QoS aims to tame network behavior by prioritizing traffic with performance requirements, such as real-time voice and video, industrial control, telepresence, and even gaming. By giving traffic in these higher priority classes priority when traffic is forwarded, QoS promises to provide predictable network performance for critical applications and systems.
However, the additional complexity of these systems create new opportunities for misconfiguration, incompatibilities, and abuse. These can cause network performance issues that can be hard to troubleshoot without access to a detailed, accurately timestamped record of network traffic.
What can cause QoS Issues?
Problems with QoS performance generally result from one of two categories of causes. First, the network may be experiencing generalized issues, such as saturated bandwidth, high latency or packet loss, that are affecting all traffic. Secondly, there can be issues with the QoS settings for the traffic that is exhibiting problems.
QoS traffic prioritization using DSCP (Differentiated Services Code Point) tags in packet headers (refer Wikipedia's entry on Differentiated Services for a more detailed explanation) can be affected for a number of reasons:
- Tag configuration issues: tags may be blank when they should be set, or set to an incorrect value. They may also be deliberately set to an incorrect value - which may happen as part of a DDoS attack, for example.
- Tags are changed/removed: certain appliances in the path may remove tags, or overwrite them with an incorrect value. This can happen with WAN traffic passing through a service provider's equipment that uses traffic shaping with different QoS parameters than were originally set.
- Blocked packets: packets may be being blocked by appliances in the path, such as a firewall.
- Oversubscription: too much traffic of a certain priority may be flooding the network and overwhelming the ability of appliances to function effectively. Or available bandwidth and/or switch capacity may be saturated.
EndaceVision™ is a browser-based Visual Traffic Analysis and Forensics application included on every EndaceProbe™ Analytics Platform and in InvestigationManager™ the rapid-search and data-mining tool that lets you find "needle-in-the-haystack" packets-of-interest across months of distributed Network History in seconds, no matter where or when the incident occurred.
EndaceVision lets you filter recorded traffic based on a wide range of parameters including link name, application classification, IP address, MAC address, port number, time stamp and many more options.
EndaceProbes also provide built-in Deep Packet Inspection (DPI) which classifies captured traffic by application. This makes it easy to analyze traffic by application to see precisely what's happening on your network.
Troubleshooting QoS problems with EndaceVision
Once a problem has been flagged, analysts can use EndaceVision to quickly identify whether a more general issue, such as latency or packet loss, is more generally affecting the network.
After quickly ruling these causes out, they can apply application filters to zero in on the traffic of interest. EndaceVision supports DSCP per application flow. Analysts can compare the DSCP tags on packets for a given application flow to see if those packets are correctly classified.
Yes I'd Like a Demo
How about a Demo?
Interested in finding out how EndaceProbes and EndaceVision can deliver the concrete evidence you need to troubleshoot network and application performance problems quickly and accurately?