Microsoft have published a lot of documentation about Quality of Service (QoS) with Lync. There is the Word document Enabling Quality of Service with Microsoft Lync Server 2010, TechNet for QoS on Lync 2010 and TechNet for QoS on Lync 2013. From what I can see there are no QoS specific changes between Lync 2010 and Lync 2013, other than the documentation seems to have been improved – especially for the client QoS section.
As there is so much documentation and no hard recommendations it can seem a bit overwhelming. Elan Shudnow has two comprehensive posts on QoS 1 and 2 but combine these with the Microsoft documentation there is a bit of information overload. The purpose of this post is a simple (relative term) summary of the changes required to enable QoS.
Microsoft Recommended QoS Markings
QoS marking is performed by the endpoints involved in the conversation – Lync clients, Lync Front-End servers, Lync Mediation servers, Lync phones and media gateways. This is done by setting a Differentiated Services Code Point (DSCP) marking on the TCP/IP packets as they are processed by the endpoint. The table below shows the recommended QoS markings for Lync. There are other recommendations for application sharing and file transfer, but the focus of QoS for Lync is to ensure the Audio traffic is prioritised highest, while also prioritising Video and SIP signalling.
| Media Type | Classification |
Queuing and Dropping | Notes |
| Audio | EF (DSCP 46) | Priority Queue | Low loss, low latency, low jitter, assured bandwidth (BW) |
| Video | AF41 (DSCP 34) | BW Queue + DSCP WRED | Pair with WAN Bandwidth Policies on constrained links |
| SIP Signalling | CS3 (DSCP 24) | BW Queue | Class 4. Low drop priority |
Note: The DSCP markings in the following steps should be mapped to what the switches and routers are prioritising if different from the recommendations above.
Step 1 – Decide on the port ranges
In order to mark audio traffic as DSCP 46 and video traffic as DSCP 34, we need to ensure Lync restricts each modality to a specific set of ports that do not overlap. Windows can then set the QoS DSCP markings on traffic based on specific port numbers and potentially from specific programs on those port numbers. Based on the documentation above and Elan’s examples, the table below seems to be a good mix of keeping most settings default and ensuring no overlapping port ranges.
| Scenario | Starting port | Ending port |
| Client audio | 20000 | 20039 |
| Client video | 20040 | 20079 |
| Client application sharing | 20080 | 20119 |
| Server application sharing | 40803 | 49151 |
| Server audio | 49152 | 57500 |
| Server video | 57501 | 65535 |
Step 2 – Set the Port Ranges (Lync in band settings)
Client Ranges
| Set-CsConferencingConfiguration -ClientMediaPortRangeEnabled 1 Set-CsConferencingConfiguration -ClientAudioPort 20000 -ClientAudioPortRange 40 -ClientVideoPort 20040 -ClientVideoPortRange 40 -ClientAppSharingPort 20080 -ClientAppSharingPortRange 40 -ClientFileTransferPort 20120 -ClientFileTransferPortRange 40 -ClientMediaPort 20160 -ClientMediaPortRange 40 |
Lync Pools
| Set-CsConferenceServer -Identity <PoolFQDN> -AppSharingPortStart 40803 -AppSharingPortCount 8348 Set-CsApplicationServer -Identity <PoolFQDN> -AppSharingPortStart 40803 -AppSharingPortCount 8348 |
Lync Phone
| Set-CsUCPhoneConfiguration -identity global -VoiceDiffServTag 46 |
Step 3 – Group Policy for Clients
A Group Policy should be created to set the following Policy Based QoS settings (applicable to Windows 8, Windows 7 and Vista):
- Voice: DSCP 46 for ‘communicator.exe’ (OCS or Lync 2010) or ‘lync.exe’ (Lync 2013) on source TCP/UDP ports 20000:20039
- Video: DSCP 34 for ‘communicator.exe’ (OCS or Lync 2010) or ‘lync.exe’ (Lync 2013) on source TCP/UDP ports 20040:20079
Step 4 – Group Policy for Servers
A Group Policy should be created to set the following Policy Based QoS settings:
Lync Front-End servers and standalone A/V Conferencing servers
- Voice: DSCP 46 for all applications on source TCP/UDP ports 49152:57500
- Video: DSCP 34 for all applications on source TCP/UDP ports 57501:65535
Lync Mediation servers and SBAs
- Voice: DSCP 46 for all applications on source TCP/UDP ports 49152:57500
In order to confirm the Group Policies have been applied to the servers you can use regedit to view HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\QoS\ which should look similar to this:
Step 5 – Local Computer Policy for Edge Servers
Lync Edge Servers are not domain joined so cannot use Group Policy. A Local Security Policy should be created to set the following Policy Based QoS settings by running gpedit.msc:
- Client voice: DSCP 46 for MediaRelaySvc.exe on destination TCP/UDP ports 20000:20039
- Server voice: DSCP 46 for MediaRelaySvc.exe on destination TCP/UDP ports 49152:57500
- Client video: DSCP 34 for MediaRelaySvc.exe on destination TCP/UDP ports 20040:20079
- Server video: DSCP 34 for MediaRelaySvc.exe on destination TCP/UDP ports 57501:65535
Note: The Edge Policy Based QoS is using Destination port numbers, not source like the previous Group Policies
The Edge Local Computer Policy should look similar to this:
Step 6 – Set Voice Gateways to mark correct DSCP values
This is dependent on the gateway vendor, but ensure the gateway is setting the same DSCP markings for audio defined above.
Finished
Assuming traffic prioritisation has been set on all routers / switches in the media path, that should be all that is required. For more information on how to confirm the DSCP markings are being applied, see the blog by Jeff Schertz on QoS.
** Updated 17 March 2013 to clarify client and server ports and GPO names and correct client QoS group policy ports
Hello, this change affect on my list of public edge ip’s requirement to open?
I mean, in standard requirement to Edge I’ll have this open ports:
SIP
x.x.x.26
TCP 80 IN-OUT
TCP 443 IN-OUT
TCP 5061 IN-OUT
WEBCON
x.x.x.x.27
TCP 80 IN-OUT
TCP 443 IN-OUT
A/V
x.x.x.x.28
TCP 80 IN-OUT
TCP 443 IN-OUT
TCP 50000 al 59999 IN-OUT
UDP 3478 IN-OUT
UDP 50000 al 59999 IN-OUT
Do i need to modify something?
Thanks for your help.
The ports you list above are for the external interface which is not impacted by QoS. The internal interface ports do not need to be modified either. We are just changing a semi random port to a specific range of ports. More information is available at http://technet.microsoft.com/en-us/library/jj204996.aspx
Thanks a lot Marc.
Hi Marc,
Under step “Step 3 – Group Policy for Clients”. I guess the portrange should be 20000-20039 for Voice and 20040-20079 for Video or am i missing something?
—
Regards
Martin
Thanks Martin – I mixed it up with the server ports. I have updated the post
What would happen if there were more than 40 simultaneous calls going on, effectively using up all the Client Audio ports? Shouldn’t matter correct, unless the “Client” some how managed to create 40 calls from the 1 IP address, in which case then you have other serious problems…
You are correct that if 40 calls were made then the ports would be exhausted. This is explained in the Technet article http://technet.microsoft.com/en-au/library/jj204760.aspx
“In general, you can consider each available port to represent a single communication session: if you have 100 ports available in a port range that means that the computer in question could participate in, at most, 100 communication sessions at any given time. Because servers will likely take part in many more conversations than clients, it makes sense to open many more ports on servers than on clients. Setting aside 20 ports for application sharing on a client means that a user could participate in 20 application sharing sessions on the specified device, and all at the same time. That should prove sufficient for the vast majority of your users.”
I notice that you don’t use any powershell command to set the ‘server’ audio and video port ranges yet you list them in the table above. Is this intentional?
Yes it is intentional as the server audio and video ports do not overlap in the default configuration. Application sharing does which is why it is modified. The defaults are listed here http://technet.microsoft.com/en-us/library/jj204872.aspx
Hi Marc,
What if I just done the Group Policy for Servers with the Local Group Policy within Lync servers, will it be the same? or should I really set it with the GPO server?
Thanks.
Mar
The Local Group Policy will work too. The Group Policy is easier if you have multiple servers.
Marc
Where are we configuring the setting for SIP for DSCP 24?
Good question. We aren’t in this or any of the Microsoft documentation. The client policies http://technet.microsoft.com/en-us/library/jj205371.aspx only specify audio and video. This can be done in the same way as the audio and video group policies using port 5061 on the clients and front end servers. As the SIP traffic will not be using random ports, I would assume the switches can be configured to tag traffic on the SIP (TLS) port 5061 as DSCP 24.
What about if your FE is on hyperv. Should you apply these policies to the host server as well?
That should not be required on the Hyper-V host as the guest is tagging and Hyper-V will just pass it on as is. The only time I can think of where you may want to set it on the Hyper-V host is in a service provider / multi tentant solution where you want to apply QoS to intra-VM traffic as described here http://technet.microsoft.com/en-us/library/hh831679.aspx#bkmk_policy