After noticing several wifi dead zones on my property and finding my podcasts being interrupted while mowing the lawn, I decided to invest in a new network setup from Ubiquity, based on the Unify Security Gateway (USG) and a couple of Nano HD access points. Being an enterprise level product, there is a whole lot of flexibility and functionality offered that you don’t find on normal home networking kit and while the GUI for the controller part of the system is pretty neat, there is additional functionality exposed through a configuration file, config.gateway.json
For one reason or another, my NBN provider, Vodafone, choose to drop traffic that’s marked by DSCP, or at least the DSCP tags that are used for VoIP and VoWifi, which lead to an annoying situation of the outbound voice stream simply not being delivered; I could hear callers, they couldn’t hear me, and after a few seconds, calls would drop out.
It turns out that my Pixel 3 marks the outbound voice stream with the tos header tag 0xB8, which equates to DSCP 46 or DSCP ef, which is the highest level available for the most important traffic. Which makes a lot of sense, Google want to be sure that on QoS networks, VoWifi packets get precedence. Whether it is an intentional policy of Vodafone or the NBN to prevent abuse, or a misconfiguration somewhere along the line, packets leaving my network tagged this way went into the proverbial black hole. Fortunately, the USG provides us with a solution.
First, I created a VLAN, in this case VLAN 20, to separate the traffic of my phones from everything else. Then, by creating a firewall rule in config.gateway.json, the USG sets the DSCP value of all packets to and from that VLAN to DSCP 0.
The required configuration is:
{
"firewall":{
"modify":{
"STRIP_DSCP":{
"description":"Strip DSCP Values",
"rule":{
"9999":{
"action":"modify",
"modify":{
"dscp":"0"
}
}
}
}
}
},
"interfaces": {
"ethernet": {
"eth1": {
"vif": {
"20": {
"firewall":{
"in":{
"modify":"STRIP_DSCP"
},
"out":{
"modify":"STRIP_DSCP"
}
}
}
}
}
}
}
}
