QoS Design - bulk traffic

Unanswered Question
May 25th, 2009

I'm desiging a campus QoS policy currently and typically SMB/Netbios makes up a signifiacnt % of the traffic. Within this much of the traffic will be file transfer which I would expect to match to the QoS classification 'Bulk Traffic'.

However, 'Bulk Traffic' is normally marked as COS 1 which on some switches (29/35 XL, 3550) means it shares the same queue & threshold as scavenger traffic. This could lead to a scenario in which a network based attack takes place and the scavenger traffic throttles the SMB/Netbios traffic.

Further still, SMB/Netbios supports many key MS services so it can be difficult to separate key Netbios/SMB flows out from pure file transfer traffic. It would be detremental to end users to downgrade services such as netlogon.

With this in mind do you think SMB/Netbios is better classified as Best Effort rather than Bulk Traffic?

The SRND is not particularly explicit on this subject adn I haven't found any other best practice policies indicating what to do here. I suspect this should be in a MS tech doc somewhere.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joseph W. Doherty Tue, 05/26/2009 - 03:18

Part of the situation you describe can be even worse. CS1/AF1x/IPPrec1 is, on many Cisco devices that provide QoS, is often defaulted into the same class as best-effort or even treated better (e.g. WFQ). The solution, either override default QoS for the marking and/or swap BE with CS1/IPPrec1.

For you concern about one set of traffic markings, which shares physical QoS class processing with other marked traffic, and the impact this can have against other traffic, is valid, even when not dealing with some kind of DoS. This, though, can sometimes be addressed by additional QoS features provided by the device. For instance, you might drop congestion sooner for one type of traffic over another that share the same queue. Or, perhaps you have an explicit policer for one kind of traffic.

The "multiplex" functions for MS NetBIOS/SMB is also a problem. I would suggest treating the traffic logically as best effort. On routers, that support FQ, placing NetBIOS/SMB into FQ goes far from one individual flow adversely impacting others. On most LANs switches, it's often difficult to deal properly with NetBIOS/SMB using QoS device features but generally bandwidth is usually both more plentiful and inexpensive.


Keep in mind, that QoS RFCs and SRNDs are really suggestions. They shouldn't be disregarded but the real purpose for QoS is to provide the necessary performance for your traffic in your environment. I.e. the goal of QoS is to make it work for you, not you work for QoS.


This Discussion