Precedence between policy based QoS settings and Traffic Management actions

What takes precedence between policy based QoS settings and Traffic Management actions?

Let's say I start a file transfer (trusted > external) that consumes all available internet bandwidth. To simplify we'll say the file transfer traffic is being processed by the default Outgoing policy. I then have Policy_A that has QoS settings applied to give traffic the highest priority by assigning DSCP value CS7. I also have Policy_B that has a Traffic Management action applied that guarantees 5 Mbps (Forward).

I then send traffic out (trusted > external) both Policy_A and Policy_B while the unmanaged file transfer noted above is in progress. Traffic from both of these polices is prioritized over the unmanaged file transfer, but which one is prioritized over the other?

Comments

  • I would expect the QoS packets to get priority over the TM packets in this case

  • The documentation is pretty vague...

    Traffic Management uses priority queues for outbound packets on an interface. There is one queue per interface for Traffic Management. If QoS is enabled, then eight queues are used per interface for different types of QoS packets. Each queue can contain 1000 packets. Lower priority packets are sent out only when there are no higher priority packets in queue. When the queue is full, subsequent packets are dropped.

    Does this imply that there are 9 queues when both TM and QoS are active (1 for TM and 8 for QoS)? If so is the TM queue higher or lower priority that the 8 QoS queues?

    My guess too is that QoS markings get priority but that's just a guess, and the documentation is lacking the details needed to know for sure.

  • edited November 2021

    Perhaps @james.carson of WG will comment here

  • james.carsonjames.carson Moderator, WatchGuard Representative

    TM and QoS are handled separately.
    QoS sets a flag, and depending on traffic and policies is handled with more importance. Since the firewall is very rarely backed up to the point of having to drop/queue packets setting QoS will rarely have an impact on how quickly traffic is handled. It can be useful in some situations (specifically congested VoIP networks) but is often used as a silver bullet to make traffic more important.

    TM makes a reservation itself and follows the rules in traffic management to do so. Generally TM will have more of an impact because in a congested upstream network (like a slow/laggy ISP line) the firewall can now make room for the important traffic vice simply just marking it as important via reservations.

    They're handled via different processes and do different but marginally similar things.

    In the instance where a packet was marked as something like 46 (EF) (vvv important) but something else was throttling traffic, a QoS packet could theoretically be dropped. If you're concerned that something like this might happen in your network, I'd suggest simply using both to make sure there's room for your high priority QoS traffic.

    -James Carson
    WatchGuard Customer Support

  • edited December 2021

    I'm not super concerned, just curious what the logic is when both QoS and TM are in play simultaneously.

    Consider the following scenario...

    Assume I have a 50 Mbps internet connection. I start an upload through the Outgoing policy that consumes all 50 Mbits of bandwidth. This policy has no TM or QoS configured. Simultaneously I initiate a 35 Mbps upload stream through Policy_A that is configured to assign a DSCP value of CS7 (highest possible QoS priority). I also initiate a 35 Mbps upload stream through Policy_B that is configured with a TM action to guarantee 30 Mbps.

    In total I'm trying to push 120 Mbps of data through a 50 Mbps connection so something has got to give.

    I see two possible outcomes. Since there's more traffic than available bandwidth, one of the managed streams has to be throttled (the unmanaged stream will obviously be throttled as well). But which one gets throttled?

    Is the policy with a TM bandwidth guarantee forced to not meet that guarantee because the DSCP marked traffic is a higher priority?

    Unmanaged upload: 0 Mbps -- has to wait for managed traffic to be processed
    Policy_A upload: 35 Mbps -- no packets dropped due to DSCP marking taking highest priority
    Policy_B upload: 15 Mbps -- forced to not meet the 30 Mbps guarantee

    Or is the DSCP marked traffic forced to be throttled because the TM bandwidth guarantee action is a higher priority?

    Unmanaged upload: 0 Mbps -- has to wait for managed traffic to be processed
    Policy_A upload: 20 Mbps -- packets are dropped due to TM action taking priority over DSCP marking
    Policy_B upload: 30 Mbps -- meets the 30 Mbps guarantee

Sign In to comment.