1761 end to end.book page 712 tuesday, october 12, 2004 2...

1761_End_To_End.book Page 712 Tuesday, October 12, 2004 2:53 PM

I N D E X

Numerics10-Class WAN Edge Model, 5151P2Q1T queuing and dropping, 401–4041P2Q2T queuing and dropping, 405–4081P3Q1T mode, 3221P3Q1T queuing and dropping, 408–4101P3Q8T queuing and dropping, 411–4141P7Q8T queuing and dropping, 415–4181PxQyT queuing, 362Q2T queuing and dropping, 396-398

show qos info config 2q2 tx verification command, 398

show qos info runtime verification command, 399–400

show queuing interface verification command, 400

33 percent limit (sum of LLQs), 4504Q1T mode, 322802.11e, 275–277802.1D, classes of service, 279802.1Q/p, translating to and from DSCP, 92–93

Aaccess control entries (ACEs), 225access layer

Catalyst 3550 QoS design, 325policers, 54

access point (AP), 271access switches

configuring to conditionally trust CoS, 319access switches (campus networks), 291access-edge QoS design, 290access-edge trust boundaries, 302

Conditionally Trusted Endpoint Models, 303, 307–312

Trusted Endpoint Models, 302–304Untrusted Endpoint Models, 304–307

access-edge utilization, 293ACEs (access control entries), 225ACLs, MQC-based class maps, 233adaptive jitter buffers, 36admission control, 197

admission criterion (Real-Time class), 563–565ADSL (Asynchronous Digital Subscriber Lines),

672aggregate policers (Catalyst 6500), 258aggregation routers, 505–507algorithms

MDRR, 585queuing, 133

CBWFQ, 140comparison, 138PQ-WFQ, 139priority queuing, 137WFQ, 137

shaping, 120token bucket algorithms, 105

analog gateways, 303Anti-Replay drops, 638, 656Anti-Replay functionality (IPSec QoS design),

654-656any-to-any videoconferencing, 548–549AP (access point), 271applications

data applications by class, 46–47Mission-Critical Data, 43Streaming-Video, 41unidirectional, 513

architectures (MPLS VPNs). See MPLS VPN-QoS design

Assured Forwarding, 16asymmetric links, 677Asynchronous Digital Subscriber Lines (ADSL),

672ATM, 176

PVC bundles, 147Tx-rings, 489WAN edge link-specific QoS design

ATM-FR SIW, 497–501high-speed links, 494–495medium-speed links, 493slow-speed links, 488–493very-high-speed links, 496–497

ATM CLP (ATM Cell-Loss Priority bit), 84ATM inverse multiplexing over ATM, 493ATM networks, 121–122ATM PVC bundles, slow-speed, 490–492


714

ATM-FR SIW (ATM-to-Frame Relay Service Interworking), 497–498

slow-speed links, 499–501attacks (worms), 50-54authentication

ESP, 654IPSec, 657

AutoQoS (Automatic QoS), 24–25Enterprise feature, 25–26evolution of, 28

Bbackbone, 583–587bandwidth

Catalyst 4500, 251Eight-Class Model, 461guarantees, 137, 565ISDN, 501provisioning, 143, 645

Best-Effort class, 449Real-Time class, 449teleworker V3PN QoS, 674–677WAN aggregators, 449VoIP, 646

reservations, 195RSVP, 196–197statements, on class default, 457VoIP streams, 36–38

Bc (committed burst), 105, 479Be (excess burst), 110, 480bearer traffic

jitter, 36–38latency, 34–35loss, 34

Best-Effort classbandwidth provisioning, 449enabling WRED, 457

Best-Effort data, 44best-effort networks, 11best-effort service, 15binary eponential backoff, 274branch router QoS design, 513

case study, 535–540LAN edge, 517

branch-to-campus classification and marking, 519–525

DSCP-to-CoS remapping, 518NBAR known worm classification and

policing, 526–535WAN edge, 514–515

branch-to-branch traffic, 548branch-to-campus classification and marking,

519–521NBAR application classification, 523–525source or destination IP address marking, 520TCP/UDP classification, 522

broadbandserialization mitigation through TCP maximum

segment size tuning, 678–679split tunneling, 679–681UDP-based video applications, 678

broadband-access technologies, 671cable, 673DSL, 672

buffer space, 135buffers, 36–38Bulk Data class, 44

Ccable, 671-673

DOCSIS 1.1 specification, 678Integrated Unit + Access Models, 684–685overhead, 676–677uplink connections, 677

CAC (call admision control), 205CallManager locations CAC, 209–211defined, 206GK CAC, 211local CAC tools, 208measurement-based CAC tools, 208prering CAC, 212resource-based CAC tools, 209RSVP, 212tool categories, 207VoIP CAC through RSVP, 215

Call-SignalingMPLS VPN CE QoS design considerations, 553campus QoS design, 295

Call-Signaling traffic, jitter, 38

ATM-FR SIW (ATM-to-Frame Relay Service Interworking)


715

CallManager environments, 296–301CallManager locations CAC, 209–211CallManager services, 295campus Catalyst switches, 24campus networks

oversubscription ratios, 291QoS design. See campus QoS designtraffic, 339underutilization, 290

campus QoS design, 289–290access switches, 291Call-Signaling, 295case study, 422–439Catalyst 2950

Conditionally Trusted IP Phone + PC Advanced Model, 322

Conditionally Trusted IP Phone + PC Basic Model, 319–320

queuing, 322–325Trusted Endpoint Model, 314–315Untrusted Multiapplication Server Model,

315–319Untrusted PC with SoftPhone Model, 315

Catalyst 2970/3750, 342–343Conditionally Trusted IP Phone + PC

Basic Model, 346–348enabling/disabling QoS, 343queuing/dropping, 351–356Trusted Endpoint Model, 343–346Unconditionally Trusted IP Phone + PC

Basic Model, 348–351Untrusted PC with SoftPhone Model, 344Untrusted Server Model, 345

Catalyst 3550, 325–327Conditionally Trusted IP Phone + PC

Advanced Model, 333–336Conditionally Trusted IP Phone + PC

Basic Model, 331–333queuing and dropping, 336–341Trusted Endpoint Model, 327Untrusted PC with SoftPhone Model,

327–329Untrusted Server Model, 330–331

Catalyst 4500, 357–358Conditionally Trusted IP Phone + PC

Advanced Model, 364–366


queuing, 366–370show qos dbl command, 370show qos interface command, 371–372show qos maps dscp tx-queue command,

370–371Trusted Endpoint Model, 359Untrusted PC with SoftPhone Model,


Catalyst 6500, 372, 3741P2Q1T queuing and dropping, 401–4041P2Q2T queuing and dropping, 405–4081P3Q1T queuing and dropping, 408–4101P3Q8T queuing and dropping, 411–4141P7Q8T queuing and dropping, 415–4182Q2T queuing and dropping, 396–400CatOS defaults/recommendations, 375Conditionally Trusted IP Phone + PC


Basic Model, 386–387congestion avoidance, 384PFC3 distribution-layer Per-User

Microflow Policing, 419queuing/dropping, 391–396show port qos command, 376–377Trusted Endpoint Model, 375Untrusted PC with SoftPhone Model,


defining designs, 292DoS/worm mitigation, 292–294WAN aggregator/branch router handoff,

420–422campus-to-branch traffic, 548CAR (committed access rate), 79, 107–108case studies

branch router QoS design, 535–540campus QoS design, 422–439IPSec VPN QoS design, 686

telecommuter router, 694–695V3PN branch router design, 691–693VPN headend design, 687–689WAN aggregator QoS design, 689–690

case studies


716

MPLS VPN QoS design, 616CE routers, 617-619PE routers, 620–630P routers, 630–631

WAN aggregation router QoS design, 505–507Catalyst 2950, 314–315

classification, marking, and mapping, 233Conditionally Trusted IP Phone + PC Advanced

Model, 322Conditionally Trusted IP Phone + PC Basic

Model, 319CoS-to-DSCP map, 233DSCP-to-CoS map, 234policing and markdown, 234queuing, 235, 322–323

show wrr-queue bandwidth command, 324show wrr-queue cos-map command, 325

range keyword, 315Trusted Endpoint Model, 314–315Untrusted Multiapplication Server Model,

315–318show class-map and show policy-map

verification commands, 318show mls masks qos verification

command, 319show mls qos interface policers

verification command, 318Untrusted PC with SoftPhone Model, 315vs. Catalyst 3550, 231

Catalyst 2970, 242, 342–343classification, marking, and mapping, 243Conditionally Trusted IP Phone + PC Basic

Model, 346–348enabling/disabling QoS, 343policing and markdown, 244queuing/dropping, 244–246, 351–356Trusted Endpoint Model, 343–346Unconditionally Trusted IP Phone + PC Basic

Model, 348–351Untrusted PC with SoftPhone Model, 344Untrusted Server Model, 345

Catalyst 3550, 235, 325–327classification, marking, and mapping, 237Conditionally Trusted IP Phone + PC Advanced

Model, 333–336Conditionally Trusted IP Phone + PC Basic

Model, 331–333

DSCP mutation maps, 237policing and markdown, 238–239queuing and dropping, 240–241, 336–339

show mls qos interface buffers verification command, 340

show mls qos interface queuing verification command, 341

Trusted Endpoint Model, 327Untrusted PC with SoftPhone Model, 327–329Untrusted Server Model, 330–331

Catalyst 3750, 242, 342–343classification, marking, and mapping, 243Conditionally Trusted IP Phone + PC Advanced


Model, 347–348enabling/disabling QoS, 343policing and markdown, 244queuing/dropping, 244–246, 351–356Trusted Endpoint Model, 343–346Untrusted PC with SoftPhone Model, 344Untrusted Server Model, 345

Catalyst 4500, 247, 357–358classification, marking, and mapping, 248–249Conditionally Trusted IP Phone + PC Advanced


Model, 362–364DSCP-to-queue maps, 251enabling QoS, 248policing and markdown, 249–250queuing, 366–370queuing and dropping, 250–252show qos dbl command, 370show qos interface command, 371–372show qos maps dscp tx-queue command,

370–371Trusted Endpoint Model, 359Untrusted PC with SoftPhone Model, 359–360Untrusted Server Model, 360–362

Catalyst 6500, 252, 372, 374CatOS

1P2Q1T queuing and dropping, 401–4041P2Q2T queuing and dropping, 405–4081P3Q1T queuing and dropping, 408–4101P3Q8T queuing and dropping, 411–4141P7Q8T queuing and dropping, 415–418

case studies


717

2Q2T queuing and dropping, 396–400Conditionally Trusted IP Phone + PC


Basic Model, 386–387congestion avoidance, 384defaults/recommendations, 375queuing/dropping, 391–396Trusted Endpoint Model, 375Untrusted PC with SoftPhone Model,

378–379, 381–382Untrusted PC with SoftPhone Model

Model, 379–382Untrusted Server Model, 383–386

classification, marking and mapping, 254–256enabling QoS, 254PFC QoS, 261PFC3 distribution-layer Per-User Microflow

Policing, 419policing and markdown, 257–259queuing and dropping, 259–263Supervisor 720, 253Trusted Endpoint Model

show port qos command, 376–377VLAN-based QoS, 254WRED-drop thresholds, 262

Catalyst 6500 configuring microflow policers, 257Catalyst QoS Models, 224

classification, 225policing, 227queuing, 228-230

CatOS defaults/recommendations, 375CBR (constraint-based routing), 603CBWFQ (Class-Based Weighted Fair Queuing),

133, 139–140CDP (Cisco Discover Protocol), 307CE bit, 163CE design, 556–563CE routers, MPLS VPN QoS design case study,

617-619CEF (Cisco Express Forwarding), 74Channel Utilization field, 278CIR (committed information rate), 105

Frame Relay networks, 479policing behavior based on percentages, 118

Cisco 12000 routerspriority command, 587queuing, 585

Cisco Discover Protocol (CDP), 307Cisco Express Forwarding (CEF), 74class default policing, 112class selectors, 16class-based Frame Relay traffic shaping, 123–124class-based marking, 77class-based policing, 79, 109

benefits, 109single-rate three-color marker/policer, 110–112two-rate three-color marker/policer, 112–113

class-based shaping, 126-127Class-Based Weighted Fair Queuing (CBWFQ), 133classes of service (802.1D), 279classification, 57, 68–69

branch-to-campus, 519Catalyst 2950, 233Catalyst 2970, 243Catalyst 3550, 237Catalyst 3750, 243Catalyst 4500, 248–249Catalyst 6500, 254–256Catalyst QoS models, 225NBAR application, 523–524source or destination IP addresses, 520TCP/UDP, 522tools, 70

MQC-based class maps, 71–72NBAR, 73–77

Code Red, 527codecs (frame-based), 34CodeRedv2, 528color-aware policing, 116–117color-blind policing, 117commands, 47–48

commit all command, 377dbl policy command, 367frame-relay fragment command, 481match protocol dlsw command, 48max-reserved-bandwidth, 559–563mls qos cos override interface command, 316ping vrf command, 601–602ppp multilink links minimum command, 504priority-queue out command, 240qos dbl command, 367qos map dscp to tx-queue command, 367show atm bundle command, 493show atm pvc command, 489show atm vc command, 492

commands


718

show class-map verification command, 318show controllers command, 451show frame-relay fragment command, 482show ima interface atm command, 495show ip access-list command, 521show ip bgp vpnv4 all command, 615show ip nbar map command, 525show ip rsvp interface command, 599show ip rsvp neighbor command, 599show mls masks qos verification command, 319show mls qos command, 358show mls qos interface buffers verification

command, 340show mls qos interface policers verification

command, 318show mls qos interface queuing verification

command, 341show mls qos interface statistics verification

command, 329show mls qos maps command, 356show mls qos maps dscp-output-q command,

356show mpls interface command, 600show mpls traffic-eng topology command,

614–615show mpls traffic-eng tunnels command, 601show mpls traffic-eng tunnels summary

command, 600show policy command, 456show policy interface command, 469show policy interface verification command,

329show policy-map verification command, 318show port qos commands, 376–377show ppp multilink command, 478show qos acl verification command, 380show qos command, 358show qos dbl command, 370show qos info config 2q2 tx verification

command, 398show qos info runtime verification command,

399–400show qos interface command, 371–372show qos maps dscp tx-queue command,

370–371show qos maps verification command, 379show qos policer verification command, 381

show qos statistics verification command, 382show queuing interface verification command,

400show wrr-queue bandwidth command, 324show wrr-queue cos-map command, 325trust-device command, 386tx-queue command, 367tx-ring-limit command, 490wrr-queue bandwidth command, 322wrr-queue cos-map command, 240wrr-queue dscp-map interface configuration

command, 339wrr-queue queue-limit command, 240wrr-queue queue-limit interface command, 338

show mls qos map, 320commit all command, 377committed access rate (CAR), 79, 107–108committed burst rate (Bc, 105, 479committed information rate. See CIRcompatibility (802.1D classes of service), 279compression

G.729 voice compression, 170hardware compression, 181

Conditionally Trusted Endpoint Models (Trust Boundaries), 303, 307–312


Catalyst 2970/3750, 348–351Catalyst 3550, 333–336Catalyst 4500, 364–366Catalyst 6500, 387–391

Conditionally Trusted IP Phone + PC Basic Model, 319, 346–347

Catalyst 2970/3750, 346–348Catalyst 3550, 331–333Catalyst 4500, 362–364Catalyst 6500, 386–387

configuring1P2Q2T queuing, 4071P3Q1T queuing, 4101P3Q1T queuing model, 3371P3Q8T queuing, 4121P7Q8T queuing, 416–417Catalyst 2950 switches


commands

1761_End_To_End.book 18 Tuesday, October 12, 2004 2:53 PM

719


queuing, 322–323Trusted Endpoint Model, 314–315Untrusted Multiapplication Server Model,

315–316, 318–319Untrusted PC with SoftPhone Model, 315

CoS-to-queue mapping (Catalyst 3550), 240cRTP for ATM links, 176DSCP mutation, 238FR-VATS, 125individual policer on Catalyst 4500, 250IPSec authentication, 657MCMP for an ISDN interface, 185microflow policing on Catalyst 6500, 257MLP LFI, 184MPLS DS-TE, 606–613MPLS per-VPN TE, 592–598PFC, 255policing, 234QoS on Cisco APs, 281queuing (Catalyst 2950), 235RSVP, 196SRR shaping and sharing weights on Catalyst

2970/3750, 246trust on Catalyst 6500, 255VLAN-based QoS on Catalyst 6500, 254WRED, 162

configuring WRED-drop thresholds, 262confirming traffic, 107congestion avoidance

Catalyst 6500, 384tools, 159

DSCP-based WRED, 162–163explicit congestion notification, 163RED, 160WRED, 161–162

congestion-management tools, 133converged networks, 135–136

connecting trusted endpoints, 304consistent QoS behavior, 453constraint-based routing (CBR), 603constricted channels, 159control plane QoS

IP routing, 48–49network management, 49

controlled load, 15, 197controlling traffic

branch-to-branch, 548campus-to-branch, 548

converged networkscongestion-management tools, 135–136QoS, 12–14

convergence, 449Core Best-Effort class, 584Core Critical Data class, 584core QoS considerations, 582

aggregate bandwidth overprovisioning, 583DiffServ in the backbone

platform specific considerations, 585–587Three-Class Provider-Core Model,

583–585MPLS traffic engineering, 587

basic, 588–590MPLS DS-TE, 603–615MPLS per-VPN TE, 591–602

Core Real-Time class, 584CoS values, assigning queues, 240CoS-to-DSCP maps

Catalyst 2950, 233Catalyst 6500, 256

control plane provisioning, 657CQ (custom queuing), 137cRTP (RTP header compression), 172

class-based header compression, 178–179configuring for ATM links, 176formats, 173

Cisco propriety format, 173IETF format, 174IPHC, 173

formats and encapsulation summary, 177–178incompatibility with IPSec, 643–644Layer 2 encapsulation protocol support, 175

ATM, 176Frame Relay, 176HDLC, 175PPP, 175

LLQ, 145policing and shaping, 180tunnels, 180

crypto engine, 651–652cTCP (TCP header compression), 171custom queuing (CQ), 137

custom queuing (CQ)


720

CWmax, 278, 282CWmin, 274, 278, 282

Ddata

applications by class, 46–47QoS, 42–43

Best-Effort data, 44DLSw+, 47–48locally defined Mission-Critical Data, 45Transactional Data/Interactive Data, 45

data frames (802.11), 272data VLANs (DVLANs), 314datagrams, 153data-link connection identifiers (DLCIs), 123data-link switching plus (DLSw+), 47–48DBL (dynamic buffer limiting), 366-367DCF (Distributed Coordination Function), 272

Interframe Spaces, 272random backoffs, 273

DDR (dial-on-demand routing), 503DDT (delay to dial tone), 38delay budgets (IPSec VPNs), 647delay to dial tone (DDT), 38delay variation, 13–14. See also jitterdeploying

IPSec VPNs via DMVPN, 646LFI tools, 450policers, 106QoS designs, 62Untrusted Server Model on Catalyst 2950, 315

designing QoSclassification and marking principles, 57deployment, 62DoS and worm mitigation principles, 61–62policing and markdown principles, 57–58queuing and dropping principles, 58–60

destination IP address classification, 520DHCP, translating to Frame Relay DE bit, 94dial-on-demand routing (DDR), 503Differentiated Services code points (DSCPs), 87DiffServ, 16

advantages of DiffServ model, 16deploying in backbone

platform specific considerations, 585–587

Three-Class Provider-Core Model, 583–585

DIFS, 272Digital Subscriber Line. See DSLdisabling

flow control, 327native DLSw+ ToS markings, 48QoS on Catalyst 2970/3750, 343

Discard class placeholder, 568Distributed Coordination Function (DCF), 272distributed platform frame relay links, 486-487distributed platform QoS, 453distributed traffic shaping (DTS), 128, 486Distributed-Platform/Consistent QoS Behavior QoS

Baseline Model, 465–466distribution layer, Catalyst 3550 QoS design, 325DLCIs (data-link connection identifiers), 123dlsw tos disable command, 48dlsw tos map command, 47DLSw+ (data-link switching plus), 47–48DMVPNS (Dynamic Multipoint Virtual Private

Networks), 646DOCSIS 1.1 specification, 674, 678dominating links (VoIP), 449DoS attacks

campus network mitigation strategies, 292–294mitigation principles, 61–62

downstream QoS, 271drop thresholds (Catalyst 2970 and 3750), 245dropping, 58–60

Anti-Replay, 656Catalyst 2970, 244–246Catalyst 3550, 240–241, 336–339Catalyst 3750, 244–246Catalyst 4500, 250–252Catalyst 6500, 259–263, 391–394

1P2Q1T queuing and dropping, 401–4041P2Q2T queuing and dropping, 405–4081P3Q1T queuing and dropping, 408–4101P3Q8T queuing and dropping, 411–4141P7Q8T queuing and dropping, 415–4182Q2T queuing and dropping, 396–400

DSCPs (Differentiated Services code points), 87DSCP-based WRED, 162–164mutation maps (Catalyst 3550), 237

DSCP-to-CoS mapsCatalyst 2950, 234Catalyst 3550, 237

CWmax


721

DSCP-to-CoS remapping, 518DSCP-to-queue maps

Catalyst 4500, 251DSL (Digital Subscriber Line), 671-672

Integrated Unit + Access Models, 684–685Integrated Unit/Dual-Unit models, 682uplink connections, 677

DSL (AAL5 + PPPoE) overhead, 675–676DSLAM (DSL Access Multiplexer), 671DTS (distributed traffic shaping), 128, 486Dual-Unit Model, 669, 682DVLANs (data VLANs), 314dynamic buffer limiting (DBL), 366Dynamic Multipoint Virtual Private Networks

(DMVPNs), 646

EEAP (Extensible Authentication Protocols), 308ECN bit, 164–165ecn keyword, 165ECT bit, 163EDCF (Enhanced Distributed Coordination

Function), 275–277EI (Enhanced Image), 232Eight-Class Model, 460-462Eight-Class Site-to-Site V3PN Model, 660–664EMI (Enhanced Multilayer Software Image), 243enabling

MLPoATM, 499QoS

Catalyst 4500, 248Catalyst 6500, 254Catalyst 2970/3750, 343

encryption, delay budgets, 648end users’ network expectations, 9endpoints, 201, 304end-to-end QoS, 10Enhanced Distributed Coordination Function

(EDCF), 275, 277Enhanced Image (EI), 232Enhanced Multilayer Software Image (EMI), 243enterprise resource planning (ERP), 42ERP (enterprise resource planning), 42errors (Anti-Replay), 655ESP authentication, 654

Ethernet 802.1Q tunnels, 82Ethernet 802.1Q/p, 81–82Ethernet downstream, 271evolution of QoS, 29exceeding traffic, 107excess burst rate (Be), 110, 480expedited forwarding, 16explicit congestion notification, 163Extensible Authentication Protocols (EAP), 308

FFIFO Tx-ring, 152Five-Class Model, 456–459Five-Class Provider-Edge Model, 565–566

MPLS VPN CE QoS design considerations, 561–563

Fixed Slot Time Default values, 278flow control, disabling, 327Four-Class Provider-Edge Model, 565


fragment sizesdistributed platform Frame Relay links, 486WAN link fragmentation, 183–184

frame-based codecs, 34Frame Relay

cRTP, 176Frame-Relay fragmentation, 185

FRF.11.1 and FRF.12.1, 187–188LFI for Frame Relay/ATM service

interworking, 188–189PVCs, 186–187

PIPQ, 150WAN edge link-specific QoS design, 478

Bc, 479Be, 480CIR, 479distributed platform links, 486–487high-speed links, 484–485medium-speed links, 482–484slow-speed links, 480–482

Frame Relay bundles, 148Frame Relay DE bit, translating to from DSCHP, 94Frame Relay Dual-FIFO, 150Frame Relay traffic shaping (FRTS), 122–123

Frame Relay traffic shaping (FRTS)


722

Frame Relay voice-adaptive traffic shaping (FR-VATS), 124–125

Frame-Relay DE bit, 83frame-relay fragment command, 481FRF.11.1 and FRF.12.1

fragmenting, 187–188FRF.8, 189FRTS (Frame Relay traffic shaping), 122–123FR-VATS (Frame Relay voice-adaptive traffic

shaping), 124–125

G - HG.729 voice compression, 170G.SHDSL, 673gatekeepers (GK), 211generic traffic shaping, 126GK (gatekeepers), 211GK CAC, 211global synchronization, 159goals of convergence, 449guaranteed load service, 197guaranteed services, 15guarantees (bandwidth), 137, 195, 565

handoffs (WAN aggregator/branch router), 420–422hardware compression, 181hardware crypto engines, 652HDLC (High-Level Data Link Control), 135, 175header-compression techniques, 170

class-based header compression, 178–179formats,


Layer 2 encapsulation protocol support, 175ATM, 176Frame Relay, 176HDLC, 175PPP, 175

RTP header compression (cRTP), 172standards, 171TCP header compression (cTCP), 171

hierarchical class-based shaping, 127hierarchical policing, 114

High Link-Speed QoS Class Models, 459Distributed-Platform/Consistent QoS Behavior

QoS Baseline Model, 465–466Eight-Class model, 460-462QoS Baseline Model, 463–465

High-Level Data Link Control (HDLC), 135high-speed ATM links, 494–495high-speed frame relay links, 484–485high-speed leased lines, 472–476

pkts matched statistics, 477show policy interface command, 473show ppp multilink command, 478

horizontal separation of traffic, 107how qos dbl command, 370hub routers

WAN aggregators, 548hub-and-spoke topology, 548, 646

IIANA (Internet Assigned Numbers Authority), 522IETF (Internet Engineering Task Force), 7IETF format, 174IMA (ATM inverse multiplexing over ATM), 493Integrated Services, 6Integrated Unit + Access Model, 669–670, 684–685Integrated Unit Model, 668, 682Interactive Data, 45Interactive-Video, 39Interframe Spaces, 272Internal DSCP value, 225Internet Assigned Numbers Authority (IANA), 522interoperability (RSVP), 213IntServ, 7, 15IP configuring stations, 303IP header compression format (IPHC), 171–173IP Precedence, 567IP routing, 48–49ip rsvp bandwidth command, 215IP RTP header compression, 451IP RTP priority, 139IP telephony, 307IP ToS (IP type of service), 86–87IP VPN Multiservice, 551IPHC (IP header compression format), 171–173

Frame Relay voice-adaptive traffic shaping (FR-VATS)


723

IPSecauthentication, 657incompatibility with cRTP, 643–644LLQ, 145prefragmentation, 190

IPSec-encrypted G.729 packets, 642IPSec Encryption Engines, 652IPSec QoS design, 635

Anti-Replay functionality, 655anti-replay functionality, 654–656bandwidth provisioning, 645–646control plane provisioning, 657cRTP and IPSec incompatibility, 643–644delay budget increases, 647headend VPN edge QoS options for site-to-site

V3PNs, 665–666packet overhead increases, 640–642pre-encryption queuing, 651–653prefragmentation, 645QoS Pre-Classify, 649site-to-site V3PN, 637

IPSec transport mode (encrypting an IP GRE tunnel), 638

IPSec tunnel mode (encrypting an IP GRE tunnel), 639–640

IPSec tunnel mode (No IP GRE tunnel), 638

site-to-site V3PN QoS modelsEight-Class Site-to-Site V3PN Model,

660-664Six-Class Site-to-Site V3PN Model,

658–659teleworker V3PN QoS, 666–667

asymmetric links and unidirectional QoS, 677

bandwidth provisioning, 674–677broadband-access technologies, 671–673deployment models, 667–670

topologies, 646ToS byte preservation, 649VPNs, 635

IPSec transport mode (encrypting an IP GRE tunnel), 638

IPSec tunnel mode (encrypting an IP GRE tunnel), 639–640

IPSec tunnel mode (No IP GRE tunnel), 638

IPSec VPN QoS design (case study), 686telecommuter router, 694–695V3PN branch router design, 691–693VPN headend design, 687–689WAN aggregator QoS design, 689–690

ISDN, 671WAN edge link-specific QoS design

CallManager CAC limitations, 503MLP packet reordering, 502variable bandwidth, 501voice and data on multiple ISDN B

channels, 503–504ITDP/UDP ports (CallManager environments),

296–301

J - Kjitter, 13, 35, 450jitter buffers, 37–38

adaptive, 36underruns, 14

keywords, 358

LLAN edge QoS design, 517

branch-to-campus classification and marking, 519–525

DSCP-to-CoS remapping, 518NBAR known worm classification and

policing, 526–535LANs

switching environments, 223QoS for wired vs. wireless, 270

latencyconverged networks, 13VoIP, 34–35

Layer 2access (MPLS VPN CE QoS design), 550–551marking fields, 81–82

ATM CLP, 84Frame-Relay DE bit, 83MPLS EXP bits, 84

queuing mechanisms, 150queuing subsystems, 136

Layer 2


724

Layer 3 marking fields, 88-90Layer 3 queuing mechanisms

CBWFQ, 139–140legacy, 136–137LLQ, 133, 140, 199, 450, 652- 653

ATM PVC bundles, 147bandwidth provisioning, 143–144cRTP, 145IPSec, 145LFI, 147MLP and Frame Relay bundles, 148operation, 141policing, 142VoFR, 149

Layer 3 queuing subsystems, 135leased lines, 467

high-speed, 472–478medium-speed, 471slow-speed, 467–470

legacy Layer 3 queuing mechanisms, 136–137LFI (Link Fragmentation and Interleaving)

for Frame Relay/ATM service interworking, 188–189

LLQ, 147tools, 182, 450

line card queuing structures (catalyst 6500), 393–396

linksasymmetric, 677ATM

high-speed, 494–495medium-speed, 493slow-speed, 488–493very-high-speed, 496–497

capacity, 293Eight-Class Site-to-Site V3PN Model, 662Frame Relay networks

distributed platform, 486–487high-speed, 484–485medium-speed, 482-484slow-speed, 480–482

speed, 452VoIP, dominating, 449

link-specific tools, 19, 169LLQ (low-latency queuing), 133, 140, 199, 450,

652-653ATM PVC bundles

LLQ, 147

bandwidth provisioning, 143–144cRTP, 145IPSec, 145LFI, 147MLP and Frame Relay bundles, 148operation, 141policing, 142VoFR, 149VoIP and multiple levels of data, 141

local CAC tools, 208locally defined Mission-Critical Data, 45loss (voice), 34low link speeds (WANs), 450low-latency queuing. See LLQLS VPN QoS design, 613–615

Mmapping

Catalyst 2950, 233Catalyst 2970, 243Catalyst 3550, 237Catalyst 3750, 243Catalyst 4500, 248–249Catalyst 6500, 254–256IP Precedence, 567Mapping Models (enterprise-to-service

provider)Five-Class Provider-Edge Model,

565–566Four-Class Provider-Edge Model, 565Three-Class Provider-Edge Model,

563–564markdown, 57–58

Catalyst 2950, 234Catalyst 2970, 244Catalyst 3550, 238–239Catalyst 3750, 244Catalyst 4500, 249–250Catalyst 6500, 257–259Catalyst QoS Models, 227

markers (policers as), 107marking, 57, 68–69

branch-to-campus, 519Catalyst 2970, 243Catalyst 3550, 237

Layer 3 marking fields


725

Catalyst 3750, 243Catalyst 4500, 248–249Catalyst 6500, 254–256DLSw+ traffic, 48MPLS VPN CE QoS design considerations,

554–556tools

class-based marking, 77class-based policing, 79Layer 2 marking fields, 81–84Layer 3 marking fields, 86–87Layer 3 tunnel marking tools, 88–90translating Layer 2 and Layer 3 packet

markings, 90–98voice gateway packet marking, 79–81

traffic, 304match protocol commands, 75match protocol dlsw command, 48max-reserved-bandwidth command, 559–563max-reserved-bandwidth interface command, 143MCMP (Multiclass Multilink PPP), 185MDRR (modified-deficit round-robin) algorithm,

585mean opinion scores (MOS), 35measurement-based CAC tools, 208Media Gateway Control Protocol (MGCP), 79Medium Link-Speed QoS Class Models, 454medium-speed ATM links, 493medium-speed frame relay links, 482–484medium-speed leased lines, 471MGCP (Media Gateway Control Protocol), 79Microflow policers, 257Mission-Critical Data applications, 43-45mitigating serialization delay, 678MLP (Multi Point-to-Point Protocol), 136MLP bundles, 148MLP LFI (Multilink PPP Link Fragmentation and

Interleaving), 183–185MLP packets, reordering, 502MLPoATM, 488–489, 499MLPoFR (MLP over Frame Relay), 177mls prefix keyword, 358mls qos cos override command, 316modified-deficit round-robin (MDRR) algorithm,

585modular QoS CLI based class maps, 71–72, 233

Modular QoS Command-Line Interface (MQC), 19–20

MOS (mean opinion scores), 35MPLS DiffServ Tunneling modes, 566

Pipe Mode, 573–582Short Pipe Mode, 569–573Uniform Mode, 567–569

MPLS EXP bits, 84MPLS Traffic Engineering, 199, 587

basic, 588–590MPLS DS-TE, 603–605

configuring, 606–612P-router configuration, 612–613show ip bgp vpnv4 all command, 615show mpls traffic-eng topology command,

614MPLS per-VPN TE, 591–598

ping vrf tunnels command, 601–602show ip rsvp interface command, 599show ip rsvp neighbor command, 599show mpls interface command, 600show mpls traffic-eng tunnels command,

601show mpls traffic-eng tunnels summary

command, 600MPLS VPN CE QoS design

special considerations, 550-552Five-Class Provider-Edge Model,

561–563Four-Class Provider-Edge Model,

559–561Layer 2 access, 550–551marking/re-marking, 554–556service-provider service-level agreements,

551TCP and UDP, 553–554Three-Class Provider-Edge Model,

556–559voice and call signaling, 553voice and video, 553

MPLS VPN QoS design, 547case studies, 616

CE routers, 617–619PE routers, 620–630P routers, 630–631

MPLS VPN QoS design


726

core considerations, 582aggregate bandwidth overprovisioning,

583DiffServ in the backbone, 583–587MPLS traffic engineering, 587–612

need for QoS, 548–550MQC (Modular QoS Command-Line Interface),

19-20MQC/ACL classification, 233MQC-based class maps, 71–72

ACLs, 233multiaction policing, 115Multi Point-to-Point Protocol (MLP), 136Multiclass Multilink PPP (MCMP), 185multilink fragment-delay 10 command, 185Multilink PPP Link Fragmentation and Interleaving

(MLP LFI), 183–185multiple priority classes, 72

NNAT transparency feature overhead, 675NBAR (Network-Based Application Recognition),

25, 72application classification, 523–524known-worm classification and policing, 526

Code Red, 527CodeRedv2, 528future worms, 533–534NIMDA, 529policing worms, 534–535RPC DCOM/W32MS Blaster, 531–532Sasser worm, 532–533SQL Slammer, 530

Packet Description Language Modules (PDLMs), 520

protocol classification, 74–76RTP payload classification, 77

NBAR exchange PDLM, 532NBAR netbios PDLM, 532NBMA (nonbroadcast multiaccess), 119nested hierarchical policing, 115Network-Based Application Recognition. See

NBAR

networksBest-Effort, 11end user expectations, 9management (QoS), 49VoIP design considerations, 34

NIMDA, 529nonbroadcast multiaccess (NBMA), 119

O - Pout-of-profile traffic, 227overprovisioning LLQ traffic, 450

P routers, 549packets, 18

MLP, reordering, 502overhead increases (IPSec QoS design),

640–642packetization delay, 13prefragmentation, 644

PAK_priority, 153, 452, 657PAK_priority flag, 49PBR (policy-based routing), 79PBS (peak burst size), 112PDLMs (NBAR Packet Description Language

Modules), 74, 520PE QoS considerations, 563

Enterprise-to-Service Provider Mapping Models

Five-Class Provider-Edge Model, 565–566

Four-Class Provider-Edge Model, 565Mapping Models, 563Three-Class Provider-Edge Model,

563–564MPLS DiffServ Tunneling modes, 566

Pipe Mode, 573–582Short Pipe Mode, 569–573Uniform Mode, 567–569

PE routers, 620–630peak burst size (PBS), 112peak information rate (PIR), 112, 118peak rate, 121peak-rate shaping, 121percent keyword, 140percentage-based policing, 116

MPLS VPN QoS design


727

percentage-based shaping, 127performance (cRTP), 181per-Port/per-VLAN policing, 239PE-to-P design, 583PFC, configuring, 255PFC3, 253PFC3 distribution-layer Per-User Microflow

Policing (Catalyst 6500), 419PIFS, 272ping vrf command, 601–602Pipe Mode, 573-582PIPQ (PVC Interface Priority queuing), 150PIR (peak information rate), 112, 118pkts matched statistics, 477placeholders. 568PoC (proof-of-concept) tests, 62police statements, 72policers, 103, 107

CAR, 107–108class-based, 109

benefits, 109single-rate three-color marker/policer,

110–112two-rate three-color marker/policer,

112–113color-aware policing, 116–117color-blind policing, 117compared to shapers, 104default, 117deploying, 106DoS/worm mitigation (campus networks), 293hierarchical policing, 114as markers, 107microflow, 257multiaction policing, 115percentage-based policing, 116

policiesaccess switches, 291LAN switching environments, 223on P routers, 549on routers, 549

policing, 57–58Catalyst 2950, 234Catalyst 2970, 244Catalyst 3550, 238–239Catalyst 3750, 244Catalyst 4500, 249–250Catalyst 6500, 257–259

Catalyst QoS Models, 227class-based, 79cRTP, 180LLQ, 142worms, 534–535

policy-based routing (PBR), 79policy-map, 20porting software QoS to hardware, 223ports

presetting those used by SoftPhone, 315trust states, 225

PPP, 175ppp multilink links minimum command, 504PPPoFR (PPP over Frame Relay), 177PQ (priority queuing), 137PQ-WFQ, 137-139pre-encryption queuing, 651–653prefragmentation, 645

IPSec transport mode, 639IPSec tunnel mode, 638

prering CAC, 212prioritization, 679priority classes, police statements, 72priority queuing, 137priority-queue out command, 240propagation delay, 13protecting video, 557Protocol Description Language Module (PDLM),

74, 520P routers, 630–631provisioning (bandwidth), 645-646proxies, 201P-to-P design, 583PVC Interface Priority queuing (PIPQ), 150PVCs

bundling, 492fragmenting, 186–187VoFR, 188

QQBSS IE (QoS basic service set information

element), 278QoS

access-edge design, 290branch routers, 513–514

QoS


728

campus networks. See campus QoS designCatalyst Models. See Catalyst QoS modelsCisco APs, 280–281classification and marking principles, 57control plane

IP routing, 48–49network-management, 49

converged networks, 12–14data, 42–43

Best-Effort data, 44DLSw+, 47–48locally defined Mission-Critical Data, 45Transactional Data/Interactive Data, 45

deploying, 62design principles, 55DiffServ, 16disabling on Catalyst 2970/3750, 343DoS and worm mitigation principles, 61–62enabling on Catalyst 2970/3750, 343end-to-end, 10evolution of, 7–8, 26, 29guidance, 27historical perspective, 5–6IntServ, 15link-specific tools, 19, 169models, 14need for on MPLS VPNs, 548–550network expectations of end users, 9policies required on WAN aggregators, 448policing and markdown principles, 57–58porting software QoS to hardware, 223queuing and dropping principles, 58–60Scavenger class, 49-54simplifying, 19

AutoQoS, 24–26cross-platform feature consistency, 24default behavior, 21MQC, 20QoS Baseline, 20–22

tool set, 17–18, 223upstream vs. downstream, 271video, 39

interactive, 39streaming, 41

VoIP, 33bearer traffic, 34–38Call-Signaling traffic, 38

WAN edge link-specificATM, 488–497ATM-FR SIW, 497–501Frame Relay, 478–487ISDN, 501–504leased lines, 467–478

wireless LANs vs. wired LANs, 270QoS Baseline Model, 20-21, 463–465

class deployment, 55QoS design principles, 55recommendations, 22

QoS basic service set (QBSS), 278qos dbl command, 367QoS Design Guide, 27QoS group placeholder, 568qos map dscp to tx-queue command, 367QoS Pre-Classify, 649QoS preclassify feature, 89queuing, 58–60, 133–134

algorithmsCBWFQ, 140comparison, 138PQ-WFQ, 139priority queuing, 137WFQ, 137

buffer space, 135Catalyst 2950, 235Catalyst 2950 switches, 322–323

show wrr-queue bandwidth command, 324show wrr-queue cos-map command, 325

Catalyst 2970, 244–246, 351–356Catalyst 3550, 240–241, 336–339

show mls qos interface buffers verification command, 340

show mls qos interface queuing verification command, 341

Catalyst 3750, 244–246Catalyst 4500, 250–252, 366-370

show qos dbl command, 370show qos interface command, 371–372show qos maps dscp tx-queue command,

370–371Catalyst 6500, 259–263, 391–394

1P2Q1T queuing and dropping, 401–4041P2Q2T queuing and dropping, 405–4081P3Q1T queuing and dropping, 408–4101P3Q8T queuing and dropping, 411–414

QoS


729

1P7Q8T queuing and dropping, 415–418l2Q2T queuing and dropping, 396–400line card queuing structures, 393–396

Catalyst QoS models, 228, 230Cisco 12000 routers, 585default queue limits, 338Layer 2 queuing mechanisms, 150Layer 3 queuing mechanisms

CBWFQ, 139–140legacy, 136–137LLQ, 140–149

LLQ, 652policies on routers, 549reducing queue limits, 657software (WAN aggregators), 448–449transmit ring (Tx-ring), 136Tx-ring, 152

queuing tools, 133

Rradio downstream QoS, 271radio upstream QoS, 271RAI (resource activity indicator), 209random backoffs, 273random-detect command

ecn keyword, 165Real-Time class

admission criterion, 563–565bandwidth provisioning, 449

RED (Random Early Detection), 160re-marking


traffic, 304reservations, 196–197resource activity indicator (RAI), 209resource-based CAC tools, 209RFC 2205, 195RFC 2597, 58RFC 3168, 163RFC 3246, 36ROHC (robust header compression), 171routers

branch routers, 447hub routers, 548

P routers, 549policies, 549roles in WANs, 447WAN aggregators, 447

bandwidth provisioning, 449distributed platform QoS, 453IP RTP header compression, 451link speeds, 452PAK_priority, 452required QoS policies, 448serialization, 450software queuing, 448–449Tx-ring tuning, 451

routingDDR, 503packets-per-second capability, 651

RPC DCOM/W32/MS Blaster, 531–532RSVP, 195

admission control, 197CAC, 212configuring, 196cRTP, 180interoperability, 213LLQ, 199overview, 196scalability, 199security, 213service types, 197VoIP CAC through RSVP, 215

RSVP-DiffServ integration, 200RSVP PATH message, 196RSVP RESV message, 196RTP header compression (cRTP)

class-based header compression, 178–179formats, 173


formats and encapsulation summary, 177–178Layer 2 encapsulation protocol support, 175

Frame Relay, 176HDLC, 175PPP, 175

policing and shaping, 180tunnels, 180

RTP payload classification, 77

RTP payload classification


730

SSAR (Segmentation and Reassembly) engine, 675SAs (security associations), 638Sasser worm, 532–533scalability

IPSec VPN QoS design case study, 686RSVP, 199

Scavenger classDoS and worm mitigation, 50–54QoS, 49

Scavenger-class QoS strategy, 294SCCP (Skinny Call Control Protocol), 295scheduling tools, 133-134SCSP mutation maps (Catalyst 6500), 257security

RSVP, 213worms, 50

security associations (SAs), 638Serial Line IP (SLIP) protocol, 173serialization, 678

delay, 13WAN aggregators, 450

servers, 303service provider service-level agreements, 551service types (RSVP), 197service-policy, 20services for CallManagers, 295shapers, 103, 118

ATM networks, 121–122class-based Frame Relay traffic shaping,

123–124class-based shaping, 126–127compared to policers, 104cRTP, 180distributed traffic shaping (DTS), 128Frame Relay traffic shaping (FRTS), 122–123Frame Relay voice-adaptive traffic shaping,

124generic traffic shaping, 126peak-rate shaping, 121shaping algorithms, 120

Short Pipe Mode, 569–573show atm bundle command, 493show atm pvc command, 489show atm vc command, 492show class-map verification command, 318

show controllers command, 451show frame-relay fragment command, 482show ima interface atm command, 495show ip access-list command, 521show ip bgp vpnv4 all command, 615show ip nbar port-map command, 525show ip rsvp interface command, 599show ip rsvp neighbor command, 599show mls masks qos verification command, 319show mls qos command, 358show mls qos interface buffers verification

command, 340show mls qos interface policers verification

command, 318show mls qos interface queuing verification

command, 341show mls qos interface statistics verification

command, 329show mls qos interface verification command, 314show mls qos maps command, 356show mls qos maps dscp-output-q command, 356show mpls interface command, 600show mpls traffic-eng topology command, 614show mpls traffic-eng tunnels command, 601show mpls traffic-eng tunnels summary command,

600show policy command, 456show policy interface command

high-speed leased lines, 473slow-speed leased lines, 469

show policy interface verification command, 329show policy-map interface command, 178show policy-map verification command, 318show port qos commands, 376–377show ppp multilink command, 478show qos acl verification command (Catalyst 6500),

380show qos command, 358show qos info config 2q2 tx verification command,

398show qos info runtime verification command,

399–400show qos interface command, 371–372show qos maps dscp tx-queue command, 370–371show qos maps verification command (Catalyst

6500), 379

SAR (Segmentation and Reassembly) engine


731

show qos policer verification command (Catalyst 6500), 381

show qos statistics verification command (Catalyst 6500), 382

show queuing interface verification command, 400show wrr-queue bandwidth command, 324show wrr-queue cos-map command, 325SI (Standard Image), 232SIFS, 272site-to-site V3PN, 637

headend VPN edge QoS options, 665–666IPSec transport mode (encrypting an IP GRE

tunnel), 638IPSec tunnel mode (encrypting an IP GRE

tunnel), 639–640IPSec tunnel mode (No IP GRE tunnel), 638QoS models

Eight-Class Site-to-Site V3PN Model, 660-664

Six-Class Site-to-Site V3PN Model, 658–659

Six-Class Site-to-Site V3PN Model, 658–659Skinny Call Control Protocol (SCCP), 295SLIP (Serial Line IP) protocol, 173Slow Link-Speed QoS Class Models, 454slow-speed ATM links, 488–489

ATM PVC bundles, 490–492show atm bundle command, 493show atm vc command, 492

show atm pvc command, 489Tx-rings, 490

slow-speed Frame Relay links, 480–481slow-speed leased lines, 467–469

show interface command, 469show policy interface command, 470

slow-speed links (ATM-FR SIW), 499–501SMI (Standard Multilayer Software Image), 243SoftPhone, 315software queuing (WAN aggregators), 448–449source IP address classification, 520speed (links), 452split tunneling, 679–681SQL Slammer, 530Standard Image (SI), 232Standard Multilayer Software Image (SMI), 243state-machine synchronization, 212streaming video, 41, 557

strict-priority queuing rule, 59sum of LLQs, 450Supervisor 720, 253

Ttable map feature, 98tail drops, 241TCP

global synchronization behavior, 159packet loss, 656and UDP, 553–554

TCP/UDP classification, 522TAM (time-division multiplexing), 105teleworker V3PN QoS, 666–667

asymmetric links and unidirectional QoS, 677bandwidth provisioning, 674

cable overhead, 676–677DSL (AAL5 + PPPoE) overhead, 675–676NAT transparency feature overhead, 675

broadband serialization mitigation through TCP maximum segment size tuning, 678–679

broadband-access technologies, 671cable, 673DSL, 672

business-ready teleworker design, 666Deployment Models, 667, 682

Dual-Unit Model, 669Integrated Unit + Access Model, 669–670.

684-685Integrated Unit Model, 668Integrated Unit/Dual Unit Models,

682-684split tunneling, 679–681

Three-Class (Voice and Data) Model, 454-456Three-Class Provider-Core Model, 583Three-Class Provider-Edge Model, 556–559,

563–564time-division multiplexing (TDM), 105token bucker algorithms, 105topologies

IPSec QoS design, 646split tunnel, 680

ToS (type of service), 47byte preservation, 649reflection, 90

ToS (type of service)


732

total drops statistics, 477traffic

branch-to-branch, 548campus networks, 339campus-to-branch, 548classification, 68–77conforming, 107data, 42defined by QoS Baseline, 21DLSw+, marking, 48exceeding, 107handoffs, 421horizontal separation of, 107IP, 48LLQ, 450marking/remarking, 68–69, 302–304out-of-profile, 227PAK_priority, 153prioritization, 679Scavenger, 49Scavenger-class QoS strategy, 294unpoliced classes, 109vertical separation of, 107violating, 107worm mitigation in Scavenger class, 51–53

Transactional Data, 45translating Layer 2 and Layer 3 packet markings, 90

802.1Q/p to and from DSCP, 92–93DHCP to Frame Relay DE bit, 94IP precedence to ATM/Frame Relay PVCs,

95–96table map feature, 98

transmit queuing (Catalyst 6500), 392transmit ring (Tx-ring), 136troubleshooting

class naming, 520DoS attacks (campus networks), 292–294worms (campus networks), 292–294

trust boundariesaccess-edge, 302

Conditionally Trusted Endpoint Models, 303, 307–312

Trusted Endpoint Models, 302–304, 314–315

Untrusted Endpoint Models, 304–307defined, 302

trust states, 225configuring trust on Catalyst 6500, 255

trust-device command, 386trusted endpoint models, 302–304, 314–315

Catalyst 2970/3750, 343–346Catalyst 3550, 327Catalyst 4500, 359Catalyst 6500, 375

show port qos command, 376–377trusted endpoints, connecting, 304tunnel DiffServ, 566tunneling

cRTP, 180modes (MPLS DiffServ), 566

Pipe Mode, 573-582Short Pipe Mode, 569–573Uniform Mode, 567–569

split tunneling, 679–681tx-queue command, 367tx-ring-limit command, 490Tx-rings (transmit rings), 136, 152

ATM, 489tuning, 451

type of service (ToS), 47

UUBR (unspecified bit rate), 491UDP and TCP, 553–554underruns (jitter buffers), 14unidirectional applications, 513–515unidirectional QoS, 677Uniform Mode, 567–569unspecified bit rate (UBR), 491Untrusted Endpoint Models (trust boundaries),

304–307Untrusted Multiapplication Server Model, 315–318

show class-map and show policy-map verification commands, 318

show mls masks qos verification command, 319show mls qos interface policers verification

command, 318Untrusted PC with SoftPhone Model

Catalyst 2950, 315Catalyst 2970/3750, 344Catalyst 3550, 327–329Catalyst 4500, 359–360

total drops statistics


733

Catalyst 6500, 378–379show qos acl verification command,

380–381show qos maps verification command,

379–380show qos policer verification command,

381–382show qos statistics verification command,

382Untrusted Server Model

Catalyst 2970/3750, 345Catalyst 3550, 330–331Catalyst 4500, 360–362Catalyst 6500, 383–386

uplink connections (DSL and cable), 677upstream QoS, 271

Vvariable network delay. See jitterVBR (variable bit-rate), 673verification command, 320verifying

ATM IMA group, 496tag-switching configuration (MPLS per-VPN

TE), 600vertical separation of traffic, 107very-high-speed ATM links, 496–497video

MPLS VPN CE QoS design considerations, 553QoS, 39

Interactive-Video, 39Streaming-Video, 41

Streaming-Video, protecting, 557surveillance systems, 303

videoconferencingany-to-any, 548–549gateways and systems, 303videoconferencing rate, 40

violating traffic, 107viruses, 526VoFR (Voice over Frame Relay), 149voice

gateway packet marking, 79–81MPLS VPN CE QoS design considerations, 553VVLANs, 314

Voice and Data WAN Edge Model, 454Voice over Frame Relay (VoFR), 149voice VLANs (VVLANs), 314VoIP (Voice over IP), 33

bandwidth, 36–38bandwidth provisioning, 646Call-Signaling traffic, 38campus networks, 291header-compression techniques, 170

class-based header compression, 178–179formats, 173–174Layer 2 encapsulation protocol support,

175–176RTP header compression (cRTP), 172standards, 171TCP header compression (cTCP), 171

LLQ, 141over ATM, 91over Ethernet to VoIP over a WAN, 91over MPLS, 91QoS

bearer traffic, 34–38Call-Signaling traffic, 38

traffic, dominating links, 449VPNs (virtual private networks)

IPSec QoS design, 635MPLS VPN QoS design, 547. See also MPLS

VPN QoS designVVLANs (voice VLANs), 314

WWAN aggregation router QoS design

case study, 505–507WAN aggregator/branch router handoff, 420–422WAN aggregators, 447, 548

bandwidth provisioning, 449distributed platform QoS, 453IP RTP header compression, 451link speeds, 452PAK_priority, 452required QoS policies, 448serialization, 450software queuing, 448–449Tx-ring tuning, 451

WAN aggregators


734

WAN Edge Classification and Provisioning ModelsHigh Link-Speed QoS Class Models, 459

Distributed-Platform/Consistent QoS Behavior QoS Baseline Model, 465–466

Eight-Class Model, 460-462QoS Baseline Model, 463–465

Slow/Medium Link-Speed QoS Class Models, 454

Five-Class Model, 456–459Three-Class (Voice and Data) Model,

454-456WAN edge link-specific QoS design

ATMhigh-speed links, 494–495medium-speed links, 493slow-speed links, 488–493very-high-speed links, 496–497

ATM-FR SIW, 497–501Frame Relay, 478

Bc, 479Be, 480CIR, 479distributed platform links, 486–487high-speed links, 484–485medium-speed links, 482–484slow-speed links, 480–482

ISDNCallManager CAC limitations, 503MLP packet reordering, 502variable bandwidth, 501voice and data on multiple ISDN B

channels, 503–504leased lines, 467

high-speed, 472–478medium-speed, 471slow-speed, 467–470

WAN edge QoS design, 514–515WANs, 269, 548

link fragmentation and interleaving, 181–183fragment sizes, 183–184

Frame Relay fragmentation, 185, 188–189IPSec prefragmentation, 190Multilink PPP Link Fragmentation and

Interleaving (MLP LFI), 183–185low link speeds, 450routers roles in, 447

Weighted Random Early Detection. See WREDWFQ, 137wireless access points, 304wireless IP phones, 304WLANs (wireless LANs)

basic service set information element, 278QoS, 270

worms, 50campus network mitigation strategies, 292–294CodeRedv2, 527–528compared to viruses, 526mitigation in Scavenger class, 51–54mitigation principles, 61–62NIMDA, 529policing, 534–535preparing for future worms, 533–534RPC DCOM/W32/MS Blaster, 531–532Sasser, 532–533SQL Slammer, 530

WRED (Weighted Random Early Detection), 159–164

Catalyst 3550, 340DSCP-based WRED, 162–163ECN, 165enabling on the Best-Effort class, 457thresholds, 241WRED-drop thresholds (Catalyst 6500), 262

wrr-queue bandwidth command, 322wrr-queue cos map command, 240wrr-queue dscp-map interface configuration

command, 339wrr-queue queue-limit command, 240wrr-queue queue-limit interface command, 338

WAN edge classification and provisioning models


1761 end to end.book page 712 tuesday, october 12, 2004 2...

Documents