Nexapp - Users databases

Quality of Service (QoS)

NexappOS QoS provides Active Queue Management (AQM) and Flow Queuing (FQ) features to ensure bandwidth is used efficiently and fairly across all users and applications. This helps keep business-critical traffic responsive even when links are congested.

Operating Principles

QoS in NexappOS is built to optimize real-world WAN usage without imposing harsh shaping by default. It operates on these fundamentals:

Bandwidth Usage

  • QoS aims to use all available bandwidth effectively.
  • It does not apply strict bandwidth caps unless you explicitly configure them.
  • Unused bandwidth is dynamically reclaimed and shared across active flows.

Flow Management

  • QoS actively manages traffic flows so no single host or application can dominate the link.
  • This ensures fair access for all clients and keeps latency-sensitive services stable.

Configuration

Bandwidth management is automatic once link rates are provided.

  1. Open Network → QoS
  2. Enable QoS on the desired interface(s).
  3. Enter Upload and Download speeds per interface.

QoS can run on any interface, but it is most effective on WAN links, where the stated upload/download should match the real ISP data rates.

Best practice
To prevent saturation and improve stability, configure rates about 10% lower than measured values.

Advanced Configuration

QoS uses an eBPF-based classifier to assign DSCP values to packets.
Because classification runs in kernel space, performance overhead remains minimal even at high throughput.

Advanced capabilities: - classification by IP and port - classification by DNS name or pattern - dynamic demotion of heavy flows - prioritization of small packets to reduce latency

QoS works well without manual tuning, but specific scenarios may benefit from CLI customization.

Priority Classes

QoS uses four priority classes. Each class has a maximum bandwidth share (threshold) and maps to DSCP codepoints.

Class DSCP / Tags Max Threshold Typical Use
Bulk CS1, LE (kernel v5.9+) 6.25% Large downloads, backups, updates
Best Effort General 100% Default traffic such as browsing
Video AF4x, AF3x, CS3, AF2x, CS2, TOS4, TOS1 50% Streaming, conferencing video
Voice CS7, CS6, EF, VA, CS5, CS4 25% VoIP, real-time audio

Dynamic Behavior

  • QoS may temporarily demote a flow if it produces excessive traffic (for example, shifting to Bulk).
  • Small packets can be prioritized to keep latency low for interactive services.
  • This reduces bufferbloat and improves SD-WAN application quality.

Override DSCP Classification (CLI)

To manually override classification, create:

  • /etc/qosify/10-custom.conf

Each line contains two whitespace-separated values:


<match> <dscp>

Supported Match Formats

  • tcp:<port>[-<endport>]
    TCP single port or range

  • udp:<port>[-<endport>]
    UDP single port or range

  • <ipaddr>
    IPv4 address (example: 1.1.1.1)

  • <ipv6addr>
    IPv6 address (example: ff01::1)

  • dns:<pattern>
    Wildcard hostname pattern using * and ?

  • dns:/<regex>
    POSIX extended regex (works only if DNS lookups are passed via ubus add_dns_host)

  • dns_c:<pattern>
    Matches only CNAME entries

DSCP Values

  • Can be raw numbers or codepoints like CS0, CS7, voice, video.
  • Prefixing with + overrides only when current DSCP is zero.

Example

tcp:80                +voice
216.58.204.238        video
dns:example.org       +CS7

Troubleshooting

Check QoS status and packet distribution:

qosify-status

Validate that packets are being classified into the four priority classes as expected.

Discard
Save
Draft
This page has been updated since your last edit. Your draft may contain outdated content. Load Latest Version

Previous Page

Left

Next Page

Right

On this page

Review Changes ← Back to Content
Message Status Space Raised By Last update on