When it comes to evaluating network performance and QoS, a wide variety of measurement tools and protocols have been developed. However, they differ in how they work and where they are best suited. The solutions can be divided into two primary categories: active and passive. Understanding the intricacies of both categories is essential, as they offer unique advantages and limitations.
February 11th, 2025
Quality of Service
Let’s begin with a short introduction to QoSQuality of Service
Indicates the overall performance of the connection/network and its ability to serve applications.. In the context of communications, QoS tells how a connection path performs for connected applications. For users, it is the most important technical property of network connection. QoS is high enough when the user does not have to pay attention to the existence of the network connection. It can be measured with statistics like delay/latency, delay variation (jitter), packet loss, and data throughput.
The need for QoS is application-specific. Some applications demand high throughput without particular requirements for low delay. Others can slip through a narrow pipe, but even small delay spikes can be hazardous. To consider this, many network devices are marketed as equipped with various QoS capabilities. However, they are not QoS as such; instead, they are methods to enhance QoS with functionalities for prioritizing traffic flows of different application types.
QoS is, by its nature, a two-point concept. For example, delay means the time spent when data travels from one network point to another. As a result, most QoS measurement solutions operate in two network points. Single-point solutions must rely on protocol-specific information introduced by the traffic source.
Active Measurement Solutions
In a network setup phase, you don’t yet have the real application traffic there against which to verify the network performance. The same sometimes applies to R&D work in laboratory conditions. Stressing the connection path with synthetic test traffic enables the performance of a mixed set of use cases to be verified. Thus, controllable traffic generators become helpful. Active measurement solutions like Ping, TWAMPTwo-Way Active Measurement Protocol
TWAMP is a standardized active network measurement protocol for IP-based networks., different kinds of web-based connection maximum speed tests, and many proprietary solutions are commonly used for network performance evaluation. These tools generate artificial test traffic, for which they measure QoS statistics.
One popular set of tools in the active category is maximum data rate analyzers. These tools saturate the measured network path with generated test traffic, typically based on TCPTransport Control Protocol
A robust connection-oriented transport protocol for transferring non-realtime data reliably.. They are widely adopted in consumer use, offering a simple method to check current connection speed. However, their use in accurately evaluating network performance and quality is not straightforward. The results heavily depend on the current load in the measured path, indicating the remaining transmission capacity. Does the network operator with the highest speed test result have the best-performing network? Not necessarily. Since maximum throughput capacity is often a shared resource across users and their applications, the temporary capacity per user is prone to substantial variation over time. Therefore, they may have the best capacity at the measurement location at the measurement time or the least users to their capacity. Only numerous tests over a long period taken at different times of day start to reveal statistically the rank between the operators. Also, controlled and replicable measurement conditions are key to detailed analysis and understanding.
While maximum data rate is an essential metric for evaluating network performance, it represents just one aspect of overall QoS. For example, interference scenarios and fluctuating signal conditions in wireless networks, influenced by various environmental factors, can lead to packet loss and considerable delays, significantly impacting user application traffic. These challenging conditions can also manifest in further reduced data rates, particularly for protocols like TCP designed for adaptability and reliability in data transfer. As a result, relying solely on maximum capacity measurements may inadequately reflect network performance, potentially leading to incorrect conclusions about the network capacity and inappropriate corrective actions. More than sole throughput measurements are needed to provide insight into the root causes of the decreased performance, especially for applications sensitive to overall QoS. In industrial networks, where real-time responsiveness is paramount, minimizing delay, jitter, and packet loss takes precedence over maximizing throughput.
In continuous monitoring and operational environments, the measurement overhead should be minimized. This is why many active solutions for operational networks opt for lightweight, low-resolution test traffic or conduct periodic short tests. For example, Ping, a fundamental tool for network troubleshooting, sends ICMPInternet Control Message Protocol
ICMP is a supporting control protocol in the Internet protocol suite. echo requests to a target device, measuring the response rate and RTTRound-Trip Time
In packet data communications, RTT is the time it takes a packet to be sent from one network point to another and back. for the message sequence. While Ping is simple, lightweight, and widely supported, its utility is limited to basic connectivity. It does not reflect the actual application performance well. For more sophisticated assessment, protocols like TWAMP offer one-way and two-way QoS measurements, providing deeper insights into network quality. TWAMP, utilizing UDPUser Datagram Protocol
A simple, fast, and connectionless transport protocol. traffic instead of ICMP, offers advantages in environments where ICMP traffic is restricted or treated differently. The support for TWAMP is not as broad as for Ping but is found in many operator-grade network equipment. Like Ping, however, TWAMP often tells a little about the QoS of real applications.
Many proprietary active measurement solutions mimic real application traffic, giving a more realistic view of the performance. Some solutions play real traffic recorded earlier to get even closer to reality. The market also includes load testers that generate a mixed set of application flows emulating even thousands of users. However, different tools often come with specific ways to calculate performance statistics, some even with undisclosed methods, complicating the comparison analysis. Still, extensive test setups can be built, and modeling the traffic according to later operational use results in valuable information on the network’s capability to serve the applications.
Passive Measurement Solutions
When a network transitions into operational use, active solutions are not at their best: the lightweight ones only yield rough situation knowledge, and the solutions providing more accurate views consume valuable network resources. If a network is already operating near its capacity, using active solutions can tip the network over its limits, potentially leading to degraded quality for ongoing applications, which is unacceptable. Even when not, the setup is not ideal for monitoring, as the results only tell how the test traffic accomplishes. In contrast, passive measurement solutions excel in providing precise insights into how actual ongoing applications experience network performance with minimal overhead. By directly observing real application traffic, passive solutions offer an accurate assessment of prevailing performance, making them invaluable for continuous monitoring in operational networks.
Just as with active solutions, passive measurement solutions come with significant differences. Some solutions are general-purpose with flexibility for measurements without strict limitations on protocols and applications. Others are tailored to specific use cases, resulting in narrower functionality and potentially limiting widespread adoption.
One type of passive QoS measurement is monitoring TCP traffic behavior at a single point, offering a straightforward solution adaptable to various network environments. TCP’s reliability and feedback mechanisms make tracking metrics like RTT and data loss for TCP flows relatively easy. The major drawback of RTT is that when delays grow, you don’t have the visibility to determine which direction is causing the delay issue. This limitation becomes pronounced in wireless networks, where disparities between uplink and downlink performance are typical. Additionally, measuring from TCP packets may obscure connectivity issues by including the device performance at the receiving end, making it challenging to pinpoint quality degradation causes: is it due to connection or communicating device? While passive TCP measurement suits consumer use cases where TCP dominates traffic and detailed QoS analysis is unnecessary, real-time applications relying on continuous, high-quality communication typically eschew TCP in favor of protocols that better suit real-time communications.
In addition to TCP, some other protocols come equipped with built-in information relevant to applications that can also be used for measurements. For instance, RTPReal-time Transport Protocol
A transport protocol for applications with real-time constraints, such as video streams, VoIP, and remote control., commonly used in VoIPVoice over IP
Refers to technologies which enable a delivery of voice communication over IP network. applications and carried over UDP, facilitates packet loss and jitter measurement at a single point. Despite requiring measurement only at one end, the setup still constitutes a two-point measurement system. The source application injects information into the RTP header of transmitted packets, realizing the measurement. However, this type of measurement yields results only for the receiving direction. For two-way measurement, it’s necessary to conduct measurements at both ends of the communication flow.
A broad set of passive solutions exist that collect different statistics from network devices, e.g., by using SNMPSimple Network Management Protocol
SNMP is an Internet Standard control protocol for collecting, modifying, and organizing information about managed devices.. These include traffic statistics, dropped packets, and various signal metrics in the case of wireless connections. While there is some relation to QoS, by no means can these solutions be called QoS measurement solutions; the relation to application flows is non-existent or weak, at most. Still, these methods give overall network status information, enough in some use cases.
For comprehensive passive QoS measurement across diverse protocols, network technologies, and traffic directions, deploying a general-purpose traffic inspection solution at both ends of the measured path is needed. This approach enables monitoring QoS for all network traffic or specific flows of interest. Unlike most protocol-specific measurement techniques, this method doesn’t require an end-to-end measurement topology, offering greater flexibility. However, continuously synchronizing traffic context between measurement points becomes compulsory in real-time measurement scenarios. While that introduces overhead, efficient coding can minimize data rate impact to just a fraction of the measured traffic. In critical networks, the adverse effects of overhead are negligible compared to the benefits of gaining real-time QoS awareness. In laboratory settings and for precise scientific measurements, the control channel can be routed over a separate network to keep the measured path untouched.
Choosing the Right Solution
In selecting between active and passive measurement solutions, it’s crucial to consider the goals and needs for the measurement, as well as the specific requirements and constraints of the network environment. Active tools are invaluable for initial network testing, measurement campaigns, and certain troubleshooting cases, giving quick insights into basic connectivity and performance. For example, passive solutions cannot measure maximum throughput directly. They can reveal it indirectly over an extended monitoring period, but using an active measurement solution is a much faster way. However, the synthetic nature of the active solutions does not always reflect real-world application behavior accurately.
In operational use, one must be cautious with the extra traffic generated by the active measurement solutions. Passive measurement solutions can authentically represent network performance under actual usage conditions with minimum overhead. By observing real application traffic, passive solutions offer deeper insights into QoS metrics and behaviors, making them indispensable for accurate measurements, ongoing performance monitoring, and optimization of networked systems. Network-wide real-time QoS awareness can be reached with minimum overhead, revealing problems instantly.
Taking advantage of both active and passive measurement solutions can often be useful, especially in R&D work and measurement campaigns. Using a passive solution for measurement gives you the freedom to use different kinds of active tools for traffic generation, potentially mixed with real applications. This ensures that the measurement method, accuracy, and the extent of results remain the same despite the traffic source.
In summary, who wins the battle? At this point, you probably already guessed there is no winner or loser when comparing active and passive QoS measurement solutions: they both serve their purpose in different use cases. Each type of solution has its place in the network expert’s toolkit, and understanding their strengths and limitations is the key to effectively managing communications performance and QoS.
By Esa Piri and Jarmo Prokkola
February 11, 2025
Kaitotek Oy