I had an inquiry from a potential customer yesterday asking if we could monitor their QoS. I was a bit miffed as to what to tell them. At first, the question struck me as if they’d asked if we can monitor electrons on their power grid. In other words, it was a legitimate question in a sense, but of what use would it be to monitor QoS? I then asked him why he had implemented QoS in the first place. How did he know he needed it?
After inquiring a bit deeper, I also found out this customer was using extensive VPNs to remote offices over DSL internet circuits. His WAN traffic from the remote offices was sharing links with regular Internet data traffic, and all of it was traversing the public Internet. Then it hit me – he did not realize his QoS mechanisms were useless outside of his internal network.
Where there is one customer with confusion there are usually others. Hence, I’ve put together a quick fact sheet on QoS over an Internet link. Below, you’ll find five quick facts that should help clarify QoS and answer the primary question of “is it possible over the Internet?”.
Fact #1
If your QoS mechanism involves modifying packets with special instructions (ToS bits) on how it should be treated, it will only work on links where you control both ends of the circuit and everything in between.
Fact #2
Most Internet congestion is caused by incoming traffic. For data originating at your facility, you can certainly have your local router give priority to it on its way out, but you cannot set QoS bits on traffic coming into your network (We assume from a third party). Regulating outgoing traffic with ToS bits will not have any effect on incoming traffic.
Fact #3
Your public Internet provider will not treat ToS bits with any form of priority (The exception would be a contracted MPLS type network). Yes, they could, but if they did then everybody would game the system to get an advantage and they would not have much meaning anyway.
Fact #4
The next two facts address our initial question — Is QoS over the Internet possible? The answer is, yes, QoS on an Internet link is possible. We have spent the better part of seven years practicing this art form and it is not rocket science, but it does require a philosophical shift in thinking to get your arms around it.
We call it “equalizing,” or behavior-based shaping, and it involves monitoring incoming and outgoing streams on your Internet link. Priority or QoS is nothing more than favoring one stream’s packets over another stream’s. You can accomplish priority QoS on incoming streams by queuing (slowing down) one stream over another without relying on ToS bits.
Fact #5
Surprisingly, behavior-based methods such as those used by our NetEqualizer do provide a level QoS for VoIP on the public Internet. Although you can’t tell the Internet to send your VoIP packets faster, most people don’t realize the problem with congested VoIP is due to the fact that their VoIP packets are getting crowded out by large downloads. Often, the offending downloads are initiated by their own employees or users. A good behavior-based shaper will be able to favor VoIP streams over less essential data streams without any reliance on the sending party adhering to a QoS scheme.
For more information, check out Using NetEqualizer To Ensure Clean Clear VOIP.
NetEqualizer News Blog 
August 1, 2011 at 11:03 AM
[…] Related article QOS over the internet is it possible ? […]
December 10, 2012 at 2:41 PM
[…] Related article QOS over the Internet is it possible ? […]
July 16, 2013 at 2:47 PM
[…] QoS Over The Internet – Is it possible? Five Must-Know Facts […]
August 1, 2014 at 8:47 AM
Great article! It really makes clear the limits of QoS outside of the private network. I should point out, however, that one of the biggest things users of QoS forget about on their own networks is that QoS means nothing at all UNTIL the link is saturated with traffic, so none of the set priorities will mean a thing if the link is having issues other than being saturated.
October 21, 2014 at 1:24 PM
[…] QoS Over The Internet – Is it possible? Five Must-Know Facts […]
January 12, 2015 at 7:23 AM
hi ,
i have a question
assume in an ISP getting internet from bigger provider called abc. and my bw from abc is only 1 G CIR guranteed.
now if i need to do QOS , on my router , if i shaped traffic download to about 980Mbps and applied the rules for gurantee and priority.
will that work ?
or i need equalizer still ?
January 12, 2015 at 7:39 AM
No that most likely will not work. In your situation, you can do QOS on your router for traffic coming from your network going to the outside, but not coming into your network.
January 12, 2015 at 1:19 PM
great , but why ???
i need to control the download traffic becasue its the bottle neck in my network , i dont need to control the upload , i have a plenty of it and no rush on upload traffic
now agian , if my provider give me CIR 1Gbps and i did shaping my side to 980Mbs
in this case i will gurantee that the congestion is only @ my side and the QOS rules will work ?!!
after shapping i will do the gurantee & priority rules …….. plz inform me why that will not work fine ???
plz clarify why im wrong , and advise me wt products or equalizers can help me and how will it heal me in that.
cheers
January 13, 2015 at 11:41 AM
Note: I am basing this answer on conversations with many of our customers who have tried to use QOS rules on incoming traffic.
Suppose you have 2 streams coming into your network, one is a voip call and one is a download. Typically, Your router(s) QOS rules have no way to give priority to the download over the incoming voip call. Why ? Because routers can typically only manage the priority of traffic coming out of your network, not traffic that was sent by a third party coming into your network
The netequalizer does not use typical QOS techniques like a router, it will actually sit in the middle and create slow virtual circuits on large streams to make the sending side think the link is slower, and the sending side will back off (of the download if needed )
May 12, 2015 at 2:28 PM
but im still wondering why cisco cheat us ? and let us buy router like csco ASR with 40000 $ that support QOS ???
i still dont undertand that , wherein cisco has a lot of courses for QIS deployment ?!!
why here we destory all the hope for QOS in the internet and seems impossible ???
i watched alot of videos and articles , but few that touch QOS on the internet ?!!
does the instructors who also give the course , dont know that ??
i hope to clarify and im really sad for the money spent to deploy QOS and in the end its meanless .
thankx
June 15, 2015 at 9:13 PM
[…] Another complication trying to give Internet traffic traditional priority is that a typical router cannot give priority to incoming traffic, and most of the test traffic is from the outside in. We detailed this phenomenon in our post about QOS and the Internet. […]
June 29, 2015 at 3:18 PM
thank you so much , but i want a logical answer , you said “we cant prioritize the incoming traffic” why ?
plz let me ask agian ….
lets say that youtube traffic always has fast links from its path to my path of ISP. (download) & (upload)
now assume i have 1000 Gbps traffic and i did shaping on 800 Gbps traffric on my router so that i escape from ISP provider shaping and let all drops be on my router side .
as i learned in cisco CCIP that we can do LLQ or priority queuing that might give priority to traffic.
now you will say to me “No you cant because you dont control the incoming traffic”
….ok…….
ok i agree with you , i see , but i assume that youtube traffic (Link ) in download direction is fast and no slow or any drop from youtube side .
why i still cant do prioritize or do any type of guarantee or priority BW ???
why only the shaping work with me not the “gurantee ” work ??
im sorry if i asked question agian in other view but i like to understand this story , why we cant do it ….
i agree with you with all you mentioned above , but i just wanted to understand and fill the gap i have in understanding
cheers
ahmad
July 1, 2015 at 9:27 AM
“thank you so much , but i want a logical answer , you said “we cant prioritize the incoming traffic” why ?
plz let me ask agian ….”
Perhaps I miss spoke or miss stated. Yes the NetEqualizer can prioritize incoming traffic, but it does not prioritize by type of traffic ( too much traffic is tunneled and encrypted to rely on this) But we can give priority to traffic by IP. This is done by reducing the streams of all “non” priority traffic thus leaving more traffic for the priority IP.
In order to do this subject proper justice it sometimes takes a 30 minutes type webex session or more, as we are combining several different things to arrive at priority. The main point is we provide priority by making sure all none essential streams incoming are throttled by the NetEqualizer and thus there is bandwidth left over for the priority stream. The throttling of non essential streams is done by creating slow virtual ques for their packets as they traverse through the netequalizer and they naturally back off when they sense the slower circuit that we artificially created
When I was talking about the inability of controlling incoming traffic and giving it priority I was not talking about the NEtEqualizer methodology, traditional packet tagging (cisco) , as I understand it , will not allow you to give an incoming traffic stream priority. Again to explain this statement in detail would require a webex session
July 4, 2015 at 8:02 AM
do you mind if we had a webex session ?
you can respond to my email
thank you
July 11, 2015 at 4:00 PM
im still interested with session to discuss its features before we order it for the ISP
thank you
July 11, 2015 at 7:33 PM
Please e-mail us at sales@apconnections.net with your contact details, thanks
August 6, 2015 at 11:10 AM
Please e-mail us directly
September 13, 2015 at 6:37 PM
[…] managers to redefine their role as managers of the network rather than managers of users who are “consumerizing” tech. Now comes another known as BYOB, but it’s not a bottle I’m talking about. […]
November 9, 2015 at 4:40 PM
you can’t apply QoS to incoming traffic because the packets have to reach the router for it to prioritise them. Once the packets reach the destination router it is too late, they are already using WAN link bandwidth. The sending router MUST be the one to rate limit or prioritise the send order.
November 9, 2015 at 5:27 PM
That is true with standard TOS methods , not with our methods… we eluded to that later in the article, and should have explained in more detail.But basically if you create a “slow”virtual circuit” for an incoming stream you can make it slow down, because the sender will sense the slower connection and reduce their rate of send. By choosing which streams you slow down , you can give more room on the circuit to other incoming traffic, hence a higher priority. It works like a charm, and we have been doing it for 10 years, there is no reason why Cisco and other routers cannot do this. But to my knowledge they don’t
February 14, 2017 at 2:24 PM
This information you provided is awesome and it makes complete sense on how to prioritize packets over the internet thank you again you have no idea how important this information was for me
December 12, 2018 at 9:27 AM
One exception I can think of is the case where branch office links are VPN tunnels connected over the Internet. In that case you do control both sides of the link and Cisco-like QoS methods can work to prioritize business applications. This assumes Internet access for branch office users is backhauled to the central site. For the main ISP link, a NetEq type approach is needed. (Which we use)