Sep 27 2007

Quality of Service in Vista and Windows Server 2008

Ever wanted to add and configure Quality of Service on your network? Here's how.

Quality of Service (QoS) gives you control over how your bandwidth is used, prioritizing critical network traffic (such as streaming media) over less important communication (such as e-mail) and limiting the bandwidth used by specific applications. It can also help cut costs by getting more use of existing bandwidth and enabling network consolidation by combining your phone, videoconferencing and wide area network connections with your Internet connection while minimizing performance problems.

How QoS Works

Routers forward traffic between networks. One of the biggest causes of network performance problems (specifically latency) is router queuing. Queuing occurs when a router needs to forward more traffic to a destination network than the network can handle at one time.

By default, most routers work on a first-in, first-out basis. This works well for Web browsing and e-mail, but if real-time communication sits in a queue for more than a few milliseconds, the quality degrades significantly. For example, if the total latency is more than 150 milliseconds, a Voice over Internet Protocol conversation will cut out.

Consider a small business with a 512-kilobits-per-second Internet connection. If a user makes a VoIP phone call while sending an e-mail, the router won’t be able to immediately forward all the traffic across the DSL connection. With first-in, first-out, some of the VoIP packets would need to wait behind the e-mail packets — adding latency and degrading the quality of the VoIP phone call. With QoS, as shown in the following figure, the router forwards all the high-priority VoIP traffic first, and sends the lower priority e-mail traffic only after the high-priority queue is empty.

quality of service in windows server diagram

What’s New in Windows Vista and Windows Server 2008

Routers can distinguish between high-priority and low-priority packets by examining the Differentiated Services Code Point (DSCP) value in each packet. Unfortunately, previous versions of Windows didn’t give systems administrators control over the DSCP values, and almost all traffic had the default DSCP value of 0.

With Windows Vista and Windows Server 2008, you can use Group Policy settings to mark outgoing network traffic with DSCP values. With this capability, a QoS routing infrastructure, and a few QoS policies, database queries from your critical customer service application can soar past e-mail and Web browsing traffic.

You can also use Group Policy settings to throttle traffic from specific applications. For example, if your outgoing e-mail server is filling up your Internet connection every time you send a mass-mailing, you can throttle the e-mail server to use only half the bandwidth — even if your network infrastructure doesn’t support QoS. Policy-based QoS can be very specific, so you could throttle traffic bound for the Internet but allow traffic bound for computers on your high-speed local area network to use all available bandwidth.

QoS policies are focused on controlling outgoing traffic. While you have much less control over incoming traffic, you can also use Group Policy settings to throttle all incoming Transmission Control Protocol traffic for a computer. So, if downloads to your client computers are using too much bandwidth, you can tune Windows to slow down that incoming traffic.

Adding QoS to Your Network

QoS requires careful planning and coordinated efforts from systems and network administration teams. Before you create your policies, follow these high-level steps to create a plan to add QoS to your network:

  1. Prioritize the different types of traffic on your network by assigning a standard DSCP value to each, as the example below shows. You don’t need to use every DSCP value. Any traffic you don’t classify will automatically have a DSCP value of 0, which is considered best effort.
    assign a standard dscp value to each traffic type
  2. Work with your network engineering team to configure routers to prioritize traffic based on the DSCP values you specified. This might already be done; some routers have QoS enabled by default for standard DSCP values.
  3. Identify the executable file associated with each traffic type. For example, if you want to assign a DSCP value to packets sent by your Internet Information Services Web server, you would specify the executable inetinfo.exe. If you can’t identify the executable file, identify the TCP or User Datagram Protocol port number that the application uses. Finally, decide whether to apply the DSCP values for all outgoing traffic or for only traffic addressed to specific networks or IP addresses.

  4. Configure policy-based QoS using Group Policy Objects (GPOs), as described later in this article.
  5. If you identify client computers consuming too much bandwidth with incoming traffic, use GPOs to throttle all incoming traffic on those computers, as described at the end of this article.

Typically, QoS will work only on your internal network. Most Internet Service Providers either remove or ignore DSCP values.

How to Configure Policy-Based QoS

To configure QoS policies, follow these steps:

  1. Edit the GPO you want to add the policy to, and select the Computer Configuration\Windows Settings\Policy-based QoS node or the User Configuration\Windows Settings\Policy-based QoS node.
  2. Right-click the Policy-based QoS node and click Create New Policy.

    The Policy-based QoS Wizard appears.

  3. On the Create A QoS Policy page, type a policy name and DSCP value. Optionally, select the Specify Throttle Rate check box, and set a throttle rate in either kilobytes per second or megabytes per second. The value you enter must be in kilobytes or megabytes per second, rather than the more commonly used kilobits or megabits per second. One kilobyte is equal to eight kilobits, and one megabyte is equal to eight megabits. Click Next.
    how to configure policy based qos
  4. On the This QoS Policy Applies To page, select Only applications with this executable name if you can identify a specific executable file. Then, type the executable name. If you can’t identify an executable file (for example, the traffic you want the policy to apply to is generated by a service running in svchost.exe), then leave All applications selected. Click Next.
  5. On the Specify The Source And Destination IP Addresses page, leave the default settings to apply the policy to all computers. To apply the policy only to specific computers on your network, select Only for the following source IP address or prefix, and then type the IP address or network that identifies the computers that should use the policy. To apply the policy only to traffic being sent to specific computers or networks, select Only for the following destination IP address or prefix, and then type the destination IP address or network. Click Next.
  6. On the Specify The Protocol And Port Numbers page, identify traffic based on TCP or UDP port numbers only if you didn’t specify an executable name. If you are configuring a QoS policy for a server, specify the source port. If you are configuring a QoS policy for a client, specify the destination port. For example, if you want to throttle SMTP traffic from an e-mail server, you would select TCP, select From This Source Port Number Or Range, and then specify port 25 (the port number SMTP uses). Click Finish.

How to Throttle Incoming Traffic

While you don’t have direct control over incoming traffic, Windows can use TCP’s traffic control capabilities to slow down incoming traffic. Unlike the policy-based QoS you just read about, this change affects all applications on a computer (including any critical applications). Because of this limitation, you should leave this setting at the default unless you have a computer that’s slowing down your network by downloading large files.

To specify the inbound TCP throughput level, follow these steps:

  1. Edit the GPO you want to configure, right-click Computer Configuration\Windows Settings\Policy-based QoS, and then click Properties.
  2. On the Inbound TCP Traffic tab, select the Specify the inbound TCP throughput level check box. Then, a level from 0 (to slow down traffic as much as possible) to 3 (the default setting, which is maximum throughput).
  3. Click OK.
Tony Northrup is a developer, security consultant and author with more than 10 years of professional experience developing applications for Microsoft Windows.