How does Bigleaf provide Dynamic Quality of Service?

Bigleaf's dynamic Quality of Service (QoS) system provides effective and automatic prioritization for traffic traversing the public internet. Bigleaf uses unique technology to provide QoS without coordination of the network devices between the endpoints, with an easy, intelligent, and automatic experience for end users.

Bigleaf QoS detects different types of applications and prioritizes traffic according to priority levels. These priority levels give each broad category of traffic ideal treatment based on the network requirements for that type of traffic. For example, VoIP is given higher priority over bulk data transfers. And best of all, Bigleaf's dynamic QoS system meets the needs for most users without requiring custom configuration.

What makes Bigleaf QoS unique

Traditional network engineering practices required users to manually configure QoS settings for all types of applications, and often included months of planning, testing, implementation, and troubleshooting. With Bigleaf's intelligent QoS software, there is no longer a need for engineers to manually define the behavior of the network for individual applications.

There are 3 primary principles that make Bigleaf Dynamic QoS unique:

Real-time path capacity determination

Bigleaf's path monitoring service software detects symptoms of network path congestion 10 times per second (each time a monitoring packet is received). The congestion is detected and the Bigleaf queueing system evaluates if a circuit’s health issue appears to be due to congestion or due to a simple circuit quality problem.

If the issue appears to be due to congestion, the system then determines the maximum throughput at which the circuit can sustain traffic flow without health alarms. This ensures that ISP buffers don't fill up or drop packets, allowing Bigleaf's queueing system to be the only system doing any material buffering or dropping of network traffic along the path.

Control of all traffic

All upload traffic passes through the on-prem Bigleaf edge router, and all download traffic passes through the Gateway Clusters (Bigleaf Tunnel Endpoint (TE) servers). By doing so, rather than direct-routing some traffic to ISP circuits like most other SD-WAN solutions, Bigleaf gains full control of the traffic flow before it hits ISP bottlenecks like peering points or cable head-end devices.

Combined with the capacity detection described above, Bigleaf has full control of the customers' QoS prioritization and packet flow.

Intelligent software rather than manual policies

Many SD-WAN platforms use libraries of application signatures in an attempt to classify each unique application. This results in thousands of unique applications that each need a policy/rule for how to behave, and can create maintenance or performance issues when new applications are released.

Bigleaf adapts automatically to new applications that show up on the Internet. Our QoS classification rules are built around the nature of application traffic flows, rather than specific applications. We look at broad application needs, acknowledging that everyone wants:

  • Consistent and clean VoIP experiences that don’t drop
  • Web applications that load quickly and consistently
  • Fast file transfers without interruptions

While the "intelligent" part of the software can adapt on its own to many new applications, sometimes new applications mean improvements need to be added. For example, if there is a new VoIP provider that uses non-standard ports, Bigleaf will review that provider's requirements, ports, and protocols, and add that information to our software-defined QoS system. Those updates are then pushed out to all Bigleaf devices as part of our routine software updates.

In some situations, you may want unusual QoS treatment, or have custom one-off applications that need to be identified. In those rare situations, we can create custom QoS rules for you on a site-by-site basis.

How Bigleaf’s QoS works

There are several fully automated features that make Bigleaf's dynamic QoS system so effective.

  • Traffic identification / classification
  • Marking
  • Prioritization
  • Shaping
  • Capacity evaluation and adjustment

Each part of our QoS system affects:

  • Upload traffic — identified and controlled on the Bigleaf routers at the user's premises.
  • Download traffic — identified and controlled on Gateway Cluster TE servers in the core of Bigleaf's network.

Traffic identification / classification

Traffic is identified through rules that use heuristics and algorithms based on application and customer need (e.g. web browsing, or real-time audio for VoIP).

Our QoS system uses 6 priority levels, or queues (with level 6 having the most priority). We look at the protocol, port, flow size, flow duration, packet sizes, and other aspects of traffic flows when prioritizing traffic. We use that information to determine what type of application the flow belongs to, and what that application needs from the network to ensure a good end-user experience, while also considering others that need bandwidth at the same time.

The priority levels are:

6    VoIP — VoIP (signaling and media)

5    Realtime — ICMP, DNS, SSH

4    Urgent — Applications such as Remote Desktop, Citrix, Interactive Applications, some video calls

3    Interactive — FTP, VPNs, SNMP, HTTP

2    Bulk Data — Applications such as Netflix, YouTube, Dropbox uploads, other large HTTP(s) or FTP streams

1    Other — Anything that does not fit above

Note, this is not an exhaustive list of applications and protocols we prioritize, but rather examples of the traffic types and how they’re prioritized.


Bigleaf writes a value on the header that represents its priority level before routing, encapsulating, and sending each packet. This is known as the Differentiated Services Code Point (DSCP) value of a packet. For example, when the on-prem Bigleaf router detects an upload-direction VoIP flow, the flow will have its QoS header marked as VoIP, usually DSCP 46, and it will keep that value throughout the Bigleaf core network.

Note that by default, Bigleaf does not trust or use QoS header values sent from any outside source, including a customer LAN or even a Bigleaf BGP peer.

If you mix VoIP and low-priority flows like file sharing in the same IPSEC VPN tunnel, you can create custom QoS rules so that certain packets in that flow are treated with higher priority than others. Also if have a custom-built application that requires QoS handling based solely on DSCP values, you can use custom QoS rules to handle this.


Prioritization is maintained throughout the core of Bigleaf's network - traffic sent between multiple Bigleaf sites is given end-to-end prioritization. Network links can be saturated both by heavy usage and by microbursts, which are short bursts of traffic that can take up the full bandwidth of a link. When a link is saturated during a microburst or during times of very heavy usage, not all traffic can be sent simultaneously; certain traffic must be delayed (queued or buffered for later transmission) or even dropped.

The priority level, buffer size, and other properties of a QoS queue enables Bigleaf to make the decision about which traffic to buffer or drop during times of congestion. In general, lower-priority traffic is dropped first or is placed at the back of the buffer.


Shaping defines the upper limit of how much traffic will be sent over a circuit. Bigleaf shapes traffic, carefully ensuring that bandwidth is available for the higher priority traffic classes. Traffic is shaped down to the circuit speeds for each circuit, and also to the customer's bandwidth package at that site, whichever is less.  

Capacity evaluation and adjustment

To function correctly, every QoS shaping system must know exactly how much network "pipe" is available for the different priority levels. Without correct bandwidth information, a router will try to send traffic when there's no room for it. In addition, monitoring traffic could get dropped and appear as packet loss when there is only congestion or an incorrect configuration.

Bigleaf's dynamic QoS system relies in part on the customer to give accurate numbers for the rated bandwidth capacity of each circuit. However, the system also automatically detects congestion on circuits. When monitoring traffic is dropped or delayed, Bigleaf's capacity adjustment system is triggered. This system decides whether to decrease the shaping rate, (the upper limit of how much traffic will be sent over a circuit), to enable Bigleaf's queueing to regain full control of the network path. This ensures that high-priority traffic is not dropped on congested links.

If a circuit's bandwidth is significantly misconfigured, for example, having bandwidth 30% less than it really has, automatic shaping rate changes will not be enough to protect high-priority traffic. In that case, health alarms occur. These alarms indicate that something is wrong, so you can run tests to verify that the circuit is not getting the bandwidth expected, and request that the service provider repair the circuit.

When there's a large misconfiguration of circuit bandwidth, it's wise to lower the configured bandwidth to something near what the circuit is actually delivering to protect high-priority traffic until the circuit is repaired. Then you can put the configured bandwidth back to normal.


Bigleaf’s QoS system is just one part of the Bigleaf service that keeps your internet connections and applications running at peak performance. If you have any questions about our QoS system, or how to create custom QoS rules for your applications, contact Bigleaf Support

Have more questions? Submit a request


Powered by Zendesk