Quality of Service (QoS)

Quality of service configuration in Zentyal

Zentyal is able to perform traffic shaping on the traffic flowing through the server, allowing a guaranteed or limited rate, or assigning a priority to certain types of data connections through the menu Traffic shaping ‣ Rules. You need to install and enable the ‘Traffic Module’ for this.

In order to perform traffic shaping, at least, an internal network interface and an external interface is required.

The first step to configure this module is accessing Traffic Shaping ‣ Interface Rates and configuring the upload and download ratios associated with each one of the external interfaces depending on their bandwidth.

_images/tasas.png

Upload and download rates for the external interfaces

Once you have configured the rates, you can stablish the shaping rules accessing Traffic Shaping ‣ Rules, where you can see two different types of rules: Rules for Internal Networks and Rules for External Networks.

If the external network interface is shaped, from the point of view of the user you are limiting Zentyal output traffic to the Internet. If, however, you shape an internal network interface, then the Zentyal output to internal networks is limited. The maximum output and input rates are given by the configuration in Traffic Shaping ‣ Interface Rates. As you can see, shaping input traffic is not possible directly, because input traffic is not predictable nor controllable most of the time. There are specific techniques taken from various protocols used to handle the incoming traffic. TCP, by artificially adjusting the window size for the data flow in the TCP connection as well as controlling the rate of acknowledgements (ACK) segments being returned to the sender.

_images/rules_example_en.png

Example of traffic shaping rules and their associated interface

You can add rules for each network interface in order to give Priority (0: highest priority, 7: lowest priority), Guaranteed rate or Limited rate. These rules apply to traffic bound to a Service, a Source and/or a Destination of each connection.

Traffic shaping rules

Traffic shaping rules

The default Filter type is Based on Firewall, meaning that traffic shaping rules will be applied at connection level. However, you can also prioritize specific packages of any connection using Prioritize small control packets. Using these rules you can prevent big data packages (an HTTP download for example) to interfere with connection control ones like ACK, SYN, FIN and RST.

Additionally, it is possible to install the component Layer-7 Filter which allows you to configure a more complex analysis of the traffic shaping, based on identifying the last level protocols by their content rather than the port. As you can see when you install this component, you can use this filter by choosing Application based service or Application based service group as Service.

The rules based on this type of filtering are more effective than the ones that just check the port, given that you may have servers configured to provide the service on non-default ports. This will be unnoticed if you do not analyze the traffic itself. It is expected that this type of analysis usually means a heavier processing load for the Zentyal server.