Cluster (10 MDs)
We are getting reports of users having issues with videoconferencing, this seems to be particularly bad for Zoom users. It's the start of term so there's a lot of 'noise' and it's hard to know what are real issues and what are the usual kinds of end user problems. But it has prompted us to look at what we can do to mitigate this kind of thing.
I'm new to the classification side of things, I know UCC is designed to help with this. Is there anything we can/should do a) specifically for Zoom? b) in general for video calls and the like (eg is there a VRD for this? I couldn't see one).
There are some improved classifications for Zoom in 8.7, but it only identifies it, it does not provide QOS that I am aware of.
If you wanted to do this the quick and dirty way, I would define a netdestination of *.zoom.us and prioritize traffic to and from that destination.
Thanks Colin, that's very useful. We might try that as it looks like this is a problem at the moment.
So would we set the queue to high for that destination in an ACL (I'm just looking at an existing facetime-acl on the system)?
This is a sample of what I have:
ip access-list session zoom
any alias zoom any permit disable-scanning queue high tos 46 dot1p-priority 7
alias zoom any any permit disable-scanning queue high tos 46 dot1p-priority 7
access-list session global-sacl
access-list session zoom
access-list session allowall
This would only mark the QOS from the AP to the client. If you have other problems going on with your wireless, this is not a silver bullet.
You can type "show firewall dns-names" on the MD to see if it is indeed learning all of the zoom URLs ip addresses to mark the traffic properly.
You could also choose a client and type "show datapath session table <ip address of client>" on the MD to see if any traffic is being marked with the dscp markings above.
This is great, thanks for the details Colin, we'll try that out.
Just one more quick question - as the SSID is tunnelled does that mean QoS on the switchport (of the switch the AP is connected to) is irrelevant?
The outer header of the GRE frame will have the QOS marking when it is on the wired network. If your wired network is configured to grandfather and prioritize packets marked with QOS, that traffic will also be prioritized on your wired network. The configuration I posted will provide QOS on the wireless medium which is the primary point of contention. You would also have to configure your wired network, as stated, to provide proper end-to-end QOS.
Ok, that's great, unfortunately we're in a federated environment, so only in control of some LANs, so I guess there's a limit to what we can do in those cases. We'll try your config as a starter. I think there is some QoS config on the switches we manage, so we may be good there.
config tnetdestination zoom description "Zoom" name *.zoom.usip access-list session zoom any alias zoom any permit disable-scanning queue high tos 46 dot1p-priority 7 alias zoom any any permit disable-scanning queue high tos 46 dot1p-priority 7 user-role Production access-list session global-sacl access-list session zoom access-list session allowall
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.