[SOLVED] Basic QoS Question

[Circa 3000]

Hi all,

Is there any benefit to enabling QoS for outbound traffic?

Once upon a time, I played Halo on XBox with decent response times. We also had a lot less IoT nonsense on our network, and a smart Cisco switch with QoS giving top priority to the XBox in and out. We also had a firewall that was simple to manage - also configured to give the XBox traffic priority. I was confident in setting all this up but never certain it was doing much good. We don't have great Internet here and lag was sometimes apparent. For example, it was pretty easy to tell when I was host in matchmaking - it was like Christmas. Night and day difference.

Now, we have a dumb 24-port T-Link switch and a Sonicwall TZ-300 that is dangerously complicated to manage. So far, I haven't graduated from using the Wizards to setup any complex policies. I don't dare. I've got inbound rules setup but the wizards won't do outbound. Before I invest the next three weekends figuring the firewall out, is there any benefit to setting up QoS on outbound traffic? I was reading somewhere that QoS is pointless unless the XBox is built for it? That's news to me.

One option would be to bypass the dumb switch altogether and connect the XBox directly to a free port on the firewall. Then, I can maybe setup QoS on that port such that the XBox gets priority over everything else, in and out.

Am I wasting my time?

Thanks in advance.

 

[bill001g]

Not sure what you have been reading.

Outbound traffic you might be able to do something about. Inbound traffic you can do nothing really. By the time your equipment even sees the packet the bandwidth is already consumed. There is no way after the fact to decide you want some other packet to be sent.

The ISP is in full control what order things are sent to you. The ISP does not care it pretty much sends them first in first out. If the line is overloaded it might buffer some data for while but it can also just discard it.

The upload you can do quite a bit. You have full control over which data is put in the queue and which is sent in what order. The silly low/medium/high stuff doesn't really work well. You need something that will always send traffic from some user first with some cap so it does not completely block the connection. Not a issue for a game that uses less than 1mbps in general.

Now you might say but I see all these routers saying they can limit download. They are not really using QoS to do it. What they are doing is receiving data from the ISP but then discarding it. This by itself does not directly reduce the bandwidth usage of the internet connection.
The goal is to trick the end machine into thinking there is less bandwidth than there really is. It kinda works but it depends on the application.
So some things send at a constant rate no matter what. A actual video stream say from a video conference system . It sends at some bit rate and no matter if the end device receives the data or not it will always send at that bit rate. Things like netflix are actually partial file transfers and if it detects too many errors it will drop the transmission rate. Most file downloaders will also slow down but things like bit torrent or even steam to a point will just open lots of little sessions rather than try to use 1 larger one.

SO QoS does benefit outbound traffic. It is inbound traffic that qos doesn't really work for.

 

[Circa 3000]

Not sure what you have been reading.

Outbound traffic you might be able to do something about. Inbound traffic you can do nothing really. By the time your equipment even sees the packet the bandwidth is already consumed. There is no way after the fact to decide you want some other packet to be sent.

The ISP is in full control what order things are sent to you. The ISP does not care it pretty much sends them first in first out. If the line is overloaded it might buffer some data for while but it can also just discard it.

The upload you can do quite a bit. You have full control over which data is put in the queue and which is sent in what order. The silly low/medium/high stuff doesn't really work well. You need something that will always send traffic from some user first with some cap so it does not completely block the connection. Not a issue for a game that uses less than 1mbps in general.

Now you might say but I see all these routers saying they can limit download. They are not really using QoS to do it. What they are doing is receiving data from the ISP but then discarding it. This by itself does not directly reduce the bandwidth usage of the internet connection.
The goal is to trick the end machine into thinking there is less bandwidth than there really is. It kinda works but it depends on the application.
So some things send at a constant rate no matter what. A actual video stream say from a video conference system . It sends at some bit rate and no matter if the end device receives the data or not it will always send at that bit rate. Things like netflix are actually partial file transfers and if it detects too many errors it will drop the transmission rate. Most file downloaders will also slow down but things like bit torrent or even steam to a point will just open lots of little sessions rather than try to use 1 larger one.

SO QoS does benefit outbound traffic. It is inbound traffic that qos doesn't really work for.

Very helpful. Thank you!

So, I've poured through the TZ-300's manual and couldn't make much sense of the "QoS" features. However, I stumbled across "BWM" ("bandwidth management") and it appears to be what I'm looking for. In "global" mode, you can assign one of eight priorities to any of the firewall's access rules. So, I created an outbound rule (redundant, since most outbound traffic is already permitted by default) for XBox Live services and gave it a BWM priority of 0 ("Realtime"). But "Realtime" priority isn't enabled by default - only "Low," "Medium," and "High" - sorta like you were saying, and I haven't found sufficient documentation to understand it. I'm guessing I need to enable "Realtime," but then I don't know what the "Guranteed" (%) values should be. By default, the values are Low (20%), Medium (50%), and High (30%). The docs don't say much else, except that "all traffic is assigned Medium priority by default." If that's the case, then maybe "High" really is all I need?

The other thing I don't understand is BWM's checkboxes for ingress and egress when applying BWM to a particular firewall access rule. Does this mean the rule affects inbound AND outbound traffic, even though it's an OUTBOUND firewall rule? If so, I can delete the redundant OUTBOUND firewall rule for XBox Live services and simply apply the BWM settings to the INBOUND XBox Live access rule.

Finally, if all this works, I'll go ahead and move the XBox to one of the firewall's alternate interfaces, bypassing the dumb switch. I'm guessing that will permit the firewall to do its BWM prioritization before the switch forces everything through a FIFO queue.

Am I on the right track?

Sorry for all the follow-up questions. If only these docs weren't so darned cryptic.

Thanks again.

 

[bill001g]

The switch will never be the problem. They only run FIFO because modern switches never see any queue so there is not choice to make. Most switches can run every port at 1gbit up and 1gbit down all at the same time.

In general you should not need any firewall in a home setting. The NAT function alone protects your network. All inbound traffic that is initiated from the internet is dropped. Mostly because NAT is stupid and if it does not have a entry of where to send traffic it just drops it. Nat is pretty much the same as a firewall rule that says traffic is allowed to return from the internet to internal device that first initiated the session to the internet server.

The messy thing with game consoles is they use stuff like UPnP to allow hosting of games. This is not really compatible with a commercial firewall since there would need to be dynamic firewall rules added. With out UPnP you must put in fixed port forwarding and firewall rules which in some ways is more risky. The UPNP is only open when the game is active.

A game uses almost no traffic so you could use the realtime option and set it to say 2mbps. Most games use well under 500kbps.

What numbers you actually pick is going to depend on how fast your bandwidth is. In general you only need QoS on a slower connection someone with 1gbit down and 100mbps up likely will never have data queue anyway.

 

[Circa 3000]

The switch will never be the problem. They only run FIFO because modern switches never see any queue so there is not choice to make. Most switches can run every port at 1gbit up and 1gbit down all at the same time.

In general you should not need any firewall in a home setting. The NAT function alone protects your network. All inbound traffic that is initiated from the internet is dropped. Mostly because NAT is stupid and if it does not have a entry of where to send traffic it just drops it. Nat is pretty much the same as a firewall rule that says traffic is allowed to return from the internet to internal device that first initiated the session to the internet server.

The messy thing with game consoles is they use stuff like UPnP to allow hosting of games. This is not really compatible with a commercial firewall since there would need to be dynamic firewall rules added. With out UPnP you must put in fixed port forwarding and firewall rules which in some ways is more risky. The UPNP is only open when the game is active.

A game uses almost no traffic so you could use the realtime option and set it to say 2mbps. Most games use well under 500kbps.

What numbers you actually pick is going to depend on how fast your bandwidth is. In general you only need QoS on a slower connection someone with 1gbit down and 100mbps up likely will never have data queue anyway.

Again, super-helpful!

Thank you!!!

 

[gggplaya]

Unfortunately I don't think Sonicwall supports more advanced Traffic Shaping QOS algorithms like FQ_Codel or CAKE. Those algorithms do help alot with bufferbloat on UPLOAD and help with packet loss and latency spikes by throttling DOWNLOAD in an equitable manner. After using them personally and all my family and friends to solve issues. I won't use a router without these algorithms.

 

[Circa 3000]

Unfortunately I don't think Sonicwall supports more advanced Traffic Shaping QOS algorithms like FQ_Codel or CAKE. Those algorithms do help alot with bufferbloat on UPLOAD and help with packet loss and latency spikes by throttling DOWNLOAD in an equitable manner. After using them personally and all my family and friends to solve issues. I won't use a router without these algorithms.

Thank you for sharing that. Those are some terms I haven't come across. Looks like I have some more reading to do.

 

[gggplaya]

Keep in mind that these algorithms are very processor intensive, which is why they aren't deployed in mass right now. Even the highest end ARM routers can only traffic shape about 300-400mbps. If you have higher tier internet, you'll need an x86 processor router.