Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Traffic Shaping for Skype

    Posted 03-04-2008 07:20

    Hi,

    A customer that uses an SSG5 with ScreenOS 6 wants’ to use Skype for incoming and outgoing phone calls. To prevent other protocols consuming all bandwidth and therefore interfering with Skype, I would like to activate traffic shaping for Skype. Any idea how to do that?

    Regards,
    Dominik



  • 2.  RE: Traffic Shaping for Skype

    Posted 03-04-2008 10:04

    The first place I would start would be to refer to the Concepts & Examples Guides. They can be downloaded here:

     

    http://www.juniper.net/techpubs/software/screenos/

     

    In particular, refer to Volume 2, Fundamentals. There is a section devoted to traffic shaping there. The other piece of this is you need to know what ports/protocols Skype uses. A google search should be helpful here. I personally have not used it, but from what I have heard, Skype may use ports 80 and 443 as well as whatever other custom ports. That may make traffic shaping difficult since you may not be able to distinguish between Skype traffic and regular HTTP/HTTPS traffic.

     

    In any case, start with the guides first and if you have any specific questions, feel free to ask.

     

    -Richard



  • 3.  RE: Traffic Shaping for Skype

    Posted 03-04-2008 10:08
    Dominik,


    In advanced options of your skype's policy you can set a Guaranteed Bandwidth for this application.

    regards


  • 4.  RE: Traffic Shaping for Skype

    Posted 03-04-2008 10:23

    Hi Guys,

    Thanks for your contributions. Let me redefine my question. I'm aware of the traffic shaping options that I can set on every policy. My problem is more Skype related. Due to my investigations, Skype doesn't use a well defined protocol with well known ports. Instead, it can utilize any TCP or UDP high port (1024 up to 65535). It is not possibly to fix the application to a specific port to listen or to use outgoing. Therefore to really catch Skype I think an application level filter would be needed. I'm not aware that the SSG has such a filter built in.

    On the other hand, almost all other typical protocols use well known ports as destination. Therefore I could create a policy "Skype outgoing" that has the TCP/UDP high ports as destination and activate traffic shaping on it. As the traffic is interactive, I would first increase its priority class and then provide a minimum bandwidth.

    What do you think?

    Regards,
    Dominik



  • 5.  RE: Traffic Shaping for Skype
    Best Answer

    Posted 03-05-2008 17:43

    It does sound like you would need some sort of Skype ALG which the SSG does not currently have. I would suggest contacting our sales team and requesting that they open an Enhancement Request on your behalf. While that won't happen overnight, at least that could get the ball rolling for such a feature.

     

    Otherwise, if you know which hosts are using Skype, you could try configuring a policy specifically for those users. However, as you mention, the SSG will not be able to determine if the traffic is Skype or regular web traffic.

     

    -Richard



  • 6.  RE: Traffic Shaping for Skype

    Posted 04-25-2010 23:40

    Dears:

     

     There is one question regarding with the SKYPE traffic QoS, if specify the source IP addres and sperate the SKYPE service from the normal web service. 

     

    Could that will make skype service different ?

     

    May advise If no ALG available in the firewall, is any  advise to help to do the traffic shaping in such situation?

     

    Thanks for any help.

     

    Bin