When under our responsibility we have servers with Windows Server, and in general Windows systems, it is ideal to know in detail the various options that we have available for its correct and optimal administration ..
In the specific case of Windows Server, there is a topic to which we rarely pay the necessary attention and it is everything associated with the quality of service directives which have been designed to optimize administrative work and always offer the best solutions in terms of the benefits and use of the server.
TechnoWikis will make a complete analysis of what role these directives fulfill and what benefits they provide us as administrators and IT support personnel..
What are the service quality directives
Quality of service policies, QoS (Quality of Service), can be used as a central point of network bandwidth management which covers the entire Active Directory infrastructure through the creation of QoS profiles, whose configuration it is distributed with group policy at a general level.
QoS policies can be applied to a computer or a user login session that is part of a Group Policy Object (GPO) which is linked to an Active Directory container, such as a domain, a site or an organizational unit (OU).
QoS traffic management occurs below the application level, which means that existing applications do not need to be modified to take advantage of QoS policies..
Supported operating systems
Quality of service policies can be applied to the following Microsoft operating systems:
Location of quality of service policies
To access create, edit or delete these directives in Windows Server 2016, we will use the following key combination and in the displayed window we will execute the command gpedit.msc, press Enter.
In the displayed window we will go to the following route:
By default, no QoS policy is configured in Windows Server 2016.
How the QoS Policy Works
Knowing itself that it is a service quality directive, we will see how the quality directive or QoS works. There are some scenarios where QoS operate, these are:
When you start or run the updated Computer Configuration Group Policy settings for QoS or User, a process occurs that consists of the following steps:
- The Group Policy Engine retrieves the Group Policy settings from an Active Directory user or computer setting.
- The Group Policy Engine reports the QoS client-side extension indicating that there were changes to the QoS policies.
- The QoS client-side extension sends a notification of QoS policy events to the QoS inspection module in Windows Server.
- The QoS Inspection Module retrieves these QoS User or Equipment Policies and stores them locally.
When a packet belonging to the end of the transport layer marked with a flow number is sent, the following process occurs:
- The transport layer internally marks the package with the flow number.
- The network layer queries the Pacer.sys file for the DSCP value corresponding to the flow number of the assigned packet.
- Pacer.sys returns the DSCP value to the network layer.
- The network layer modifies the IPv4 or IPv6 addressing procedure field to the DSCP value assigned by Pacer.sys and, for IPv4 packets, computes the final IPv4 header checksum.
- The network layer delivers the packet to the frame layer.
Why should we use these QoS directives
There are a few reasons why the use of QoS helps us take better control over many aspects of IT infrastructure, but the focus of QoS is on the network, because network traffic is not simple to prioritize and manage.
Remember that, at the network level, many applications must compete for network bandwidth against the lowest priority traffic for their optimization, in the same way, some users and equipment with specific network performance may require different levels of service based on their functions.
QoS policies are the network bandwidth management tool that gives us control of the network, based on applications, users and computers developed by Microsoft.
By using QoS directives, applications do not need to be written in interface programming (APIs), since we can use QoS with existing applications. In addition to this, QoS policies take advantage of the existing management infrastructure, because policy-based QoS is integrated into the local group policy that we have designed in Windows Server 2016.
Priorities in QoS quality directives
When QoS policies are implemented, it is possible to create QoS policies that define the priority of network traffic with a Differentiated Services Code Point (DSCP) value which is assigned to different types of network traffic.
The DSCP value allows a value (0–63) to be applied within the Type of Service (TOS) field in the header of an IPv4 packet and within the field of IPv6 traffic class.
The DSCP value allows you to identify the classification of network traffic at the Internet Protocol (IP) level, making it possible for routers to decide the available queue behavior traffic for optimization.
In essential network traffic, the high priority queue takes precedence over other traffic.
Another advantage when implementing QoS policies is the ability to limit outgoing application network traffic by specifying an acceleration rate based on QoS policy.
A QoS policy has the ability to determine the speed of outgoing network traffic. For example, to manage WAN costs, an IT department may implement a service level agreement stating that a file server can never provide downloads beyond a specific type or assigned size, so we will control centralized network use.
General benefits of service quality directives
Among the various advantages we have when using QoS we have:
- Level of Detail: QoS policies make it easy to configure a QoS policy for a user on a domain controller and to propagate this policy to the user's computer.
- Flexibility: Regardless of where and how a computer connects to the network, the QoS policy will be applied to it, for user-level QoS policies, the QoS policy is applied on any compatible device in any location where the user login which shows its scope.
- Security: If user traffic is encrypted from start to finish using Internet Protocol Security (IPsec), you cannot classify traffic to routers in all the information about the IP layer in the packet. However, using the QoS policy, it is possible to classify packets on the end device to indicate the priority of the packets in the IP header before the IP loads are encrypted and the packets are sent.
- Performance: Some QoS functions, such as "limiting", perform best when they are closer to the origin. QoS Policy moves those QoS functions closer to the origin.
- Ease of use: Using QoS policies improves network manageability thanks to its ease of implementation.
Quality of Service Policy Architecture
When using a QoS directive we will have the following architecture:
- Group Policy Client Service: Refers to a Windows service that manages Group Policy settings for user and computer settings.
- Group Policy Engine: It is a component of the Group Policy Client service responsible for retrieving the Group Policy settings from Active Directory Users and Computers settings, at startup it looks for changes (by default every 90 minutes) and, If changes are detected, the Group Policy Engine retrieves the new Group Policy settings. The Group Policy Engine processes incoming GPOs and reports the QoS client-side extension when QoS policies are updated.
- QoS Client Side Extension: This is a Group Policy Client service component that waits for an indication from the Group Policy Engine that QoS policies have changed and reports to the QoS Inspection Module.
- TCP / IP Stack: The TCP / IP stack includes built-in support for IPv4 and IPv6 and supports the Windows filtering platform.
- QoS Inspection: E a component of a TCP / IP stack module that expects QoS indications at the level of QoS client-side extension policy changes, and retrieves the QoS policy settings and interacts with the transport layer and Pacer.sys to mark traffic matching QoS policies internally.
- NDIS 6.x: It is a standard interface between kernel-mode network drivers and the operating system on Windows client and server operating systems. NDIS 6.x supports lightweight filters, which is a simplified driver model for NDIS miniport drivers and intermediate drivers that provides better performance.
- QoS Network Provider Interface (NPI): It is an interface for kernel-mode drivers to interact with Pacer.sys.
- Pacer.sys: Refers to a NDIS 6.x light filter driver responsible for controlling policy-based QoS packet scheduling and for application traffic using Generic QoS (GQoS) and Traffic Control (TC) API. Pacer.sys had replaced Psched.sys in Windows Server 2003 and Windows XP. Pacer.sys is installed with the QoS Packet Scheduler component in the properties of a network connection or adapter.
The following image shows the policy-based QoS architecture :
How to create a QoS policy in Windows Server 2016
To create a new QoS policy in Windows Server 2016 we will right-click on "QoS based on policy" and select the option "Create new policy":
The following wizard will be displayed where we can define two options:
Specify the DSCP value
The DSCP value allows you to define the priority of outgoing network traffic, we can use this option to configure a QoS policy with a specific value of Differentiated Services Code Point (DSCP). As described in RFC 2474, DSCP can specify values from 0 to 63 within the Type of Service (TOS) field of an IPv4 packet, as mentioned earlier. Network routers use the value of DSCP to classify network packets and determine the appropriate queue. A higher value indicates a higher priority for the available packet. By default, the Specify DSCP value check box is selected and its value is 0.
Specify throttle output speed
Thanks to this option it will be possible to limit network traffic or use of local broadband. We can use Specify Throttle Speed to configure a QoS policy with a throttle speed for outgoing traffic. By default, the Specify throttle speed box is not active in Windows Server 2016. With the limit, a QoS policy will limit outgoing network traffic to a specified speed. Both DSCP boundary and dialing can be used together to manage traffic seamlessly across the organization.
In this example we have indicated that the maximum output value is 256 KB, we can specify MB, and thus we have created a policy to restrict local bandwidth.
By clicking Next we can define to whom this QoS directive will apply:
In the same way we define the IP addresses:
Finally we can define ports and protocols:
As we see, QoS QoS policies are a reliable and simple alternative to centrally manage all network traffic in the organization.