Optimize your Microsoft Teams traffic with QoS on a UniFi USG
At times like these, when everybody is working from home and the whole family uses the internet as well, the traffic requirements can be tough on your internet connection. When you are using real-time collaboration tools, such as Microsoft Teams, that rely on a good and stable internet connection for voice, video and screen sharing, parallel Netflix/Disney+/Hulu/Amazon Prime traffic can make the experience subpar for everybody involved.
Thankfully it’s possible to optimize your outgoing traffic based on what services are used.
In this example I show you how to setup traffic shaping on a UniFi USG or EdgeRouter using DSCP to optimize your Microsoft Teams meetings. This setup is only an example and you can easily adapt it to your router if it supports DSCP. If it does not, the Ubiquiti EdgeRouter X is about 50 bucks.
Test your setup before you begin
Use fast.com or another internet speed test to check your download and upload speed before and after you configure this in your network.
Use the “Show more info” option to also include an upload test results.
Why this is important you will see at the end of this blog post.
Microsoft Teams settings
To differentiate the outgoing Teams traffic and set the correct DSCP values you will have to set the UDP ports used by Microsoft Teams globally for your tenant. If you cant do this, changes are high that Teams still uses the defined UDP port settings because they are the default value.
Set the values according to this screenshot
Microsoft Teams UDP settings
Teams DSCP reference
|Media traffic type||Client source port range||Protocol||DSCP value||DSCP class|
|Audio||50,000–50,019||TCP/UDP||46||Expedited Forwarding (EF)|
|Video||50,020–50,039||TCP/UDP||34||Assured Forwarding (AF41)|
|Application/Screen Sharing||50,040–50,059||TCP/UDP||18||Assured Forwarding (AF21)|
If you have setup your Microsoft Teams ports according to those values you still have to do some configuration on your workstation as well.
If you only have one or two machines you can use PowerShell cmdlets to create the policies you need.
New-NetQosPolicy -Name "Teams Audio" -AppPathNameMatchCondition "teams.exe" -IPSrcPortStartMatchCondition 50000 -IPSrcPortEndMatchCondition 50019 -DSCPAction 46 New-NetQosPolicy -Name "Teams Video" -AppPathNameMatchCondition "teams.exe" -IPSrcPortStartMatchCondition 50020 -IPSrcPortEndMatchCondition 50039 -DSCPAction 34 New-NetQosPolicy -Name "Teams Application-Screen Sharing" -AppPathNameMatchCondition "teams.exe" -IPSrcPortStartMatchCondition 50040 -IPSrcPortEndMatchCondition 50059 -DSCPAction 18
Group Policy based distribution
If you have hundreds or thousands of workstations you most likely already use Group Policies to manage settings centrally. Of course you can apply those settings via GPO as well.
- Create a new GPO
- Computer Configuration -> Windows Settings -> Right click “Policy-based QoS” -> “Create new policy”
- You need to create three QoS policies. Start with “Team Audio” and set DSCP to “46”
- Specify the application name “teams.exe”
- Do not restrict this on any specific IP ranges…
- …but to the UDP source port range “50000:50019”
- Repeat the steps 2 - 6 for “Teams Video” and “Teams Application-Screen Sharing”. Lookup the correct values for DSCP and UDP ports in the table above.
Check with Wireshark
Capture UDP packets and check if the DSCP value is added to the IP header
After setting up the policy
Now it’s time to configure your router to restrict the network traffic based on the DSCP values.
In my setup I have a 1 Gbps download and 50 Mbps of upload speed.
The traffic shaping configuration should only apply to the outgoing traffic, on interface eth0 (WAN), which is the internet upload.
Configure mode on USG
Connect via SSH to your UniFi router and enter the “configure” mode
Upload traffic shaping
The following commands setup a traffic shaping policy that distributes the 50 Mbit upload speed between four different traffic classes.
It guarantees the specified percentage of the total upload bandwidth (50Mbps) to those classes but because of the “ceiling” value of 100% is does not restrict the traffic to this percentage. So after you finish work you are not restricted to only 70% of the total upload speed, but can use it all.
|Policy class||Guaranteed bandwidth %||Max bandwidth %|
set traffic-policy shaper upload description "Microsoft Teams QoS" set traffic-policy shaper upload bandwidth 50mbit set traffic-policy shaper upload default bandwidth 70% set traffic-policy shaper upload default ceiling 100% set traffic-policy shaper upload class 10 bandwidth 15% set traffic-policy shaper upload class 10 ceiling 100% set traffic-policy shaper upload class 10 match rtp ip dscp 46 set traffic-policy shaper upload class 20 bandwidth 8% set traffic-policy shaper upload class 20 ceiling 100% set traffic-policy shaper upload class 20 match sip ip dscp 34 set traffic-policy shaper upload class 30 bandwidth 7% set traffic-policy shaper upload class 30 ceiling 100% set traffic-policy shaper upload class 30 match sip ip dscp 18
Apply and save configuration
After you have setup the configuration, you will need to activate and safe it.
set interfaces ethernet eth0 traffic-policy out upload commit ; save ; exit
Export config as JSON
If you are using the USG the configuration would be overwritten the next time you are changing something on the UniFi controller. To avoid this you have to use a file called config.gateway.json. Please refer to the linked articel to setup this file on your UniFi controller.
You can use the following command to dump the complete configuration and extract the parts you need.
mca-ctrl -t dump-cfg
Or you could use this amazing script that Daniil Baturin wrote to only extract the part of the config you really need.
./usg-config-export.py "interfaces ethernet eth0 traffic-policy" "traffic-policy"
config.gateway.json and Docker
If your UniFi controller is running as a docker container and your site name is “default” add the following to you docker-compose file.
volumes: - /path/to/persitent/config/unifi/config.gateway.json:/unifi/data/sites/default/config.gateway.json
Test your configuration
Use a internet speed test to see if there is any degradation in your network performance because you activated the traffic shaping feature.
Sadly my download speed was hit with a massive performance degradation and this while the configuration just applies traffic shaping to the outgoing traffic.
As you can see in this results, the configuration nearly halved my download speed. This might be because the USG can’t handle gigabit download while also applying traffic shaping.
So for my this means back to the original configuration. There are some posts in the Unifi forums that say it’s reliable up to 100 Mbps with the EdgeRouter. With the USG based on the results I would say up to 400 Mbps down should be fine.
I’m currently in contact with the Ubiquiti support to get some official answers on this. I will update this post as soon as possible.
Update 04.04.20 20:46
This is the final response from support
Note: These are custom configurations made on the USG through CLI. Custom configurations are not supported over chat or email.
Refer to the KB article below for advanced configurations.
If you have any trouble with this setup, here are the steps to remove the configuration.
If you used PowerShell you can use the following to delete all QoS policies. If you used a GPO just un-link it from the workstations affected.
Get-NetQosPolicy | Remove-NetQosPolicy -Confirm:$false
configure delete traffic-policy shaper upload delete interfaces ethernet eth0 traffic-policy out upload commit ; save ; exit
To immediately disable the configuration use the same commands shown for the the EdgeRouter, but don’t forget to remove the configuration from the config.gateway.json as well.
I used the following documentation and sources to setup this configuration.