> ## Documentation Index > Fetch the complete documentation index at: https://docs.xloud.tech/llms.txt > Use this file to discover all available pages before exploring further. # Network Quality of Service > Apply bandwidth limits, DSCP marking, and minimum bandwidth guarantees to network ports. Define and manage QoS policies. ## Overview Network QoS (Quality of Service) policies enforce traffic controls at the virtual switch level on each hypervisor. Policies apply bandwidth limits, burst allowances, DSCP markings, and minimum bandwidth guarantees to individual ports or entire networks. Controls are enforced by the L2 agent — no guest OS configuration is required. Administrators create and optionally share policies; project users apply them to their ports and networks. **Administrator Access Required** — This operation requires the `admin` role. Contact your Xloud administrator if you do not have sufficient permissions. **Prerequisites** * Admin credentials sourced from `openrc.sh` * QoS service plugin enabled in your cluster (configured via XDeploy under **Networking → Plugins**) * Open vSwitch or Linux Bridge L2 agent running on all compute nodes *** ## QoS Rule Types Xloud Networking supports four QoS rule types. Multiple rules of different types can be combined within a single policy. | Rule Type | CLI `--type` | Direction | Hardware Required | Description | | ----------------------- | --------------------- | ---------------- | ----------------- | ------------------------------------------------------------- | | **Bandwidth Limit** | `bandwidth-limit` | Egress / Ingress | No | Cap maximum throughput with optional burst allowance | | **DSCP Marking** | `dscp-marking` | Egress only | No | Mark outgoing packets with a DSCP value for QoS-aware routing | | **Minimum Bandwidth** | `minimum-bandwidth` | Egress / Ingress | Yes (SR-IOV) | Guarantee a minimum throughput floor | | **Minimum Packet Rate** | `minimum-packet-rate` | Egress / Ingress | Yes (SR-IOV) | Guarantee a minimum packet-per-second rate | Minimum bandwidth and minimum packet rate guarantees require SR-IOV hardware and a compatible network backend. Standard OVS-based ports support bandwidth limits and DSCP marking only. *** ## Create a QoS Policy Navigate to **Network > QoS Policies** (admin view). Click **Create Policy**. | Field | Value | Description | | ----------- | -------------------- | ----------------------------------------------- | | **Name** | e.g., `10mbps-limit` | Descriptive label for the policy | | **Shared** | Enabled | Makes the policy available to all projects | | **Default** | Optional | Applies this policy to all new ports by default | Open the newly created policy and click **Add Bandwidth Limit Rule**: | Field | Value | Description | | ------------------ | ------- | --------------------------------------- | | **Max Kbps** | `10240` | Maximum sustained throughput (10 Mbps) | | **Max Burst Kbps** | `20480` | Allowed burst above the limit (20 Mbps) | | **Direction** | Egress | Traffic direction to limit | Click **Save** to activate the rule. To apply to a specific port: navigate to **Network > Ports** (admin view), select the port, click **Edit Port**, and set the **QoS Policy** field. To apply to an entire network: navigate to **Network > Networks** (admin view), select the network, click **Edit Network**, and set the **QoS Policy** field. Applying a QoS policy to a network sets a default for all **new** ports on that network. Existing ports are not retroactively updated. Source your credentials file to authenticate with the Xloud platform: ```bash title="Load credentials" theme={null} source openrc.sh ``` Your administrator provides the RC (credentials) file for your project. See [CLI Setup](/cli-setup) for configuration details. ```bash title="Create shared QoS policy" theme={null} openstack network qos policy create 10mbps-limit --share ``` ```bash title="Add egress bandwidth limit (10 Mbps, 20 Mbps burst)" theme={null} openstack network qos rule create 10mbps-limit \ --type bandwidth-limit \ --max-kbps 10240 \ --max-burst-kbps 20480 \ --egress ``` ```bash title="Add ingress bandwidth limit" theme={null} openstack network qos rule create 10mbps-limit \ --type bandwidth-limit \ --max-kbps 10240 \ --max-burst-kbps 20480 \ --ingress ``` ```bash title="Apply QoS policy to a specific port" theme={null} openstack port set --qos-policy 10mbps-limit ``` ```bash title="Apply QoS policy to an entire network" theme={null} openstack network set app-network --qos-policy 10mbps-limit ``` All new ports on `app-network` will inherit the 10 Mbps limit automatically. *** ## DSCP Marking DSCP (Differentiated Services Code Point) marking tags outgoing packets so that upstream routers and switches can prioritize traffic flows. This is essential for real-time workloads such as VoIP, video conferencing, and database replication traffic. Navigate to **Network > QoS Policies** (admin view) and open an existing policy or create a new one. Click **Add DSCP Marking Rule** and set the DSCP value: | Traffic Class | DSCP Value | Use Case | | --------------------- | ---------- | ------------------------- | | Best Effort (BE) | `0` | Default traffic | | Assured Forwarding 11 | `10` | Standard business traffic | | Assured Forwarding 21 | `18` | Priority business traffic | | Expedited Forwarding | `46` | VoIP, real-time traffic | | Class Selector 3 | `24` | Database / transactional | Click **Save**. The rule applies immediately to new packet flows on assigned ports. ```bash title="Create QoS policy with DSCP marking for real-time traffic" theme={null} openstack network qos policy create realtime-voip --share ``` ```bash title="Add DSCP EF marking (value 46 — Expedited Forwarding)" theme={null} openstack network qos rule create realtime-voip \ --type dscp-marking \ --dscp-mark 46 ``` ```bash title="Apply to a VoIP application port" theme={null} openstack port set --qos-policy realtime-voip ``` Combine DSCP marking with a bandwidth limit rule in the same policy to both classify and constrain VoIP traffic simultaneously. *** ## Guaranteed Minimum Bandwidth Minimum bandwidth rules provide a throughput floor — a guarantee that the port will always receive at least the specified bandwidth even under network congestion. This requires SR-IOV hardware and a compatible network backend. Minimum bandwidth guarantees are only supported on SR-IOV virtual functions (VFs) with a compatible hardware NIC. Standard OVS ports do not enforce minimum bandwidth floors — only maximum limits. ```bash title="Create minimum bandwidth policy for guaranteed throughput" theme={null} openstack network qos policy create guaranteed-1gbps --share ``` ```bash title="Add 1 Gbps minimum bandwidth guarantee (egress)" theme={null} openstack network qos rule create guaranteed-1gbps \ --type minimum-bandwidth \ --min-kbps 1048576 \ --egress ``` ```bash title="Apply to an SR-IOV port" theme={null} openstack port set --qos-policy guaranteed-1gbps ``` Minimum packet rate rules guarantee a floor in packets per second (pps) — important for workloads that generate many small packets (e.g., DNS, financial trading systems). ```bash title="Create minimum packet rate policy" theme={null} openstack network qos policy create min-pps-policy --share ``` ```bash title="Guarantee 500,000 packets per second minimum" theme={null} openstack network qos rule create min-pps-policy \ --type minimum-packet-rate \ --min-kpps 500 \ --egress ``` ```bash title="Apply to trading application port" theme={null} openstack port set --qos-policy min-pps-policy ``` *** ## Manage QoS Policies ```bash title="List all QoS policies" theme={null} openstack network qos policy list ``` ```bash title="Show policy details" theme={null} openstack network qos policy show 10mbps-limit ``` ```bash title="List rules in a policy" theme={null} openstack network qos rule list 10mbps-limit ``` ```bash title="Update bandwidth limit rule" theme={null} openstack network qos rule set 10mbps-limit \ --max-kbps 20480 \ --max-burst-kbps 40960 ``` ```bash title="Update DSCP mark" theme={null} openstack network qos rule set realtime-voip \ --dscp-mark 24 ``` ```bash title="Remove QoS policy from a port" theme={null} openstack port unset --qos-policy ``` ```bash title="Remove QoS policy from a network" theme={null} openstack network set app-network --no-qos-policy ``` ```bash title="Delete a QoS rule from a policy" theme={null} openstack network qos rule delete 10mbps-limit ``` ```bash title="Delete a QoS policy" theme={null} openstack network qos policy delete 10mbps-limit ``` Deleting a QoS policy that is still assigned to ports or networks will fail. Remove all assignments before deleting the policy. *** ## Per-Port vs. Per-Network QoS | Scope | Application | Use Case | | --------------- | -------------------------------------------- | -------------------------------------------------------------------------------- | | **Per-port** | Direct assignment to a specific port | Granular control per instance NIC — ideal for mixed workload environments | | **Per-network** | Applied to a network; inherited by new ports | Consistent SLA enforcement across all instances on a tenant network | | **Combined** | Network policy + port override | Set a default at network level; override for specific ports that need exceptions | Apply QoS at the network level for consistent defaults, then override individual ports for exceptions (e.g., a database port that needs a higher limit than the general application tier). *** ## Validation Confirm QoS enforcement is active after applying a policy: Navigate to **Network > Ports** (admin view) and select the port. The **QoS Policy** field should display the assigned policy name. Navigate to the instance and run a bandwidth test from inside the guest to confirm enforcement. ```bash title="Confirm QoS policy applied to port" theme={null} openstack port show -c qos_policy_id ``` ```bash title="Verify policy rules are active" theme={null} openstack network qos rule list ``` ```bash title="Test bandwidth from inside the guest (requires iperf3)" theme={null} # On a target host: iperf3 -s # On the guest port with the limit applied: iperf3 -c -t 30 ``` The measured throughput should not exceed the configured `--max-kbps` value during sustained transfer. *** ## Best Practices Create named tiers — `bronze-10mbps`, `silver-100mbps`, `gold-1gbps` — and share them across projects for consistent, predictable service levels. Apply QoS to networks for automatic inheritance. Override at the port level only for exceptions that need different treatment from the network default. Set burst to 2× the sustained limit. Short traffic spikes are absorbed by the burst allowance without impacting the sustained throughput commitment. Use Xloud XIMP to track port-level throughput in real time and confirm QoS policies are enforcing expected limits under production load. *** ## Troubleshooting **Cause**: The QoS service plugin is not enabled in the Networking configuration. **Resolution**: In XDeploy, navigate to **Networking → Plugins** and enable the QoS plugin. Redeploy the networking service: ```bash title="Redeploy networking service" theme={null} xavs-ansible deploy -t neutron ``` Restart the L2 agent on all compute nodes after the plugin is enabled. **Cause**: The L2 agent on the compute node hosting the instance may not have the QoS extension loaded. **Resolution**: Verify the agent has the `qos` extension active: ```bash title="Check L2 agent capabilities" theme={null} openstack network agent show -c configurations ``` Look for `qos` in the `extensions` list. If absent, restart the L2 agent on the affected compute node. **Cause**: The policy is still assigned to one or more ports or networks. **Resolution**: Find and clear all assignments: ```bash title="Find ports using the policy" theme={null} openstack port list --long -c ID -c "QoS Policy ID" ``` Remove assignments from each port, then retry the delete. **Cause**: Minimum bandwidth rules require SR-IOV hardware and a compatible backend (OVS-DPDK or SR-IOV). Standard OVS does not support minimum bandwidth enforcement. **Resolution**: Use bandwidth limit rules for maximum throughput control on standard OVS ports. Deploy SR-IOV ports for guaranteed minimum bandwidth requirements. *** ## Next Steps Limit the number of networking resources per project alongside QoS controls Configure the physical network that QoS policies apply to at the hypervisor level Understand how L2 agents enforce QoS rules at the virtual switch level Diagnose QoS enforcement issues and L2 agent configuration problems