QoS - Quality of Service

notempty

Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!

notempty

Der Artikel für die neueste Version steht hier

notempty

Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Reseller-Preview bezieht

Configuration of the UTM QoS

Last adaption: 10.2023 (12.2.5.1)

New:

Corrected portfilter rule

notempty

This article refers to a Resellerpreview

11.7

Network interfaces

The automatic or user-defined bandwidth management can be edited under → Network →QoS.

Only one mode can be used at a time.
Depending on the application, it makes sense to select one of the two modes:

Mode: Automatic

In the "Automatic" mode, the prioritization information of the data packets is evaluated.
In addition, a bandwidth management can be done in this mode, where the maximum outgoing or incoming bandwidth can be set.

The note Recommended is located on the interface where the zone external is located. By clicking Edit the interface can be edited.

Name:	LAN1	Name of the interface	Mode: Automatic
Mode:	Automatic	The previously selected mode
Downstream:	mbit/s	Set bandwidth for downloading notempty The limitation of the total traffic to 95% of the line capacity has proven itself. This leaves the queues of the provider and the local modem free.
Upstream:	mbit/s	Set bandwidth for uploading
Maximum host number:		Maximum number of hosts among which the available bandwidth is to be divided. In any case, it is important to ensure that the number of hosts corresponds to the actual number. In case of doubt, more hosts should be specified than actually exist.
Save	Saves the settings

Once the settings have been saved, the data packets are now automatically classified on the basis of the ToS (Type of Service) or DSCP (Differentiated Services Code Point) information. The priority of the individual data packets is therefore determined by the applications.
The traffic is split into three queues:

High Priority
Normal Priority
Low Priority

The queues are then processed with different priority.
The allocation is based on the following criteria:

Priorität:	ToS-Feld:
High (Minimum delay)	0xb8, 0x10
Low (Maximum data throughput)	0x08
Normal	Everything else

Mode: User-defined

In " User-defined" mode, the bandwidth can be managed with the help of parent and child profiles. It is also possible to limit the bandwidth in the portfilter rules for specific services.
It is important that this is the actual bandwidth and not the data specified by the provider with the addition "up to". After all, the actual available bandwidth can be subject to strong fluctuations depending on the time of day, so the values that the provider specifies as the minimum available bandwidth must be entered here.

Profiles

At this point it is important to be aware of from where to where the data load takes place. The queue for bandwidth limiting is always attached to the interface on which the host that is to receive the data is located. The queue is defined in the parent profile.
Profiles can be created under → Network →QoSTab Profiles Button + Add QOS profile:

Parent-Profil

First the parent-profile must be created.
The parent-profile is added to the list with Save.

Child-Profile

Secondly, the child-profile must be created.
Now the previously created parent profile can be selected from the drop-down menu as Parent:.
The linked child-profile is added with Save.

Profile overview

Now both profiles are displayed connected in the profile overview.
In the parent-profile the total bandwidth is defined and in the child-profile the bandwidth that needs to be available for the later created rule.

Select network interface

Then you can switch to the Network interfaces tab.
Here the desired network interface for the parent-profile can be selected and edited by clicking on .
Click Save to assign the parent-profile.

Upload-Parent

If all settings were successful, the overview now shows "Upload-Parent" behind the assigned network interface.
Click Save to finally create and set the parent-child profile.

Regulate upload or download

Profiles for up- and download

If the upload or download is to be regulated, a parent and a child profile are required:

A parent-child profile for the upload must be created as already explained above.
In the case of a parent-child profile that deals with the download, the download bandwidth promised by the provider must be entered.
In the child profile, which regulates the download, identical values must be entered for Min: and Max:.

notempty

There are no options to regulate upload and download at the same time in manual mode.

Portfilter rules

Finally, click → Firewall →PortfilterTab Portfilter Button + Add rule to create a suitable portfilter rule.
A port filter rule is required, which for QOS always has "internal-network" as the source and "internet" as the destination.

General			Upload-child portfilter rule
Source:	internal-network	Select source of data packets
Destination:	internet	Select destination of data packets
Service:	voip	Select desired service
Action:	QoS	Allows to specify a "Quality of Service" profile that limits the bandwidth for data packets to which this rule applies.
Extras
QoS:	Upload-Child	Select the previously created profile
Add	Adds the portfilter rule

The portfilter rule for the download, if existing, then looks like this:

#	Source	Destination	Service	QoS	Action	Active
4	internal-network	internet	voip	Download-Child	QoS	On

These rules are only additional rules for bandwidth management.
In any case, additional portfilter rules must be created or exist to allow traffic between source and destination with the required ports.

Help for this can be found under Portfilter.