CCIE STUFF: QoS Notes

QOS:

The TX-ring (hardware queue) is always FIFO. Use show controller | i tx_limit.

Queuing & Shaping can only be applied in an outbound direction to an interface.

Policing can be applied inbound or outbound direction to an interface.

If ACL does not exists, it is match-all traffic.

cache-flow, is taken BEFORE any packet markings

Local marking won’t show on the router, except one hop away.

DSCP:

IP precedence 6 and 7 should not be used according to Cisco Systems.
It's used for control plane packets, protocol update, etc by the routing protocols.

DSCP	Binary	Dec.	IP Precedence	comments
Default	000000	0	routine
CS1	001000	8	priority
AF11	001010	10
AF12	001100	12
AF13	001110	14
CS2	010000	16	immediate
AF21	010010	18
AF22	010100	20
AF23	010110	22
CS3	011000	24	flash	Voice/ Video Signaling
AF31	011010	26
AF32	011100	28
AF33	011110	30
CS4	100000	32	flash Override	Voice RTP
AF41	100010	34
AF42	100100	36
AF43	100110	38
CS5	101000	40	critical
EF	101110	46		low latency, loss, jitter.
CS6	110000	48	internet
CS7	111000	56	network

R1(config)#access-list ?

  <1-99>            IP standard access list

  <100-199>         IP extended access list

  <1100-1199>       Extended 48-bit MAC address access list

  <1300-1999>       IP standard access list (expanded range)

  <200-299>         Protocol type-code access list

  <2000-2699>       IP extended access list (expanded range)

  <2700-2799>       MPLS access list

  <700-799>         48-bit MAC address access list

  dynamic-extended  Extend the dynamic ACL absolute timer

  rate-limit        Simple rate-limit specific access list

#ip telnet tos {tos-value}                  # change default telnet marking, 6, from the local router.

#interface se0/0/9

  #tx-ring limit {number}                           # changes the TX-ring length for an interface.

  #load-interval {sec}                              # sets the length of time used for load counter calculation.

     #hold-queue {length} {in|out}              # limits the size of the IP queue on an interface.

R5(config-cmap)#match ?

dscp Match DSCP in IP(v4) and IPv6 packets

o Typical use of Express Forwarding (EF) in DSCP is to identify different levels of priority for latency-sensitive applications.

o Typical use of Assured Forwarding (AF) in DSCP is to identify different levels of priority for data applications.

o Formula for AFxy to decimal conversion is "8x + 2y". AF32 => 8 x 3 + 2 x 2 = 28.

o If AF23 was competing with AF21, then AF23 will be dropped first, however,

o If AF33 and AF21 were competing, (congestion), AF21 will be dropped first, since AF33 has higher class.

Reflexive ACL (keep_state)

It allows you to dynamically open up your filtering router to allow reply packets back through, in response to an outbound TCP connection or UDP session initiated from within your network. This mechanism reduces exposure to spoofing and denial-of-service, since desirable inbound flows are mostly in response to outbound traffic.

Some applications change port numbers within a session. They may initially transmit to a well-known port and then shift ports. This will not work with RACL's. Active FTP is an example of such an application. You'll need passive FTP if you plan on using reflexive access lists. access-list 104 dynamic R4Telnet permit tcp host 192.168.101.4 any eq telnet

TCP header compression:

Configured by ip tcp header-compression to compress the TCP header.

Stack compression:

The lossless data compression mechanism is STAC using the LZF algorithm & configured with compress stac.

Predictor:

Uses RAND compression algorithm and configured with compress predictor along with PPP encapsulation.

RTP header compression:

Allows the reduction of the RTP header from 40 bytes to 2-5 bytes.

It’s best used on slow-speed links for real-time traffic with small data payloads, like VoIP.

Configured with ip rtp header-compression

To enable per VC, use frame-relay map ip {IP} {DLCI} [broadcast] rtp header-compression.

The passive keyword means the router will not send RTP compressed headers unless RTP headers are received.

o HDLC encapsulation support Stacker compression algorithm.

o PPP and LAPB encapsulations support both Predictor and Stacker compression algorithm.

o Optimizing links for maximum payload throughput == compression

o If files already compressed don’t use compression on the router.

Local Policy-map:

Packets that are generated by the router are not normally policy routed. However, you can use this command to policy route such packets. You might enable local policy routing if you want packets originated at the router to take a route other than the obvious shortest path.

ip local policy route-map xyz

route-map xyz

 match ip address 131

 set ip next-hop 172.130.3.20

To rename a policy-map without in-place editing, use ‘rename’ key word.

All the instances referenced in the running-config will be accordingly renamed!

R5(config)#policy-map OLD-NAME-CEF

R5(config-pmap)#rename NEW-NAME-CEF

Best-Effort Service

Best effort is a single service model in which an application sends data whenever it must, in any quantity, and without requesting permission or first informing the network. For best-effort service, the network delivers data if it can, without any assurance of reliability, delay bounds, or throughput. The Cisco IOS QoS feature that implements best-effort service is FIFO queuing. Best-effort service is suitable for a wide range of networked applications such as general file transfers or e-mail.

Integrated Service

Integrated service is a multiple service model that can accommodate multiple QoS requirements. In this model the application requests a specific kind of service from the network before it sends data. The request is made by explicit signaling; the application informs the network of its traffic profile and requests a particular kind of service that can encompass its bandwidth and delay requirements. The application is expected to send data only after it gets a confirmation from the network. It is also expected to send data that lies within its described traffic profile.

The network performs admission control, based on information from the application and available network resources. It also commits to meeting the QoS requirements of the application as long as the traffic remains within the profile specifications. The network fulfills its commitment by maintaining per-flow state and then performing packet classification, policing, and intelligent queuing based on that state. Example: Resource Reservation Protocol (RSVP).

Differentiated service:

o DSCP is a multiple service model that can satisfy differing QoS requirements. However, unlike in the integrated service model, an application using differentiated service does not explicitly signal the router before sending data. For differentiated service, the network tries to deliver a particular kind of service based on the QoS specified by each packet.

o This specification can occur in different ways, for example, using the IP Precedence bit settings in IP packets or source and destination addresses. The network uses the QoS specification to classify, mark, shape, and police traffic, and to perform intelligent queuing. In IOS:

o Committed access rate (CAR), which performs packet classification through IP Precedence and QoS group settings. CAR performs metering and policing of traffic, providing bandwidth management.

o Intelligent queuing schemes such as WRED and WFQ and their equivalent features on the Versatile Interface Processor (VIP), which are distributed WRED DWRED and DWFQ. These features can be used with CAR to deliver differentiated services.

o CAR is the main feature supporting packet classification. CAR uses the ToS bits in the IP header to classify packets. You can use the CAR classification commands to classify and reclassify a packet.

CLASSIFICATION:

o Packet classification features provide the capability to partition network traffic into multiple priority levels or classes of service. For example, by using the three precedence bits in the Type of service (ToS) field of the IP packet header—two of the values are reserved for other purposes (6 and 7)—you can categorize packets into a limited set of up to six traffic classes (0 through 5). After you classify packets, you can utilize other QoS features to assign the appropriate traffic handling policies including congestion management, bandwidth allocation, and delay bounds for each traffic class. Although IP Precedence is not a queuing method, other queuing methods such as WFQ can use the IP Precedence setting of the packet to prioritize traffic.

o With the growing popularity of VPNs, the need to classify traffic within a traffic tunnel is gaining importance. QoS features have historically been unable to classify traffic within a tunnel (due to tunnel encapsulation or encryption). With the introduction of the QoS for VPNs, packets can now be classified before tunneling/encryption occur which is called pre-classification.

o MQC Classification Option: Access-Lists, DSCP, IP Precedence, NBAR, Packet Length, FR-DE, Interface, QOS-Group.

o MQC Marking Options: ATM-CLP, COS, Discard-Classes, DSCP, Frame-Relay-DE

o QOS-Group: An arbitrary number locally significant to the router and is used when traffic passing through the router must be tagged/classified without changing anything in the packet header.

MARKING:

The Class-Based Packet Marking feature provides users with a means for efficient packet marking by which users can differentiate packets based on the designated markings. The Class-Based Packet Marking feature allows users to perform the following tasks:

o Mark packets by setting the IP Precedence bits or the IP differentiated services code point (DSCP) in the IP ToS byte.

o Mark packets by setting the Layer 2 class of service (CoS) value.

o Associate a local QoS group value with a packet.

o Set the cell loss priority (CLP) bit setting in the ATM header of a packet from 0 to 1.

CONGESTION MANAGEMENT:

“Deficit Round Robin”, which tracks the amount of excessive bytes consumed by every queue and takes that in to account in next scheduling rounds.

Default queuing.

First In First Out FIFO; provides basic store and forward queuing. It is the default queuing mechanism on Ethernet and serial links above 2 Mbps.

Custom queuing (CQ):

o The Custom queue feature is similar to WFQ in that it tries to share the bandwidth between packet flows using the max min approach: each flow class gets the guaranteed share proportional to its weight plus any class may claim the “unused” interface bandwidth.

o However, unlike WFQ, there are no dynamic conversations, just 16 static queues with configurable classification criteria.

o Custom Queue assigns byte counter to every queue (defaults: Byte-count 1500 & Queue-limit 20 packets) and serves the queues in round-robin fashion, proportional to counters. Every de-queued packet decrements queue byte count by its size, until it drops down to zero.

o Custom Queuing feature supports additional system queue, number 0. System queue is the priority queue and is always served first, before any other (regular) queues. By default, system queue is used for layer 2 keepalives, but not for routing update packets (e.g. RIP, OSPF, EIGRP). Therefore, it’s recommended to map the routing update packets to system queue 0 manually, unless the interface is Frame-Relay, which uses special broadcast queue to send broadcasts.

o Note that all unclassified packets are by default assigned to queue 1 (e.g. routing updates will use this queue, unless mapped to some other queue), if the default queue number is not changed.

o Lowest-custom keyword allows to treat the queue like system queue queue-list 1,2,3 will be treated like system queue 0 and serviced before the rest of the queues; kind of like priority queue and only can be used in queue-list 1.

(config #)queue-list 1 lowest-custom 4

The limitation of round robin scheduling is that it can’t naturally dequeue less than one packet (quantum) from each queue.

o CQ reserves a percentage of the available bandwidth of an interface for each selected traffic type.

o CQ is prone to inaccurate bandwidth allocations.

o Up to 16 configurable queues, including a priority queue.

o It’s an outbound queue and will kick in when congestion occurs, hence no direction to specify.

o If reserved bandwidth not used, then other traffic types may use the remaining reserved bandwidth.

queue-list 1 protocol ip 0 udp rip bgp # traffic in this queue always sent first.

queue-list 1 protocol ip 1 lt 65 # packets less than specified size.

queue-list 1 protocol ip 1 list 101 # call an access list

queue-list 1 protocol ip 5 fragments # prioritize fragmented IP packets.

queue-list 1 queue 0 limit 10 # max number of queue entries/packets.

queue-list 1 queue 1 byte-count 1500 # byte size of the queue

queue-list 1 interface <int> <queue> # establishes priorities for packets from int.

#interface Serial0/0/2

#custom-queue-list 1

Priority queuing (PQ):

o Frame Relay permanent virtual circuit (PVC) interface priority queuing (FR PIPQ).

o The FR PIPQ provides an interface-level PQ scheme in which prioritization is based on destination PVC rather than packet contents, and provides four levels of priority: high, medium, normal, and low.

o The Frame Relay packet is examined at the interface for the data-link connection identifier (DLCI) value. The packet is then sent to the correct priority queue based on the priority level configured for that DLCI.

o PQ is prone to starvation.

o Similar to custom queuing, gt, lt, fragments keywords are also available.

priority-list 1 protocol ip high tcp 23.

priority-list 1 protocol ip medium tcp 21.

priority-list 1 default low # changes the default queue from normal to low.

#interface Serial0/0/0

#priority-group 1 # applying PQ to default queuing on Serial interface.

WFQ:

o WFQ applies priority (or weights) to classified, identified traffic conversations and determines how much bandwidth each conversation is allowed relative to other conversations.

o WFQ classifies traffic into different flows based on such characteristics as source and destination address, protocol, and port and socket of the session.

o For serial interfaces at E1 (2.048 Mbps) and below, WFQ is used by default, when no other queuing strategies are configured.

o All other interfaces use FIFO by default.

o It dynamically allocates flows into queues. The allocation is NOT configurable, only the number of queues are.

o Guarantees throughput to all flows, and drops packets from the most aggressive flows.

o Can not provide fixed bandwidth guarantees.

#interface Serial0/0/1

#fair-queue [Congestive Discard Threshold] [dynamic-queues] [reserve-queues]

CBWFQ, DCBWFQ:

o The class-based WFQ and distributed class-based WFQ features extend the standard WFQ functionality to provide support for user-defined traffic classes. They allow you to specify the exact amount of bandwidth to be allocated for a specific class of traffic. Taking into account available bandwidth on the interface, you can configure up to 64 classes and control distribution among them.

o Used to reserve a guaranteed minimum bandwidth in the output queue based on each user defined class.

o Supports 64 classes/queues

o The drop policy is tail drop or WRED, and it is configurable per class.

o Scheduling is FIFO, except the ‘default-class’ which can be FIFO or WFQ.

o If bandwidth is not specified in the class definition, fair-queue is required in class-default definition.

#class-map SMTP

#match access-group SMTP # match-ALL, default, an extended access list.

#class-map match-any HTTP

#match protocol http # using NBAR to match the traffic.

#class-map FTP

#match access-group FTP # Names are case sensitive.

#policy-map MYQOS

#class SMTP # absolute reservation based on interface bandwidth command.

#bandwidth 512 # here it’s 512K since interface bandwidth defined as 1024k

#class HTTP # absolute reservation based on %interface bandwidth command.

#bandwidth percent 25 # 256k here, since %25 of 1024 = 256.

#class FTP # relative reservation based on what’s available

#bandwidth remaining percent 25 # based on ‘remaining’ 1024-(512k+256)=256 here.

#class class-default

#fair-queue # Required if ‘bandwidth’ is not specified.

#interface Serial0/0/1

#bandwidth 1024

#max-reserved-bandwidth %# change the default %75 when queuing is to be configured.

#service-policy output MYQOS

IP RTP Priority and Frame Relay IP RTP Priority:

o This feature can be used on serial interfaces and Frame Relay PVCs in conjunction with either WFQ or CBWFQ on the same outgoing interface.

o In either case, traffic matching the range of UDP ports specified for the priority queue is guaranteed strict priority over other CBWFQ classes or WFQ flows; packets in the priority queue are always serviced first.

o Matching VOIP traffic can be done in 2 ways.

- Matching UDP/RTP headers and RTP port numbers:

#class-map MyVoip

  #match ip rtp 16383 16384

- Using NBAR which specifies matching for RTP voice payload type value 0-23:

#class-map MyVoip

   #match ip rtp audio

LLQ: Low latency queuing:

o Distributed LLQ, and LLQ for Frame Relay.

o LLQ provides strict priority queuing on ATM VCs and serial interfaces.

o It allows you to configure the priority for a class within CBWFQ, and is not limited to UDP port numbers, as is IP RTP Priority.

o LLQ and IP RTP Priority can be configured at the same time, but IP RTP Priority takes precedence.

o Adds the concept of a priority queue to CBWFQ, but without starving other classes.

o Provides a maximum bandwidth guarantee with low-latency and optional burst capability

o Uses only ONE queue per QOS policy, but does allow multiple queues.

o Has a built-in congestion-aware policer, preventing the starvation on non-priority traffic.

o Internal policer will be used during the congestion period, otherwise LLQ traffic may use any excess bandwidth.

o During congestion, a priority class can not use any excess bandwidth, thus any excess traffic will be dropped.

o During non-congestion periods though, traffic exceeding the LLQ is placed into the class-default and is NOT priority queued. Hence a good idea to define a policer in LLQ to drop or queue properly.

#class-map VOIP

  #match ip rtp 16384 16383

#policy-map LLQ

  #class VOIP

    #priority Kbps [burst Bytes]

    #police cir {bps} bc {bytes} be {bytes}

CONGESTION AVOIDANCE:

o Tail Drop feature is used to resolve the problem when WRED is not configured. During tail drop, a potentially large number of packets from numerous connections are discarded because of lack of buffer capacity.

o This behavior can result in waves of congestion followed by periods during which the transmission link is not fully used. In tail drop, packets satisfying the match criteria for a class accumulate in the queue reserved for the class until they are serviced.

o The queue-limit command is used to define the maximum threshold for a class. When the maximum threshold is reached, enqueued packets get dropped at the tail end.

WRED:

o obviates this situation proactively by providing congestion avoidance. That is, instead of waiting for buffers to fill before dropping packets, the router monitors the buffer depth and performs early discards on selected packets sent over selected connections.

o WRED is the Cisco implementation of the RED class of congestion avoidance algorithms. When RED is used and the source detects the dropped packet, the source slows its transmission. RED is primarily designed to work with TCP in IP internetwork environments.

o The RED congestion avoidance technique takes advantage of the congestion control mechanism of TCP. By randomly dropping packets prior to periods of high congestion, RED tells the packet source to decrease its transmission rate. Assuming the packet source is using TCP, it decreases its transmission rate until all packets reach their destination, indicating that the congestion is cleared. You can use RED as a way to cause TCP to slow transmission of packets. When enabled on an interface, RED begins dropping packets when congestion occurs at a rate you select during configuration.

o It provides the ability to define multiple RED profiles within a single class, based on certain match criteria (DSCP, discard class and so on), so that different drop precedence can be configured based on the relative importance of packets. It can selectively discard lower priority traffic when the interface begins to get congested and provide differentiated performance characteristics for different classes of service. You can configure WRED to ignore IP precedence when making drop decisions so that non-weighted RED behavior is achieved.

o It makes early detection of congestion possible and provides for multiple classes of traffic. It also protects against global synchronization. For these reasons, WRED is useful on any output interface in which you expect congestion to occur.

o However, WRED is usually used in the core routers of a network, rather than at the edge of the network. Edge routers assign IP precedence to packets as they enter the network. WRED uses these precedencies to determine how to treat different types of traffic.

o WRED provides separate thresholds and weights for different IP precedence, allowing you to provide different qualities of service in regard to packet dropping for different traffic types. Standard traffic may be dropped more frequently than premium traffic during periods of congestion.

o WRED treats non-IP traffic as precedence 0, the lowest precedence. Therefore, non-IP traffic, in general, is more likely to be dropped than IP traffic.

o WRED is useful only when the bulk of the traffic is TCP/IP traffic. With TCP, dropped packets indicate congestion, so the packet source reduces its transmission rate. With other protocols, packet sources may not respond or may resend dropped packets at the same rate. Thus, dropping packets does not decrease congestion.

o WRED can also be configured to use the DSCP value when it calculates the drop probability of a packet, enabling WRED to be compliant with the DiffServ standard. WRED is also RSVP aware.

o Weights can be based on IP precedence or DSCP values.

o It’ is typically used to avoid TCP global synchronization but is generally not used for UDP flows.

o When the minimum threshold is reached, WRED becomes active and starts randomly selecting packets to be dropped.

o Packet drop rate increases linearly as the average queue size increases until it reaches the ‘maximum threshold’

o Above maximum queue size, all new packets are tail-dropped.

#show queueing int S0/1/0 # shows the input/output queue size and default values

#interface S0/1/0

#random-detect [dscp-based|prec-based] # enables WRED, default is Precedence-based.

#random-detect ecn # enables Explicit Congestion Notification; for FR

DWRED

It is the Cisco high-speed version of WRED. The DWRED algorithm was designed with ISP Providers in mind; it allows an ISP to define minimum and maximum queue depth thresholds and drop capabilities for each class of service.

QoS Signaling:

Cisco IOS QoS signaling takes advantage of IP. Either in-band (IP Precedence, 802.1p) or out-of-band (RSVP) signaling is used to indicate that a particular QoS service is desired for a particular traffic classification. Together, IP Precedence and RSVP provide a robust combination for end-to-end QoS signaling: IP Precedence signals for differentiated QoS and RSVP for guaranteed QoS.

QPPB :

o QoS Policy Propagation Using BGP (QPPB) allows you to map BGP prefixes and attributes to Cisco Express Forwarding (CEF) parameters that can be used to enforce traffic policing. QPPB allows BGP policy set in one location of the network to be propagated using BGP to other parts of the network, where appropriate QoS policies can be created.

o The Policy Propagation via BGP feature allows you to classify packets by IP Precedence based on BGP community lists, BGP autonomous system paths, and access lists. After a packet has been classified, you can use other quality of service features such as committed access rate (CAR) and Weighted Random Early Detection (WRED) to specify and enforce policies to fit your business model.

In-Place Policy Modification:

o When a QoS policy attached to an interface is modified, QoS is first disabled on the interface, hardware is reprogrammed for the modified policy, and QoS is re-enabled on the interface. For a short period of time, no QoS policy is active on the interface. In addition, the QoS statistics for the policy that is attached to an interface is lost (reset to 0) when the policy is modified.

o The support for QoS services on a multicast VPN (mVPN) enabled network involves the marking of differentiated services code point (DSCP) or precedence bits on the tunnel IP header. This feature enables MPLS carriers to offer QoS on mVPN services. The mVPN network uses generic routing encapsulation (GRE) tunnels between provider edge (PE) devices. Multicast packets are placed in GRE tunnels for transmission across the MPLS core network.

VPLS QoS:

o VPLS-enabled network, packets are classified based on the following VPLS-specific match criteria only on INGRESS direction; Match on vpls-known unicast, Match on vpls-unknown unicast, Match on vpls-multicast.

MPLS QOS:

o Pipe mode and Short Pipe mode provide QoS transparency. With QoS transparency, the customer's IP marking in the IP packet is preserved.

o Short Pipe mode—In Short Pipe mode, the egress PE router uses the original packet marking instead of the marking used by the intermediate P routers.

o Uniform mode—In Uniform mode, the marking in the IP packet may be manipulated to reflect the service provider's QoS marking in the core.

o TOS Reflection The default behavior for ingress LSR is to copy the first 3 bits of the DSCP value to the EXP header.

HQOS:

o A traffic policy that contains a nested traffic policy is called a hierarchical traffic policy. It contains a child and a parent policy. The child policy is the previously defined traffic policy that is being associated with the new traffic policy through the use of the service-policy command in policy-map definition of parent. The new traffic policy using the pre-existing traffic policy is the parent policy

ACL Fragment:

ACLs have a fragments keyword that enables specialized fragmented packet-handling behavior. Without this fragments keyword, non-initial fragments that match the Layer 3 statements (irrespective of the Layer 4 information) in an ACL are affected by the permit or deny statement of the matched entry. However, by adding the fragments keyword, you can force ACLs to either deny or permit non-initial fragments with more granularity. This behavior is the same for both IPv4 and IPv6 access-lists, with the exception that, while IPv4 ACLs allow the use of the fragments keyword within Layer 3 and Layer 4 statements, IPv6 ACLs only allow the use of the fragments keyword within Layer 3 statements.

NBAR:

o NBAR is actually an identification tool that is really the hard part of the classification process. Having identified the traffic, marking the packet later is relatively easy.

o NBAR takes the identification portion of classification to another level. Looking deeper into the packet, identification can be performed farther away than just classifying them by source and destination addresses and ports or even protocol type.

o NBAR adds a couple of interesting features that make it extremely valuable. One feature is a protocol discovery capability. This allows NBAR to baseline the protocols on an interface. NBAR lists the protocols that it can identify and provides statistics on each one.

o Another feature is the Packet Description Language Module (PDLM), which allows additional protocols to be easily added to NBAR's list of identifiable protocols. These modules are created and loaded into Flash memory, which then is uploaded into RAM. Using PDLMs, additional protocols can be added to the list without upgrading the IOS level or rebooting the router.

o NBAR protocol discovery can track and provide statistics on which protocols transit an Interface and must enable cef.

ip cef <global command>

R6(config-if)#ip nbar protocol-discovery

Frame-Relay Parameters:

o Serialization, Access-Rate; physical clocking. It determines the amount of data that can be encapsulated on to the wire.

o Serialization delay; constant delay & can’t be changed, time to put the packet on the wire based on Interface access-rate.

o CIR, committed information rate; average output rate per second on the circuit/interface.

o Tc, Time Interval, in milliseconds; can’t be set, but can be manipulated by CIR=Bc/Tc formula.

o Max value of Tc is 125ms, 1/8th of a second. Min value is 10ms, 1/100th of sec.

o The largest amount of traffic that can be sent in a single interface is Bc+Be.

o Do NOT use frame-relay tc command to configure Tc; it’s is only used for FR SVCs with a CIR=0

o Changing Bc has a direct effect on the delay/time interval

o Bigger Bc: more delay, but more data per Tc.

o Smaller Bc; less delay but less data per Tc; generally used for Voice.

o Be, Excess Burst, is the number of non-committed bits the router is allowed to send above the Bc if credit is available.

o If all the Bc per interval was not used, then at a later time the router can send Be’s worth of bits out up-to CIR limit.

o there is no time limit to how long Be can ‘store’ unused Bc credits.

o Be defaults to zero bits.

o Bc = Tc * CIR, ==> CIR = Bc/Tc ==> Tc = Bc/CIR

o Be = seconds * link-bandwidth

Legacy Rate-Limit ( CAR )

o Uses a two-rate policer.

o If multiple statements are used on an interface, traffic will be checked top-down, until a match is found.

o Legacy CAR statement supports the continue feature in having nested rate-limits; match multiple statements.

o Changing the burst size determines how often the rate is enforced over a second.

o Rate-limit Bc/Be values are in BYTES, while Shaping Bc/Be is in BITS

o Excess burst, Be, is only used when the configured Be is greater than configured Bc.

o For example, with Bc=1000 and Be=1000 there will be no burst. Tc is typically 1.5 second.

o Bc = CIR/8 * Tc ==> CIR = 8 * Bc/Tc

o Be = Bc * 2

GTS:

o Generic Traffic Shaping: GTS shapes traffic by reducing outbound traffic flow to avoid congestion by constraining it to a particular bit rate using the token bucket mechanism. It works with Layer 2 technologies; FR, ATM, SMDS and Ethernet.

o Legacy GTS configuration examples:

#interface S0/0/0

#traffic-shape rate 640000 8000 0 1000 # AR 64K, Bc 8K, Be zero, Buffer-Limit is 1000.

#traffic-shape group 100 640000 8000 0 # acl-100 to match for shaping.

#traffic-shape fecn-adapt # configures reflection of FECNs as BECNs.

#traffic-shape adaptive 32000 # if BECN received, interface throttles >= 32K.

o AR access rate. ’adaptive’ Sets the interface CIR at 32k, minimum guaranteed amount.

MQC GTS:

o Class Based Shaping is GTS applied via MQC.

o CBS uses the same principles and calculations as FRTS, but does not do adaptive-shaping.

o CBS is supported on non-frame-relay interfaces.

o Shape Average: Bc = Shape-rate * Tc

o Shape Peak: shape-rate = configured-rate (1 + Be/Bc) or CIR(1 + Be/Bc)

o Generic Traffic Shaping uses WFQ. GTS configurable per interface or sub-interface; supports class-based classification.

o Only applies to outbound traffic

o Queuing mechanism can be used in conjunction with traffic shaping.

o Shaping queues packets FIFO & ensures do not exceed the defined rate using a system of credit, token bucket.

o Credits, for the size of the packets in bits, must be earned before sending packets out, doesn’t allow future borrowing.

o When shaping applied on an interface, a full credit will be given, but future credits need to be earned.

o Frame Relay Traffic Shaping uses WFQ (frame-relay fair-que), Strict Priority Queue with WFQ (frame-relay ip rtp priority), Custom Queue, Priority Queue and FIFO Que.

FRTS:

o FRTS support shaping per DLCI.

o FRTS applies only to Frame Relay PVCs and switched virtual circuits (SVCs).

o MINCIR; if BECN received, the rate will throttle down at a minimum. Default to CIR/2

o Adaptive Shaping; used to allow the router to throttle back in the event of congestion.

o Adaptive Shaping; The router will throttle back 25% per Tc when BECNs are received, another 25% for each Tc until either BECNs are no longer received OR MINCIR is reached.

o FRTS used for conforming to the rate subscribed from the frame-relay service provider, or higher speed site not to overrun lower speed sites.

o Once configured on the Interface, all DLCIs on that interface, including sub-interface DLCIs, are assigned 56K bps CIR.

o fragmentation size should be set to match the Bc, that way the worst delay equals single Tc.

o It’s a Frame Relay implementation of GTS. Using FRTS you can eliminate bottleneck in FR networks that have high-speed connections at the central site and low-speed connections at branch sites. This way, you can configure rate enforcement to either the CIR or some other defined value such as the excess information rate, on a per-virtual-circuit VC basis. Using BECN & FECN tagged packets received from the network, FRTS can also dynamically throttle traffic.

o Legacy FRTS configuration examples:

#map-class frame-relay MY_FRTS

#frame-relay cir {bps} # default 56000 bits per second

#frame-relay bc {bps} # default 7000 bits per second

#frame-relay be {bps} # default 0 bits per second

#frame-relay mincir {bps} # default CIR/2 bits per second

#frame-relay adaptive-shaping becn # rate adjustment in response to BECN

#frame-relay adaptive-shaping foresight # rate adjustment in response to BECN/foresight

#frame-relay fecn-adapt # shaping reflection of received FECN as BECN

#frame-relay fragment {bytes} # max frag size

#frame-relay adaptive interface-congestion {que depth} # if output queue depth exceeds, slow down the rate.

#interface S0/0/0.1

#frame-relay interface dlci 404 # applies FRTS only to this VC.

#class MY_FRTS

#interface S0/0/0

#frame-relay traffic-shaping # enable FRTS on an interface

#frame-relay class MY_FRTS # applies legacy FRTS to each VC on Interface

ACL MASK:

Interface Ethernet0

#rate-limit input access-group MASK 1 1000000 10000 10000

access-list MASK 1

Here mask 07 is IP precedence 0, 1, 2 which are added together and converted to hex number

00000001 == prec0

00000010 == prec1

00000100 == prec2

--------------

00000111 == 0x07

PBR (Policy-Based Routing)

o PBR allows you to classify traffic based on extended access list criteria; sets IP Precedence bits and routes specific traffic to engineered paths, which may be required to allow a specific QoS service through the network. With PBR routing is done by policies allowing more intelligent routing decisions based on packet header information farther than destination addresses.

o PBR allows control of traffic flow based on:

- Source/Destination, protocol type, and incoming interface.

- Traffic that is denied by the policy-map will get routed normally.

- By default the PBR traffic is process-switched.

- Fast switching can be enabled with ip route-cache policy.

The set ip next-hop and set ip default next-hop are similar, but have a different order of operations.

- Configuring the set ip next-hop command causes the system to use policy routing first and then use the routing table.

- Configuring the set ip default next-hop command causes the system to use the routing table first and then policy route the specified next hop.

BGPPP (Border Gateway Protocol Policy Propagation)

o BGPPP is a scalable means of utilizing attributes, such as community values, to propagate destination-based packet classification policies throughout a large network via BGP routing updates.

QPM & QDM: QPM (Quality of Service Policy Manager) and QDM (Quality of Service Device Manager)

o They are very advanced Cisco's tools for ease of deployment of QoS services.

o IPM - Internetwork Performance Monitor: another very advanced Cisco's tool for verification of service levels on already QoS implemented networks.

o VLAN Tagging: A very ingenious layer-2 QoS scheme that allows to classify Ethernet segment by tagging them. Forwarding behavior will be defendant of class of tag carrying for each segment travelling by the network.

o LFI - Link Fragmentation and Interleaving: It's explained more or less as interactive traffic (always fragile traffic like Telnet, Voice over IP, SSH, interactive WWW as chatting and lived questionnaires) is susceptible to increase latency and jitter (have a look to http://opalsoft.net/qos/QoS.htm for a brief explanation of these terms) when the network processes large packets (for example, LAN-to-LAN FTP big packets transverse a low bandwidth WAN link), especially when their packets (from interactive flows) are queued on these slower links.

o LFI reduces delay and jitter by breaking up large datagrams and interleaving low-delay traffic packets with the resulting smaller packets. For combining large file FTP transfer traffic (where latency and jitter really don't matter) with low-bandwidth fragile traffic like Telnet, VoIP, SSH, etc. (where latency and jitter really matter) LFI is the right solution. Combined again with RTPC is a must.

RTPC (Real-time Transport Protocol Header Compression)

o RTP is a protocol used for carrying multimedia application traffic, including audio and video, over an IP network.

o RTP packets have a 40-byte header and typically a 20 to 150 payload.

o RTP protocol travels over UDP. Given the size of the IP/UDP/RTP header combination, it is inefficient to transmit those small payloads using an uncompressed header.

o RTPC is a technology that helps RTP run more efficiently, especially over lower-speed links, by compressing the RTP/UDP/IP header from 40 bytes to 2 to 5 bytes. This is especially beneficial for smaller packets (such as IP voice traffic) on slower links, where RTP header compression can reduce overhead and transmission delay significantly.

RSVP (Resource Reservation Protocol)

o RSVP is a signaling protocol used for implementing Integrated Service architecture. It is a protocol for dynamically setting end-to-end QoS across heterogeneous network.

o RSVP, which run directly over IP, allows an application to dynamically reserve network bandwidth. Integrated Service is a very difficult to implement architecture that can be considered the state-of-the-art of the providing QoS services paradigm.

o RMON: It is an advanced test tool used to develop a good understanding of traffic characteristic. As I understand it goes even farther than NBAR providing a very complete information about the network behavior. Also, information obtained from it helps to validate any QoS deployment. It is used in conjunction with NBAR, IPM, QPM and QDM as a bag of tools.

QoS on Ethernet:

o The Catalyst line of multilayer switches have the capability to provide QoS services at Layer-2.

o At this layer, the frame uses class of service (CoS) in 802.1p and Interlink Switch Link (ISL).

o CoS uses 3 bits, just like IP-precedence, and maps well from Layer-2 to Layer-3, and vice versa.

o The switches have the capability to differentiate frames based on CoS settings.

MPLS (Multi Protocol Label Switching)

o It is a flexible technology that enables new services in IP networks and makes routing more effective. The protocol was standardized by IETF based on a Cisco invented technology known as "Tag Switching". It combines two different approaches, datagram and virtual circuit, as a compact technology.

o MPLS is based on short fixed length labels, which are assigned to each packet at the ingress node of the MPLS cloud (something related to the concept of domain). These labels are used to make forwarding decisions at each node.

o The principle is some similar to DSCP on Differentiated Service architecture, but difference (a big one, by the way), is that forwarding decisions are based on tag labels instead of destination address as standard routing does.

o DS architecture provides differentiated treatment to each packet based on its DSCP but forwarding is based on standard destination address routing tables. On the contrary, MPLS uses a stack of tag labels assigned to the packet at the ingress node to make routing decisions, being the process a lot faster.

POLICING:

o Traffic-policing is designed to drop traffic in excess of the target rate and enforce a maximum bandwidth threshold.

o Before a packet can be sent a number of credits equaling the packet’s size in bit must have been learned.

o Policing can be applied to input and output traffic.

o Limits the rate of traffic on the interface.

o Policing is not a queuing mechanism, because traffic is not buffered for later transmission; either sent or dropped.

o Policing differs from Shaping in that the router is allowed to borrow future credits and in turn is permitted to go into debt situation of having to pay back the credits.

MQC Policer:

o Uses a two-rate or three-rate policer and doesn’t support continue feature.

o Uses an exponential formula to decide whether the formula is conforming or exceeding based on the burst rate.

- With smaller police value, the router will police more often.

- With a larger police value, the router will police less often.

o Bc and Be are configured in bytes.

o MQC police can be applied inbound/outbound on an interface, however, when queuing is configured in the same policy-map it can only be applied outbound.

o Single-rate, Three-Color Marker (srTCM) is an ingress tool used to implement admission control at the network edge.

o The “three color” term means that any incoming burst could be classified as either

- conforming (green, under Bc),

- exceeding (yellow, over Bc but under Be) or

- violating (red, over Be).

o Depending on the implementation, exceeding packets could be admitted, but have their QoS marking changed to show higher drop precedence in the network core

o Dual rate, supply customer with two sending rates, but only guarantee the smaller one.

o In case of congestion in the network, discard traffic that exceeds the committed rate more aggressively and signal the customer to slow down to the committed rate.

o Compared to a single-rate traffic contract, dual-rate has two major differences.

- incoming traffic bursts are metered and compared to CIR and PIR rates simultaneously, using the corresponding Bc and Be burst sizes. Depending on the comparison results, different actions could be taken with regards to the packets. Normally, if a burst is under CIR, it is admitted into the network without any modifications. If the burst exceeds CIR, but remains under PIR (e.g. current burst is still under Be), the burst has marking changed, but still admitted into the network.

- if the burst exceeds PIR, it is typically being discarded.

Single rate, two colors # Bc=CIR/32, Be=0.

Single rate, three colors # Bc=CIR/32, Be=Bc.

Dual rate, three colors PIR # Bc=CIR/32, Be=PIR/32

#policy-map MYPOLICE

#class SMTP

#police cir 384000 bc 72000 be 144000 # Cir in bits/sec, Bc,Be Bytes/sec

AutoQOS:

Automates the deployment of QOS policies.

o Any existing QOS policies must be removed before the auto-qos generated polices are applied.

o Auto-qos is supported only on the IP-Plus image for low-end platforms.

o Ensure that auto-qos is enabled on both sides of the network link.

o Bandwidth on both sides of the link must be the same, otherwise a fragmentation size mismatch might occur.

o The auto-qos feature cannot be configured on a frame-relay DLCI if a map-class is attached to the DLCI.

o For frame-relay networks, fragmentation is configured using a delay of 10ms & minimum fragment size of 60 bytes.

o CEF must be enabled on the interface/PVC

o The interfaces must have IP addresses configured.

o The amount of bandwidth must be specified by using the bandwidth command.

o auto discovery qos and auto qos voip commands are NOT supported on sub-interfaces.

Switching QOS:

o COS, class of service, is also known as 802.1p priority bits.

o QOS must be enabled on a switch with mls qos.

o With mls qos OFF the switch does not modify any markings.

o With mls qos ON the switch clears all COS, ip-prec, DSCP, unless the trust configuration is specified.

Classification:

o If QOS is disabled globally no classification will occur.

o To trust the incoming marking type use the command mls qos trust.

o For IP-traffic, ip precedence or DSCP can be trusted.

o For Trunk links COS can be trusted.

o If a packet has no incoming COS or it is an access link, a default value of zero is applied.

o This default value can be changed with mls qos cos.

o For known devices conditional trusting could be configured.

o Only trust the COS if, for example, a cisco phone is plugged in.

o Configured with mls qos trust device cisco-phone

o Alternatively, default COS classification of all incoming traffic could be forced, regardless of existing marking:

#interface fa/0/0/1

#mls qos cos override

#mls qos cos 3

Ingress queuing:

o 3560 packet scheduler uses a method called shared round-robin (SRR) to control the rates of packets sent.

o SRR performs sharing among 2 queues according to the weight configured; weight is relative & percentage based.

- Specify the ratios by which to divide the ingress buggers into 2 queue with

mls qos srr-queue input buffers {percentage1} {percentage2}

- Configure bandwidth or weight% for each queue; sets the frequency for scheduler taking packets from the two buffers.

mls qos srr-queue input bandwidth {weight1} {weight2}

- Either of the two ingress queues can be configured as a priority queue.

mls qos srr-queue input priority-queue {queue-number} bandwidth {weight}

Egress queuing:

o Adds a shaping feature that slows down/buffers egress traffic. Each interface has 4 egress queues.

o Queue number 1 can be configured as a priority/expedite queue.

o Egress queue is determined indirectly by the internal DSCP. Internal DSCP is compared to the DSCP-to-COS map. The resulting COS being compared to the COS-to-queue map.

- Both shared and shaped mode scheduling attempt to service the queues in proportion to their configured bandwidth when more than one queue holds frames.

- Both shared and shaped mode schedulers service the PQ as soon as possible if at first the PQ is empty but then frames arrive in the PQ

- Bother shared and shaped mode schedulers prevent the PQ from exceeding its configured bandwidth when all the other queues have frames waiting to be sent.

- The only difference in operation is that queues in shaped mode never exceed their configured queue setting.

Congestion avoidance:

o The 3560 uses WTD for congestion avoidance.

o WTD creates three thresholds per queue into which traffic can be divided, based on COS value.

o Trail-drop is used when the associated queue reaches a particular percentage.

o For example, a queue can be configured so that it drops traffic with COS values of 0-3 when the queue reaches 40%, drops traffic with COS 4 and 5 at 60% full, and finally drops COS 6 and 7 traffic only when the queue is 100% full.

o WTD is configurable separately for all six queues in the 3560; 2 ingress and 4 egress.

802.1P:

o The IEEE 802.1p standard is a method for assigning priority to packets traversing a network. It works with the MAC header at the data link layer (Layer 2 in the OSI reference model). The MAC header is one of those parts that are inspected by hubs and switches in a network, which are also responsible for differentiating between network packets on the basis of their priorities.

o The 802.1p sets a 3-bit value in the MAC header to indicate prioritization. This 3-bit value provides priority levels ranging from 0 to 7 (i.e., a total of 8 levels), with level 7 representing the highest priority. This permits packets to cluster and form different traffic classes. Thus, when network congestion occurs, those packets that have higher priorities will receive preferential treatment while low priority packets will be kept on hold.

o 802.1p is not backward compatible and can lead to instability on networks with non-802.1p switches. This is because older switches will misinterpret the header used by the 802.1p protocol. It is important that the switches, Ethernet cards, and device drivers are all 802.1p compatible.

CCIE STUFF

Sunday, July 28, 2013

QoS Notes

No comments:

Post a Comment

About Me