection Limit does not apply to the packet-order queue or Citrix ICA traffic. RiOS does not support a connection limit assigned to any QoS class that is associated with a QoS rule with an AFE component. An AFE component consists of a Layer-7 protocol specification. RiOS cannot honor the class connection limit because the QoS scheduler may subsequently re-classify the traffic flow after applying a more precise match using AFE identification. |
Outbound Queue | Optionally, select one of these queue methods for the leaf class from the drop-down list (the queue does not apply to the inner class): • SFQ - Shared Fair Queueing (SFQ) is the default queue for all classes. Determines SteelHead behavior when the number of packets in a QoS class outbound queue exceeds the configured queue length. When SFQ is used, packets are dropped from within the queue in a round-robin fashion, among the present traffic flows. SFQ ensures that each flow within the QoS class receives a fair share of output bandwidth relative to each other, preventing bursty flows from starving other flows within the QoS class. • FIFO - Transmits all flows in the order that they are received (first in, first out). Bursty sources can cause long delays in delivering time-sensitive application traffic and potentially to network control and signaling messages. • MX-TCP - Has very different use cases than the other queue parameters. MX-TCP also has secondary effects that you must understand before configuring: – When optimized traffic is mapped into a QoS class with the MX-TCP queueing parameter, the TCP congestion-control mechanism for that traffic is altered on the SteelHead. The normal TCP behavior of reducing the outbound sending rate when detecting congestion or packet loss is disabled, and the outbound rate is made to match the guaranteed bandwidth configured on the QoS class. – You can use MX-TCP to achieve high-throughput rates even when the physical medium carrying the traffic has high-loss rates. For example, MX-TCP is commonly used for ensuring high throughput on satellite connections where a lower-layer-loss recovery technique is not in use. RiOS 8.5 and later introduce rate pacing for satellite deployments, which combines MX-TCP with a congestion-control method. – Another use of MX-TCP is to achieve high throughput over high-bandwidth, high-latency links, especially when intermediate routers do not have properly tuned interface buffers. Improperly tuned router buffers cause TCP to perceive congestion in the network, resulting in unnecessarily dropped packets, even when the network can support high-throughput rates. MX-TCP is incompatible with AFE identification. A traffic flow cannot be classified as MX-TCP and then subsequently classified in a different queue. This reclassification can occur if there is a more exact match of the traffic using AFE identification. You must ensure the following when you enable MX-TCP: • The QoS rule for MX-TCP is at the top of QoS rules list. • The rule does not use AFE identification. • You only use MX-TCP for optimized traffic. MX-TCP does not work for unoptimized traffic. Use caution when specifying MX-TCP. The outbound rate for the optimized traffic in the configured QoS class immediately increases to the specified bandwidth, but it does not decrease in the presence of network congestion. The SteelHead always tries to transmit traffic at the specified rate. If no QoS mechanism (either parent classes on the SteelHead, or another QoS mechanism in the WAN or WAN infrastructure) is in use to protect other traffic, that other traffic might be impacted by MX-TCP not backing off to fairly share bandwidth. • There is a maximum bandwidth setting for MX-TCP that allows traffic in the MX class to burst to the maximum level if the bandwidth is available. |
Marking Parameters: | |
DSCP | Specify a DSCP value from 0 to 63, or Reflect. |
Add | Adds the QoS class. |
Remove Selected | Select the check box next to the name and click Remove Selected. To remove a parent class, delete all rules for the corresponding child classes first. When a parent class has rules or children, the check box for the parent class is unavailable. |
Control | Description |
Add a Site or Rule | Displays the controls to define a remote site. |
Add a: | Specify Site or Rule. |
Name | Specify the name. |
Description | Specify a description. |
For Traffic with the following characteristics: | |
Local Subnet or Host Label | Specify an IP address and mask for the traffic source, or you can specify all or 0.0.0.0/0 as the wildcard for all traffic. Use this format: xxx.xxx.xxx.xxx/xx. —or— Specify a host label. |
Port or Port Label | Optionally, specify all source ports, a single source port value or a port range of port1-port2, where port1 must be less than port2. The default setting is all ports. —or— Specify a port label. |
Remote Subnet or Host Label | Specify an IP address and mask pattern for the traffic destination, or you can specify all or 0.0.0.0/0 as the wildcard for all traffic. Use this format: xxx.xxx.xxx.xxx/xx. —or— Specify a host label. |
Protocol | Select All, TCP, UDP GRE, ICMP, IPSec AH, IPSec ESP, or a protocol number from the drop-down list. The default setting is All. |
VLAN Tag ID | Optionally, specify a VLAN tag as follows: • Specify a numeric VLAN tag identification number from 0 to 4094. • Specify all to specify the rule applies to all VLANs. • Specify none to specify the rule applies to untagged connections. RiOS supports VLAN v802.1Q. To configure VLAN tagging, configure transport rules to apply to all VLANs or to a specific VLAN. By default, rules apply to all VLAN values unless you specify a particular VLAN ID. Pass-through traffic maintains any preexisting VLAN tagging between the LAN and WAN interfaces. |
DSCP | Optionally, specify a DSCP value from 0 to 63, or all to use all DSCP values. |
Traffic Type | Select Optimized, Passthrough, or All from the drop-down list. The default setting is All. |
Application | Select an application from the drop-down list of global applications. To narrow the search, type the first characters in the application name. You can define and add any applications that do not appear in the list. Selecting HTTP expands the control to include the Domain Name and Relative Path controls. Enter the domain name and relative path. The relative path is the part of the URL that follows the domain name. To facilitate configuration, you can use wildcards in the name and relative path controls; for example, *.akamaitechnologies.com Will match: Anything.akamaitechnologies.com Examples: a.akamaitechnologies.com a.b.akamaitechnologies.com a.b.c.akamaitechnologies.com a.b.c.d.akamaitechnologies.com Using more than one wildcard; for example, *.*.akamaitechnologies.com Will match: Anything.Anything.akamaitechnologies.com Note that you must include the second “.” Examples: a.b.akamaitechnologies.com a.b.c.akamaitechnologies.com a.b.c.d.akamaitechnologies.com But not: a.akamaitechnologies.com Selecting SSL expands the control to allow classification of pass-through SSL traffic matching the TLS/SSL server common name. In the Common Name control, specify the common name of a certificate. To facilitate configuration, you can use wildcards in the name; for example, *.nbttech.com. If you have three origin servers using different certificates such as webmail.nbttech.com, internal.nbttech.com, and marketingweb.nbttech.com, on the server-side SteelHeads, all three server configurations can use the same certificate name *.nbttech.com. You cannot classify SSL optimized traffic using the Common Name control. Instead, you can create a QoS HTTP rule to match the domain and server name. |
Apply these QoS Settings: | |
Service Class | The service class indicates how delay-sensitive a traffic class is to the QoS scheduler. Select a service class for the application from the drop-down list (highest priority to lowest): • Realtime - Specifies real-time traffic class. Give this value to your highest priority traffic: for example, VoIP or video conferences. • Interactive - Specifies an interactive traffic class: for example, Citrix, RDP, Telnet, and SSH. • Business Critical - Specifies the high priority traffic class: for example, Thick Client Applications, ERPs, and CRMs. • Normal Priority - Specifies a normal priority traffic class: for example, Internet browsing, file sharing, and email. • Low Priority - Specifies a low priority traffic class: for example, FTP, backup, replication, other high-throughput data transfers, and recreational applications such as audio file sharing. • Best Effort - Specifies the lowest priority. These are minimum service class guarantees; if better service is available, it is provided: for example, if a class is specified as low priority and the higher priority classes are not active, then the low priority class receives the highest possible available priority for the current traffic conditions. This parameter controls the priority of the class relative to the other classes. The service class describes only the delay sensitivity of a class, not how much bandwidth it is allocated, nor how important the traffic is compared to other classes. Typically you configure low priority for high-throughput, non-packet delay sensitive applications like FTP, backup, and replication. |
DSCP | Optionally, specify a DSCP value from 0 to 63, Inherit from Service Class, or Reflect. |
Apply these Path Selections: | |
Path 1, Path 2, Path 3 | Specify the path preference order (only one path will be used). |
If paths are configured and all down: | |
Relay traffic from the interface normally | Specify to send traffic unmodified out of the WAN side of whichever in-path it came in on. This is the default setting. |
Drop traffic | Specify to drop packets in case of failure of all three (primary, secondary, tertiary) paths. Select this option when you do not want the traffic to pass on any of the uplinks specified in the rule, not just the primary. |
Add | Adds a site or rule. |