Quality of Service (QoS)

Troubleshooting Quality of Service (QoS) Issues

QoS aims to tame network behaviour by prioritising traffic with performance requirements, such as real-time voice and video, industrial control, telepresence, and even gaming.

By giving traffic in these higher priority classes priority when traffic is forwarded, QoS promises to provide predictable network performance for critical applications and systems. However, the additional complexity of these systems create new opportunities for misconfiguration, incompatibilities, and abuse. These can cause network performance issues that can be hard to troubleshoot without access to a detailed, accurately timestamped record of network traffic.

How Packet Capture can Help

The EndaceProbe™ Analytics Platform provides built-in EndaceVision™ and EndacePackets™ investigation tools that make it easy for analysts to examine traffic from across the network at both a flow and packet level.

It also has a Deep Packet Inspection (DPI) engine that can identify and tag traffic from hundreds of different applications, allowing analysts to filter traffic by application as well as the usual 5-tuple values (source IP, source port, destination IP, destination port, and layer 4 protocol).

What can cause QoS Issues?

Problems with QoS performance generally result from one of two categories of causes. First, the network may be experiencing generalized issues, such as saturated bandwidth, high latency or packet loss, that are affecting all traffic. Secondly, there can be issues with the QoS settings for the traffic that is exhibiting problems.

QoS traffic prioritization using DSCP (Differentiated Services Code Point) tags in packet headers (refer Wikipedia's entry on Differentiated Services for a more detailed explanation) can be affected for a number of reasons:

  • Tag configuration issues: tags may be blank when they should be set, or set to an incorrect value. They may also be deliberately set to an incorrect value - which may happen as part of a DDOS attack, for example.
  • Tags are changed/removed: certain appliances in the path may remove tags, or overwrite them with an incorrect value. This can happen with WAN traffic passing through a service provider's equipment that uses traffic shaping with different QoS parameters than were originally set.
  • Blocked packets: packets may be being blocked by appliances in the path, such as a firewall.
  • Oversubscription: too much traffic of a certain priority may be flooding the network and overwhelming the ability of appliances to function effectively. Or available bandwidth and/or switch capacity may be saturated.

Getting to the Bottom of QoS problems

Once a problem has been flagged, analysts can use EndaceVision to quickly identify whether a more general issue, such as latency or packet loss, is more generally affecting the network.

After quickly ruling these causes out, they can apply application filters to zero in on the traffic of interest. EndaceVision supports DSCP per application flow. Analysts can compare the DCSP tags on packets for a given application flow to see if those packets are correctly classified.

EndaceVision and EndacePackets

EndaceVision and EndacePackets are browser-based investigation tools included on every EndaceProbe™ Analytics Platform.

EndaceVision provides a number of visualization tools for examining recorded network traffic. EndacePackets is a wireshark-based, protocol analyzer that provides on-probe decoding of recorded packet data.

Using EndaceVision and EndacePackets to troubleshoot Network Quality of Service (QoS) Issues

Using EndaceVision, you can isolate packets-of-interest from one or more EndaceProbes for the period that you are interested in.Filters can be applied on MPLS or VLAN tags to narrow down the search.

By applying filters you can drill into particular hosts or specific protocols to identify the specific packets you want to examine. Packets can be decoded directly using EndacePackets without requiring a download. Alternatively they can be downloaded as standard pcaps, or enhanced ERF format files with added Provenance™ data, for examination in Wireshark, Dynatrace DNA or other packet decode tools.

Endace Fusion

The Fusion Partner Program brings together solutions from leading security and performance analytics vendors who leverage the EndaceProbe's Application Dock hosting and workflow API to integrate Network History into their applications.

Learn more