Configure Application Based QoS DSCP Rewrite
Configuring Application Based QoS Rewrite
This article explains how to configure Application-based QoS DSCP Rewrite on Versa Secure SD-WAN.
QoS DSCP rewrite is used to replace the CoS values on packets received from the customer LAN or host network with values expected by other devices – typically a service provider underlay network.
CoS values on the outbound packets are established by the rewrite rules that add forwarding class and loss priority information. It is essential to apply the rewrite rules on the appropriate interfaces.
App QoS Policy has three components
QoS Profile | QoS profiles define how to police ingress traffic, they assign the ingress traffic to a forwarding class, and they define whether to rewrite the DSCP or 802.1p header bits. |
Rewrite Rules | Rewrite rules modify the DSCP and 802.1p bits in the headers of outbound traffic. |
App QoS Policy | Application QoS policies define how to process ingress traffic based on the application or URL from which the traffic originated. |
High Level Toplogy
In this use case we have a LAN user who is accessing the Internet. The default traffic class is CS0/BE. We will match all traffic going towards Facebook and rewrite the CoS value as EF. Rest of the traffic will have no change in the CoS mapping.
Configuration
Objectives:
A. Define a QoS Profile with Best Effort (BE) class
B. Configure a Rewrite rule to change DSCP CS0/BE marking with DSCP EF marking
C. Configure an App QoS Rule and match traffic going towards Facebook from the LAN Zone.
The Class Of Service configuration is under the Networking Tab on the Versa Director.
Step 1: Configure a QoS Profile. Identify and match all traffic with Forwarding Class BE and select 'DSCP Rewrite'.
Step 2: Configure a Rewrite rule to rewrite DSCP CS0/BE marking with DSCP EF marking.
Step 3: Create an App-QoS Rule and match the applicaitons of interest. In this case Facebook Traffic and apply the QoS Profile 'FB_Profile' to it.
Step 4: Associat the Rewrite rule with a transport interface under the 'Associate Interface/Networks'.
Verification
To verify this QoS rewrite we need to run a packet capture on the LAN interface and then on the WAN interface.
Initiate traffic from a host on the LAN towards Facebook.
admin@Hub-Twitter-cli> show orgs org twitter sessions nat brief NAT NAT NAT VSN VSN SESS DESTINATION SOURCE DESTINATION NAT SOURCE DESTINATION SOURCE DESTINATION ID VID ID SOURCE IP IP PORT PORT PROTOCOL NATTED SDWAN APPLICATION IP IP PORT PORT ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0 2 52139 172.16.120.9 31.13.66.35 51182 443 6 Yes No facebook 172.16.20.120 31.13.66.35 54733 443 0 2 52145 172.16.120.9 31.13.66.35 51184 443 6 Yes No facebook 172.16.20.120 31.13.66.35 57072 443 [ok][2019-07-05 12:34:30] admin@Hub-Twitter-cli>
For capturing the logs, you can use the inbuilt packet capture on the VOS.
Packet capture on the LAN interface show that packet from LAN to Facebook originated with DSCP: CS0.
Packet capture on the WAN interface show the packets being re-marked with DSCP EF as defined in the rewrite rules.
Summary
In this article, we saw how to configure Application Based DSCP rewrite. In addition to the pre-defined applications which the VOS recognizes, we can create custom user-defined applications based on an Enterprise need and match it in the App QoS. Thus giving the end-user ease of applying QoS for homegrown applications as well.