When installing Skype for Business it is important to consider how you are going to guarantee a level of consistent service to your consumers. Out of the box Skype for Business does not use any Quality of Service (QoS) methodologies. However, it does support them. Skype for Business uses Differentiated Services Code Point or DSCP for short as the method of classifying types of traffic into priority groupings. These groupings are then used to prioritise packet transmission across the LAN. How DSCP works at very high level is simply by marking each packet of data identified by source and/or destination port (usually) with a value. The DSCP marking is encapsulated into the network packet and transmitted over the LAN. Whilst the packet is in transit, switches and routers can read these values and determine how best to transport and deliver the packet to the destination. For instance, traffic passing through the network that is marked with a DSCP value of 0 are delivered to the destination with best effort. This means that the network switches will try their best to deliver the packet but cannot guarantee it because of congestion, packet loss or other network impairments. Think of this as the cheapest form of postal service possible that you would use to send a Christmas card to your distant cousin you see once a decade.
At the other end of the scale, traffic marked with a DSCP value 46 are considered to be extremely important and must be delivered on time and guaranteed to reach the destination. This is called Expedited Forwarding or EF. Network switches determine any traffic entering the EF queue to be so important that they will temporarily suspend all best effort traffic in order to deliver the packet to the next hop and eventually the destination before resuming normal transmission. This is like hand delivering your Christmas card to your 90 year old Grandma. Now in between the two extremes of 0 (unclassified) and 46 (Expedited) there are other intermediate classifications that are used for important traffic but not considered absolutely critical. These classifications are grouped by Assured Forwarding (AF). Assured Forwarding has a few sub classifications that can be used to classify packet priority within its own classification. For instance, a network packet containing a video stream is considered to be less important than audio, but more important than a packet containing file data. Using the AF sub classifications we can sufficiently separate video from file data and prioritise the video stream above the file data.
Taking Skype for Business in to consideration specifically, we need to classify UDP data streams with sufficient priority to guarantee delivery. This collectively means Audio, Video and Media. However, Audio is by far the most important and relies heavily on data packet reaching the destination. If it fails, then you are going to have some “fun” in trying to understand the conversation. Video is less important and although UDP can cope with small amounts of packet loss. Therefore, not considered as important as Audio. The worst experience you will get is either pixelated video or buffering. Application Sharing, typically uses less bandwidth than video and is considered to be less important than video too. Therefore although more important than sending an email for instance, less critical to deliver exactly. Classifying SIP signalling, this is a source of many arguments. SIP is transferred using TCP, which by nature will deal with packet loss and resend if not received. Therefore, you could argue that SIP is delivered using Best Effort. However, you could experience slow call setup, e.g. response time to dialling, hold and transfer etc. So in my opinion (and it’s only an opinion) we should be classifying SIP traffic above video.
Below is a table of common DSCP values used with Skype for Business
Value | Meaning | Drop Probability | Precedence Value | Used For |
0 | Best Effort | High | routine | Non Sfb Traffic |
14 | AF13 | High | priority | File Transfer Data |
24 | CS3 | Medium | flash | Application Sharing Data |
34 | AF41 | Low | flash override | Video |
40 | CS5 | Almost None | critical | SIP Signalling |
46 | EF | None | critical | Audio |
At this point I am going to declare that this is as detailed as I am going into QoS as a subject. It is a massive topic (I have seen the Cisco QoS book and almost fainted!) and to be honest this is my limit of understanding. However, this is all you need to know when setting up Skype for Business Quality of Service as we have out Cisco friends (other vendors are available) who know far more about this topic and would be more than capable in configuring their switches to support DSCP right?
This leads on to one important statement on Skype for Business QoS: QoS will only work in Skype for Business IF the network it runs on has been properly configured to support DSCP. Configuring Skype for Business to support QoS without the network to back it up, is a pointless and needless administration task. Therefore, talk to your Cisco friends, buy them a beer and a burger and ask them nicely to consider enabling QoS on their network. Don’t just walk up to them and say JFDI for instance J
So how do we set Skype for Business up for QoS?
Within Skype for Business, there are several modalities that need configuring for QoS. These are:
- Conferencing Servers
- Mediation Servers
- Application Servers
- Edge Servers
- Client Applications
- Media
Each Edge, Conferencing, Mediation and Application server have independent configurations, where the Media and Client applications have a global configuration. This means, that each of the servers requires its own specific configuration. It is important that the values you set are consistently replicated across all modalities. Do not mix and match or your QoS just won’t work.
First we need to set the port ranges for the different traffic we expect from Skype for Business. These are:
- Audio Port Ranges
- Video Port Ranges
- Application Sharing Port Ranges
- File Transfer Port Ranges
It is important that these port ranges do not overlap each other. If they did, then traffic would get marked incorrectly and could have an impact on your QoE.
Setting the Application Server Port Ranges (Complete on Each Server Type in topology)
The Application Server uses Audio, Video and Application Sharing port ranges. The default settings allow an overlap between the audio and application sharing ports. In fact, they start and end at exactly the same point. Therefore, we need to separate these from each other. We do this by PowerShell command.
Set-CsApplicationServer –Identity server1.domain.local –AppSharingPortStart 40803 –AppSharingPortCount 8348
Why this range? Well the default port range is 49152-57500 for both the audio and application modality. Subtracting 49152 from 57500 equals 8348 available ports. Therefore 49151 – 8348 = 40803 and this gives us the starting port for application sharing.
Setting the Conferencing Server Port Ranges (Complete on Each Server Type in topology)
The Conferencing Server uses Audio, Video and Application Sharing port ranges. Like the Application Server the default settings allow an overlap between the audio and application sharing ports. Again, they start and end at exactly the same point. Therefore, we need to separate these from each other. We do this by PowerShell command
Set-CsConferenceServer –Identity server1.domain.local –AppSharingPortStart 40803 –AppSharingPortCount 8348
Setting the Mediation Server Port Ranges (Complete on Each Server Type in topology)
The Mediation server uses Audio ports only. These ports should match the ranges you set above and will typically bet 49152-57500
Set-CsMediationServer –identity server2.domain.local –AudioPortStart 49152 –AudioPortCount 8348
Setting the Edge Server Port Ranges
There are no ports to change for the Edge Server.
Enabling QoS for Media
In order to enable Skype for Business to monitor for QoS markings we need to enable it.
Set-CsMediaConfiguration –EnableQoS $true –EnableInCallQoS $True
Enabling the Client for QoS
To enable the desktop client for QoS we need to set the port ranges it can use for Audio, Video, App Sharing and File Transfer. By default the client will use any free port from 1 – 65535 to send traffic. Therefore we need to create static port ranges for each traffic payload. We can do this by editing the conferencing configuration using PowerShell
Set-CsConferencingConfiguration –Identity Global –ClientMediaPortRangeEnabled $True –ClientMediaPort 5350 –ClientMediaPortRange 40 –ClientAudioPort 50020 –ClientAudioPortRange 20 –ClientVideoPort 58000 –ClientVideoPortRange 20 –ClientAppSharingPort 42000 –ClientAppSharingPortRange 20 –ClientFileTransferPort 42020 –ClientFileTransferPortRange 20
Now we have successfully configured all the port ranges, we need to tie it together and tell the servers and clients to look for traffic passing over these ports and classify them accordingly with the correct DSCP value, so our friendly Cisco switches know what to do with the packet. We do this using Group Policy. We need to create 2 GPOs, one for the servers and one for the clients. Edge servers have their own unique settings which we will come on to later
Server Port Range Recap with DSCP Value
Port Type | Port Range | DSCP Value |
Server Audio | 49152:57500 | 46 |
Server Video | 57501:65535 | 34 |
Server Application Sharing | 40803:49151 | 24 |
SIP Signalling | 5060:5069 | 40 |
Creating the Server GPO
- Create a GPO using Group Policy Management Console and link it to your Skype for Business Server Organizational Unit.
- Expand Computer Configuration, Policies, and then Window Settings
- Click on Policy Based QoS
- Right Click and create a new policy
- In the new policy wizard, give the policy a name for Example “Skype for Business Server Audio”. Assign the DSCP Value of 46 (from the table above) and press next
- Leave the next screen as default and press next
- Leave the next screen as default and press next
- From the Protocol selection, choose TCP and UDP and Select “From this Source Port number or Range”. Enter the range 49152:57500 (from the table above) press finish
Now repeat the process using the above steps and table for SIP Signalling, Server Video and Application Sharing. Your Policies should look similar to this:
Client Port Ranges with DSCP Values
Port Type | Port Range | DSCP Value |
SIP Signalling | 5060:5069 | 40 |
Client Audio | 50020:50039 | 46 |
Client Video | 58000:58019 | 34 |
Client Application Sharing | 42000:42019 | 24 |
Client File Transfer Sharing | 42020:42039 | 14 |
Client Media Port | 5350:5389 | 34 |
Creating the Client GPO
Using an almost similar method to the server GPO
- Create a GPO using Group Policy Management Console and link it to your Skype for Business Server Organizational Unit.
- Expand Computer Configuration, Policies, and then Window Settings
- Click on Policy Based QoS
- Right Click and create a new policy
- In the new policy wizard, give the policy a name for Example “Skype for Business Server Audio”. Assign the DSCP Value of 46 (from the table above) and press next
- Change the Application the policy applies to from All to specific and enter lync.exe
- Leave the next screen as default and press next
- From the Protocol selection, choose TCP and UDP and Select “From this Source Port number or Range”. Enter the range 49152:57500 (from the table above) press finish
Now repeat the process using the above steps and table for SIP Signalling, Video, File Sharing and Application Sharing. Your Policies should look similar to this:
Configuring the Edge Servers
For each Edge server you must edit the local machine policy as these will not be domain joined and therefore will not pick up centrally managed GPOs. On each Edge server edit the local policy using gpedit.msc and navigate to the Policy based QoS settings section.
Create 2 policies, one for audio and one for video in the same manner as you created the server policy above
Because the Edge server will have multiple network adapters we need to add a registry key into each edge in order to enable QoS for multiple network adapters
Using RegEdit, navigate to the following location
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip
Add a new Registry Key called QoS
Within this key add a new string value called “Do not use NLA” and set the Data value to 1 like below
Reboot the Edge Servers. Once this is complete you have successfully setup Skype for Business for Quality of Service.
For those of you still reading, a reward is in sight, here is a script that will set the port ranges for you for all your servers and clients