Deploying Quality of Service for Converged Networks

Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.8176_05_2003_c2.scr

111© 2003, Cisco Systems, Inc. All rights reserved.RST-2081 8176_05_2003_c2


Deploying Quality of Service for Converged Networks

Session RST-2081



Agenda

• Introduction

• Deployment Guide

• Monitoring QoS

• Case Studies

• Summary and References


Motivation behind QoS

• Applications are sensitive to delay, jitter and packet loss

• There are non-adjustable components (e.g. propagation delay, switching delay, CRC errors)

• There are adjustable components associated with link congestion (buffering delay andpacket loss)

• Some congestion is likely in most networks

• Over-provisioning is NOT the solution

• Always good to carry an “insurance” policy



Congestion Scenarios

CECE CECE

2 Mbps2 Mbps 1 Mbps1 Mbps

Speed MismatchSpeed Mismatch

1 Mbps

1 Mbps

1 Mbps

1 Mbps

1 Mbps

4 Mbps

Traffic Aggregation

CECE CECE

CECE

1 Mbps1 Mbps 1 Mbps1 Mbps

1 Mbps1 Mbps

Traffic AggregationTraffic Aggregation


Time1 2 3 4 5 6 7 8 9 10 11 12 1 2 3

Time1 2 3 4 5 6 7 8 9 10 11 12 1 2 3

100%

Time1 2 3 4 5 6 7 8 9 10 11 12 1 2 3

Link Utilization

QoS Applicability

• Link over-provisioned

• May not be cost effective

• No QoS required but asafety net

100%

Link Utilization

100%

Link Utilization

• Transient congestion

• QoS most useful

• Link highly over-subscribed

• QoS somewhat useful but more bandwidth required



Traffic Classification and Conditioning

Classification/Marking/Policing

Per-Hop Behavior

Queuing/Dropping

Ingress Node

Interior Node

Egress Node

TCBPHB

PHBTCBPHB

Differentiated Services Architecture(RFC 2274, RFC 2275)


Per-Hop Behaviors (PHB)

• Expedited Forwarding (EF)

Building block for low delay/jitter/loss

Served at a certain rate with short/empty queues

• Assured Forwarding (AF)

High probability of delivery if profile is not exceeded

Four classes and three levels of drop precedence

Specific resources (BW, buffer space) allocated to each class at each node

• Best Effort (BE)



Integrated Services Architecture(RFC-2210, 2211,2212,2215)

• Preserve the end-to-end semantics of IP for QoS

• Key end-points are the Senders and the Receivers

• Applications request desired service from the network for a set of Microflows

• Benefits of IntServ/RSVP

Fairly automatic—only need to provision RSVP bandwidth on the interface

Integrates well with a policy infrastructure

• Disadvantages of IntServ/RSVPState and signalling overhead for large networks Constant refresh messages

Imagine a Custom Postal Service for You!!


Handset

PBX

Cisco7200

Multimedia Server

MultimediaStation

Handset

Cisco 3600

Reserve 16KBW on this Line

I Need 16KBW and

100 msec Delay

This App Needs16K BW and

100 msec Delay

Integrated Services Architecture (Cont.)—The 3 Components of IntServ

• Specification of What Sender is Sending: (Rate,MTU,etc.)—The TSpec

• Specification of What the Receiver Needs: (Bandwidth,Path MTU, etc.)—The RSpec

• Specification of how the Signalling is done to the Network by the Sender and the Receiver:

RSVP is the Signalling Protocol for IntServ (Resource ReSerVation Protocol)



IntServ/DiffServ Integration

• Supported on Cisco 2600, 36xx, 7200, and 7500 Series Routers

RSVP Installed on Interface

RSVP Installed Only to do Admission Control

CBWFQ Performs Classification, Policing

and Scheduling Core Routers Operate in a

DiffServ Domain

RSVP Installed on Interface

IntServ IntServDiffServ


Agenda

• Introduction


• QoS Management

• Case Studies




Five Steps to a Successful QoS Deployment

• Step 1: Identify application requirements—business priority and classification

• Step 2: Define policies

• Step 3: Test policies

• Step 4: Implement policies

• Step 5: Monitor and adjust


Deployment GuideStep 1: Identify Application Requirements

• Importance of an application to the customerWhat applications are considered “mission critical”?

• Network resources to meet needs of an applicationNetwork delay, delay variation, drop

• Derived from application propertiesApplication performance/quality requirements

Properties of the underlying transport protocol stack

• Applications with different properties/requirements should be queued separately

• Understand exhibited behaviour vs. expected behaviour



Deployment GuideStep 2: Define Policies

• Network topology and traffic flow

• Capacity of your network devices (CPU, software, etc.) and network links (speeds, overhead, congestion, etc.)

• Bottleneck and non-bottleneck links

• Trusted and untrusted sources

• Layer 2 vs. Layer 3 service model

• We will discuss about this in detail…


Deployment GuideStep 3: Test Policies

• Test QoS policies in the lab first

• Test policy in a small portion of the production network

• Run baseline tests with and without QoS under congestion conditions



Deployment GuideStep 4: Implement Policies

• Classify as close to the edge as possible

• Police and mark as early as possible

• Work toward your core applying inbound/outbound policies

• Phased deployment—apply your policies incrementally

• Be judicious in policy application (e.g. trivial traffic from branch to hub)


Deployment GuideStep 5: Monitor and Adjust

• Measure delay and loss fordifferent classes (e.g. SAA)

• Monitor application performance

• Adjust policies where necessary

• More on this later…



Head Office

Branch

WAN Edge

Server Farm

SP Cloud

CE

CE

SiSi

SiSi

Consider the Following Network Topology

Deploying QoS End-to-End across the Network

Speed and Duplex SettingsSpeed and Duplex SettingsClassification/trust on Classification/trust on IP Phone and IP Phone and Access SwitchAccess SwitchMultiple Queues on Multiple Queues on Access PortsAccess Ports

QoSQoS——Campus AccessCampus Access

Layer 3 Policing, MarkingLayer 3 Policing, MarkingMultiple Queues on Multiple Queues on All Ports; Priority All Ports; Priority Queuing for VoIPQueuing for VoIPWRED within Data WRED within Data Queue for Congestion Queue for Congestion ManagementManagement

Capacity PlanningCapacity PlanningQueuingQueuingWREDWRED

QoSQoS——Campus DistributionCampus Distribution

Define SLADefine SLAClassification, MarkingClassification, MarkingLowLow--Latency QueuingLatency QueuingLink Fragmentation Link Fragmentation and Interleavingand InterleavingWRED and ShapingWRED and Shaping

QoSQoS——WAN EdgeWAN Edge QoSQoS——SP CloudSP Cloud


Head Office

Branch

WAN Edge

Server Farm

SP Cloud

CE

CE

SiSi

SiSi

Let us talk about the Access and Distribution Layers


Speed and Duplex SettingsSpeed and Duplex SettingsClassification/trust on Classification/trust on IP Phone and IP Phone and Access SwitchAccess SwitchMultiple Queues on Multiple Queues on Access PortsAccess Ports

QoSQoS——Campus AccessCampus Access

Layer 3 Policing, MarkingLayer 3 Policing, MarkingMultiple Queues on Multiple Queues on All Ports; Priority All Ports; Priority Queuing for VoIPQueuing for VoIPWRED within Data WRED within Data Queue for Congestion Queue for Congestion ManagementManagement

QoSQoS——Campus DistributionCampus Distribution



QoS in the Campus, Access and DistributionIs it Required?

• “Buffer management is as important as bandwidth management”

• Delay is not an issue, but delay variation (jitter) is

• Multiple queues are required on all interfaces to prevent TX buffer congestions and packet drops

• Just throwing more bandwidth in the LAN will not solve the problem


QoS in the Campus, Access and Distribution

• Trust Boundary Settingsuntrusted, trust-cos, trust-ipprec, trust-dscp, trust-ext

• Port Based Marking or Remarking for unmarked/untrusted traffic

• CoS to DSCP and DSCP to CoS Mapping

PC VLAN

Desktop PC

802.1Q Trunk with 802.1p Layer 2 CoS

802.1Q Trunk with 802.1p Layer 2 CoS

Native VLANNative VLAN

CoS 0

CoS 5

Auxiliary VLAN

IP Phone



QoS in the Campus, Access and Distribution—Output Scheduling

• Up to four transmit queues

• Assign traffic to queues based on CoSStrict Priority Scheduling (SPS) or Weighted Round Robin (WRR) scheduling

• Configure queue size and weights

• Configure buffer size and threshold parameters for WRED

• Use policing to protect the uplink from over-subscription

Queue Mgr

WRR/SPQueue Scheduler

Queue 2Queue 2Queue 1

VoiceVoiceDataWeighted Round Robin or

Strict Priority Queuing Enabled for Scheduling

between Queues

Weighted Round Robin or Strict Priority Queuing Enabled for Scheduling

between Queues


Head Office

Branch

WAN Edge

Server Farm

SP Cloud

CE

CE

SiSi

SiSi

At the WAN Edge (CE/PE)


Classification, MarkingClassification, MarkingLowLow--Latency QueuingLatency Queuing

Link Fragmentation Link Fragmentation and Interleavingand Interleaving

WRED and ShapingWRED and ShapingSLA DefinitionSLA Definition

QoSQoS——WAN EdgeWAN Edge



Define Policies Enterprise Network with Traditional L2 Service

• SP sells layer-2 service

• Point-to-Point SLA from SP

• Enterprise WAN likely to get congested

• IP QoS required for VVD integration

• SP not involved in IP QoS

Site 2 Site 3

SP Cloud

Frame RelayATMPPP

Site 1CE

CECE


Identifying Applications (CE–PE Edge)Classification and Marking

• Marking—setting a value in the frame (Layer2) or packet (Layer3)

Packets marked in the edge for purpose of classification in the core

• Examples of some classification criteriaIncoming interface or FR DLCIStandard or Extended source/destination access list

DSCP or IP precedence valueLayer 3 packet lengthNBAR

VersionLength Len ID Offset TTL Proto FCS IP-SA IP-DA Data

ToS1 Byte

077 12233445566

IP Precedence

DSCP

Flow Controlfor DSCP



Identifying Applications (CE–PE Edge)NBAR RTP Payload Type Classification

• Eases classification of voice and video traffic

VoIP, streaming/real-time video, audio/video conferencing, fax over IP

• Distinguishes between RTP packets based on payload type and CODECS

• Removes dependencies on UDP Port Range and DSCP markings

• Support introduced in 12.2(8)T

match protocol rtp [audio | video | payload-type payload-string]

NEW

96–127Dynamic

4G.723 (Audio)

0 (mu-law) 8 (a-law)G.711 (Audio)

15G.728 (Audio)

18G.729 (Audio)

9G.722 (Audio)

2G.721 (Audio)

14 (Audio), 32 (Video), 33 (A-V)

MPEG-1 (A/V)

MPEG-2 (A/V)

31H.261 (Video)

Payload TypeCODEC


Identifying Applications (PE)Packet Length (L3) Based Classification

• Light-weight method of ensuring EF service on low-speed access

Large data packets invading LLQ cause delay

• Determine packet size distribution on various links

• SPs often want to restrict the uploads but allow practically unlimited downloads

Small TCP ACK Packets going upstream should not be dropped

• Supported on 7500, 7200 and lower end platforms from 12.2(13)T

match packet length min <n> max <m>

NEW



768 kbps

Remote SitesT1

CentralSite

Frame Relay, ATM

128 kbps

256 kbps

512 kbps

T1

Buffering which will cause delayand eventually dropped packets

The Need for Traffic Shaping

1. Central to remote site speed mismatch2. To avoid remote to central site over-subscription3. To prohibit bursting above committed/subscribed rate


Voice Adaptive Traffic Shaping

• Allows customers to burst when no voice is present

• Decreases VC queuing delay at FR switches by reducing the sending rate to minCIR when voice is detected; return to CIR when voice is not present

• Avoid fragmentation if we do not detect voice packets


NEW

frame-relay fragmentation voice-adaptive deactivation 50map-class frame-relay voice_adaptive_classframe-relay adaptive-shaping voice deactivation 50



The Need for Congestion Management (Queuing)

• Under congestion—who gets what share of the available bandwidth?

• Examples: CBWFQ, LLQ

Outbound PacketsOutbound PacketsSchedulerScheduler

Packets inVarious Queues

Packets inVarious Queues


Priority Percentage Support for Low Latency Queuing (LLQ)

policy-map Multiserviceclass VoIPpriority percent 10

class businessbandwidth remaining percent 30

class class-defaultbandwidth remaining percent 20

No 75%Rule

policy-map Multiserviceclass VoIPpriority percent 10

class businessbandwidth percent 30

class databandwidth percent 20

75% Rule

Same Policy Map Can Be Applied to Multiple Interfaces and Interfaces with Varying Bandwidth (MLP Bundles, Dialer)

Supported Introduced in 12.2(2)T



The Need for Congestion Avoidance

• Dropping can occur in the edge or core due to policing or buffer exhaustion

• If a queue fills up, all packets at tail end of queue get dropped—called tail-drop

• Tail-drop results in simultaneous TCP window shrinkage of large number of sessions, resulting in “global synchronization”

• WRED enables intelligent packet drop decision when average queue depth exceeds a minimum threshold


Weighted Random Early Detection—Explicit Congestion Notification

TOS Octet

Source Destination

IP Packet

1111

TCP Ack11

ECNEchoECNEcho

ECTbit

ECTbit

CEbitCEbit

11Congestion Experienced

01ECP Capable Transport

10ECN Capable Transport

00Non ECN-Capable

Short web transfers and low bandwidth Telnet prefer not to wait for TCP retransmit timer to expire

WRED ECN Supported on Cisco 800, 1400, 1600, 1751, 3600, 3700, and 7000 Series Routers From 12.2(8)T

NEW



The Need for RTP Header Compressionon Slow Speed Links

PROBLEM: Header = 2 X Payload

19.5 kbps28 Kbps20 kbpsG.729A at 33 pps

25.6 kbps42.4 Kbps26.4 kbpsG.729A at 50 pps75 kbps84 Kbps75.5 kbpsG.711 at 33 pps

81.6 kbps106 Kbps82.4 kbpsG.711 at 50 pps

Frame Relay4 Bytes of Header

ATM53 Bytes Cells witha 48 Byte Payload

PPP6 Bytes of Header

CODEC

BENEFIT: Reduction in Voice Bandwidth Requirement

10 kbps14.Kbps10.5 kbpsG.729A at 33 pps

11.2 kbps21.2 Kbps12 kbpsG.729A at 50 pps65.5 kbps56 Kbps66 kbpsG.711 at 33 pps

67 kbps84.8 Kbps68 kbpsG.711 at 50 pps

Frame Relay4 Bytes of Header

PPPoATM53 Bytes Cells witha 48 Byte Payload

PPP6 Bytes of Header

CODEC


10mbps Ethernet 10mbps Ethernet

VoiceVoice 1500 Data Bytes1500 Data Bytes VoiceVoice VoiceVoice 1500 Data Bytes1500 Data Bytes VoiceVoice VoiceVoice 1500 Data Bytes1500 Data Bytes VoiceVoice

~214ms Serialization Delay~214ms Serialization Delay

Voice Packet60 bytes

Every 20 ms


Every >214 ms


Every >214 ms

Benefit: Reduce the Jitter in Voice CallsBenefit: Reduce the Jitter in Voice Calls

Problem: Large Packets “Freeze Out” VoiceProblem: Large Packets “Freeze Out” Voice

The Need for Fragmentation and Interleaving on Slow Speed Links

• Implemented via Multilink PPP (MLP) over FR, ATM, and leased lines • Fragments are interleaved with the real-time packets, reducing the

serialization delay experienced by voice packets

56kb WAN



Define a Per Hop Behavior (PHB)Condition Traffic Entering/Exiting the Network (TCB)

Define PoliciesPutting It All Together…

Real-Time InteractiveReal-Time Interactive

Real-Time StreamingReal-Time Streaming

InteractiveInteractive Background and Bulk

Background and Bulk

PolicingPolicing

DroppingDropping

QueuingQueuing

MarkingMarking

Best EffortBest Effort

EFEF AF3xAF3x AF2xAF2x AF1xAF1x DefaultDefault

Priority 512

Priority 512

Tail DropTail Drop

Bandwidth Percent 25Bandwidth Percent 25

Tail DropTail Drop


DWREDDWRED


DWREDDWRED

AvailableAvailable

DWREDDWRED

512k512k 256k256k 128k128k 128k128k NoneNone

For Example:


Define Policies (Cont.)Enabling QoS in the WAN Edge (CE–PE)

• Use LLQ on all WAN interfaces in an AVVID networkVoice (DSCP=EF) é LLQVideo conferencing (DSCP=AF41) Call control (DSCP=AF31) Streaming video (DSCP=AF11)

• Traffic shaping is required for all FR and ATM links• MLP encapsulation to enable CRTP and LFI on low speed

ATM and ATM/FR links• VC bundling in case of multiple VCs between 2 destinations

QoS-EnabledWAN

General Guidelines



Head Office

Branch

WAN Edge

Server Farm

SP Cloud

CE

CE

SiSi

SiSi

Capacity PlanningCapacity PlanningQueuingQueuingWREDWRED

QoSQoS——SP CloudSP Cloud

But…You Could Be Buying a Layer 3 Service



Define PoliciesEnterprise Network with IP Service

• Customer buys layer-3service from SP

• Point-to-Cloud SLA from SP for conforming traffic

• Enterprise WAN likely to get congested

• SP involved in IP QoS

• Any site can transmit up to ICR into the cloud

• Any site can receive up to ECR from the cloud

Service Provider

PE

PE PE

ICR256kICR256k

ECR512KECR512K

ECR—Egress Committed RateICR—Ingress Committed Rate

ICR768kICR768k

ECR512KECR512K

ICR512kICR512kECR

512KECR512K

Site 2 Site 3

Site 1

CECE

CE



Define Policies (Cont.)Know the SLA Offered by Your SP

• SLA typically includes between 3 and 5 classes

• Real-time traffic gets fixed bandwidth allocation

• Data traffic gets variable bandwidth allocation with minimum guarantee

• Frequently, bandwidth allocations defined as percentage of sub-rate (e.g. PVC CIR, shaped rate)

• Additional classes not visible to customer may exist at the edge (e.g. management/control traffic)

SLA per PVC/VLAN

SLA per Interface (Possibly Sub-Rate)

Physical BandwidthPhysical

Bandwidth

Physical BandwidthPhysical

Bandwidth


The Need for Traffic Policing

• Restrict traffic class to certain rate, so that packets exceeding/violating contract can be remarked to a different DiffServ class or dropped

• RFC 2697: A single rate three color markerMark conforming traffic to low drop priority, mark exceeding traffic with high drop precedence, and drop violating traffic

• RFC 2698: A two rate three color markerNeed to enforce peak rate for a service separately from a committed rate, modeling the FR concept in pure IP networks

• Color Aware Policer support from 12.2(7th)T



Two Rate Three Color Policer –How does it work ?

NEW


PEPEManagedCE

ManagedCE

PEPEUnmanagedCE

UnmanagedCE

Managed CEManaged CE Unmanaged CEUnmanaged CE

At the CE PE EdgeTraffic Leaving the Enterprise Network

• Output QoS policy on CE controlledby SP

• SP enforces SLA using the outputQoS policy on CE

• Output policy uses queuing, dropping and optionally, shaping

• Elaborate traffic classification or mapping of existing markings

• Slow links require LFI/cRTP

• Output QoS policy on CE controlled by customer

• SP enforces SLA using input QoS policy (policing) on PE

• Customer defines output policy with queuing, dropping, shaping based on business priorities

• Elaborate traffic classification or mapping of existing customer markings on PE router



PEPEManagedCE

ManagedCE

PEPEUnmanagedCE

UnmanagedCE


At the CE PE Edge (Cont.)Traffic Leaving the Enterprise Network

CE

Output PolicyClassification/ Marking/Mapping

LLQWRED

[Shaping]

[LFI/cRTP]

PE

Input Policy<Not required>

CE

Output PolicyClassification/ Marking/Mapping

LLQWRED

[Shaping]

[LFI/cRTP]

PE

Input PolicyClassification/ Marking/Mapping

Policing


PEPEManagedCE

ManagedCE

PEPEUnmanagedCE

UnmanagedCE


At the CE PE Edge (Cont.) Traffic Leaving Service Provider Network

• SP enforces SLA using the outputQoS policy on PE



• No input QoS policy on CE needed

• SP enforces SLA using the outputQoS policy on PE



• Input QoS policy on CE irrelevant



At the CE PE Edge (Cont.) Traffic Leaving Service Provider Network

CE

Input Policy

<Not needed>

PE

Output Policy

LLQ

WRED[Shaping]

[LFI/cRTP]

CE

Input Policy

<Irrelevant>

PE

Output Policy

LLQ

WRED[Shaping]

[LFI/cRTP]

PEPEManagedCE

ManagedCE

PEPEUnmanagedCE

UnmanagedCE



PE-1 PE-2

CE-2

CE-1

CE-3

In-prof=30 KbpsOut-prof = 0

In-prof=30 KbpsOut-prof = 900 Kbps

In-prof=30 KbpsOut-prof = 930 Kbps with DE/CLP

CIR=30KbpsCIR=30Kbps

Enterprise Network with IP ServiceEgress Commit Rate (ECR)

• Customer problemsBuy CIR per Class (IN-PROFILE)

Data Class can burst to Aggregate Rate AR (OUT-PROFILE)

• Provider problemsGuarantee only IN-PROFILE traffic per class

OUT-PROFILE traffic transported with no commitment

Customer does not want to be policed

Due to TCP burstiness, OUT-PROFILE always happens



Enterprise Network with IP Service—ECR and Three-Level Hierarchical Policer

• IN PROFILE SLA guaranteed, extra IN-PROFILE re-colored to OUT-PROFILE, SAA traffic should not be re-colored

• DELAY/DROP for IN-PROFILE not impacted by extra IN-PROFILE

• OUT-PROFILE is controlled by WRED

• Three level hierarchical policy needed to implement this solution

Aggregate Shaper at parent level

Minimum bandwidth guarantees and WRED at child level

At the third level we exclude SAA packets and mark the EXTRA IN PROFILE traffic as OUT PROFILE and set the ATM-CLP bit


NEW


Define PoliciesService Provider Backbone (P to P)

PE

PE

Service Provider

PE

P

P

P

• QoS complexity resides at the edge

• Backbone only deals with classes

• Over-provisioning sometimes touted as best alternative

ExpensiveDOS attacksFailure conditionsPlanning mistakesUnexpected traffic demandSP cannot generally solve end-to-end QoS for customers with over-provisioning



Define PoliciesService Provider Backbone (P to P)

• SP implements SLA using output QoS policy

• Subset of classes may be used

• Typically, 2 or 3 classes (real time, business, BE)

• Output policy uses queuing and dropping

LLQ and WRED

P/PEP/PE

Backbone NodeBackbone Node


Agenda

• Introduction


• QoS Management

• Case Studies




The QoS Management Circle

Classif

y

Classif

y Monitor

Monitor

Adjust

Service Levels


Understand Application NeedsUnderstand Application Needs

Construct a QoS Policy (Queuing, Dropping, Signaling, etc.)Construct a QoS Policy (Queuing, Dropping, Signaling, etc.)

Test the QoS Policy (Lab, Portion of Network)Test the QoS Policy (Lab, Portion of Network)

Adjust and Implement a QoS PolicyAdjust and Implement a QoS Policy

Monitor Key Network Hotspots!

↑

Monitor Key Network Hotspots!

↑

Remember the Five Steps to Deploying QoS?

Management Management TasksTasks



Adjust and Implement a QoS Policy

Problem:

1. How did the QoS Policy help the applications?

2. Which classes are causing or still having problems?

Cisco Solution:

1. Cisco IOS® Service Assurance Agent (SA Agent)Monitor Drops, Drop Rate, Delay, Jitter, etc.

2. Compare ‘Pre-QoS’ and ‘Post-QoS’ parameters to know effect of QoS!

3. Cisco IOS Class-Based QoS MIB (CBQoSMonMIB)Information on each interface/PVC where QoS is configured

Per class Bit Rate, Drop Rate, Feature Counters, etc.


Adjust and Implement a QoS Policy (Cont.)

Customer Problem:

• Make it “simpler, cheaper and faster”1. Consistency of CLI and semantics across interfaces

and devices

2. Simple tool to store QoS Policies and provision large networks

Cisco Solution:1. The Modular QoS CLI (MQC)

2. Cisco AutoQoS3. For Enterprises, Cisco QoS Policy Manager (QPM)

4. For Service Providers, Cisco ISC (Solutions Center)



Monitor Key Network Parameters

Customer Problem:

• To keep QoS tuned to deliver the best possible results for the applications/users, we need the same tools as in “adjusting” the test QoS policies, but on a wider scale

Solution:

• Cisco IOS SA Agent, CBQoSMonMIB and NBAR PD MIB work hand-in-hand

• Front-end applications to these infrastructure components

CiscoWorks Service Management Solution (SMS)

Infovista IV Suite

Concord e-Health


More on the Cisco QoS Management Tools

Let us talk a little bit about these tools…1. Service Assurance Agent

2. Cisco Class-Based QoS MIB

3. NBAR Protocol Discovery MIB



Service Assurance Agent (SAA)

• Is the packet loss acceptable?

• What is the network latency?

• Are the network applications performing well?

• Can you monitor Service Level Agreements?

SAASAA

Provides Active Monitoring of Network Infrastructure

Voice

VideoE-Learning

Cisco IOS


Service Assurance Agent (SAA)—Measuring the Network

• Active Traffic Generation within Cisco IOS®

using SAA ProbesMonitor network performance and health

Test and troubleshoot network problems

• Measurement of key end-to-end network metricsNetwork Delay

Packet Loss

Network Delay Variation (jitter)

Connectivity

History and distributions of network statistics

• Scheduling of packet streams and threshold violation notification

• Across the board support for most Cisco IOS devices



More on the Cisco QoS Management Tools (Cont.)

Let’s Talk a Little Bit about These Tools…1. Service Assurance Agent




Class-Based QoS MIB (CBQoSMonMIB)

• Primary accounting mechanism for MQC-based QoS

• Statistics for active MQC configuration on a per-policy/per-interface or PVC basis

• Monitor pre- and post- policy bit ratesFor example, “How many packets are being dropped or marked?”

• Read access only, no SNMP configuration


Pre Policy Post Policy Pre- Post

Bronze

Silver

Gold

BronzeSilver

GoldBronzeSilver



Class-Based QoS MIB Table

packets and bytes statistics per class

packets per matching criteria

class based policer statistics

Class queuing statistics per policy

Traffic shaping statistics

WRED packet counters on a per DSCP/Precedence basis

cbQosClassMapStats

cbQosMatchStmtStats

cbQosPoliceStats

cbQosQueueingStats

cbQosTSStats

cbQosREDClassStats

DescriptionTable


Baseline Monitoring and QoS Policy Validation Using CBQoSMonMIB and QPM

• Monitor per DiffServ class CBQoSMIB enables monitoring of all traffic on a per class basis

• Validate QoS deploymentQPM reads the detailed QoS statistics provided by CBQoSMonMIB

Headquarters

Cisco Router

Cisco 7200

CallManagerCluster

Remote Office

MarkMark

Cisco QPMCisco QPMSwitch

RouterMonitorMonitor

WAN

ApplicationServer

NAM



More on the Cisco QoS Management Tools (Cont.)

Let’s Talk a Little Bit about These Tools…1. Service Assurance Agent




Cisco NBAR Protocol Discovery MIB

BENEFITS

• Real-time statistics on applications

• SNMP MIB support

• Per-interface, per-application, bi-directional (input and output) statistics:

Bit rate (bps)

Packet counts

Byte counts

Support introduced in 12.2(15)T

NEW



Cisco NBAR Protocol Discovery Statistics

router# sh run int fa6/0!interface FastEthernet0/0ip address 10.0.147.3 255.255.255.0ip nbar protocol-discovery

end

Router# show ip nbar protocol-discovery interface FastEthernet 6/0FastEthernet6/0

Input Output Protocol Packet Count Packet Count

Byte Count Byte Count 5 minute bit rate (bps) 5 minute bit rate (bps)

------------------------ ------------------------ ------------------------http 316773 0

26340105 0 3000 0

pop3 4437 7367 2301891 339213 3000 0

snmp 279538 14644 319106191 673624 0 0

ftp 8979 7714 906550 694260 0 0

…Total 17203819 151684936

19161397327 50967034611 4179000 6620000


CISCO-NBAR-PROTOCOL-DISCOVERY-MIB Tables

Tables Listed in Order They Are Listed in the MIBCISCO-NBAR-PROTOCOL-DISCOVERY-MIB (CNPD-MIB)

rising/falling trap

NBAR enable/Time

All NBAR by interface

Top N table config by interface

Top N table statistics

Protocol threshold configuration

History of falling rising events

Enable traps

List of all protocols supported

cnpdMIBNotifications

cnpdStatus

cnpdAllStats

cnpdTopNconfig

cnpdTopNstats

cnpdThresholdconfig

cnpdThresholdhistory

cnpdNotificationsconfig

cnpdSupportedProtocols

DescriptionTable



Cisco NBAR Protocol Discovery Thresholds and Traps

• User can set thresholds on individual protocols on an interface, or on a statistic regardless of protocol

Thresholds for any combination of supported protocols/and or all protocols

• Configurable statistic typesInterface in, out and sumBytes, Packets, and Bit rate

• If the threshold is breached, the information is stored for prolonged period of time

• A notification (Trap) is generated and sent to the user with a summary of threshold information


Headquarters

Cisco Router

Cisco 7200

CallManagerCluster

Remote OfficeWAN

ApplicationServer

NAM

Baseline Monitoring on a per Application Basis Using Cisco NBAR PD MIB

• Focus on top/critical 5 to 10 applications Identify apps by filter (IP addr, port, protocol, NBAR)

See traffic by top applications before QoS deployment

• Analyze remote site activityWhat does business critical traffic throughput look like on remote router interface?

ManagementApplication

ManagementApplication

SAPCustom appVoIPE-mail

Remote Router InterfaceRemote Router Interface

View Statistics for Top Applications



Agenda

• Introduction


• QoS Management

• Case Studies



Case Studies

• Large Enterprise Deployment

Voice, Video, Bulk and Best Effort

• QoS for VoIP

Accelerated deployment via Cisco AutoQoS

• Site-to-Site VPN

QoS for an enterprise running IPSec VPN end-to-end through a SP network

• Enterprise Network with IP Services

QoS end-to-end through a SP network selling IP Services



Large Enterprise Deployment—Description

• Large multinational company based in US with more than 400 offices across 3 continents

• All circuits are high-speed OC-3, DS3 or E3

• Large converged network with business critical ERP applications, web, voice, streaming video and e-mail

• Driving factor was the need to provide consistent application performance and the decision to move to VoIP (savings of $ 50,000/month in toll charges)

• Heavy usage of CBQoSMIB for reporting and monitoring purposes


Large Enterprise Deployment—Solution

• Implemented a complete DSCP model

• Four classes of serviceReal-Time—VoIP and streaming video (separate bandwidth class for video in case of slow speed links)

Interactive—Database lookups, Citrix and Telnet

Best Effort—Default class and control traffic

Bulk—Large FTPs and backups

• MLP used as encapsulation mechanism on slow speed VoIP links to enable RTP HC and LFI

• No redundant versions of database across multiple locations due to better site to site response times

• Heavy usage of CBQoSMIB for reporting and monitoring purposes



Large Enterprise Deployment—WAN Topology

North America

AsiaEuropeHigh-Speed ATM/FR

Access to MPLS VPN Core

Packets Entering the Network Packets Entering the Network Are Colored at EdgeAre Colored at Edge

MLPPP, CRTP and LFI MLPPP, CRTP and LFI for VoIP Links < 768Kfor VoIP Links < 768K

LLQ (Output Policy) for VoIP, Streaming LLQ (Output Policy) for VoIP, Streaming Video and Traffic from Data CenterVideo and Traffic from Data Center

WRED for Active Queue Management of WRED for Active Queue Management of TCP Flows in Data ClassesTCP Flows in Data Classes

FR


Large Enterprise Deployment—Challenges

• LLQ on frame does not take advantage of VC burst capabilities

Enable MQC-based FR adaptive shaping

FR VATS permits bursting to line rate when only data is present, strict CIR enforced when voice is present

• Jitter issues in video on slow speed links in case of large flows in Best Effort Class

Overprovision the video class bandwidth and enable WRED in Best Effort Class

For 7500s, hierarchical scheduling in BE class



Case Studies

• Large Enterprise DeploymentVoice, Video, Bulk and Best Effort

• QoS for VoIPAccelerated Deployment via Cisco AutoQoS

• Site-to-Site VPNQoS for an enterprise running IPSec VPN end-to-end through a SP network

• Enterprise Network with IP ServicesQoS end-to-end through a SP network selling IP Services

NEW


Deploying QoS for VoIP

Goal: Deploy Consistent, End-to-End QoS for VoIPGoal: Deploy Consistent, End-to-End QoS for VoIP

FR WAN

WANWAN

Classification and Trust Classification and Trust BoundaryBoundaryMarking/RemarkingMarking/RemarkingEgress Queue SchedulingEgress Queue SchedulingBuffer ManagementBuffer Management

Intelligent Classification Intelligent Classification Bandwidth ProvisioningBandwidth ProvisioningAdmission ControlAdmission ControlShapingShapingLink Fragmentation and Link Fragmentation and InterleavingInterleavingHeader CompressionHeader Compression

Layer 3 PolicingEgress Scheduling(Multiple Queues with WRR)Priority Queuing for VoIPBuffer Management

Access LayerAccess Layer Distribution Layer



•• Identify Traffic of InterestIdentify Traffic of Interest

•• Trust and UntrustTrust and Untrust

•• Link Efficiency Link Efficiency Mechanisms Mechanisms

•• CoS to DSCP to CoS to DSCP to Queue mappingQueue mapping

•• WRR and WRED WRR and WRED parametersparameters

•• Transport specific Transport specific featuresfeatures

•• Monitor the Monitor the Performance of Performance of Voice TrafficVoice Traffic

•• Consistent EndConsistent End--toto--End QoS across End QoS across LAN and WANLAN and WAN

•• Platform Platform ConsistencyConsistency

• Classes• Bandwidth Requirements• High Speed vs. Low Speed QoS• Buffer Management

Deploying QoS for VoIP—The Manual Way

ApplicationClassificationApplication

Classification

PolicyGeneration

PolicyGeneration

Configuration

Monitoringand

Reporting

Monitoringand

Reporting

ConsistencyConsistency

KeyElementsof QoS

Deployment

KeyElementsof QoS

Deployment


Deploying QoS for VoIP—Cisco AutoQoS in the LAN

• Simplifies QoS configuration for VoIP• Optimal voice performance

Parameters based on Cisco Best Practices, extensive lab testing,and input from a broad base of AVVID installations

• Intelligent policy generationSupport for Cisco IP Phone and Cisco Soft PhoneAutomatically decides on trust and extended trust boundary settings

User can bypass telephone and connect their PC directly to the switchDisables trust when IP phone is relocated

Configures CoS to DSCP to Queue mapping, WRR settings, etc.

• Supported on static, dynamic-access, voice VLAN, and trunk ports



Catalyst® 6500 Series Switch

set port macro 4/1 ciscoipphone 10 110Port 4/1 has been fully configured for ciscoipphone. Data vlan set to 10, auxiliary vlan set to 110, port based autoqos configured.

Global autoqos configured on all ports.

set qos autoqos

All ingress and egress QoS scheduling parameters configured on all ports.CoS to DSCP, DSCP to COS and IP Precedence to DSCP maps configured. Global QoS configured

set port qos autoqos 4/1 voip ciscoipphone

Port 4/1 has been fully configured for voip.Global autoqos configured on all ports

Deploying QoS for VoIP—Cisco AutoQoS in the LAN (Cont.)

User Enables AutoQoSUser Enables AutoQoS

Generated by AutoQoSGenerated by AutoQoS

Generated by AutoQoSGenerated by AutoQoS


Interface GigabitEthernet0/1mls qos trust device cisco-phonemls qos trust cosauto qos voip cisco-phonewrr-queue bandwidth 20 1 80 0wrr-queue queue-limit 80 1 20 1wrr-queue cos-map 1 0 1 2 4wrr-queue cos-map 3 3 6 7wrr-queue cos-map 4 5priority-queue out

Interface FastEthernet0/1mls qos trust device cisco-phonemls qos trust cosauto qos voip cisco-phonewrr-queue bandwidth 20 1 80 0wrr-queue min-reserve 1 5wrr-queue min-reserve 2 6wrr-queue min-reserve 3 7wrr-queue min-reserve 4 8wrr-queue cos-map 1 0 1 2 4wrr-queue cos-map 3 3 6 7 wrr-queue cos-map 4 5priority-queue out

Catalyst 3550 Series Switch

Deploying QoS for VoIP—Cisco AutoQoS in the LAN (Cont.)

Generated Generated by AutoQoSby AutoQoS

You Enable AutoQoSYou Enable AutoQoS


Generated Generated by AutoQoSby AutoQoS



Deploying QoS for VoIP—Cisco AutoQoS in the WAN

• Simplifies QoS configuration for VoIPA single command enables Cisco QoS for VoIP

• Generated parameters and configuration can be user modified

• Intelligent policy generationBased on available bandwidth and underlying L2 technologyClassifies VoIP bearer and signaling (H.323, Skinny, H.225 Unicast, SIP and MGCP) trafficAutomatically enables Link Fragmentation settings, if required

• Supported on FR, ATM, HDLC, PPP and FR-to-ATM links

• Provides RMON alerts, if VoIP packet are dropped


interface Serial4/0encapsulation frame-relay

frame-relay traffic-shaping!interface Serial4/0.1 point-to-pointbandwidth 256ip address 10.1.71.1 255.255.255.0frame-relay interface-dlci 100class AutoQoS-VoIP-FR-Serial4/0-100auto qos voip

frame-relay ip rtp header-compression!map-class frame-relay AutoQoS-VoIP-FR-Serial4/0-100frame-relay cir 256000frame-relay bc 2560frame-relay be 0frame-relay mincir 256000service-policy output AutoQoS-Policy-UnTrustframe-relay fragment 320

Deploying QoS for VoIP—Cisco AutoQoS in the WAN (Cont.)

FrameRelay

FRTS Enabled FRTS Enabled by AutoQoSby AutoQoS

You Specify BW, IP You Specify BW, IP Addr and FR DLCIAddr and FR DLCI


CRTP ConfigurationCRTP ConfigurationGenerated by AutoQoSGenerated by AutoQoS

FRTS and FRF.12FRTS and FRF.12Settings GeneratedSettings Generated

by AutoQoSby AutoQoS



class-map match-any AutoQoS-VoIP-RTP-Untrustmatch protocol rtp audiomatch access-group name AutoQoS-VOIP-RTCP

class-map AutoQoS-VoIP-Control-Untrustmatch access-group name AutoQoS-VOIP-Control

class-map match-any AutoQoS-VOIP-Remarkmatch ip dscp efmatch ip dscp af31

!policy-map AutoQoS-Policy-Untrustclass-map AutoQoS-VoIP-RTP-Untrust

priority percent 70set dscp ef

class AutoQoS-VoIP-Control-Untrustbandwidth percent 5set dscp af31

class AutoQoS-VoIP-Remarkset dscp default

class class-defaultfair-queue

Deploying QoS for VoIP—Cisco AutoQoS in the WAN (Cont.)

FrameRelay

Classification DoneClassification Doneby AutoQoSby AutoQoS

Provisioning DoneProvisioning Doneby AutoQoSby AutoQoS


Case Studies


• QoS for VoIPAccelerated deployment via Cisco AutoQoS





Site-to-Site VPN—Requirements

• Enterprise customer buys a point to point service from service provider and requires 4 classes of service:

Real-time (Voice): no loss, low latency, low jitter, guaranteed bandwidth

Business Class (ERP Applications): low loss, guaranteed bandwidth

Interactive Class (Telnet,): low loss, low latency, guaranteed bandwidth

Normal (other traffic): Best Effort

• Site-to-Site VPN service, two site example


Site-to-Site VPN—Topology

Customer Needs Site-to-Site IP VPN Service with 4 Different Service Classes

L3 Service from SP

CE

CE

CORE

PE

PE

PE

PE

PP

P P



Site-to-Site VPN—Issues

• Additional header and trailer overhead of IPSec and GRE with voice packets

• Voice delay budget increased by crypto engine processing

• Crypto engines (FIFO) randomly drop packets when congested

Voice quality suffers through IPSec tunnel

• CRTP and IPSec are incompatible standards

• Voice and data in same IPSec/GRE tunnel, both encrypted

• QoS re-ordering of IPSec sequenced packets can lead to anti-replay drops

QoS Requirements Are Same as in a Typical L2 Service Deployment, Except…


IPHdr

GREGRE

RTP

IPHdr

RTPUDPUDP

UDPUDP VoiceVoice

VoiceVoiceGRE IPHdr

ESPPad/NH

ESPAuth

ESPHdr

ESPIV

GRE IPHdr GREGRE IP

Hdr RTPIPSecHdr

IPSecHdr UDPUDP VoiceVoice

IPSec—136 Bytes

(Tunnel Mode)

IP GRE—84 Bytes

G 729—60 Bytes

20202020

202020

2020

4

888

8

8

4

12

12

12 122–257

Site-to-Site VPN Issues—G 729 CODEC Overhead with GRE and IPSec

Resulting Layer 3 Packet Sizes:G.729 = 136 bytes @ 50 pps = 54.4 kbpsG.711 = 280 bytes @ 50 pps = 112 kbps



Encrypt2-10ms

Decrypt2-10ms

Propa–gationPropa–gation

Coder45msCoder45ms

FRTS< 10msFRTS

< 10msQueuing

64K6ms

Queuing64K6ms Network

(FR Sw)Network(FR Sw)

Dejitter50ms

Dejitter50ms

Serial -ization

64k3ms

Serial -ization

64k3ms

Site-to-Site VPN Issues (Cont.)—Increase in Voice Delay Budget

Expect IPSec Encryption to Add 2–10 ms

…Minimal Impact to Delay Budget

Goal = 100–250ms

194 ms as Shown

< 60 ms Based on SP’s SLA


Site-to-Site VPN Issues (Cont.)—LLQ Before Crypto Engine

• Enabled by configuring LLQ policy on output interface

• Engages when Crypto Engine is congested

• Supported on Cisco 2600, 3600, 3700, 7100, and 7200 Series Routers from 12.2(13)T

BestEffort

LLQDD

CryptoEngine

DataData

VoIPVoIPLLQ Classification

Output InterfaceOutput

Interface

VV

Input

Interface

Input

InterfaceVV DD VV DD DD

VVVVVVVV

VVDDDDDD



V*V* DD V*V* DD

Site-to-Site VPN—When to Use QoS Pre-Classify

• Currently required when using hardware encryption and service-policy on output interface

• Maintains original IP Header (port, protocol, source/dest IP address, etc.) for output QoS policy

• Unrequired when QoS policy uses ToS byte only

• Apply to both crypto map and IP GRE tunnel (if IP GRE is used)

Router Can Make QoS Decisions Basedon Encrypted Elements in the Packets

Unencrypted VPN Router

Encrypted

DDDataData

VoIPVoIP V*V*

?*?*?? ?*?*??


Case Studies


• QoS for VoIPAccelerated deployment via Cisco AutoQoS





Enterprise Network with IP Services—The Works

• SP sells L3 services with following four levels of serviceReal-Time

Business High

Business Low

Best Effort

• Business driver for Enterprise—ad-hoc any to any video conferencing from more than 60 sites across the US

Each site connected via T1 connection at minimum

VC units run standard 384Kbps IPVC streams

• Customer also has several mission critical business applications that need prioritization

• Managed CE environment


Enterprise Network with IP Services—Challenges

• Point-to-Cloud Model—SP is involved in QoS

• Challenges

Current provisioning mechanism guaranteed more than 150% of available bandwidth

No accounting for routing protocols and L2 overhead

SP not preserving DSCP marking across their cloud—Remark DSCP to indicate to themselves whether packets are within or violating contract

DLSW+ application configured to set its ToS value to 5 by default (same as IPVC)



Enterprise Network with IP Services—The Solution

• Customer purchased services in the ratio 5:6:2:1

• Customer migrated to a complete DSCP modelSimpler from a classification and provisioning perspective

Monitoring and Management advantages

• Workaround for SP remarking: NBAR deployed at WAN edge to re-classify and re-mark INBOUND traffic from the WAN

• Routing and control traffic in business high class

• Percentage based provisioning mechanism

• QPM 3.0 for monitoring traffic statistics via CBQoSMIB


class-map match-all VIDEOmatch access-group 120

class-map match-all SAPmatch protocol custom-10

class-map match-all SNAmatch protocol dlsw

class-map match-all TELNETmatch protocol telnet

class-map match-all NOTESmatch protocol notes

class-map match-any WWWmatch protocol httpmatch protocol secure-http

class-map match-all FTP-GRAPHICSmatch access-group 105match protocol ftp

class-map match-all REAL-TIMEmatch ip dscp ef

class-map match-any BUSINESS-HIGHmatch ip dscp af31 match ip dscp af32 match ip dscp af33 match ip dscp cs3

class-map match-any BUSINESS-LOWmatch ip dscp af21 match ip dscp af22 match ip dscp af23

Enterprise Network with IP Services—Configuration



Enterprise Network with IP Services—Configuration (Cont.)

policy-map MARKINGclass VIDEOset ip dscp efclass SAPset ip dscp af31class SNAset ip dscp af32class TELNETset ip dscp af33class NOTESset ip dscp af21class WWWset ip dscp af22class FTP-GRAPHICSset ip dscp af23class class-defaultset ip dscp default

policy-map WAN-EDGEclass REAL-TIMEpriority 512

class BUSINESS-HIGHbandwidth percent 45random-detect dscp-basedclass BUSINESS-LOWbandwidth percent 15random-detect dscp-basedclass class-defaultfair-queuerandom-detect dscp-based


Enterprise Network with IP Services—Configuration (Cont.)

interface FastEthernet0/0service-policy input MARKING!interface Serial0/0encapsulation frame-relay IETFframe-relay traffic-shaping!interface Serial0/0.1 point-to-pointdescription SP Cktframe-relay interface-dlci 101class FRTS

!map-class frame-relay FRTSframe-relay cir 1536000frame-relay bc 15360frame-relay mincir 1536000service-policy input MARKINGservice-policy output WAN-EDGE

SP Core

}}

CE

PE



Agenda

• Introduction


• QoS Management

• Case Studies



Summary

• Lots of new tool enhancements (NBAR, LLQ, Shaping, Policing, etc.) available

• Single class for latency sensitive traffic, additional classes to implement data SLAs

• It is all about Buffer Management in the Campus, Access and Distribution Layers

• Enterprise WAN edge QoS is dependent on the kind of service that is purchased from the SP

• Marking, Queuing and Shaping enabled at the WAN edge

• Queuing and WRED dropping based on packet marking enabled in the SP core

• QoS is an end-to-end proposition



References

• QoS on CCO

http://www.cisco.com/ios/qos

• QoS Configuration Guide

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/qos_c/

• QoS command reference guide

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/qos_r/index.htm

• AVVID QoS Design Guide

http://www.cisco.com/univercd/cc/td/doc/product/voice/ip_tele/avvidqos/index.htm


Recommended Reading

IP Quality of ServiceISBN: 1578701163

Cisco Catalyst QoS: Quality of Service in Campus NetworksISBN: 1587051206

Cisco Multiservice Switching Networks ISBN: 1587050684

Available on-site at the Cisco Company Store



Recommended Reading

Cisco DQOS Exam Certification Guide (IP Telephony Self-Study)ISBN: 1587200589Available in Aug 2003

Available on-site at the Cisco Company Store


Please Complete Your Evaluation Form

Session RST-2081

Deploying Quality of Service for Converged Networks

Documents

Transcript of Deploying Quality of Service for Converged Networks