Saturday, April 19, 2008

How WMM works

WMM works by dividing traffic into 4 access categories: background, best effort, video, voice. QoS policy (different handling of access categories) is applied on transmitted packets, therefore it is transmitting device is treating different packets differently - that is - e.g. AP does not have control over how clients are transmitting packets, and clients do not have control over how AP transmits packets.

Mikrotik AP and client classifies packets based on priority assigned to them, according to table (as per WMM spec): 1,2 - background 0,3 - best effort 4,5 - video 6,7 - voice

To be able to use multiple WMM access categories, not just best effort where all packets with default priority 0 go, priority must be set for those packets. By default all packets (incoming and locally generated) inside router have priority 0.

"Better" access category for packet does not necessarily mean that it will be sent over the air before all other packets with "worse" access category. WMM works by executing DCF method for medium access with different settings for each access category (EDCF), which basically means that "better" access category has higher probability of getting access to medium - WMM enabled station can be considered to be 4 stations, one per access category, and the ones with "better" access category use settings that make them more likely to get chance to transmit (by using shorter backoff timeouts) when all are contending for medium. Details can be studied in 802.11e and WMM specification


How to set priority

Priority of packets can be set using "set priority" action of ip firewall mangle rules and/or bridge firewall filter rules. Priority can be set to specific value or to "ingress priority". Ingress priority is priority value that was detected on incoming packet, if available. Currently there are 2 sources of ingress priority - priority in VLAN header and priority from WMM packets received over wireless interface. For all other packets ingress priority is 0.

Note that ingress priority value is not automatically copied to priority value, correct rule needs to be set up to do this!

So there are basically 2 ways to control/set priority (remember, that both require setting up correct rule(s)!): - assign priority with rules with particular matchers (protocol, addresses, etc), - set it from ingress priority.

This essentialy means that if it is not possible or wanted to classify packets by rules, configuration of network must be such that router can extract ingress priority from incoming frames. Remember there are currently 2 sources for this - VLAN tag in packets and received WMM packets.

Do not mix priority of queues with priority assigned to packets. Priorities of queues work separately and specify "importance" of queue and has meaning only within particular queue setup. Think of packet priority as of some kind of mark, that gets attached to packet by rules. Also take into account that this mark currently is only used for outgoing packets when going over WMM enabled link, and in case VLAN tagged packet is sent out (no matter if that packet is tagged locally or bridged).
Example

For example, in setup

PPPoE server -> WMM AP -> client,

if AP is just forwarding PPPoE traffic (therefore inspecting encapsulated IP packets to match e.g. by protocol is not possible, as packets can be encrypted and compressed), priority must come to AP from PPPoE server in VLAN tag, so you have to use VLAN (between PPPoE server and AP) for this, just to communicate priority information.

Note that you do not have to forward VLAN encapsulated traffic to client - VLAN can be terminated at AP, VLAN tag is needed only when entering AP.

In case AP is PPPoE server itself, there is no need to use VLAN - priority can be set by rules before it is encapsulated in PPPoE.


Priority from DSCP

Another way of setting priority is by using DSCP field in IP header, this can only be done by firewall mange rule "set priority" action. Note that DSCP in IP header can have values 0-63, but priority only 0-7. Effective priority after set from DSCP value will be 3 low bits of DSCP value which is the same as reminder of division by 8. So for example, priority from DSCP values 0,8,16,etc will be 0, from DSCP values 7,15,...,63 - 7.

Remember that DSCP can only be accessed on IP packets!

Note, that to use this feature, DSCP value in IP header should be set somewhere.

It is best to set DSCP value in IP header of packets on some border router (e.g. main router used for connection to internet), based on traffic type. E.g. set DSCP value for packets coming from internet belonging to sip connections to 7, and 0 for the rest. This way packets must be marked only at one place. Then all APs in network set packet priority from DSCP value with just one rule.

In setup:

- border router - - WMM AP - client

border router sets DSCP value for sip traffic, and WMM AP sets priority from DSCP value. Note that in this setup DSCP is set only for traffic _to_ client. Sometimes it can be useful to set also DSCP on traffic coming _from_ client (e.g. if 2 clients connected to different APs are talking between themselves) - this can be done on APs.


Combining priority setting and handling solutions

Complex networks and different situations can be handled by combining different approaches of carrying priority information to ensure QoS and optimize use of resources, based on "building blocks" described above. Several suggestions:

- the less number of filter rules in whole network, the better (faster) - try to classify packets only when necessary, prefer to do that on fast routers as most probably connection tracking will be required.

- use DSCP to carry priority information in IP packets forwarded in your network, this way you can use it when needed.

- use VLANs where necessary, as they also carry priority information, make sure ethernet bridges and switches in the way, if any, are not clearing priority information in VLAN tag. In MT bridges you have to setup bridge firewall rule to set priority from ingress priority for this!

- remember that QoS does not improve throughput of links, it just treats different packets differently, and also that WMM traffic over wireless link will discriminate regular traffic in the air.