Skype for Business : Configuring Quality of Service (QoS)

When installing Skype for Business it is important to consider how you are going to guarantee a level of consistent service to your consumers. Out of the box Skype for Business does not use any Quality of Service (QoS) methodologies. However, it does support them. Skype for Business uses Differentiated Services Code Point or DSCP for short as the method of classifying types of traffic into priority groupings. These groupings are then used to prioritise packet transmission across the LAN. How DSCP works at very high level is simply by marking each packet of data identified by source and/or destination port (usually) with a value. The DSCP marking is encapsulated into the network packet and transmitted over the LAN. Whilst the packet is in transit, switches and routers can read these values and determine how best to transport and deliver the packet to the destination. For instance, traffic passing through the network that is marked with a DSCP value of 0 are delivered to the destination with best effort. This means that the network switches will try their best to deliver the packet but cannot guarantee it because of congestion, packet loss or other network impairments. Think of this as the cheapest form of postal service possible that you would use to send a Christmas card to your distant cousin you see once a decade.

At the other end of the scale, traffic marked with a DSCP value 46 are considered to be extremely important and must be delivered on time and guaranteed to reach the destination. This is called Expedited Forwarding or EF. Network switches determine any traffic entering the EF queue to be so important that they will temporarily suspend all best effort traffic in order to deliver the packet to the next hop and eventually the destination before resuming normal transmission. This is like hand delivering your Christmas card to your 90 year old Grandma. Now in between the two extremes of 0 (unclassified) and 46 (Expedited) there are other intermediate classifications that are used for important traffic but not considered absolutely critical. These classifications are grouped by Assured Forwarding (AF). Assured Forwarding has a few sub classifications that can be used to classify packet priority within its own classification. For instance, a network packet containing a video stream is considered to be less important than audio, but more important than a packet containing file data. Using the AF sub classifications we can sufficiently separate video from file data and prioritise the video stream above the file data.

Taking Skype for Business in to consideration specifically, we need to classify UDP data streams with sufficient priority to guarantee delivery. This collectively means Audio, Video and Media. However, Audio is by far the most important and relies heavily on data packet reaching the destination. If it fails, then you are going to have some “fun” in trying to understand the conversation. Video is less important and although UDP can cope with small amounts of packet loss. Therefore, not considered as important as Audio. The worst experience you will get is either pixelated video or buffering. Application Sharing, typically uses less bandwidth than video and is considered to be less important than video too. Therefore although more important than sending an email for instance, less critical to deliver exactly. Classifying SIP signalling, this is a source of many arguments. SIP is transferred using TCP, which by nature will deal with packet loss and resend if not received. Therefore, you could argue that SIP is delivered using Best Effort. However, you could experience slow call setup, e.g. response time to dialling, hold and transfer etc. So in my opinion (and it’s only an opinion) we should be classifying SIP traffic above video.

Below is a table of common DSCP values used with Skype for Business

Value

Meaning

Drop Probability

Precedence Value

Used For

0

Best Effort

High

routine

Non Sfb Traffic

14

AF13

High

priority

File Transfer Data

24

CS3

Medium

flash

Application Sharing Data

34

AF41

Low

flash override

Video

40

CS5

Almost None

critical

SIP Signalling

46

EF

None

critical

Audio

At this point I am going to declare that this is as detailed as I am going into QoS as a subject. It is a massive topic (I have seen the Cisco QoS book and almost fainted!) and to be honest this is my limit of understanding. However, this is all you need to know when setting up Skype for Business Quality of Service as we have out Cisco friends (other vendors are available) who know far more about this topic and would be more than capable in configuring their switches to support DSCP right?

This leads on to one important statement on Skype for Business QoS: QoS will only work in Skype for Business IF the network it runs on has been properly configured to support DSCP. Configuring Skype for Business to support QoS without the network to back it up, is a pointless and needless administration task. Therefore, talk to your Cisco friends, buy them a beer and a burger and ask them nicely to consider enabling QoS on their network. Don’t just walk up to them and say JFDI for instance J

So how do we set Skype for Business up for QoS?

Within Skype for Business, there are several modalities that need configuring for QoS. These are:

  • Conferencing Servers
  • Mediation Servers
  • Application Servers
  • Edge Servers
  • Client Applications
  • Media

Each Edge, Conferencing, Mediation and Application server have independent configurations, where the Media and Client applications have a global configuration. This means, that each of the servers requires its own specific configuration. It is important that the values you set are consistently replicated across all modalities. Do not mix and match or your QoS just won’t work.

First we need to set the port ranges for the different traffic we expect from Skype for Business. These are:

  • Audio Port Ranges
  • Video Port Ranges
  • Application Sharing Port Ranges
  • File Transfer Port Ranges

It is important that these port ranges do not overlap each other. If they did, then traffic would get marked incorrectly and could have an impact on your QoE.

Setting the Application Server Port Ranges (Complete on Each Server Type in topology)

The Application Server uses Audio, Video and Application Sharing port ranges. The default settings allow an overlap between the audio and application sharing ports. In fact, they start and end at exactly the same point. Therefore, we need to separate these from each other. We do this by PowerShell command.

Set-CsApplicationServer –Identity server1.domain.local –AppSharingPortStart 40803 –AppSharingPortCount 8348


Why this range? Well the default port range is 49152-57500 for both the audio and application modality. Subtracting 49152 from 57500 equals 8348 available ports. Therefore 49151 – 8348 = 40803 and this gives us the starting port for application sharing.

Setting the Conferencing Server Port Ranges (Complete on Each Server Type in topology)

The Conferencing Server uses Audio, Video and Application Sharing port ranges. Like the Application Server the default settings allow an overlap between the audio and application sharing ports. Again, they start and end at exactly the same point. Therefore, we need to separate these from each other. We do this by PowerShell command

Set-CsConferenceServer –Identity server1.domain.local –AppSharingPortStart 40803 –AppSharingPortCount 8348


Setting the Mediation Server Port Ranges (Complete on Each Server Type in topology)

The Mediation server uses Audio ports only. These ports should match the ranges you set above and will typically bet 49152-57500

Set-CsMediationServer –identity server2.domain.local –AudioPortStart 49152 –AudioPortCount 8348


Setting the Edge Server Port Ranges

There are no ports to change for the Edge Server.

Enabling QoS for Media

In order to enable Skype for Business to monitor for QoS markings we need to enable it.

Set-CsMediaConfiguration –EnableQoS $true –EnableInCallQoS $True


Enabling the Client for QoS

To enable the desktop client for QoS we need to set the port ranges it can use for Audio, Video, App Sharing and File Transfer. By default the client will use any free port from 1 – 65535 to send traffic. Therefore we need to create static port ranges for each traffic payload. We can do this by editing the conferencing configuration using PowerShell

Set-CsConferencingConfiguration –Identity Global –ClientMediaPortRangeEnabled $True –ClientMediaPort 5350 –ClientMediaPortRange 40 –ClientAudioPort 50020 –ClientAudioPortRange 20 –ClientVideoPort 58000 –ClientVideoPortRange 20 –ClientAppSharingPort 42000 –ClientAppSharingPortRange 20 –ClientFileTransferPort 42020 –ClientFileTransferPortRange 20


Now we have successfully configured all the port ranges, we need to tie it together and tell the servers and clients to look for traffic passing over these ports and classify them accordingly with the correct DSCP value, so our friendly Cisco switches know what to do with the packet. We do this using Group Policy. We need to create 2 GPOs, one for the servers and one for the clients. Edge servers have their own unique settings which we will come on to later

Server Port Range Recap with DSCP Value

Port Type Port Range DSCP Value

Server Audio

49152:57500

46

Server Video

57501:65535

34

Server Application Sharing

40803:49151

24

SIP Signalling

5060:5069

40

Creating the Server GPO

  1. Create a GPO using Group Policy Management Console and link it to your Skype for Business Server Organizational Unit.
  2. Expand Computer Configuration, Policies, and then Window Settings
  3. Click on Policy Based QoS
  4. Right Click and create a new policy
  5. In the new policy wizard, give the policy a name for Example “Skype for Business Server Audio”. Assign the DSCP Value of 46 (from the table above) and press next
  6. Leave the next screen as default and press next
  7. Leave the next screen as default and press next
  8. From the Protocol selection, choose TCP and UDP and Select “From this Source Port number or Range”. Enter the range 49152:57500 (from the table above) press finish

Now repeat the process using the above steps and table for SIP Signalling, Server Video and Application Sharing. Your Policies should look similar to this:

Client Port Ranges with DSCP Values

Port Type Port Range DSCP Value

SIP Signalling

5060:5069

40

Client Audio

50020:50039

46

Client Video

58000:58019

34

Client Application Sharing

42000:42019

24

Client File Transfer Sharing

42020:42039

14

Client Media Port

5350:5389

34

Creating the Client GPO

Using an almost similar method to the server GPO

  1. Create a GPO using Group Policy Management Console and link it to your Skype for Business Server Organizational Unit.
  2. Expand Computer Configuration, Policies, and then Window Settings
  3. Click on Policy Based QoS
  4. Right Click and create a new policy
  5. In the new policy wizard, give the policy a name for Example “Skype for Business Server Audio”. Assign the DSCP Value of 46 (from the table above) and press next
  6. Change the Application the policy applies to from All to specific and enter lync.exe
  7. Leave the next screen as default and press next
  8. From the Protocol selection, choose TCP and UDP and Select “From this Source Port number or Range”. Enter the range 49152:57500 (from the table above) press finish

Now repeat the process using the above steps and table for SIP Signalling, Video, File Sharing and Application Sharing. Your Policies should look similar to this:

Configuring the Edge Servers

For each Edge server you must edit the local machine policy as these will not be domain joined and therefore will not pick up centrally managed GPOs. On each Edge server edit the local policy using gpedit.msc and navigate to the Policy based QoS settings section.

Create 2 policies, one for audio and one for video in the same manner as you created the server policy above

Because the Edge server will have multiple network adapters we need to add a registry key into each edge in order to enable QoS for multiple network adapters

Using RegEdit, navigate to the following location

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip

Add a new Registry Key called QoS

Within this key add a new string value called “Do not use NLA” and set the Data value to 1 like below

Reboot the Edge Servers. Once this is complete you have successfully setup Skype for Business for Quality of Service.

For those of you still reading, a reward is in sight, here is a script that will set the port ranges for you for all your servers and clients

 

Download Here

 

 

22 thoughts on “Skype for Business : Configuring Quality of Service (QoS)

      1. The ports defined in the Microsoft article are example ports. In reality you can use any of the high end port ranges for your traffic (subject to them not being used by other programs). I recommend you use Pat’s QoS calculator to determine the required number of ports for your deployment size.
        thanks

        Like

  1. Hi, nice article with a direct approach to QoS, Have some questions though:
    Point 8 for both server and client GPOs seems to mismatched values based on the captures, isnt it?
    And the most important, do I need to set client QoS policies if I just want to apply QoS at MCU conferences (not P2P)? Shouldnt it be enough to mark DSCP at the server side? or to ask it another way, Is DSCP marking required both at origin and destination?
    Thanks

    Like

    1. Hi

      Thanks for the spot. The image is right the test not. I will change soon. To answer your other question. QoS will need marking on client and server. Otherwise rtp being received by the client will be QoS marked but rtp leaving the client will not.

      Thanks

      Like

  2. Hi Mark, Great article and script. I was just comparing your settings to the TechNet article I have used in the past https://technet.microsoft.com/en-us/library/jj204681(v=ocs.15).aspx and noticed in the TechNet article when configuring the QOS policy for the A/V Edge Servers it mentions to specify the DESTINATION port number. Your screenshot shows the Source Port has been specified. Can you confirm which is the correct option? Cheers

    Like

    1. Hi Craig. Sorry for the late response. I know the article in question and if in doubt (if it was me) should always follow the Technet guidance. However, that said, I don’t believe that setting the destination port is absolutely necessary or would have a noticable improvement on QoS. Since QoS is decided from the source side it seems a bit of an over configuration in my opinion.

      The only possible reason for doing so would be to “try” to prevent other applications that may use the same port range on the client from being classified for QoS. But then we are setting the application name as Lync.exe so this should never occur anyway. On edges, there should be no other apps anyway so no need to declare app names.

      Ultimately. I guess it comes down to preference. Essentially there is nothing wrong in doing what you have been doing in the past and if you are comfortable with that – then no harm in carrying on.

      thanks

      Mark

      Like

  3. Great Article!

    Is it possible to configure this entire steps via powershell?

    I am looking to automate this process using script. In which I am able to create the new GPOs using the command “New-GPO” but I couldn’t find any commands to edit the GPO to create new group policy for it.

    Any suggestions would be appreciated.

    Thanks,
    Vinoth Kumar Selvaraj

    Like

    1. Hi

      There would probably be a way, but I haven’t figured it out yet. TBH what i do is create a GPO, export it and then import it into all my deployments. I think if you go to Skype validator website and create a topology there, they may give you the commands, but I can’t remember
      thanks

      Like

  4. Hi,
    I tried the skype for business setup with the minimal environment. Due to the resource shortage, I installed skype for business basic in my Active directory server and another skype for business basic in my LSM server. I used to make skype calls between AD to LSM machine.

    When I tried this setup without pushing DSCP value from GPO, everything worked fine. I can make the call and get the appropriate diagnostic data in LSM server.

    But whenever I tried with DSCP policy enabled, I was unable to connect the calls from the AD server.

    Skype basic running on LSM machine shows calls got connected but the Skype basic running on AD machine shows “connecting call..” and failed after some time with an error showing “unable to connect call due to network issue”

    Is there any port related issue am I missing here?
    Kindly, help me with some suggestions!

    Thanks in advance.

    Like

  5. Hi Mark,
    I was wondering how this works in the Office365 environment, (i.e S4B hosted by Microsoft)?

    I can build a physical network with virtual network for VoIP clients, I have access to the internet via a 30Mbs connection to the internet. I can control traffic internally, but what happens when the data leaves my building?

    Sometimes, I just need a little help understanding the technical aspects.

    Many thanks

    David

    Like

    1. Hi David

      When 2 people inside your corpnet make an audio or video call between each other the SIP signalling will go via Office 365, but the media will stay local to your network. So you benefit from QoS in that respect. If you add a 3rd person into that conversation it becomes a conference. In this scenario all signalling and media will go via the MCU which is in Office 365, so will exit over your internet connection and consume bandwidth.

      If you have PSTN voice and want to use Office 365 and Cloud PBX with PSTN Calling, then signalling and media will always flow between client and mediation server in Office 365, consuming your bandwidth there too.

      If you bring PSTN back to on-premises using Cloud Connector Edition and Cloud PBX, the signalling will go via Office 365, but the media will be client to CCE which stays local to your network.

      Hope this helps

      Mark

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s