Cisco Connect Montreal 2017 - Optimizing Your Client's Wi-Fi Experience

© 2016 Cisco and/or its affiliates. All rights reserved. 1

#ConnectCA

ConnectCisco

Optimizing Your Client's Wi-Fi Experience

Robert James LloydTSA EN Mobility

Novermber 28, 2017


-Nikola Tesla

“It seems that I have always been ahead of my time. I had to wait nineteen years before Niagara was harnessed by my system, fifteen years before the basic inventions for wireless which I gave to the world in 1893 were applied universally”

“…and 109 years later we are still trying to get it to work as planned”

- Anon<Rob Lloyd>ymous


Acknowledgement • A large portion of this presentation was gleaned from the remarkable Cisco Live Berlin 2017

Session: Wireless Deployment and Design for Media-Rich Mobile Applicationshttps://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=93867&backBtn=true. I highly recommend viewing it in it’s entirety and I thank my colleagues for allowing me to use their content. Said session was created and delivered by the following Principal Engineers:

• Robert Barton, P. Eng@MrRobbarto CCIE #6660, CCDE #2013::6

• Jerome Henry, Technical leader - TME@wirelessccie CCIE Wireless #24750, CWNE #45

More related presentations and references will be noted in the supplemental information slide(s) following the core material of this delivery.

4© 2016 Cisco and/or its affiliates. All rights reserved.

Part 1: Optimizing the RF Environment for Mobile Applications

Part 2: Optimal AP and Antenna deployment for Real-Time Applications

Part 3: Cisco Innovations for Mobility Client QoE

Part 4: Developing your Wireless QoS Strategy

Part 5: AireOS QoS Foundations.

Part 6: Cisco and Apple Fastlane

Agenda


Optimizing the RF Environment for Mobile Applications


Real Time Voice vs Real Time Video Applications

6


Mean Opinion Score < 4.1, VoIP Quality Changes from “Good” to close to “Fair” (“slightly annoying”)

»4.1

7


VoIP Golden Rules for Wi-Fi

Packet Error Rate (PER) <=1%As low jitter as possible, less than 100msRetries should be < 20%End to end delay 150 – 200 ms, 30 ms in cellWhen these values are exceeded, MOS reduces too much

Your mission is to keep MOS high

8


RF Design - SignalCloser distance to the AP means higher signal level (RSSI), which translates in more complex modulation scheme and higher data rate

9


Higher Power Does not Always Mean Better Signal

You are a bit quiet

Blah blah blah

Is it better now?

RSSI

dBm

Noise Level

Time

Aim for:

•Noise level ≤ -92 dBm

•RSSI ≥ 67 dBm

-> 25 dB or better SNR

•Typically, AP power same as client power -> commonly 11 to 14 dBm

10


Imagine This Scenario . . . .(based on an actual customer situation)

11

11

1

1 1 1

11

1

• Customer moved to first Wi-Fi only building (including voice and video)

• DISASTER! Wi-Fi was Terrible!!

• Investigation revealed all APs at max power (power level 1)

• Covering ~7500 sq. ft. per AP (2500 sq. ft. per AP is recommended)

• They needed 3x as many APs!

~ 120 ft


SSIDs and Low Rates Consume Air Time

5% After

60% Before

§ Reduce SSID number, disable lowrates, solve OBSS issues

§ Keep CU below 50%

§ Before: 8 SSIDs, allrates allowed

§ After: 2 SSIDs, 802.11brates disabled

12

Andrew von Nagyhttp://www.revolutionwifi.nethttps://itunes.apple.com/us/app/apple-store/id1041231876?pt=615227&ct=Revolution%20Wi-Fi&mt=8http://bit.ly/capacityplanner2


What Should Your Minimum Rate Be?§ Stop your cell where:

1. Signal to your clients is still strong2. Clients and overhead traffic still “reasonably fast”3. Retries are low

§ Beyond that point, clients should be able to get to another AP if they want to.

§ On the right:§ STA1 and STA2 hear each other -> less collisions§ STA 1 and STA2 send @ 54 Mb/s -> short delays§ STA3 is far from AP -> lower data rate (longer transmission delay),

higher PER and loss risks§ STA3 does not hear STA1 and STA2 -> higher collision risk

24 Mbps

6 Mbps

STA1

STA2

STA3

13


- 67 dBm… How Much is That in Data Rate?§ And BER is important, because more retries means more

chances that the frame will be dropped

§ Your job is to limit frame drops to1% or less to maintain 4.1 MOS

§ At -67 dBm RSSI, SNR istypically around 25 dB or more*

§ You can run any rate of 24 Mbpsand up, and still have good frame success rate

* well, at least in ideal conditions… see next slides

14


Hand and Phone Position Affect Signal

Object in Signal Path Signal AttenuationThrough Object

Plasterboard wall 3 dBGlass wall with metal frame 6 dB

Cinderblock wall 4 dBOffice window 3 dB

Metal door 6 dBMetal door in brick wall 12 dB

Phone and body position 3 - 6 dB

Phone near field absorption Up to 15 dB

There can be a 20 dB difference between these photos

15


Big Hands are Okay if Your Design is Clever-67 dBm

-67 – 20 = -87 dBmSignal is too weak…

APAP

But you can roam to the other AP @ -67 dBm!

16


Positioning APs and Antennas for Optimal Real-Time Application QoE


Where do You Need Coverage?§ Talk to end-users. Think what they will need and when, look for roaming paths

18


AP Placement Guidelines§Mount APs so that antennas are vertical (we use vertical polarization)

1919


Radiation Pattern§ Do not mount on a wall an AP built for ceiling

mount…


§ Do not mount on a wall an AP built for ceiling mount…

Radiation Pattern


AP Placement Guidelines§Avoid metallic objects that can affect the signal to your clients

22


AP Placement – Bad Examples§ AP too high:

Low rate to the groundClient signal too weak at the AP level

> 20ftNice… but you won’t cover thejetway as soon as the door closes

23


RF Design – Cell OverlapCell overlap coverage is not always the only concern

Roaming can fail if the client device does not have enough time to properly scan for neighboring access pointsImagine turning the corner around a metal or high attenuation barrier – the RF environment changes very rapidly

Challenging RF obstacles need to be considered during AP placement

A “Transition” AP that is placed at the intersection of hallways can alleviate some scenarios

24


RF Design – Next AP Position• At point A the phone is connected to AP 1

• At point B the phone has AP 2 in the neighbor list, AP 3 has not yet been scanned due to the RF shadow caused by the elevator bank

• At point C the phone needs to roam, but AP 2 is the only AP in the neighbor list

• The phone then needs to rescan and connect to AP 3

1

3

2A B

C

25


RF Design – Next AP PositionAt point A the phone is connected to AP 1

At point B the phone has AP 2 in the neighbor list as it was able to scan it while moving down the hall

At point C the phone needs to roam and successfully selects AP 2

The phone has sufficient time to scan for AP 3 ahead of time

A B

C

12

3

26


Radiation Pattern and Roaming Buffer§When users are expected to roam while communicating, make sure their BYOD can detect neighboring APs BEFORE roaming

Directional vs omnidirectional antennaFloor

AP signal drops fastAP signal drops slowly

User does not have much space/timeto find the next AP

27


Controller Redundancy and Roaming Paths§Design expected roaming paths and make sure all APs connect to the same controller, and overlap allows for next AP discovery

28


Going Further

• BRKEWN-2019 - 7 Ways to Fail as a Wireless Expert (2017 Berlin) – Steven Heinsiushttps://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=93858&backBtn=true

• BRKEWN-3010 - Improve enterprise WLAN spectrum quality with Cisco's advanced RF capacities (RRM, CleanAir, ClientLink, etc) (2017 Berlin) – Jim Florwick

https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=94062&tclass=popup

29


Cisco Innovations for Mobility Client QoE

© 2016 Cisco and/or its affiliates. All rights reserved. 3131BRKEWN-2670

BES

T P

RA

CTI

CES

(Aire

OS)

Make it Easy Make it work

INFR

AST

RU

CTU

RE

Enable High Availability (AP and Client SSO)Enable AP Failover PriorityEnable AP Multicast ModeEnable Multicast VLAN Enable Pre-image downloadEnable AVC Enable NetFlowEnable Local Profiling (DHCP and HTTP) Enable NTPModify the AP Re-transmit ParametersEnable FastSSID changeEnable Per-user BW contractsEnable Multicast MobilityEnable Client Load balancingDisable Aironet IEFlexConnect Groups and Smart AP Upgrade

Enable 802.1x and WPA/WPA2 on WLANEnable 802.1x authentication for APChange advance EAP timers Enable SSH and disable telnetDisable Management Over WirelessDisable WiFi DirectPeer-to-peer blockingSecure Web Access (HTTPS)Enable User PoliciesEnable Client exclusion policies Enable rogue policies and Rogue Detection RSSIStrong password Policies Enable IDSBYOD Timers

Set Bridge Group NameSet Preferred ParentMultiple Root APs in each BGNSet Backhaul rate to "Auto"Set Backhaul Channel Width to 40/80 MHzBackhaul Link SNR > 25 dBmAvoid DFS channels for BackhaulExternal RADIUS server for Mesh MAC AuthenticationEnable IDS Enable EAP Mesh Security Mode

MES

H

WIR

ELES

S / R

FSE

CU

RIT

Y

Disable 802.11b data ratesRestrict number of WLAN below 4Enable channel bonding – 40 or 80 MHz Enable BandSelectUse RF Profiles and AP GroupsEnable RRM (DCA & TPC) to be autoEnable Auto-RF group leader selectionEnable Cisco CleanAir and EDRRMEnable Noise & Rogue Monitoring on all channels Enable DFS channelsAvoid Cisco AP Load

http://www.cisco.com/c/en/us/td/docs/wireless/technology/wlc/82463-wlc-config-best-practice.html

Best Practices Summary For YourReference


Optimized RoamingRX-SOP

Pervasive Wi-Fi

HDX TurboPerformance

Event Driven RRM

XOR RadioFRA

Cisco CleanAir®

RF Profiles

RRM, DCA, TPC, CHDM

Load BalancingBand Select

Client Link 4.0

Off-Channel Scanning

Flex DFSDBS

5GHzServing

2.4GHzServing5/2.4GHzMonitor

• EnabledbyDual5GHz

• AdjustRadioBandstoBetterServetheEnvironment

RF Optimized Connectivity


XOR Radio and FRA2.4GHzServing

2.4-5GHzMonitoring

5GHz.Serving

5GHz.Serving

2.4GHzServing

5GHz.Serving

5GHzServing5Hz

Serving

2.4GHzServing

ü FRA-auto (default value) or Manual

ü Auto 2.4 -> 5GHz or Monitor Mode

ü Transition to 2.4 GHz if coverage drops


FRA Sensitivity and Preferenceü FRA Sensitivity configurable

• Low–100% COF**• Medium–95% COF • High–90% COF

ü Client Network Preference • Connectivity Preference• Throughput Preference


Micro ßà Macro Cell Transitions

-51 dBm

-65 dBm

-51 dBm-51 dBm≥ 55 dBm?

Probe Response

Client Steering

• 802.11v BSS Transition – Default Enable• 802.11k – Default Enable• Probe Suppression – Default Disable

Client Types

• 11v capable – 802.11v BSS Transition• Non-11v capable – 802.11k neighbor list +

disassociation• No 11k or 11v support – Probe Suppression Micro – 5GHz on XOR

Macro -- Dedicated 5 GHz


Optimize Wi-Fi with CleanAirQuickly Identify and Mitigate Wi-Fi Impacting Interference

Channel 48

48

4848

48

48

48

48

48

48

48

48

ü Interference on 20/40/80/160 MHz ü Air Quality and Interference by

AP/radio on WLCü AQ Threshold trap and Interference

Device trap (per radio) ü CleanAir-enabled RRM

Network Air Quality and Interference Location with PI 3.1.x and MSE 8.0.


Interference Devices and Air Quality ReportCleanAir Enabled RRM

Mitigated RF interference for improved reliability and performance

Wi-Fi andnon-Wi-Fi

aware

Dynamic mitigationED-RRM

Granular spectrum

visibility and control

Air Quality Performance

Improved Client Performance

Complete Automatic Interference Mitigation Solution for Rogues and Non-Wi-Fi Interference


Cisco Enhanced Interference MitigationAfter

Mitigated RF interference for improved reliability and performance

BeforeRogue Wi-Fi interference decreases reliability and performance

until next dynamic channel assignment (DCA) cycle

Improved Client Performance

Wi-Fi andnon-Wi-Fi

aware

Dynamic mitigationED-RRM

Granular spectrum

visibility and control

Rogues seen as security threat only

Non-Wi-Fi interference prioritized

Complete Automatic Interference Mitigation Solution for Rogues and Non-Wi-Fi Interference

Air Quality PerformanceAir Quality Performance


Maximize Channels When Radar Is PresentFlexible Dynamic Frequency Selection

5170MHz

5330MHz

36 40 44 48 52 56 60 64

20MHz.

40MHz.

80MHz.

160MHz.

5490MHz

5710MHz

100

104

108

112

116

120

124

128

132

136

140Channel Used

by Air Traffic Radar

See it on 160MHZ Band

Dynamic Frequency Selection

FlexibleDynamic Frequency Selection


FlexDFS with Dynamic Bandwidth Selection

Identifies radar frequency to

1 MHz

FlexDFSisolates radar

event to 20MHz

DBS allows best channel

and width

Interference is impactingonly channel 60

FlexDFS + DBSAutomatic and intelligent use of spectrum

52 56 60 64

DBS combined with FlexDFS: Increased confidence in using wider channel bandwidth; reduced radio flapping

Primary20

Secondary 20

Secondary40

52 56 60 64

Optimizes HD Experience


Better Support for Users on the MoveOptimized Roaming

Optimized Roaming: Wireless Devices Connect to the Most Effective APClient Stickiness


Improve Connectivity to All Devices Cisco ClientLink 4.0

Improves device performance

802.11ac Wave 2 Access Point: TX

beamforming

• 802.11a• 802.11g

• 802.11n• 802.11ac Wave 1

• 802.11ac Wave 2

• 802.11ac Wave 2

802.11ac Wave 2 Access Point: ClientLink


Better Client Connectivity RXSOP, Load Balancing, Band Select


Fine-tuning HDX with RF Profiles

Wi-Fi Triggered ED-RRM

OptimizedRoamingRXSOP

Dynamic Bandwidth Selection

TPC, DCACHDM

FlexDFS

CORE:• CleanAir

• ClientLink 4.0

• Turbo Performance

ü Pre-canned RF Profilesü Client Distributionü Data Ratesü DCA, TPC, CHDMü Profile Threshold for Trapsü High Density Features


Cisco Air Time Fairness (ATF)After

Air time is allocated per SSID, per realm, per client. There is now better control over how air time is shared.

BeforeRate limiting can only specify a bit rate (throughput) limit.

There is no way to limit the duration that the bit rate will use.

Gain the Ability to Meet SLAs

Time-based

Automatic calculation

on availability

Ongoing recalculation

Bandwidth rate

unpredictable

Client-dependent fluctuation

Not time-based

Improved Predictability and Performance

SSID 230%

SSID 170%

SSID 248%

SSID 152%


Zero Impact Application Visibility and Control

Maintain performance with zero-impact AVCGain visibility

into the networkControl application

performance

App App App App

App App App App

App App App App

App App App App

Red Hat CiscoWebEx Rhapsody Gmail

TIBCO MicrosoftExchange YouTube Skype

SAP Citrix BitTorrent iTunes

SharePoint WindowsServer

GoogleTalk Salesforce

Monitor critical applications


Developing your Wireless QoSStrategy


Why Wireless QoS For Real Time Applications

• QoS is like a chainIt’s only as strong as its weakest link

• the WLAN is one of the weakest links* in enterprise QoS designs for three primary reasons:

1) Typical downshift in speed (and throughput)2) Shift from full-duplex to half-duplex media3) Shift from a dedicated media to a shared media

• WLAN QoS policies need to control both jitter and packet loss

1 Gbps170 MbpsFull DuplexHalf Duplex

*weakest link is WAN, second weakest is WLAN 48


WLAN QoS Improvements QuantifiedApplication Original Metric Improved Metric Percentage

ImprovementVoice 15 ms max jitter 5 ms max jitter 300%

3.92 MOS(Cellular Quality)

4.2 MOS(Toll Quality)

Video 9 fps 14 fps 55%

Visual MOS:Good

Visual MOS:Excellent

Transactional Data 14 ms latency 2 ms latency 700%

http://www.cisco.com/en/US/prod/collateral/wireless/cisco_avc_application_improvement.pdf

49


Mobile Applications – on Wi-FiWi-Fi is the primary network access methodMission-critical applications cannot failWi-Fi space has become congested

Proper RF and QoS management is the only way to ensure real-time applications QoE and prioritization

50


Wireless QoS-Specific Limitations• No priority servicing

• No bandwidth guarantees

• Non-deterministic media access

• Only 4 levels of service

LAN QoS WLAN QoS

51


Real Time Applications and WirelessVideo/Voice & Other Applications over WLAN are the same as over other media, except... they’re carried over wireless!

Signaling: SCCP/SIP… or others!

Transport Protocols: RTP or other… but still real time

Wireless adds some important differences

Shared Media, Unlicensed Spectrum

802.11 Protocol Design

Physical Coverage Design

Users are Mobile

Battery Life

Application Design...

52


What Do You Consider First?

53


Start by Defining Your QoS StrategyArticulate Your Business Intent, Relevant Applications and End-to-End Strategy

http://tinyurl.com/gu42acb54


Translate your Strategy to a Framework

55

Transactional Data

Realtime

4-Class Model

Best Effort

Control Signaling

Transactional Data

Multimedia Conferencing

Voice

8-Class Model

Scavenger

Best Effort

Multimedia Streaming

Network Control

OAM

Realtime Interactive

Transactional Data


Voice

12-Class Model

Bulk Data

Scavenger

Best Effort

Multimedia Streaming

Network Control

Broadcast Video

Signaling

1. Organize your applications into groups or “classes”

2. Assign a DSCP value to each class

3. Ensure that each application correctly marks this DSCP

4. Decide how each class will be treated by the devices in your network


A Consolidated Strategy:Comparing Wired and Wireless QoS

• By definition of IEEE 802.11e standard there are only 4 levels of service (called “Access Categories”)

• LAN switches service queues based on Priority Queue (PQ) and Class-Based Weighted Fair Queue (CBWFQ)

• 802.11e uses the Enhanced Distributed Channel Access (EDCA) method

• WLANs have no priority queue

Class 6

Class 4

Class 2Class 1

Class 7Class … n

Class 3

Background

Best Effort

Video

Voice

Enterprise QoS WLAN QoS

Class 5

56

PQ + CBWFQ EDCA Algorithm


• Reconciles RFC 4594 with IEEE 802.11

• Summarizes our internal consensus on DSCP-to-UP mapping

• Advocates DSCP-trust in the upstream direction (vs. UP-to-DSCP mapping)

IETF Draft on DSCPßàUP Mapping

https://tools.ietf.org/html/draft-ietf-tsvwg-ieee-802-11-00

57


Downstream DSCP-to-UP Mapping ModelRatified Cisco Consensus Model (June 2015)

IEEE 802.11 Model

VoiceAccess

Category

Best EffortAccess Category

VideoAccess

Category

BackgroundAccess

Category

UP 7

UP 5

UP 3

UP 2

UP 6

UP 4

UP 0

UP 1

OAM

Signaling

Realtime Interactive

Transactional Data


Bulk Data

AF2

CS3

CS4

AF4

CS2

AF1

Scavenger CS1

Best Effort DF

Multimedia Streaming AF3

Broadcast Video

Voice + DSCP-Admit

RFC 4594-Based Model

CS5

EF + 44

Internetwork Control CS6

DSCP

Network Control (CS7)• Plugs potential security vulnerabilities

• Provides distinction between elastic and inelastic video classes

• Aligns RFC 4594 recommendations into the IEEE 802.11 model

• Requires several custom DSCP-to-UP mappings

Remark / Drop

if not in use

58


AireOS Default DSCP ßà UP Mapping Table

Traffic Type DSCP 802.11e UP WMM Access Category

Voice 46 (EF) 6 Voice

Interactive Video 34 (AF41) 5 Video

Call Signaling 24 (CS3) 3 Best Effort

Transactional / Interactive Data 18 (AF21) 3 Best Effort

Bulk Data 10 (AF11) 2 Background

Best Effort 0 (BE) 0 Best Effort

59

• Other UP values are derived from the 3 msb of the packet’s DSCP value and then mapped to the correct AC accordingly

• E.g. DSCP 40 = 101000 à UP = 101 = 5


Downstream QoS Model (Simplified)Note: DSCP trust model (dot1p CoS tagging on WLC not in use here)

Wired Network802.1Q Trunk

CAPWAP EncapsulatedDSCP802.1p

802.1Q TrunkCAPWAP

CAPWAP EncapsulatedDSCP

60

802.11 DSCP Payload 802.11 DSCP Payload 802.1p DSCP Payload

1 The Ethernet frame is received over an 802.1q trunk by the WLC. The WLC uses the DSCP value of the IP packet and maps it to the outer DSCP of the CAPWAP tunnel.

1


Downstream QoS Model (Simplified)

Wired Network

UP DSCP Payload

802.1Q Trunk

1


802.1Q TrunkCAPWAP


2

61

802.11 DSCP Payload 802.11 DSCP Payload 802.1p DSCP Payload

2 Once the Ethernet frame is received by the AP, it maps the DSCP value of the IP packetto the 802.11e UP value on the wireless frame. The frame is then sent to the client.

1 The Ethernet frame is received over an 802.1q trunk by the WLC. The WLC uses the DSCP value of the IP packet and maps it to the outer DSCP of the CAPWAP tunnel.


802.1p DSCP PayloadCAPWAP Encapsulated

DSCP 802.11 DSCP PayloadUP DSCP Payload

Upstream QoS Model (Simplified)Note: DSCP trust model (dot1p CoS tagging on WLC not in use here)

Wired Network802.1Q Trunk802.1Q TrunkCAPWAP

62

CAPWAP EncapsulatedDSCP802.1p 802.11 DSCP Payload

31 The client 802.11e frame is received by the AP. The AP maps the 802.11e UP value *or* original packet DSCP to the outer CAPWAP IP DSCP header (configurable)

1

DefaultOptional




Upstream QoS Model (Simplified)


63


At the WLC end of the CAPWAP tunnel, the 802.11e frame is bridged to the Ethernet switch. CAPWAP DSCP is mapped to 802.1p CoS value on trunk.2

2

12

31 The client 802.11e frame is received by the AP. The AP maps the 802.11e UP value *or* original packet DSCP to the outer CAPWAP IP DSCP header (configurable)

2




Two Options to Influence QoS Markings Upstream


64


Map UP to DSCP or Just Copy the original DSCP value


§ Windows Vista, 7, 8, 10 Jabber or Lync Client:Call Manager can be used to set DSCP, however . . .Global Policy Objects (GPOs) will override the DSCP

§ Mac OSX, iOS, and Android Jabber Client:Call Manager sets DSCP value

§ UP value is typically determined by the client’s OS and hardware drivers

Where Are DSCP and UP Values Set?

65


In Windows, DSCP is set globally by Group PolicyNote – WMM UP Value Cannot be Configured – Only DSCP

66


Example: Lync QoS Setting

§ Note: MS Windows applies DSCP value based on the UDP port range

§ Solution: use different port ranges for voice and video, resulting in the correct DSCP value

• In MS Windows, the WMM UP is derived from the 3 msb of the DSCP value

• DSCP ef (46) = [101 110] à 101 = UP 5

67


Microsoft Packet Capture In Upstream Direction

68


Summary of Typical WMM/11e UP Mappings Endpoint/Client Voice (EF) Video (AF41) Control (CS3)

Cisco Recommendation 6 5 4

Jabber/Spark iOS 10+ 6 5 5

Jabber/Spark for Android 6 5 3

Jabber/Spark for OSX 5 5 0

Jabber/Spark for Windows (desktop) 5 4 3

MS Lync / Skype for Business (Win 10) 5 4 3

Unified IP Phones (DX650, 9971) 6 5 4

Apple FaceTime (iPad) 6 5 5

Note: Apple Values based on iO

S 10.x

69


A Closer Look: Deploying Jabber or SfB on Microsoft*Note: DSCP is set globally by Group Policy

Application Recommended DSCP Value Resulting UP Value Recommended Values

Voice 46 (EF) 5 6 (AC_VO)

Video 34 (AF41) 4 5 (AC_VI)

Call Signaling 24 (CS3) 3 4 (AC_BE)

File Transfer (bulk data) 10 (AF11) 1 2 (AC_BK)

App Sharing Default (0) 0 0 (AC_BE)

70


SIP Signaling

Lync File Transfer

Interactive Video

Voice

Application Type

Scavenger

Lync App Sharing & BE

Streaming Video

Network Control

Voice(VO)

WMM Model +802.11e User Priority

Best Effort(BE)

Video (VI)

Background(BK)

UP 7

UP 5

UP 3

UP 2

UP 6

UP 4

UP 0

UP 1

CS3

AF11

AF41

EF

DSCP

CS1

DF

AF31

CS6

Example: Voice AC Is Is Unused in this Structure

71


Mismarking Impacts Wireless QoS

1. In this scenario voice packets get sent from the video AC

2. Voice frames have longer wait times and a greater chance of retries

EDCA / WMM AC AIFS Number CWmin CWmaxVoice 2 3 7

Video 2 7 15

Best Effort 3 15 1023

Background 7 15 1023

72


AireOs QoS Foundations


AireOS QoS History in a Nutshell

2007 2011 2012 20132005

802.11e/WMMreleased.SupportontheWi-Fiside

Differentialtreatmentforunmarkedtraffic

AVC(perapplicationmarking)

WirelesstoWiredmappingsupport(perprofile)

PeruserBWPeruser,profile,WLANQoSpolicies(BW+AVC)

20142001ThereisnoQoSinWi-Fi,everythingisDCF/BE

BEBE DCF

BEBE EDCA

EFCoS5 UP 6

“Voice SSID”

EFCoS5 UP 6

“Voice SSID”

BECoS4

UP 5

“Untagged=video”

1 M100k 100k

Common SSID1 M

200k200k

SkypeCoS5 UP 6

Common SSID

YoutubeCoS4

UP 5

2015 2016

QosmapsTrustUP?TrustDSCP?

MajorsimplificationsFastLane&QoSMapImprovements

74


1. QoS Mappings Fixing the issue with UP to DSCP inconsistency


Default UP to DSCP Mapping Problems

Voice Client Marked 46 (EF) UP = 5 Demoted to 34 (AF41)

Video Client Marked 34 (AF41) UP = 4 Demoted to 26 (AF31)

Signaling Client Marked 24 (CS3) UP = 3 Demoted to 18 (AF21)

76





34

546 34

446 46




A Good QoS Design Requires DSCP Consistency

Wired Network802.1Q Trunk802.1Q TrunkAccess mode

77


• This approach greatly simplifies QoS design and removes unexpected mapping behaviors

• Introduced in AireOS 8.1MR, but greatly improved in 8.4


QoS Map Configuration

Copy inner DSCP to CAPWAP DSCP (changes default behavior)This is the recommended deployment model

78

Note: this screen has been significantly

updated in AireOS 8.4


Trust DSCP Solves the Windows Problem (mostly)

Video-Quality QoS(handled by the Video AC)

Voice-Quality QoS

Recommended and Available as of AireOS 8.1MR

79





46

546 46

46 46


QoS Map Menu, Cont’d

Customize the UP to DSCP mapping (likely won’t use this very often)

80


Some Mystery Platforms Mark UP but not DSCP





46

50 46

0 0

AVC on the WLC to correct inner DSCP

UP to DSCP Mapping modifies CAPWAP DSCP


2. QoS ProfilesLimit Max. DSCP on CAPWAP and in turn the 802.11 UP Value


Configure the QoS Profile§The main purpose of the QoS

profile is to limit the maximum DSCP allowed on a CAPWAP tunnel, and thus limit the 802.11 UP value

§QoS profiles may be used and applied to each WLAN (SSID)

Recommendation: For enterprise class, mixed-use WLANs, use the Platinum profile, for hotspots, use Silver or Bronze

83

Max DSCP values per profile

DSCP 10DSCP 34DSCP 46DSCP 0




Example: Effect of “Gold” ProfileNote: DSCP trust model (dot1p CoS tagging on WLC not in use here)

Wired Network

UP DSCP Payload

802.1Q Trunk

46


802.1Q TrunkCAPWAP


463446

4646

6

5 34

34 46

84

802.11 DSCP Payload46

802.11 DSCP Payload 802.1p DSCP Payload

CAPWAP EncapsulatedDSCP802.1p 802.11 DSCP Payload34 46


Configure the QoS Profile PageCreate default bandwidth contracts for each user or each SSID§ Note bandwidth contracts are

bidirectional (set them only for data / hotspot networks)

Set the maximum priority for WMM and non-WMM clients(more on this later)

Profile NameMax DownstreamDSCP Value

Max UpstreamDSCP Value

Platinum / Voice 46 (EF) 46 (EF)

Gold / Video 34 (AF41) 34 (AF41)

Silver / Best Effort 0 (CS0) 18 (AF21)Bronze / Background 10 (AF11) 10 (AF11)

85






46

X0 46

50 0

Dealing With Non-WMM Clients

The Client is Not WMM capable, but AP automatically maps the CAPWAP DSCP to EF (46) If LAN switch is set to

trust CoS, BitTorrent becomes DSCP EF


Alloy QoS: Apply QoS Control For Non-WMM Clients

§Maximum Priority allows you to customize the upper limit QoS marking for a QoS policy

Sets the default QoS markings for all non-WMM clients

Sets maximum DSCP & UP values for WMM clients

Recommendation: • Use Alloy QoS to treat non-WMM clients as best effort (DSCP and UP

values default to zero).• If the client doesn’t support QoS, don’t try to give them QoS!

87


Wired QoS Protocol Field (legacy - do not use)

§ Upstream, this caps the CoS value of the 802.1p trunk.

§ Downstream, this value sets the CAPWAP DSCP upper limit (mapped from the incoming CoS value)

§ If set to “none”, the CoS field is marked to zero for the trunk.

§ Upstream, towards the wired network, the trunk CoS value is mapped from the CAPWAP DSCP value.

§ CoS limits the QoS design to eight classes§ Recommendation: set this to none,

unless you cannot trust DSCP for some extraordinary reason

88


Apply the QoS Profile to the WLAN

§Choose the QoS profile you want to apply for this WLAN

§ In this example, the “Platinum” profile is selected

§This sets the ceiling on all traffic to DSCP 46 (up and downstream) and UP to 6 (downstream only)

§You can also set the bi-directional per-user and per-SSID bandwidth contracts from this screen (usually not needed)

89


Decide What to do with Non-WMM Clients

§ WMM is critical for QoS - it enables 802.11e UP

§ “Allowed” permits a mix QoS capable and non-QoS capable devices on same WLAN

§ 802.11n and 802.11ac both enforce WMM

§ Non-WMM clients are already limited by the “unicast default priority” feature

90


3. AireOS AVC

Application Visibility and Control Discover which applications are running on your corporate and guest WLANsPrioritize critical wireless apps and de-prioritize non-business appsMonitor voice and video performance on the WLAN


Application Visibility & Control (AVC)Deep Packet Inspection in the wireless controller – allows application identification, remarking, rate limiting, and dropping of unwanted trafficLeverages the IOS NBAR2 Engine – same list of traffic signatures as IOS & XE

Protocol packs are used to update signatures (more than 1,400 today)

92

• Discover which applications are running on your corporate and guest WLANs

• Prioritize critical wireless apps and de-prioritize non-business apps

• Monitor voice and video performance on the WLAN

AVC In The Wireless LAN Controller


AVC Example: Build A Multimedia AVC Policy

More Key Points To Know:

• Applications are grouped by class (such as “voice-and-video” shown here)

• From AireOS 7.6 Protocol Packs are used for signature updates

• Approx. 1400+ AVC Signatures available today

93


A Simple AVC Remarking Example:

§AVC has three basic control capabilities:1. Modify the inner packet’s DSCP to a

custom value 2. Drop the packet3. Rate Limit

§E.g. Mark MS Lync Media to Gold (DSCP 34)

94


Expanded AVC Example:

MS Lync Policy

Cisco Jabber and IP Phone Policy

Unwanted applications Policy – drop or police

AVC can be applied in upstream, downstream, or both directions

AVC can drop unwanted traffic

AVC has ability to police applications bi-directionally

Note: AireOS 8.x is shown here95


AVC Example Cont’d: Apply The AVC Policy

1. Navigate to the QoS policy for the WLAN where you want to apply the AVC policy

2. Enable AVC

3. Apply the AVC policy you created to this QoS policy

96


AVC Provides Application Visibility

97


4. AireOSBandwith Controls

You can limit BW downstream (from WLC and down) and/or Upstream (at the AP):


AireOS Bandwidth Control PointsYou can limit BW downstream (from WLC and down) and/or Upstream (at AP):

Upstream is an “indirect method”:

Limits can be applied at profile level, WLAN level, user level, based on device profile or user profile, using local profiling or AAA overrideCan target “real time” (i.e. UDP) or “Data” (i.e. TCP) trafficCan be “Average” or “Burst” (last second budget excess)You CAN do it, but should you? Marking down is the preferred method

Don’t send!

I decide, alone, when to send (thank

you CSMA/CA)


Bandwidth Control – Per UserMany places to configure bandwidth controls . . .


Bandwidth Control – Per Device Type• You can also identify connecting devices, from the WLC or though Cisco ISE, and create a

policy based on what they are:

How to identify that deviceWhat policy to apply

~ 100 device types supported


Configuring Policies• You can then apply the policies to the WLANs, in the order you want them to be applied, up to

16 policies per WLAN:

• Each policy can groupseveral devices

Set the index

Pick the policy, then click Add

102


Bandwidth Control – AAA Override• With AAA Override, Upstream/Downstream BW values can be returned from ISE along with

user profile:

103


5. AireOS CAC

Call Admission Control

Part of 802.11e, purpose is to reserve bandwidth for devices running real time applications


CAC Quick RecapCAC was part of 802.11e, purpose is to reserve bandwidth for devices running real time applicationsRelies on Add Traffic Stream (ADDTS) exchange, containing Traffic Classification (TCLAS) section and Traffic Specification (TSPEC) elementKeep in mind that applications and OSes are not all network-aware

RF Load Level

ADDTS (TSpec)

Accept or Reject

ACM Enabled

RTP Traffic(no ADDTS)

105


CAC Configuration - Voice

Up to 90% (static) or 85% (load-based) BW

Use load-based for TSpec … but Static for SIP non-WMM!

106




Wired Network

UP DSCP Payload

802.1Q Trunk

46


802.1Q TrunkCAPWAP


464646

4646

6

0 46

34 46

107

802.11 DSCP Payload46

802.11 DSCP Payload 802.1p DSCP Payload

CAPWAP EncapsulatedDSCP802.1p 802.11 DSCP Payload34 46

Caution: CAC Enabled and a non-TSpec ClientEnabling CAC limits downstream of non-TSpec clients to BE, even with Platinum Profile

Best Effort (BE)

Voice (VO)

Non-TSpecClients Platinum


CAC Configuration - Video

Important CAC Recommendation: • Very, very few video clients use

TSPEC (ADDTS)• Only enable Video CAC if you know

that your client supports it, otherwise you will get BE downstream

108


6. EDCA Enhanced Distributed Channel Access and TXOP (Transmit Opportunity)


Tweaking the EDCA Parameters (Cont.)• Wireless > 802.11a | 802.11bg > EDCA Parameters

AC AIFSN CwMin CwMax TXOPVO 2 2 3 47VI 2 3 4 94BE 3 4 10 0BK 7 4 10 0




Implications of WMM EDCA Configuration

If you are voice, you can keep sending for up to 1.5 ms (47 x 32 µs)

If you are video, you can send chunks of up to 3 ms (94 x 32 µs)

If you are best effort of background, you can only send one frame at a time (0 grouping)

• 802.11n (2009) and 802.11ac (2013) allow “blocks” (one ‘train’ of many frame-wagons)

• Now, your voice and video queues are limited in time consumption…while your BE/BK queues can send ‘one’ frame of (somewhat) ‘unlimited’ duration


802.11-2016 EDCA

• Example on 802.11a/n/ac network• (TXOP values depend on what 802.11 protocol is enabled)

TECEWN-

112


Tweaking the EDCA Parameters

Recommendation: • Use the EDCA profile to Fastlane (as

of AireOS 8.3)


Cisco and Apple Fastlane


Apple / Cisco Partnership – Three Key Enhancements

3. Centralized iOS App Policy Control

Better Roaming through Adaptive 11r

Proper QoS Handling

1. Enhanced QoS for iOS 10+

2. Improved Roaming

IT Administrator control of applications and QoS


Improved QoS UP and DSCP Markings (iOS 10+)Endpoint/Client Voice (EF) Video (AF41) Control (CS3)

Cisco Recommendation 6 5 4

Jabber for iOS 10+ (iPad, iPhone) 6 5 5

Jabber for Android 6 5 3

Jabber for OSX 5 5 0

Jabber for Windows (desktop) 5 4 3

MS Lync / Skype for Business (Win 10) 5 4 3

Unified IP Phones (DX650, 9971) 6 5 4

Apple FaceTime (iPad) 6 5 5

116


Improved Roaming Performance

• In 802.11, delay in roaming causes poor experience, especially for rich-media real-time applications. Interoperability increases complexity and prevents adoption.

Standards to the rescue?• 802.11k – Know about neighboring APs as you join the cell! No time wasted

scanning when roaming is needed• 802.11v – Allows configuration of device while connected to a WLAN• 802.11r – Fast Roaming / Transition (FT) without need to reauthenticate


802.11k, 802.11v, 802.11r help efficient roaming

802.11r enables fast roaming without complete reauth802.11k sends you list of neighbors802.11v BSS Transition sends you the new best AP Cisco-AP-2 to connect to

Association

Fast Transition (802.11r)Cisco-AP-1 Cisco-AP-2


Association

Apple / Cisco Innovation: Adaptive 802.11r

Legacy client cannotjoin the same SSID where 11r is enabled

I recognize that you are an Apple device11r is enabled for you

802.11k, 802.11v are on by default

Legacy client that does not support 11r/k/v canjoin the same SSID

Cisco-APNon-Cisco-AP


Roaming Performance : 10x Better end-user Browsing and App Experience

QoS, 802.11r/k/vNo QoS, No 802.11r/k/v

Time (s)*

*Time Interval between last packet on previous AP, and first packet on next AP


FastLane Best Practices Configuration in AireOS

1. Configure Platinum Profile for Voice ->UP 6, Multicast and non-WMM unicast -> BE

2. Remove bandwidth limitation for UDP on Platinum Profile3. Apply Platinum Profile to your WLAN4. Apply EDCA 802.11revmc TXOP values to both bands5. Enable Voice CAC, with 50% BW / 6% roaming limits6. Trust DSCP upstream7. Create an optimized UP-DSCP map, applied downstream8. Create an optimized AVC profile for well-known applications

(AUTOQOS-AVC-PROFILE)

If you expect iOS devices in your cell, one click does it all:

TECEWN-3010 121


FastLaneEnabling FastLane enables best practice QoS configglobally:Platinum profile sets Max Priority to voice (UP 6), non-WMM and multicast to BE, 802.1p disabled, bandwidth contracts disabledEDCA profile is set to FastLane

TECEWN-

122


FastLane• Enabling FastLane enables

best practice QoS configglobally:

• DSCP is trusted upstream (instead of UP)

• DSCP to UP mapping is configured based on IETF recommendations (standards-based DSCP values mapped to IEEE values; non-standard DSCP values mapped to BE)


FastLane• When FastLane is enabled

on a WLAN, an AVC AUTOQOS-AVC-PROFILEis also created

• You can add this profile to your WLAN, or use another profile*

• It is also possible to customize the Auto AVC profile if necessary

* 8.3 mandated the use of the AUTOQOS-AVC-PROFILE on FastLane WLANs, 8.3MR removes this limitation


FastLane CAC• Enabling FastLane enables

best practice QoS configglobally:

• ACM is enabled on both bands (load-based), with max RF bandwidth 50% and roaming bandwidth to 6%

• Expedited bandwidth is enabled


• FastLane-enabled Apple IOS devices mark QoS correctly• DSCP 46 / UP 6 is real voice traffic• We trust this traffic, even without TSPEC

• Behavior:• DSCP 46 / UP 6 traffic coming from Apple iOS FastLane devices gets DSCP

46 / UP 6 end-to-end (with or without TSPEC)• DSCP 46 / UP 6 traffic, without TSPEC, coming from other devices gets BE

(0) downstream

Important!!!Differences With FastLane Handling of CAC

126


iOS 10 Fastlane – Trusting Voice trafficPlatinum Profile – Voice Stream – CAC Enabled, iOS 10 client, AireOS 8.3

127



Wired Network

UP DSCP Payload

802.1Q Trunk


802.1Q TrunkAccess mode

CAPWAP EncapsulatedDSCP 802.11 DSCP Payload 802.11 DSCP Payload 802.1p DSCP Payload


4646465 546466 46

4646 46

66 646 465 5 46


Apple Configurator 2 – Whitelist QoS


Cisco and Apple Togetherfor a Better End-User Experience

Improve device efficiency through

joint tested standards-based

functionality

Analyze and prioritize Apple-

based applications

Minimize impact of Apple upgrades by

accessing local instances on Cisco® ASRs

Display content from Apple

devices Wirelessly


Reduce Cost &Complexity

• Cisco CMX Solution https://www.youtube.com/watch?v=KQRb8vfU0qM

• CMX Hyperlocation vs RSSI Demo https://www.youtube.com/watch?v=6ls7EHbSK4A

• Cisco Dual 5GHz Wi-Fi https://www.youtube.com/watch?v=mbpjiETvDXc

• Cisco Aironet AP-3800 RF Excellence https://www.youtube.com/watch?v=dBpGsTKeyNM&t=64s

• Digital Network Architecture with Wave2 with 802.11ac https://www.youtube.com/watch?v=ySjN13hPhXY&t=2s

• Cisco Aironet Series – Flexible Radio Assignment https://www.youtube.com/watch?v=K_-BykT_YIM

• TechWiseTV: Apple and Cisco: Fast-Tracking the Mobile Enterprise https://www.youtube.com/watch?v=bh8rEvrzm7Y&feature=youtu.be

• Prioritized Business Apps https://www.youtube.com/watch?v=z0EOKNxL964&feature=youtu.be

• Apple and Cisco: Three Solutions Coming Together https://www.youtube.com/watch?v=7MgsDkf55wQ&feature=youtu.be

• WiFi Optimized Feature https://www.youtube.com/watch?v=xgPfxAolJoQ&feature=youtu.be

Faster Innovation

VoD Links

Lower Risk

• Fastlane App Demo https://www.youtube.com/watch?v=N1QMUcv3aRQ

• Cisco APIC-EM Wireless PnP Demo https://www.youtube.com/watch?v=_9P2-bU66PU

• Cisco Aironet Plug and Play Cloud Redirection https://www.youtube.com/watch?v=W7fBZ6xfSxw

• Wireless LAN Controller Dashboard Review https://www.youtube.com/watch?v=af09TBaafRI&feature=youtu.be

• Cisco Wireless Mobile App https://www.youtube.com/watch?v=HyvZ4mbVAWs

• WLC Advanced UI Client Troubleshooting https://www.youtube.com/watch?v=dZVxI6jOx_Q

• ISE Simplified Wireless Setup https://www.youtube.com/watch?v=A3F2DrFu7Lo&feature=youtu.be

• Cisco Wireless TrustSec Demo https://www.youtube.com/watch?v=A3F2DrFu7Lo&feature=youtu.be

• Cisco Wireless Netflow Lancope Integration Demo https://www.youtube.com/watch?v=TuWYkrt94CQ

• OpenDNS Integration with WLC https://www.youtube.com/watch?v=cMdX8sBBYG4


• 5520 WLC• 8540 WLC• AP1570• AP1810 OE• AP1810W Wall Plate• AP1850• AP2700/3700• AP2800/3800• AP702W• APIC-EM Wireless AP PnP• Flex7500 WLC • Mesh APs• Mobility Express• Smart Licensing• Univ. AP Regulatory Domain• Virtual WLC

Cisco Wireless LAN DocumentationINSTALLATION GUIDES

• 802.11r BSS Fast Transition• Adaptive wIPS• ATF Ph 1 & 2• CleanAir• CMX FastLocate• High Density• Rogue Management• RRM RF Grouping Algorithm• RRM White Paper

RADIO CONFIGURATION

• BYOD for FlexConnect• BYOD with ISE• Security Integration

ENCRYPTION

• Bi-Directional Rate Limiting • Flex AP-EoGRE Tunnel Gtwy• IPv6• Jabber• Jabber and UCM• Microsoft Lync• Passpoint Configuration• Real-Time Traffic Over WLAN• VideoStream • Vocera IP Phone in WLAN• VoWLAN Troubleshooting

CLIENT ADDRESSING POLICY ENGINE• AVC• Bonjour • Chromecast• Device Classification• Domain Filtering• mDNS Gateway w/Chromecast• Wireless Device Profiling & Policy Classification

BEST PRACTICES• Apple Devices• Enterprise Mobility Design Guide• High Availability (SSO)• HyperLocation• iPhone 6 Roaming• N+1 High Availability• WLAN Express• WLC Configuration Best Practices

Thank you.

Cisco Connect Montreal 2017 - Optimizing Your Client's Wi-Fi Experience

Technology

Transcript of Cisco Connect Montreal 2017 - Optimizing Your Client's Wi-Fi Experience