FIFTY (50%) of consumer Internet traffic is video and do you know what it is doing to Quality of Service on your network? Do you think all of those new BYOD applications are being put to good use during company time? Are you afraid to find out or excited to become more aware through the use of NetFlow capable switches? Run if you’re scared or read on if you want to learn more…..
Even if you don’t care so much about where people are going on the company’s network, you should care about the priority of business applications on the network. After all, these applications are why the network was built and maintained. Here’s a question for someone: if there is a pinch in network bandwidth, what gets priority? In other words, if bandwidth consumption is at an all-time high, does the video I’m downloading from youtube.com get the same priority as the 50 people connected to Salesforce.com? What about the voice traffic? Does it get priority over my youtube habits? Does voice get priority over the traffic to salesforce.com?
Of course, many network administrators prioritize this type of traffic. There are a few different ways. One way is to prioritize based on physical interfaces or MAC addresses but, these priorities loose their value after the first hop and therefore are not ideal.
One of the ideal ways to enforce traffic priorities is through the use of DSCP or ToS in combination with server IP address. For example, all voice traffic to and from the PBX gets a DSCP priority value of 2C. As this traffic enters your NetFlow capable switch, the packet switching engine prioritizes the forwarding of DSCP traffic marked with 2C. The traffic headed for the cloud service salesforce.com could be marked as EF. These DSCP priority levels should be carefully thought through as some people mark voice as EF and other business priority traffic as CS5. All the other traffic is prioritized as “best effort” or a DSCP value of 0.
This is not to say that traffic marked as DSCP 0 will not get through during VoIP congestion, au contraire. The NetFlow capable switch can be configured to set aside a certain amount of guaranteed EF, CS5 and 0 DSCP marked traffic. Talk to your vendor for details. In the meantime, read up on the history of DSCP which has its roots in Type of Service (ToS) field. A good article to start with is ToS, DSCP and NetFlow which takes the reader through a 20 year evolution of the prioritization history on these 8 bits in a IP datagram.
You definitely want to do some homework before configuring DSCP priorities because you can over due it. Generally 3-5 priorities is ample.
Don’t forget that after you finish implementing your DSCP priorities, you will need a way to check in on traffic to make sure rogue applications aren’t sneaking in and stealing bandwidth. Network traffic monitoring is best addressed with NetFlow and IPFIX from a NetFlow capable switch. Why? Because if you have BYOD devices on the network, the integration between NetFlow and Mobile IAM makes monitoring BYOD traffic easy. The added security of forcing people to authenticate onto the network is also smart.