Welcome to Part 2 on how to Enable QoS for Lync Server 2010. The purpose of this multi-part article (first part for QoS on Lync Client and second part for QoS on Lync Server) is to lay everything out in a concise manner to help you, the reader, understand how to enable QoS. Keep in mind that this article is only for the ability to enable QOS, it is not a comprehensive guide on all the various dynamic ports available in Lync to lock down your firewalls. For that, you can check out my other article here. Second of all, the question may arise, why and when would you want to enable QoS. Audio and Video are synchronize traffic that can be affected by jitter, delay, and packet loss on an IP Network. Lync has been designed to work without QoS but Lync Administrators can choose to enable both Lync endpoints as well as servers to mark Differentiated Services Code Point (DSCP) values on audio and video packets. This ensures that audio/video packets get prioritized on a network that is enabled for Differentiated Services (DiffServ).
To better understand DiffServ and its affect on the network, please check out the excellent blog article written by fellow Lync MVP Jeff Schertz at the following URL: https://blog.schertz.name/2011/08/lync-qos-behavior/
Part 2
Server QOS
General Procedure for Server QoS
In Part 1, we talked about Windows Vista/7 vs Windows XP. Windows 7 and Windows Vista utilize Policy based QoS and Windows XP used QoS based on the Packet Scheduler. For Lync Servers, you’ll always use Policy based QoS since Lync Server 2010 can only be installed on Windows 2008 or Windows 2008 R2 which both utilize Policy based QoS. For Server based QoS, we can configure Conferencing Servers, Application Servers, and Edge Servers (which will use QoS based on the destination port rather than the source port as everything else does).
Client to Server Port Configuration for Conferencing Servers and Application Servers
Client to Server Port ranges are out of the box different for all modalities except for Application Sharing. The default ports for a Conferencing Server are as such:
- Audio: 49152 to 57500
- Video: 57501 to 65535
- Application Sharing: 49152 to 65535
At least 40 ports minimum are required for Application Sharing. We will specify a 8,348 port range that is unique from other ports. Ultimately, we will set Application Sharing to use the following ports:
- Application Sharing: 40803 to 49151
To set this, we will run the following command:
Configuring an Application Server is identical. The only difference is that you use the Set-CSApplicationServer command instead of the Set-CSConferenceServer. Make sure to include these ports in the QoS Policies for Edge Servers as you will learn later.
Client to Server Port Configuration for Dedicated Mediation Servers
A Mediation Server of course only handles Audio since it’s job is to transcode RTAudio to G.711. The default ports for a Mediation Server are as such:
- Audio: 49152 to 57500
No Changes to this port range will be required. If the Mediation Server is collocated on a Front End Server, no changes will need to be done as you can see the Audio Port Range for a dedicated Mediation Server is the same as the Audio Port Range for a Front End Conferencing Server.
Edge Server Policy Configuration
An Edge Server doesn’t get configured per se. But the policy that you create is based on a destination port (rather than source port like client peer to peer or client to server). The destination port configuration in the QoS Policy is configured based on the client peer to peer ports you defined in Part 1 of this article series as well as the client to server ports you defined in this Part 2 of this article series.
So if we take a look at everything we’ve done so far, we have the following peer to peer configuration from Part 1 of this article series:
- Audio: 20000 to 20039
- Video: 20040 to 20079
And we have the following client to server configuration from Part 2 of this article series:
- Audio: 49152 to 57500
- Video: 57501 to 65535
- Application Sharing: 40803 to 49151
The Edge QoS Policy will need to have several QoS Policies configured to handle each modality (Application Sharing not as critical as Audio/Video but can be enabled) for peer to peer (Audio/Video) and client to server (Audio/Video). Additional QoS Policies may be needed depending on Application Servers in the environment and whether they have any different port ranges from your Peer to Peer or Client to Peer port configurations.
Configuring Policy Based QOS in Group Policy for Windows 2008 and/or Windows 2008 R2 for a Conferencing Server
As stated previously, Lync Server 2010 can only be installed on Windows 2008 or Windows 2008 R2. Both Windows 2008 and Windows 2008 R2 utilize Policy Based QOS which allows a wider variety of options for configuring QoS.
In the below example, we will show how to create the Policy-based QoS for Audio. Once finished, be sure to also create Policy-based QoS policies for Video. The DSCP Value for Audio will be 46 and the DSCP Value for Video will be 34. Open up Group Policy (in my examples, I am using Local Computer Policy but in a real production environment you would be using Group Policy at some level in your Domain Hierarchy) and navigate to Computer Configuration > Windows Settings > Policy-based QoS. Right-Click and choose Create new policy.
In the new Policy, give it a name and specify the DSCP Value. DSCP Values for audio is typically 46. Make sure the Outbound Throttle Rate check box is cleared. Click Next.
Because there are multiple applications that will stamp DSCP Values, we will choose All Applications. Click Next.
On the following screen, make sure you leave the defaults as “Any source IP address” and “Any destination IP Address.” Click Next.
On the following screen, choose TCP and UDP. In our information above we stated the default audio port range is 49152 to 57500 and does not need to be changed. Because of this, our source port range will 49152 to 575000 specified as 49152:57500.
Let’s go ahead and set the DSCP Value for Video with a DSCP value of 34. Right-Click Policy-based QoS and choose Create new policy. In the new Policy, give it a name and specify the DSCP Value. DSCP Values for video is typically 34. Make sure the Outbound Throttle Rate check box is cleared. Click Next.
Because there are multiple applications that will stamp DSCP Values, we will choose All Applications. Click Next.
On the following screen, make sure you leave the defaults as “Any source IP address” and “Any destination IP Address.” Click Next.
On the following screen, choose TCP and UDP. In our information above we stated the default video port range is 57501 to 65535 and does not need to be changed. Because of this, our source port range will 57501 to 65535 specified as 57501:65535.
If you would like Client to Server QoS for Application Sharing, feel free to also create a new QoS Policy that provides DSCP Values for the port ranges specified for Application Sharing. If you made this port range contiguous with Video, feel free to modify your Video QoS Policy to add the ports for Application Sharing if you are fine with also using a DSCP value of 34.
Now go ahead and restart your Lync Conferencing Servers so they pick up the changes. After Group Policy have applied the settings, you should see the following settings within the registry:
Configuring Policy Based QOS in Group Policy for Windows 2008 and/or Windows 2008 R2 for a Dedicated Mediation Server
As stated previously, Lync Server 2010 can only be installed on Windows 2008 or Windows 2008 R2. Both Windows 2008 and Windows 2008 R2 utilize Policy Based QOS which allows a wider variety of options for configuring QoS.
In the below example, we will show how to create the Policy-based QoS for Audio only. The DSCP Value for Audio will be 46. Open up Group Policy (in my examples, I am using Local Computer Policy but in a real production environment you would be using Group Policy at some level in your Domain Hierarchy) and navigate to Computer Configuration > Windows Settings > Policy-based QoS. Right-Click and choose Create new policy.
In the new Policy, give it a name and specify the DSCP Value. DSCP Values for audio is typically 46. Make sure the Outbound Throttle Rate check box is cleared. Click Next.
Since this is Policy-based QoS, we will want to take advantage of only tagging traffic that the Mediation Server uses utilizing the executable MediationServerSvc.exe. So make sure you choose the “Only applications with this executable name” and specify MediationServerSvc.exe. Click Next.
On the following screen, make sure you leave the defaults as “Any source IP address” and “Any destination IP Address.” Click Next.
On the following screen, choose TCP and UDP. In our information above we stated the default audio port range is 49152 to 57500 and does not need to be changed. Because of this, our source port range will 49152 to 575000 specified as 49152:57500.
Now go ahead and restart your Lync Mediation Servers so they pick up the changes. After Group Policy have applied the settings, you should see the following settings within the registry:
Configuring Policy Based QOS in Group Policy for Windows 2008 and/or Windows 2008 R2 for an Edge Server
As stated previously, Lync Server 2010 can only be installed on Windows 2008 or Windows 2008 R2. Both Windows 2008 and Windows 2008 R2 utilize Policy Based QOS which allows a wider variety of options for configuring QoS.
In the below example, we will show how to create the Policy-based QoS for Audio. Once finished, be sure to also create Policy-based QoS policies for Video. The DSCP Value for Audio will be 46 and the DSCP Value for Video will be 34. Open up Group Policy (in my examples, I am using Local Computer Policy but in a real production environment you would be using Group Policy at some level in your Domain Hierarchy) and navigate to Computer Configuration > Windows Settings > Policy-based QoS. Right-Click and choose Create new policy.
In the new Policy, give it a name and specify the DSCP Value. DSCP Values for audio is typically 46. Make sure the Outbound Throttle Rate check box is cleared. Click Next.
Since this is Policy-based QoS, we will want to take advantage of only tagging traffic that the Edge Server uses utilizing the executable MediaRelaySvc.exe. So make sure you choose the “Only applications with this executable name” and specify MediaRelaySvc.exe. Click Next.
Update (2/28/12) – I was informed that there is a bug and packets are not being stamped with DSCP if you specify MediaRelaySvc.exe. The documentation has you specifying MediaRelaySvc.exe but I have been informed that by specifying MediaRelaySvc.exe causes QoS on Edge to not work.
On the following screen, make sure you leave the defaults as “Any source IP address” and “Any destination IP Address.” Alternatively, you can change the Source IP Address to the internal IP of your Edge. Click Next.
On the following screen, choose TCP and UDP. In our information above we stated the default audio port range is 49152 to 57500 and does not need to be changed. Because of this, our source port range will 49152 to 575000 specified as 49152:57500.
‘
I will not display the remainder of the QoS Policy configuration for the Edge as I’m sure by now, you are a master at configuring QoS Policies for Lync. The remainder of the three QoS Policies will look as such:
Peer to Peer Video:
- Policy Name: Lync Edge Peer to Peer Video
- DSCP Value: 34
- Only applications with the following executable name: MediaRelaySvc.exe
- Specify Outbound Throttle Rate is Unchecked
- Source IP: Your Internal Edge IP (Our example is 10.10.10.50/32)
- Destination Port Range of 20040:20079
Client to Server Audio:
- Policy Name: Lync Edge Conferencing Audio
- DSCP Value: 46
- Only applications with the following executable name: MediaRelaySvc.exe
- Specify Outbound Throttle Rate is Unchecked
- Source IP: Your Internal Edge IP (Our example is 10.10.10.50/32)
- Destination Port Range of 49152:57500
Client to Server Video:
- Policy Name: Lync Edge Conferencing Video
- DSCP Value: 34
- Only applications with the following executable name: MediaRelaySvc.exe
- Specify Outbound Throttle Rate is Unchecked
- Source IP: Your Internal Edge IP (Our example is 10.10.10.50/32)
- Destination Port Range of 57501:65535
After all QoS Policies are created, reboot the Lync Edge Server. You should see the following registry changes:
Luis Dibiase says
Edge Server Policy Configuration part is really informative for me because this will be useful for enabling QOS for Lync server. I have read the full post and from this post I have to get lots of info.
Jim Peckey says
My original post was a bit too long to post, so here's the 2nd part:
I also wanted to ask about your first powershell cmdlet, Set-CsConferenceServer, and how this applies to configuring the Application Server & Mediation Server.
I've configured the following powershell cmdlets, with the intention of applying them to my Lync Servers, but I've yet to run them – I'd like to clarify them first. In your example for the Conferencing Server, it looks like only the AppSharingPort ranges are specified, but not the Audio or Video port ranges. Should the Audio & Video ports be specified as I've indicated below? If not, would you be able to clarify a bit more on this and whether my powershell cmdlets below are valid?
Set-CsConferenceServer -Identity lyncp01.vgt.net -AppSharingPortStart 40803 -AppSharingPortCount 8348 –AudioPortStart 49152 –AudioPortCount 8348 –VideoPortStart 57501 –VideoPortCount 8034
Set-CsApplicationServer -Identity lyncp01.vgt.net -AppSharingPortStart 40803 -AppSharingPortCount 8348 –AudioPortStart 49152 –AudioPortCount 8348 –VideoPortStart 57501 –VideoPortCount 8034
Set-CsMediationServer –Identity lyncp01.vgt.net –AudioPortStart 49152 –AudioPortCount 8348
Jim Peckey says
Hey Elan,
I want to first say thank you for the fantastic write up – I've yet to find more clear & concise documentation regarding setting up QoS within Lync 2010!
Second, I wanted to point out either a discrepancy and ask for more clarification:
In the last screen shot posted for configuring Group Policy for the Lync Edge Server, it is prefaced with the following text:
On the following screen, choose TCP and UDP. In our information above we stated the default audio port range is 49152 to 57500 and does not need to be changed. Because of this, our source port range will 49152 to 575000 specified as 49152:57500.
Although, the screenshot doesn't indicate the source port ranges filled out – rather it specifies the destination port range filled out as 20000:20039.
The screenshot makes sense in that the audio traffic will be routed to the 20000:20039 destination ports for the client audio, but the text prefacing the screenshot confuses me?
Many thanks for the very straight forward and concise write up!
Cheers,
Jim P.
Jacinto Weishaar says
Edge Server Policy Configuration part is really informative for me because this will be useful for enabling QOS for Lync server. I have read the full post and from this post I have to get lots of info.
Andy says
You are right Jacinto !
Alvaro C. says
Hello, this change affect on my list of public edge ip’s requirement to open?
I mean, in standard requirement to Edge I’ll have this open ports:
SIP
x.x.x.26
TCP 80 IN-OUT
TCP 443 IN-OUT
TCP 5061 IN-OUT
WEBCON
x.x.x.x.27
TCP 80 IN-OUT
TCP 443 IN-OUT
A/V
x.x.x.x.28
TCP 80 IN-OUT
TCP 443 IN-OUT
TCP 50000 to 59999 IN-OUT
UDP 3478 IN-OUT
UDP 50000 to 59999 IN-OUT
Do i need to modify something?
Thanks for your help.
eshudnow says
Alvaro, Please refer to the Edge Firewall requirements at the following URLs depending on your Edge Topology:
Reference Architecture 1: Port Summary for Single Consolidated Edge: http://technet.microsoft.com/en-us/library/gg4258…
Reference Architecture 2: Port Summary for Scaled Consolidated Edge (DNS Load Balanced): http://technet.microsoft.com/en-us/library/gg4127…
Reference Architecture 3: Port Summary for Scaled Consolidated Edge (Hardware Load Balanced): http://technet.microsoft.com/en-us/library/gg3987…
Hugh Kelley says
Regarding this statement:
"Update (2/28/12) – I was informed that there is a bug and packets are not being stamped with DSCP if you specify MediaRelaySvc.exe."
Has this been fixed in a subsequent Lync 2010 CU or should I still leave the policy set for "All Applications"?
Elan Shudnow says
I haven't heard of it being fixed. What I have started doing is in the QOS Policy for Edge Servers, I change the Source IP to the Edge Server. That way, the External Edge NIC won't try to do anything with the QOS Policy.
Rune says
It would be good to have some guidance on the recommended size of the port range on the servers. It says 128 is minimum, but what is the MS recommendation for let's say 1000 light/medium/heavy users? The numbers in the tables in http://technet.microsoft.com/en-us/library/dd5722… is hard to base calculation on.
Very thankful for input on this!
Elan Shudnow says
I agree. I've submitted feedback to the documentation team to hopefully improve that documentation so we have a better understanding of the implications of reducing the port range for client to server communications.
But feel free to submit your own feedback as well. It's at the bottom of the technet article.
John says
Shouldn't you use Set-CsWebServer -Identity [FE Pool] -AppSharingPortStart 40803 -AppSharingPortCount 8348 too?
@sdeb says
Hi Elan – __I need school'd. A little confused by the different ports you specified on edge to break out audio and video. I thought the edge server only used one set of ports and were set using Set-CSEdgeServer -Identity blabla -MediaCommunicationPortStart 50000 -MediaCommunicationPortCount 1000 (as example). Doesn' the Edge server then use these ports for ALL media? I confirm this by running a network trace and see all media using that port range even though I've configured a smaller subset (non overlaping) for audio and video using set-csconferencingserver, set-mediationserver, set-csapplicationserver. By the way i did this using your port provisioning blog :) thanks for that!__Seth
Elan Shudnow says
MediaCommunicationPortStart using the 50K range is used for federated A/V and Application/Desktop Sharing. That is not used for internal media. Internal Media will use 3478 UDP and 443 TCP and will then use the media range that is configured for clients to utilize. This is why the Edge Policy has you defining this range of ports and not just 443/3478. And the 50K range isn't specified as again, that is used for Federated Media and Application/Desktop Sharing which is on the internet and there is no QoS on the internet.
rambo79 says
What will happend if I narrow down the range ports to the minimum of 40 ports per application (Audio, Video, App sharing) ? Will it affect the number of users can sign to conferencing call ? if so, what is the calculation of ports needed per user or per conferncing call ?
Elan Shudnow says
It's not 40 ports minimum for Client to Server. I don't talk at all in this blog article about narrowing the ports for client to server. I do talk about that here https://www.shudnow.io/2010/12/06/lync-server-201… where I stated that it's 128 ports for client to server on a per modality basis (though not for all modalities). 20 is the minimum for Peer to Peer.
It do believe it restricts the amount of conferences you can have but I have not seen a calculation. I'll ping Microsoft on this and see what they say, if anything.
Elan Shudnow says
Ok, so I got an answer from Microsoft:
MS: If you narrow it to 40 ports on client – i.e., 20 ports for audio and 20 ports for video and some x ports for app sharing), it will not affect the client. Surely if you restrict it on server it will have an impact on number of users. With 128 ports on server, it will be surely less (as audio requires 2 ports when the call is in “stable” stage (after the initial spike in ports)
He also stated the following:
MS: There was a separate article written in OCS 2007 R2 on this. http://technet.microsoft.com/en-us/library/dd5722…
They may look into updating the Lync documentation.