###### tags: `finished`
:::success
# AN Lab 1 - QoS
:::
## Task 1 - Prepare your network topology
:::info
1. In the GNS3 project, select and install a virtual routing solution that you would like to use: Mikrotik (recommended), Pfsense, vyos and so on.
3. Prepare a simple network consisting of at least one router and two hosts. About four hosts in the network are most optimal. You also might need Internet access for the hosts.
:::
<center>
Figure 1 - My topology
</center>
Let's start the setup from top to bottom. First, we will assign addresses to the router interfaces, and then add a simple NAT rule for the router:
```
/ip address add address=10.6.1.1/24 interface=ether2
/ip address add address=10.2.1.1/24 interface=ether3
/ip address add address=10.3.1.1/24 interface=ether4
/ip address add address=10.4.1.1/24 interface=ether5
/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
```
After that, we will make changes to the hosts' netplan, an example of the config can be seen in the screenshot below:
```
sudo nano /etc/netplan/50-cloud-init.yaml
sudo netplan apply
```
<center>
Figure 2 - Example of config
</center>
Let's check the connection between the hosts and whether they have Internet access:
<center>
Figure 3 - The result of the access check
</center>
## Task 2 - QoS learning & configuring
:::info
1. Let's start with a little theory. Briefly answer the questions or give one-line description what is it:
:::
* **Сlass of Service (CoS)** - this is a way to manage different types of traffic over the network by dividing similar types of traffic into classes. CoS determines traffic priorities by allocating different priority levels to different groups.
* **Type Of Service (ToS)** - this is a classification of QoS packets according to the priority value. The priority value is 3 bits (bits 0-2) of the TOS field in the IP header of the transmitted packet.
* **Differentiated Services Code Point (DSCP)** - a six-byte field, which was supposed to be the main marking of DiffServ: a certain value (code) is written into it, which, within a given DS domain, characterizes the specific class of service required by the packet and its discarding priority.
* **Serialization** - converting packets into a stream of bits at the output of the interface.
* **Packet Marking** - this is used to determine whether a packet belongs to a certain class, the marking is recorded in the header (IP, MPLS, 802.1q).
* **Tail Drop** - it is a queue management mechanism that discards all newly arrived packets that do not fit into the buffer.
* **Head Drop** - this mechanism discards packets that have been in the queue for a very long time (ahead), since they most likely will not have time to arrive on time, it is better to give new packets a chance.
* **The Leaky bucket algorithm** - the algorithm, the mechanics of which is that packets arrive in a conditional bucket, and they leave at a constant bit rate. When the bucket is full, new packets begin to be discarded. The throughput is determined by a given speed limit, which is measured in bits per second. The volume of the bucket, its fullness and output speed determine the delay introduced by the shaper.
* **The Token Bucket Algorithm** - an algorithm whose main task is to pass traffic that fits into the restriction and discard it if not. For this algorithm, it is important to allow bursts of traffic, since this algorithm does not buffer anything.
* **Traffic shaping** - one of the approaches to limiting the speed limits it by buffering excess traffic. All incoming traffic passes through the buffer and leaves it at a constant rate. If the throughput rate is lower than the rate of receipt, then packets begin to accumulate, waiting for their turn.
* **Traffic policing** - one of the approaches to limiting the speed limits it by discarding excess traffic.
:::info
2. Configure your network as you decided earlier. After your network is configured, try to set a speed limitation (traffic shaping) between the two hosts.
:::
Through WinBox, we connect to the router, and add new lines in the Queues settings:
<center>
Figures 4, 5 - Settings
</center>
:::info
3. Run a bandwidth testing tool, see what is the max speed you can get and verify your speed limitation. Compare the speed between the different hosts.
:::
While I was updating the hosts and installing iperf3 (a rather long process), I noticed that the data transfer rate on the interface (Tx Rate) does not exceed 1 megabit per second (but still the speed of e0 - from MikroTik to the Internet is about 2 Mbps). At this stage, I have removed the speed limit settings so that nothing slows down the installation, but it seems that GNS3 copes with bandwidth control better than me.
<center>
Figure 6 - A little observation
</center>
Commands to use iperf3:
```
#on PC1 as a server
iperf3 -s -f K
#on PC2 as a client
iperf3 -c 10.6.1.2
```
<center>
Figure 7 - Checking with network bandwidth limits
</center>
:::info
4. While your bandwidth test is still running, try to download a file from one host to the other host and see what is the max speed you can get.
:::
I found a random file that was lying somewhere on the examples [site](https://speedtest.selectel.ru/) - 10MB. The algorithm of actions is as follows: on PC2, we pull out the file with the wget command, raise the ssh server, copy the file via ssh to the directory on the PC1 host.
```
#PC1:
sudo iftop
#PC2
wget -O /dev/null https://speedtest.selectel.ru/10MB
sudo apt install openssh-server
scp /home/ubuntu/10MB ubuntu@10.6.1.2:/home/ubuntu
```
<center>
Figure 8 - SSH Downloading
</center>
:::info
5. Deploy and verify your QoS rules to prioritize the downloading of a file (or any other scenario) over the bandwidth test.
:::
To set the priority, we first need to label the packets we need, as you can see in the screenshot below: all packets passing through ssh received labeling and priority (I judge by how much traffic was transmitted, it is just equal to 10MB of the test file).
<center>
Figure 9- Add rules in Mangle (webfig)
Figure 10 - Testing bandwidth
</center>
:::info
6. What is the difference between the QoS rules to traffic allocation and priority-based QoS? Try to set up each of them and show then them. In which tasks of this lab do you use one or the other?
:::
I think the main difference is that when distributing traffic, we allocating its entire flow between devices, and in the case of traffic prioritization, we label packets of necessary technologies/protocols originating from all devices (for example VoIP) so that priority tasks are served first. That is, there are no priority devices, there are priority applications that are very sensitive to network interference.
In the previous (2.5) task, I used SSH traffic prioritization. To do this, packets originating from port 22 were marked, and then received priority service in the queue.
And I think the speed limit is the distribution of traffic, when we can set a minimum guaranteed bandwidth for each traffic stream.
:::info
8. Try to answer the question: packet drops can occur even in an unloaded network where there is no queue overflow. In what cases and why does this happen?
:::
This happens in cases when short-term bursts occur, for example, when the host has started receiving traffic from several applications at once, or when there is a significant difference between the bandwidth of two interfaces (1 GB/s and 50 MB/s, for example). In this case, packets from the sender will accumulate in the buffer of the node closest to the recipient.
## Task 3 - QoS verification & packets analysis
:::info
1. How can you check if your QoS rules are applied correctly? List and describe the various methods.
:::
* We can use a marked ping.
* Or using the access-list for a specific interface, we can analyze the presence of labeled packets in traffic. In, we can use the priority name or its number as an argument.
* For example, we can use WireShark on the incoming and outgoing ports of the router on which QoS is configured in order to analyze the order of packets.
## References:
1. [GNS3 link speed discussion](https://gns3.com/community/featured/gns3-link-speed)
2. [Test network throughput in Linux: iperf3](https://www.tecmint.com/test-network-throughput-in-linux/)
3. [About iftop](http://rus-linux.net/MyLDP/consol/iftop-Network_Bandwidth_Monitoring_Tool.html)
4. [MikroTik Mangle](https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle)
5. [QOS-Enabled Networks: Tools and Foundations](http://what-when-how.com/category/qos-enabled-networks/)
Sign in with Wallet
Connect another wallet