QoS In The Enterprise
-
Upload
private -
Category
Technology
-
view
8.253 -
download
6
description
Transcript of QoS In The Enterprise
![Page 1: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/1.jpg)
Quality of Service
Deploying Cisco QoS in the Enterprise
Tanner HilandMay 17, 2007
Updated March 25, 2010
![Page 2: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/2.jpg)
2
AcronymsDo you know what these stand for?
CoSToSDSCPPHBEF / AF / CSIPP1p3q8tPQ / CQ / CBWFQ / LLQWREDWTD
![Page 3: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/3.jpg)
3
Overview
• Main CategoriesPreferential Traffic TreatmentSquelch Traffic TreatmentEverything Else
• ReasoningBuild networks to withstand the unexpectedSaturated network linksNetwork Attacks
![Page 4: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/4.jpg)
4
QoS Components
Classification and Marking
Congestion Management• Scheduling and Queuing
Congestion Avoidance• WRED
Bandwidth Management• Policing and Markdown
Monitoring
![Page 5: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/5.jpg)
5
CLASSIFICATION
![Page 6: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/6.jpg)
6
![Page 7: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/7.jpg)
7
ClassificationWhat traffic do you want to match?
•MAC Address
•802.1p CoS
Layer 2•IP
Address
•DSCP/IPP
Layer 3
•Protocol (TCP/UDP)
•TCP/UDP Port Number
Layer 4
•Network-Based Application Recognition (NBAR)
Layer 7
![Page 8: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/8.jpg)
8
Classification Configuration Example
access-list 100 permit tcp host 1.1.1.1 any eq 80
class-map match-all CLASS-VOICE match dscp ef
ip nbar custom SYSLOG_CUSTOM 1 variable priority 3 udp 514
class-map match-any CLASS-POLICE-SYSLOG match protocol SYSLOG_CUSTOM priority 190
Match by Access-List
Match by existing DSCP value
Match by Payload with NBAR
![Page 9: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/9.jpg)
9
Classification NBAR In-(not-so-much) Depth
• Full layer-7 inspection– Match protocols + payload data
• ExamplesMatch Citrix applicationMatch HTTP URL’sMatch syslog levelMatch RTP stream based on codec (G.711/G.729a)
• Does it slow down traffic?Yes, but not much. First packet deeply inspected,
subsequent packets are CEF-switched
class-map match-any CLASS-CRITICAL match protocol citrix app WORD match protocol http url *.site.com* match protocol http mime image/jpeg
![Page 10: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/10.jpg)
10
MARKING
![Page 11: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/11.jpg)
11
MarkingHow do you want to indicate packet priority?
Layer 2
• CoS (3-bits)
Layer 3
• IPP (3-bits)• DSCP (6-bits)• ECN
Let’s look at the packet…
![Page 12: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/12.jpg)
12
MarkingIP Header
802.1Q/p VLAN Frame Format
DSCP FormatIP Precedence (IPP) Format
IPv4 ToS Bits
![Page 13: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/13.jpg)
13
Marking Example
policy-map POLICY-QOS-INGRESS class CLASS-VOICE-STREAM set cos 5
policy-map POLICY-QOS-INGRESS class CLASS-VOICE-STREAM set dscp ef
Mark to CoS Value
Mark to DSCP Value
![Page 14: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/14.jpg)
14
MarkingDSCP Terminology
• DSCP– Value in numeric form (e.g., DSCP 46, 24)
• Per-Hop Behaviors (PHBs)– Define forwarding behavior• Class Selectors (CS1-7, maps to IPP values)• Assured Forwarding (AFxy)
x = DiffServ Class ranging from 1-4y = Drop Preference from 1-3 (3 being dropped most often)
• Expedited Forwarding (EF)
![Page 15: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/15.jpg)
15
MarkingEndpoints and Trust
Untrusted
WorkstationsServers
Uncontrolled Nodes
Trusted
CallManagerWireless Access Points
Voice GatewaysFaxes
Conference Phones
Conditionally-Trusted
Cisco IP Phones
![Page 16: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/16.jpg)
16
MarkingEndpoints and Trust
![Page 17: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/17.jpg)
17
Classification and Marking DesignQoS Baseline Marking Recommendations
ApplicationL3 Classification
DSCPPHBIPP CoS
Transactional Data 18AF212 2
Call Signaling 24CS3*3 3
Streaming Video 32CS44 4
Video Conferencing 34AF414 4
Voice 46EF5 5
Network Management 16CS22 2
L2
Bulk Data 10AF111 1
Scavenger 8CS11 1
Best Effort 000 0
Routing 48CS66 6
Mission-Critical Data 26AF31*3 3
![Page 18: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/18.jpg)
18
RFC 4594 - Configuration Guidelines for DiffServ Service ClassesNew
(ish)
![Page 19: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/19.jpg)
19
Marking Notes
• External Packet Prioritization TagsTransmitted IGP/EGP packets are auto-marked DSCP
CS6 by default• Internal Packet Prioritization Tags
IGP’s (EIGRP, OSPF, etc.) are internally marked “PAK_PRIORITY” for intra-router preferential treatment
• CoS-DSCP Maps, DSCP Mutation, etc.• DSCP passes through if switch QoS disabled
![Page 20: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/20.jpg)
20
SCHEDULING & QUEUING
![Page 21: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/21.jpg)
21
Scheduling & Queuing
Output Queue
Priority Queuing
(PQ)
Custom Queuing (CQ)
Weighted Fair Queuing
(WFQ) Class-Based Weighted Fair
Queuing (CBWFQ)
Low Latency Queuing (LLQ)
TxRing
![Page 22: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/22.jpg)
22
Queuing• Why queuing?– Rearrange packets waiting to be
transmitted• LLQ– Combo of PQ (strict) + CBWFQ– Typically PQ (strict) + CBWFQ + FQ
• Caveats– Platform specific priority and transmit
queues (Q1 vs Q4, 1P2Q2T)
![Page 23: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/23.jpg)
23
QueuingLLQ Diagram
![Page 24: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/24.jpg)
24
VoIP Bandwidth Requirements
Calculate bandwidth per call• Stream (codec + L3 + L2 overhead)– G.711 = 77-93 Kbps (without cRTP)– G.729A = 21-37 Kbps (without cRTP)
• Call Signaling– 150 bytes per phone for voice control
• Call Admission Control (CAC)– Prevents CUCM from placing WAN call if not enough
priority bandwidth
![Page 25: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/25.jpg)
25
QueuingExample
policy-map POLICY-QOS-EGRESS class CLASS-ROUTING bandwidth percent 2 class CLASS-VOICE-STREAM priority percent 20 class CLASS-VIDEO-INTERACTIVE bandwidth percent 29 class CLASS-CALL-SIGNALING bandwidth percent 3 class CLASS-MISSION-CRITICAL bandwidth percent 24 random-detect dscp-based class CLASS-SCAVENGER bandwidth percent 1 random-detect dscp-based class class-default bandwidth percent 21 random-detect dscp-based
interface Serial 0/1/0 bandwidth 1536 ip nbar protocol-discovery max-reserved-bandwidth 100 service-policy output POLICY-QOS-EGRESS
![Page 26: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/26.jpg)
26
CONGESTION AVOIDANCE
![Page 27: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/27.jpg)
27
Congestion Avoidance• Why care about congestion avoidance?
– Manages the tail of the queue– Queue full = no QoS
• Mechanisms– Random Early Detect (RED)– Weighted Random Early Detect (WRED)– DSCP-based WRED– WRED sets IP ECN bits
• Examplepolicy-map POLICY-QOS-EGRESSclass CLASS-SCAVENGER bandwidth percent 1 random-detect dscp-based
![Page 28: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/28.jpg)
28
Congestion AvoidanceMonitoring Drops
Check Total Interface Drops
sh int s1/0 | i drop Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops:
344321
Check Drop Detailssh policy-map int s1/0 output Class-map: CLASS-SCAVENGER (match-any) (depth/total drops/no-buffer drops) 0/336172/0 dscp Transmitted Random drop Tail drop Minimum Maximum Mark pkts/bytes pkts/bytes pkts/bytes thresh thresh probaf42 0/0 0/0 0/0 28 40 1/10af43 0/0 0/0 0/0 24 40 1/10 cs1 1714453/21300774 330232/478897145 5940/8446381 22 40 1/10 cs2 0/0 0/0 0/0 24 40 1/10 cs3 0/0 0/0 0/0 26 40 1/10
![Page 29: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/29.jpg)
29
POLICING & MARKDOWN
![Page 30: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/30.jpg)
30
Policing & Markdown• Switch
– Only supports single-rate policerpolicy-map POLICY-QOS-INGRESS class CLASS-VOICE-STREAM set dscp ef police 128000 8000 exceed-action {drop|policed-dscp-transmit}
• Router– Two-Rate Policerpolice 128000 8000 conform-action transmit exceed-action set-dscp-
transmit af32 violate-action set-dscp-transmit af33• exceed-action :: action when rate is within conform and conform + exceed burst• violate-action :: action when rate is greater than conform + exceed burst
![Page 31: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/31.jpg)
31
ExamplesSwitch (Mapping on Catalyst 3750)
mls qos map cos-dscp 0 8 16 24 32 46 48 54mls qos map policed-dscp 0 10 18 24 25 26 34 to 8
mls qos srr-queue output cos-map queue 1 threshold 3 5mls qos srr-queue output cos-map queue 2 threshold 1 2 4mls qos srr-queue output cos-map queue 2 threshold 2 3mls qos srr-queue output cos-map queue 2 threshold 3 6 7mls qos srr-queue output cos-map queue 3 threshold 3 0mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 46mls qos srr-queue output dscp-map queue 2 threshold 1 16mls qos srr-queue output dscp-map queue 2 threshold 1 18 20 22mls qos srr-queue output dscp-map queue 2 threshold 1 32mls qos srr-queue output dscp-map queue 2 threshold 1 34 36 38mls qos srr-queue output dscp-map queue 2 threshold 2 24 26mls qos srr-queue output dscp-map queue 2 threshold 3 48 56mls qos srr-queue output dscp-map queue 3 threshold 3 0mls qos srr-queue output dscp-map queue 4 threshold 1 8mls qos srr-queue output dscp-map queue 4 threshold 3 10 12 14
mls qos queue-set output 1 threshold 2 70 80 100 100mls qos queue-set output 1 threshold 4 40 100 100 100mls qos
Output Queuing using CoS
Output Queuing
using DSCP
Queue Drop
Thresholds
![Page 32: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/32.jpg)
32
ExamplesSwitch (Mark and Police)
mls qos map policed-dscp 0 10 18 24 25 26 34 to 8
ip access-list extended ACL-VOICE-STREAM remark --- VoIP RTP Call Stream permit udp 10.0.0.0 0.0.0.255 any range 16384 32768
class-map match-all CLASS-VOICE-STREAM match access-group name ACL-VOICE-STREAM
policy-map POLICY-QOS-INGRESS class CLASS-VOICE-STREAM set dscp ef police 128000 8000 exceed-action drop class class-default set dscp 0 police 5000000 8000 exceed-action policed-dscp-transmit
interface FastEthernet 1/0/1 srr-queue bandwidth share 1 70 25 5 srr-queue bandwidth shape 3 0 0 0 priority-queue out service-policy input POLICY-QOS-INGRESS
![Page 33: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/33.jpg)
33
ExamplesRouter LAN (Marking)class-map match-all CLASS-MARK-MISSION-CRITICAL match protocol http url orders.cisco.com* match input-interface FastEthernet 0/0
class-map match-any CLASS-MARK-SCAVENGER match protocol bittorrent match protocol edonkey match protocol fasttrack match protocol gnutella match protocol kazaa2 match protocol napster match protocol winmx
policy-map POLICY-QOS-INGRESS class CLASS-MARK-MISSION-CRITICAL set dscp af31 class CLASS-MARK-SCAVENGER set dscp cs1
interface FastEthernet 0/1 description --- FROM LAN ip nbar protocol-discovery service-policy input POLICY-QOS-INGRESS
![Page 34: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/34.jpg)
34
ExamplesRouter WAN (Queuing)class-map match-all CLASS-ROUTING match dscp cs6class-map match-all CLASS-VOICE-STREAM match dscp efclass-map match-any CLASS-SCAVENGER match dscp cs1
policy-map POLICY-QOS-EGRESS class CLASS-ROUTING bandwidth percent 2 class CLASS-VOICE-STREAM priority percent 20 class CLASS-SCAVENGER bandwidth percent 1 random-detect dscp-based class class-default bandwidth percent 21 random-detect dscp-based
interface Serial 0/1/0 max-reserved-bandwidth 100 ip nbar protocol-discovery service-policy output POLICY-QOS-EGRESS
![Page 35: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/35.jpg)
35
ExamplesRouter WAN (Remark)
class-map match-any CLASS-REMARK-AF31-TO-AF41 match dscp af31class-map match-any CLASS-REMARK-AF21-TO-AF31 match dscp af21
policy-map POLICY-QOS-WAN-INGRESS description --- Remark DSCP values from carrier class CLASS-REMARK-AF31-TO-AF41 set dscp af41 class CLASS-REMARK-AF21-TO-AF31 set dscp af31
interface Serial 0/1/0 service-policy input POLICY-QOS-WAN-INGRESS
![Page 36: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/36.jpg)
36
Best Practices
• Classify and mark applications as close to their sources as technically and administratively feasible.
• Use DSCP markings whenever possible• Always enable QoS policies in hardware (switch)— rather than software
(router)—whenever a choice exists• Follow standards-based DSCP PHB markings to ensure interoperability
and future expansion• Police traffic flows as close to their sources as possible.• Whenever supported, markdown should be done according to
standards-based rules• The only way to provide service guarantees is to enable queuing at any
node that has the potential for congestion• Limit the amount of strict priority queuing to no more than 33 percent
of link capacity
![Page 37: QoS In The Enterprise](https://reader034.fdocuments.us/reader034/viewer/2022052522/54b366e34a79598b398b4591/html5/thumbnails/37.jpg)
37
More
• SRND– http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmig
ration_09186a008049b062.pdf
• CallManager CAC– http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_impleme
ntation_design_guides_list.html
• Crypto and QoS– http://
cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a00800b3d15.shtml