Friday, May 13, 2016

QoS Test Tool on Windows 7 (or above)

The Hunt


I was trying to find a packet generator for my customer.  Customer wants to run the packet generator on Windows 7 (or Windows 10) to mark DSCP on outgoing packets.  So he can test QoS policies on Cisco routers.

This would be an easy task if we were to generate packets from a Cisco router.  We just use extended ping and specify TOS values.  See http://routerric.blogspot.com/2010/05/dscp-to-tos-conversion.html

This is also an easy task on Windows XP with the "ping -v" option or Linux with the "ping -Q" option.  See http://robert.penz.name/654/howto-to-quick-test-a-dscp-based-qos-system/

However, this is a not so easy task on Windows 7 (or newer version of Windows) for two reasons:

1) The "-v"  option has been deprecated since Windows 7.  It has no effect on the type of service field in the IP header.

2) Microsoft changed the IP stack in Windows.  Packet generators used to work on Windows XP no longer work on Windows 7.  ("No longer work" meaning lose some functionality, such as DSCP marking).

Due to historical reasons, most of the packet generator apps were originally built on Linux and "ported" to Windows later (e.g. iPerf).  The developers didn't build the Windows variant from scratch and didn't follow Microsoft's recommendation (i.e. use Microsoft APIs).  Thus when MS changed the IP stack, it broke quite many apps.

Microsoft's "Policy Based QoS" makes things more confusing.  There are many misleading and incorrect articles on Internet.

I spent the last couple days researching this and tested many different software.  I'd like to share my experience so you know where to look at.

If you could generate the packets from Cisco router or Linux, it'll be the best choice.  If Windows is your only option, read on.

If you're still running Windows XP, there are quite many software out there that can mark DSCP in IP headers.  Just Google it and you'll find a bunch.  No tricks here.

If you're running Windows 7 or later version, things get complicated.

Software that works and doesn't work


First of all, not all packet generators can mark DSCP on Windows 7, even if they claimed so.  For example: iPerf, "iPerf For Windows" (commercial ware), D-ITG, TamoSoft all claimed to be able to mark DSCP on Windows 7 but they are not.

I haven't tested every software out there.  But here are the two tested to work: PingPlotter and Ostinato.

Policy Based QoS and Application QoS

What's interesting is - regardless working or not, many of them have wrong information regarding Microsoft registry keys and Policy Based QoS.  For example the following URLs have wrong info and has no effect on their applications:

http://www.iperfwindows.com/IPERF-QoS-tests2.html
https://www.pingman.com/kb/article/setting-dscp-qos-byte-on-packets-with-windows-7-8-95.html

On Windows, there are two places DSCP can be marked:
1) By applictions
2) By Windows

Policy Based QoS

If application doesn't have the function to mark DSCP, we may have Windows to mark it.  Even if application is capable of marking DSCP, we may have Windows to override it.  If Windows marking was involved, it is called "Policy Based QoS".

Application QoS

Some applications are capable to mark DSCP.  We call this "Application QoS" (or "QoS aware applications").  From packet generator perspective, we'd prefer Application QoS.  It's easier to set different DSCP values from application than configuring policies in Windows.

There are many untrue myths regarding Windows registry keys and group policies.

1. "DisableUserTOSSetting"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters

Here is the official document regarding this key: https://support.microsoft.com/en-us/kb/248611

This key applies to Windows 2000, Windows XP, or Windows Server 2003.  It enables the Winsock setsockopt function (which is disabled by default).

This registry is to provide backward compatibility with Windows NT 4.0 and Windows 9x.  This registry is disabled by default because it bypasses GQOS (Generic QoS Implementation).  GQOS is recommended by Microsoft on Windows 2000, Windows XP, or Windows Server 2003.

Unless your packet generator is calling the setsockopt function, you don't need to set this registry key.  For example, PingPlotter and Ostinato work without this key.

Here's the history of QoS on Windows: https://msdn.microsoft.com/en-us/library/windows/desktop/ff459285%28v=vs.85%29.aspx

2. "Do not use NLA"

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\QoS

This key is relevant to Policy Based QoS only.  If you use application QoS(which happens to be my goal) instead of Policy Based QoS, you don't need this key.

Policy Based QoS is a set of rules that instruct Windows set specific DSCP markings or shape traffic based on IP address, protocol or application.  If Policy Based QoS was configured, Windows overrides DSCP set by the application (you may changed this behavior by changing the "Advanced QoS Settings" under "Policy Based Qos").

Here's the official explanation of this key: https://support.microsoft.com/en-us/kb/2733528
Here's the document about Policy Based QoS: https://technet.microsoft.com/en-us/library/dd759093%28v=ws.11%29.aspx



Conclusion


If your goal was to get packet generator on Windows 7 (or later) to set DSCP value on outgoing packets,

1) Don't create any Policy Based QoS rules on Windows.  Doing so will make Windows override the DSCP markings.  Any DSCP set by application is in vain.

2) Don't mess with the "Do not use NLA" key.  That key is to enable not domain-joined PC to use Policy Based QoS.

3) You may or may not need to set the "DisableUserTOSSetting" key, depending on the packet generator you use.  However, I haven't found any packet generator relying on this key.  They either not work regardless (such as iPerf) or work regardless (such as PingPlotter or Ostinato).