This article explains how to use App QoS configuration on Versa FlexVNF CPE for rate-limiting/shaping based on Application.
Use Case
With the help of App QoS customer can classify their traffic based on Layer 7 information, i.e. Applications, url-category etc. L2/L3/L4 matching can also be done within App QOS.
App QoS policy rules takes precedence over normal QoS Policy rules, means if a packet matches the criteria of both the policies then App QoS will be applied to that packet.
In this example:
- Customer wants to prioritize traffic from some of their important applications. We will be configuring App QoS to achieve this.
- HOST A is sending IPERF (UDP port 5001) traffic to HOST C and HOST B is sending YOUTUBE traffic to internet.
- We will be classifying these traffic flows into two traffic classes TC1 and TC2.
- Once traffic is classified, we can apply other QoS functions as well like rate-limiting and shaping if needed.
WebEx, SKYPE, IPERF Traffic class (TC1) forwarding-class fc_ef
GOOGLE, YOUTUBE,FTP Traffic class (TC2) forwarding-class fc_af
Topology
Configuration
Configure QoS Profile
- Login to Versa Director and navigate to Appliance > Configuration > Class of Service > QoS Profiles and then click on + to Add QoS Profile
We have adding 2 QoS Profiles- QoS-Profile-1: For Traffic Class 1 (TC1)
- QoS-Profile-1: For Traffic Class 2 (TC2)
Configure App QoS Policy
- Navigate to Appliance > Configuration> Class of Service > App QoS > Policies and then click on + to add new App QoS Policy
Please Note: There can be only one App QoS Policy. By default, there is ‘Default-policy’ configured so we can just delete the default one and create new policy if needed.
Configure App QoS Policy Rules
- Navigate to Appliance > Configuration > Class of Service > App QoS > Rules and then click on + to add new Rule
- Under Application/URL tab select the desired applications from predefined (3000+ ) applications.
For this Rule, we select applications WEBEX, SKYPE_FOR_BUSINESS and IPERF
- Under the Enforce tab we need to map the QoS Profile for the selected Applications in previous step.
- Similarly we need to create another rule for GOOGLE, YOUTUBE, FTP traffic (TC2)
- This completes the configuration required.
Verification
- Currently IPERF traffic is being sent from HOST A to HOST C and hence we can see TC1-rule is getting hits in app-qos-policies
admin@CPE1-cli> show orgs org AGR sessions brief
VSN VSN SESS DESTINATION SOURCE DESTINATION
ID VID ID SOURCE IP IP PORT PORT PROTOCOL NATTED SDWAN APPLICATION
-----------------------------------------------------------------------------------------------------
0 2 2988 10.1.64.101 172.1.1.3 1026 1234 6 No No -
0 2 3216 30.30.30.30 11.0.0.2 53644 179 6 No No -
0 2 3220 10.1.64.101 172.1.1.4 1028 1234 6 No No -
0 2 3221 30.30.30.30 11.0.0.2 54705 179 6 No No -
0 2 3218 171.10.10.2 171.20.20.2 54290 5001 6 No Yes iperf << IPERF traffic
0 2 3219 171.10.10.2 171.20.20.2 35512 5001 17 No Yes unknown_udp
admin@CPE1-cli> show orgs org-services AGR class-of-service app-qos-policies
APP APP
APP QOS QOS APP QOS APP QOS
QOS DROP DROP FORWARD FORWARD
RULE HIT PACKET BYTE PACKET BYTE
NAME NAME COUNT COUNT COUNT COUNT COUNT
-----------------------------------------------------------------------
AGR-app-qos-policy TC1-Rule 4 0 0 27775 36218790 << Rule is getting hit
TC2-Rule 0 0 0 0 0
- We could see hits on TC2-rule as well once we initiate traffic from HOST B
admin@CPE1-cli> show orgs org AGR sessions brief | match "youtube|iperf"
0 2 3524 171.10.10.2 171.20.20.2 54291 5001 6 No Yes iperf
0 2 3531 172.10.10.5 216.58.199.182 53907 443 17 Yes No youtube
[ok][2019-01-11 19:06:26]
admin@CPE1-cli> show orgs org-services AGR class-of-service app-qos-policies
APP APP
APP QOS QOS APP QOS APP QOS
QOS DROP DROP FORWARD FORWARD
RULE HIT PACKET BYTE PACKET BYTE
NAME NAME COUNT COUNT COUNT COUNT COUNT
-----------------------------------------------------------------------
AGR-app-qos-policy TC1-Rule 5 0 0 27786 36219446 <<
TC2-Rule 13 0 0 1824 3616661 <<