iwan avc/qos designd2zmdbbm9feqrf.cloudfront.net/2016/usa/pdf/brkrst-2043.pdf · iwan avc/qos...
TRANSCRIPT
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Housekeeping
• Who am I? ([email protected])
• “Intermediate” Class
This is not an ‘Introduction to IWAN’ session
This is not an ‘IWAN Design’ session (Some design aspects will be discussed)
This session is about how to configure AVC/QoS with your Cisco Intelligent WAN
Session Abstract:
The most expensive bandwidth in the enterprise is in the WAN; as such, it should be fully optimized to deliver maximum ROI. Thissession focuses on how to deliver such optimization by deploying Application Visibility and Control (AVC) and Quality of Service (QoS) over the Intelligent WAN (IWAN). Cisco’s QoS paradigm will be reviewed and applied to the IWAN, along with best practice QoS design recommendations. Practical and detailed design configurations will be presented for hierarchical QoS policies for sub-line rate Ethernet handoffs, MPLS VPN Class-of-Service mapping and DMVPN per-tunnel QoS. Additionally, new AVC/QoStechnologies, such as NBAR2 QoS attributes will be introduced and applied to the IWAN. Cisco Prime Infrastructure templates for deploying and managing the IWAN will be reviewed, as will Cisco’s SD-WAN solution, the APIC-EM IWAN application, to show how the IWAN QoS and PfR can be centrally controlled.
BRKRST-2043 3
• Cisco’s Approach to AVC/QoS
• Ingress LAN AVC/QoS Design
• Egress WAN AVC/QoS Design
• SD-WAN QoS (APIC-EM IWAN App)
• Summary and References
Agenda
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
The Why of AVC/QoS
AVC & QoS
Transform your business through
powerful yet simple networks
that are customized and optimized
to meet your needs
Why
BRKRST-2043 5
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7BRKRST-2043
Where to start?Strategic vs Tactical
VS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 8BRKRST-2043
Levels of QoS Policy AbstractionStrategic vs. Tactical
• Strategic QoS Policy (WHY you want QoS)
• reflects business intent
• is not constrained by any technical or administrative limitation
• is end-to-end
• Tactical QoS Policy (HOW you are going to do it / WHAT you configure)
• adapts the strategic business intent to the maximum of platform’s capabilities
• is limited by various tactical constraints, including:• Media constraints (e.g. the WLAN has only 4 levels of service [access categories])
• Platform constraints (e.g. a Catalyst 3750 has only 4 hardware queues)
• Interface constraints (e.g. a T1 WAN link has limited bandwidth)
• Role constraints (e.g. a CE may need to map into a reduced set of SP Classes-of-Service)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Strategic QoS Design
• Guaranteeing voice quality meets enterprise standards
• Ensuring a high Quality of Experience for video applications
• Improving user productivity by minimizing network response times
• Managing business applications that are “bandwidth hogs”
• Identifying and de-prioritizing non-business applications
• Improving network availability by protecting the control planes
• Hardening the network infrastructure to deal with abnormal events
Part 1 of 4: Always Start with Defining the Business Goals of QoS
BRKRST-2043 9
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Strategic QoS DesignPart 2 of 4: Assign Business-Relevance to Applications
Relevant IrrelevantDefault
• These applications directly supports business objectives
• Applications should be classified and marked according to RFC 4594-based rules
• These applications may/may not support business objectives
• E.g. HTTP/HTTPS
• Alternatively, administrator may not know the application (or how its being used in the org)
• Applications in this class should be marked DF and provisioned with a default best-effort service (RFC 2474)
• These applications are known and do not directly support any business objectives; this class includes all personal/consumer applications
• Applications in this class should be marked CS1 and provisioned with a “less-than-best-effort” service , per (RFC 3662)
BRKRST-2043 10
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Is the protocol a Network Control protocol?
• This includes all network routing and control-plane protocols• E.g. BGP, OSPF, EIGRP, HSRP, IKE, etc.
• Is the protocol a Signaling protocol?
• This includes all call signaling / bandwidth reservation protocols• E.g. SIP, Skinny, H.323, RSVP etc.
• Is the protocol an Operations / Administration / Management protocol?
• This includes all network management protocols (e.g. SNMP, Telnet, SSH, Syslog, NetFlow, etc.)
Control
Plane?
Network
Control?
Yes
Network ControlYes
SignalingYes
OAMYes
OAM?No
Signaling?No
No
Strategic QoS DesignPart 3a of 4: Assign Control Plane to traffic-classes
BRKRST-2043 11
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Is the application voice?• Audio-only media (e.g. G.711, G.729 etc.)
• Note: This class may be used for the audio-component of multimedia applications, such as Cisco Jabber and/or Microsoft Lync; however, this option should ONLY be considered if this causes no conflict with your overall Call Admission Control strategy and voice-queue provisioning
Voice? VoiceYes
No
Strategic QoS DesignPart 3b of 4: Assign Voice applications / sub-components to voice traffic-class
BRKRST-2043 12
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• If the application is video?
• If yes: determine if the application is unidirectional or bidirectional?
• Then determine if the application is elastic (i.e. adaptive to congestion/drops) or inelastic?
Video? Unidirectional?
Yes
Multimedia-ConferencingYes
No
Elastic?
No
(Bidirectional)
YesElastic?
Broadcast VideoNo
(Inelastic)
Multimedia-StreamingYes
No
(Inelastic)
Realtime-Interactive
Strategic QoS DesignPart 3c of 4: Assign Video applications / sub-components to traffic-classes
BRKRST-2043 13
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Is the application Data?
• Then determine: Is the application foreground or background?
• Foreground applications will directly impact user-productivity with network delays
• Background applications will not (as these are typically machine-to-machine flows)
• However, these apps can be very bandwidth intensive (if unrestrained)
• If it is not known if a data app is foreground, then assume it is background
• Otherwise – the application/protocol remains in the default class (Best Effort)
Data? Foreground?Yes
Bulk DataNo
(Background)
Transactional DataYes
No
Best Effort
Strategic QoS DesignPart 3d of 4: Assigning Data applications to traffic-classes
BRKRST-2043 14
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Strategic QoS DesignPart 3e of 4: Apply RFC 4594-based Marking / Queuing / Dropping Treatments
Application
Class
Per-Hop
Behavior
Queuing &
Dropping
Application
Examples
VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729)
Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV
Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence
Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx
Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs)
Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE
Signaling CS3 BW Queue SCCP, SIP, H.323
Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog
Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps
Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution
Best Effort DF Default Queue + RED Default Class
Scavenger CS1 BW Queue (Deferential) YouTube, Netflix, iTunes, BitTorrent, Xbox Live
Relevant
Default
Irrelevant
BRKRST-2043 15
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Part 4 of 4: Assign bandwidth allocation targets
VOICE10%
INTERACTIVE-VIDEO
27%
STREAMING-VIDEO
9%NET-CTRL
5%
CRITICAL-DATA22%
CALL-SIG4%
DEFAULT22%
Strategic QoS Design
Example:Map 12-classes to 8-queues for IWAN
SCAVENGER 1%
16
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Strategic QoS Design: At-A-Glance
http://tinyurl.com/hw4sbj6
Reference
BRKRST-2043 17
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is IWAN from a QoS Perspective?
• Replacing expensive MPLS service with business class internet
• Performance Routing (PfR) to load balance / provide resiliency / best path
• Dynamic Multipoint VPN (DMVPN) overlay on MPLS and Internet
• Up to 2,000 remote sites per hub router in a single domain
• MPLS will have Service Provider QoS, but with Internet we assume none
BRKRST-2043 19
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Hub
BR
T1
Branch
T1
Branch
T3
Branch
10
Mbps
Branch
T3
Branch
Hybrid Model – MPLS and Internet
INET
MPLS
Hub
BR
BRKRST-2043
Hub
MC
20
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Hub
BR
T1
Branch
T1
Branch
T3
Branch
10 Mbps
Branch
T3
Branch
Hub Site QoS Scheduling Requirements
80 Mbps
1.5 Mbps
1.5 Mbps
45 Mbps
10 Mbps
45 Mbps
Service
Rate
GE
Shape for
Service Rate
Per Site
Bandwidth Sharing
Within Tunnel
Shape for
Remote Site
Last Mile
Bandwidth Sharing
Between Tunnels
BRKRST-2043 21
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
P1 P1
Per-SA QoS Site1 – T1
Hub Site QoS Scheduling Hierarchy We Have Today
Police
150KPolice
4.5M
priority prioritydata dataclass-default class-default
P1
Police
1M
priority data class-default
To Physical
Per-SA QoS Site2 – T3 Per-SA QoS Site N – 10 Mbps
Parent
Policy on
Tunnel
Child
Policy on
Tunnel
Class Default
Policy on Physical
Shape for Service Rate
on Physical interface
Bandwidth Sharing
between tunnels
Bandwidth sharing
within tunnel
22
Shape for remote
site last mile
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Aggregate Priority LoadPriority Queue with Conditional Policer (Implicit Policer)
P1
Police
20M
priority data class-default
100 Mbps
Interface
30 Mbps
30 Mbps
Offered
Load
Congestion
Feedback
30 Mbps
Expected
Throughput
Per Class
Behavior with No Congestion
P1
Police
20M
priority data class-default
100 Mbps
Interface
30 Mbps
20 Mbps
Congestion
Feedback
20 Mbps
Behavior with Congestion
90 Mbps
80 Mbps
policy-map CONDITIONAL-POLICER
class PRIORITY
priority 200000
No Congestion
No Policing
BRKRST-2043 23
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Aggregate Priority LoadPriority Queue with Always On Policer (Explicit Policer)
P1
Police
20M
priority data class-default
100 Mbps
Interface
30 Mbps
20 Mbps
Offered
Load
20 Mbps
Expected
Throughput
Per Class
Behavior with No Congestion
P1
Police
20M
priority data class-default
100 Mbps
Interface
30 Mbps
20 Mbps
20 Mbps
Behavior with Congestion
90 Mbps
80 Mbps
policy-map ALWAYS-ON-POLICER
class PRIORITY
priority level 1
police cir 200000
Always On
Policer
BRKRST-2043 24
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
P1 P1
Police
150K
Police
4.5M
prioritypriority
data dataclass-default class-default
P1
Police
1M
priority data class-default
To Physical
WAN
Aggregation
Node
Priority Propagation / Passing Lanes
Aggregate Priority Load
25BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Aggregate Priority LoadIWAN Details
• IWAN supports 2,000 remote sites in a single domain
• Consider an average 2 Mbps access rate for remote sites – Aggregate: 4 Gbps
• On a GE connected Hub BR, we are already 4:1 oversubscribed
• If service-rate is less than GE (likely – say 500 Mbps) the oversubscription increases to 8:1
• An Aggregate Priority Load greater than Service Rate will starve non-Priority (including network control)
• Voice at 10% – Potential aggregate voice = 400 Mbps (10% of 4 Gbps sum of shapers)
• Always On Policer for Voice means we stay under the service rate
• Conditional Policer means individual sites could send more and over run the service rate
• Realtime Interactive – Another 27% of Priority queue (30% * .90)
• Potential Aggregate Priority Load – 37% of 4 Gbps = 1.48 Gbps (Greater than access rate)
• If these are Cisco Adaptive Video codecs that ‘Like’ to grow => your risk is greater
26BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Aggregate Priority LoadIWAN Conclusion
• For Voice, use an Always On policer, rather than a Conditional policer
class VOICE
priority level 1
police cir percent 10
• For Video, use a Bandwidth Remaining Percent queue with DSCP-based WRED, rather
than a level 2 Priority queue
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
P1
Police
10%
voice video class-default
Always On
Policer
data
BWR
30%
Class-Based WFQ
DSCP-based WRED
BRKRST-2043 27
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Latency for ‘Low Speed’ Sites
P1
Police
150K
priority data class-default
64 Packets
• Bandwidth remaining percent means each queue gets a
queue limit as if it had full bandwidth of parent (means
high speed links will buffer 0.5 sec of data)
• Queue-Limit = (Intf Speed * .05) / 8 / 1500
• Anything less than 15M service rate gets 64 packets
• Aggregate T1: ~1.5 Sec of buffering IMIX
(12 queues * 64 packets * 8 bits * 350 bytes / 1.5M)
IWAN Conclusion: Use appropriate number of queues for
the 12 classes on the WAN depending on the service rate
Example:
4 queues for service rate < 5 Mbps
8 queues for service rate => 5 Mbps and < 100 Mbps
12 queues for service rate => 100 Mpbs
Traffic Type /
Percentage
Service
Rate
Drain 64 - 350
Byte Packets
Drain 64 - 1500
Byte Packets
Transactional Data / 10% 150K 1.2 secs 5 secs
Bulk Data / 4% 60K 3 secs 13 secs
Network Control / 2% 30K 6 secs 26 secs
BRKRST-2043 28
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
IPSec Anti-Replay
Crypto Engine
(Adds Sequence
Number)
22
Packets In
P1
priority data class-default
Police
2123 Enqueue
2426
2223
21
26 242227 21
Packets Out
25Dropped
By Policer27 28
Queue
Tail Drop
23
• Decryption side keeps a sliding history of packets
received (default is 64 packets)
• Provides anti-replay protection against an attacker
duplicating encrypted packets
• Increasing the anti-replay window size has no impact on
throughput or security
• The impact on memory is insignificant because only an
extra 128 bytes per incoming IPsec SA is needed
IWAN Conclusion: Use the maximum replay
window-size of 1024 for each supported platform
crypto ipsec security-association replay window-size 1024
BRKRST-2043 29
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
NBAR2 Overview• Cisco Network Based Application Recognition (NBAR) can identify
~1400 applications/protocols via deep-packet inspection (DPI)
• To assist in policy-definition and in browsing, the extensive application library is grouped by various attributes, such as categories and sub-categories
Category First level grouping of applications with similar functionalities
Sub-category Second level grouping of applications with similar functionalities
Application-group Grouping of applications based on brand or application suite
P2P-technology? Indicates application is peer-to-peer
Encrypted? Indicates application is encrypted
Tunneled? Indicates application uses tunneling technique
BRKRST-2043 31
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
New NBAR2 Attribute: Traffic-ClassName Description
voip-telephony VoIP telephony (bearer-only) traffic
broadcast-video Broadcast TV, live events, video surveillance
real-time-interactive High-definition interactive video applications
multimedia-conferencing Desktop software multimedia collaboration applications
multimedia-streaming Video-on-Demand (VoD) streaming video
network-control Network control plane traffic
signaling Signaling traffic that supports IP voice and video telephony
ops-admin-mgmt Network operations, administration, and management
traffic
transactional-data Interactive data applications
bulk-data Non-interactive data applications
32
Introduced in IOS XE 3.16S and IOS 15.5(3)M
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
New NBAR2 Attribute: Business-Relevance
Name Description
business-relevant Business critical applications
default Related business applications
business-irrelevant Non business applications
33
Introduced in IOS XE 3.16S and IOS 15.5(3)M
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
New NBAR2 QoS Attributes Business Relevance Attribute and Traffic-Class Attribute
show ip nbar protocol-attribute skype
encrypted encrypted-yes
tunnel tunnel-no
category consumer-messaging
sub-category consumer-multimedia-messaging
application-group skype-group
p2p-technology p2p-tech-yes
traffic-class Multimedia-conferencing
business-relevance business-irrelevant
BRKRST-2043 34
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Changing Business-Relevancy
ip nbar attribute-map ATTRIBUTE_MAP-RELEVANT attribute business-relevance business-relevant
Step 1: Create an Attribute-Map with the Desired Setting
ip nbar attribute-set skype ATTRIBUTE_MAP-RELEVANT
Step 2: Associate the Application with the Desired Attribute-Map
BRKRST-2043 35
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Changing Application Business-RelevanceProtocol Pack 14+ (All Options)
ip nbar attribute-map ATTIBUTE_MAP-RELEVANT attribute business-relevance business-relevant
ip nbar attribute-set application-name ATTIBUTE_MAP-RELEVANT
Scenario 1: Making an Application Business-Relevant
ip nbar attribute-map ATTRIBUTE_MAP-DEFAULT attribute business-relevance default
ip nbar attribute-set application-name ATTRIBUTE_MAP-DEFAULT
Scenario 2: Making an Application Best-Effort/Default
ip nbar attribute-map ATTRBUTE_MAP-SCAVENGER attribute business-relevance business-irrelevant
ip nbar attribute-set application-name ATTRBUTE_MAP-SCAVENGER
Scenario 3: Making an Application Business-Irrelevant
BRKRST-2043 36
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
class-map match-all VOICE—NBAR
match protocol attribute traffic-class voip-telephony
match protocol attribute business-relevance business-relevant
class-map match-all BROADCAST_VIDEO—NBAR
match protocol attribute traffic-class broadcast-video
match protocol attribute business-relevance business-relevant
class-map match-all REAL_TIME_INTERACTIVE-NBAR
match protocol attribute traffic-class real-time-interactive
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA_CONFERENCING-NBAR
match protocol attribute traffic-class multimedia-conferencing
match protocol attribute business-relevance business-relevant
class-map match-all MULTIMEDIA_STREAMING-NBAR
match protocol attribute traffic-class multimedia-streaming
match protocol attribute business-relevance business-relevant
class-map match-all SIGNALING-NBAR
match protocol attribute traffic-class signaling
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK_CONTROL-NBAR
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
class-map match-all NETWORK_MANAGEMENT-NBAR
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant
class-map match-all TRANSACTIONAL_DATA-NBAR
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all BULK_DATA-NBAR
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER-NBAR
match protocol attribute business-relevance business-irrelevant
policy-map MARKING
class VOICE-NBAR
set dscp ef
class BROADCAST_VIDEO-NBAR
set dscp cs5
class REAL_TIME_INTERACTIVE-NBAR
set dscp cs4
class MULTIMEDIA_CONFERENCING-NBAR
set dscp af41
class MULTIMEDIA_STREAMING-NBAR
set dscp af31
class SIGNALING-NBAR
set dscp cs3
class NETWORK_CONTROL-NBAR
set dscp cs6
class NETWORK_MANAGEMENT-NBAR
set dscp cs2
class TRANSACTIONAL_DATA-NBAR
set dscp af21
class BULK_DATA-NBAR
set dscp af11
class SCAVENGER-NBAR
set dscp cs1
class class-default
set dscp default
LAN Edge AVC/QoS Config for 1400+ Applications
37BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
NBAR QoS Attributes: At-A-Glance
http://tinyurl.com/hw4sbj6
Reference
BRKRST-2043 38
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
QoS MappingExample: Combining 12 Classes into an 8-Class Model
8-Class Model
VOICE
PQ-10%
STREAMING-VIDEO
10% BWR
CRITICAL-DATA
25% BWR
DEFAULT
25% BWR
Network Management (OAM)
Signaling
Real-Time Interactive
Transactional Data
Multimedia Conferencing
Bulk Data
Scavenger
Best Effort
Multimedia Streaming
Broadcast Video
VoIP
Application
Internetwork Control
AF21
CS3
CS4
AF41
CS2
AF11
CS1
DF
AF31
CS5
EF
CS6
DSCP
SCAVENGER—1% BWR
INTERACTIVE-VIDEO
30% BWR
NET-CTRL
5% BWR
CALL-SIGNALING
4% BWR
PQ = Priority QueueBWR = Bandwidth Remaining
Note: Bandwidth Remaining Percentages must equal 100%
BRKRST-2043 40
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
8-Class QoS Model
class-map match-any VOICE
match dscp ef
class-map match-any INTERACTIVE-VIDEO
match dscp cs4 af41 af42 af43
class-map match-any STREAMING-VIDEO
match dscp cs5 af31 af32 af33
class-map match-any NET-CTRL
match dscp cs6
class-map match-any CALL-SIGNALING
match dscp cs3
class-map match-any CRITICAL-DATA
match dscp cs2 af11 af12 af13 af21 af22 af23
class-map match-any SCAVENGER
match dscp cs1
policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
class NET-CTRL
bandwidth remaining percent 5
class CALL-SIGNALING
bandwidth remaining percent 4
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
class SCAVENGER
bandwidth remaining percent 1
class VOICE
priority level 1
police cir percent 10
class class-default
bandwidth remaining percent 25
random-detect
IWAN 8-Class Class-Maps IWAN 8-Class Policy-Map
41
Child Policy
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Traffic Shaping
42
• Policers typically drop traffic
• Shapers delay excess traffic, smooth bursts and prevent unnecessary drops
• Very common with Ethernet WAN, as well as Non-Broadcast Multiple-Access (NBMA) network topologies such as Frame-Relay and ATM
With Traffic Shaping
Without Traffic ShapingLineRate
ServiceRate
Traffic Shaping Limits the Transmit Rate to a Value Lower Than Line Rate
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
class CALL-SIGNALING
bandwidth remaining percent 4
class NET-CTRL
bandwidth remaining percent 5
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
class SCAVENGER
bandwidth remaining percent 1
class VOICE
priority level 1
police cir percent 10
class class-default
bandwidth remaining percent 25
random-detect
policy-map POLICY-TRANSPORT-1
class class-default
shape average 10 Mbps
service-policy WAN
GigE Interface with service rate of 10 Mbps
A shaper will guarantee that traffic will not exceed the contracted rate
A nested queuing policy will force queuing to engage at the contracted sub-line-rate to prioritize packets prior to shaping
Line Rate Different from Service Rate
P1
Min: 0
Max: 10M
Excess: 10
Police
1M
priority data class-default
interface GigabitEthernet0/0
bandwidth 10000
service-policy output POLICY-TRANSPORT-1
Always On
Policer
43
Parent Policy
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
CE
CE
CE
CE
CE
CE
CE
CE
CE
CE
100 Mbps
50 Mbps
50 Mbps
20 Mbps
20 Mbps
10 Mbps
10 Mbps
Shape only(100 Mbps)
100 Mbps in to DMVPN cloud can easily
overrun the lower speed committed rates at
spoke sites
DMVPN Per Tunnel QoSPer-Site Shaping to Avoid Overruns
44BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
policy-map TRANSPORT-1-SHAPE-ONLY
class class-default
shape average 100 Mbps
!
interface GigabitEthernet0/0/3
bandwidth 100000
service-policy output TRANSPORT-1-SHAPE-ONLY
interface Tunnel10
bandwidth 100000
nhrp map group RS-GROUP-10MBPS service-policy output RS-GROUP-10MBPS-POLICY
nhrp map group RS-GROUP-20MBPS service-policy output RS-GROUP-20MBPS-POLICY
nhrp map group RS-GROUP-50MBPS service-policy output RS-GROUP-50MBPS-POLICY
policy-map RS-GROUP-50MBPS-POLICY
class class-default
shape average 50 Mbps
bandwidth remaining ratio 50
service-policy WAN
service-policy WAN
Separate parent shaper policies for
each remote-site bandwidth
DMVPN Hub Per Tunnel QoSImplementing Per-Site Traffic Shaping
policy-map RS-GROUP-20MBPS-POLICY
class class-default
shape average 20 Mbps
bandwidth remaining ratio 20
service-policy WAN
policy-map RS-GROUP-10MBPS-POLICY
class class-default
shape average 10 Mbps
bandwidth remaining ratio 10
service-policy WAN
Add a class-default shape-only policy on the hub physical interface
for the service rate
interface GigabitEthernet0/0
bandwidth 100000
service-policy output POLICY-TRANSPORT-1
!
interface Tunnel10
bandwidth 10000
nhrp group RS-GROUP-10MBPS
tunnel source GigabitEthernet0/0
tunnel vrf IWAN-TRANSPORT-1
interface GigabitEthernet0/0
bandwidth 20000
service-policy output POLICY-TRANSPORT-1
!
interface Tunnel10
bandwidth 20000
nhrp group RS-GROUP-20MBPS
tunnel source GigabitEthernet0/0
tunnel vrf IWAN-TRANSPORT-1
interface GigabitEthernet0/0
bandwidth 50000
service-policy output POLICY-TRANSPORT-1
!
interface Tunnel10
bandwidth 50000
nhrp group RS-GROUP-50MBPS
tunnel source GigabitEthernet0/0
tunnel vrf IWAN-TRANSPORT-1
Remote Site Tunnel Configurations
10 Mbps spoke
20 Mbps spoke
50 Mbps spoke
Shape(100 Mbps)
BRR=50
BRR=50
BRR=20
BRR=20
BRR=10
BRR=10
50 Mbps
50 Mbps
20 Mbps
20 Mbps
10 Mbps
10 Mbps
Per-Tunnel shapers
Service rate
shaper
Signal from the
spoke to the hub
to use the correct
policy for each
remote site
List all available policies as map groups on hub tunnel interface
Bandwidth remaining
ratio provides
proportional sharing
between tunnels
45BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Bandwidth Remaining Ratio (BRR) provides proportional sharing to child shapers during times of congestion.
If you over-subscribe your hub BR outbound bandwidth with per-tunnel policies that exceed the service rate, the BRR commands on each child policy means they will get their “fair share” of the remaining bandwidth as compared to the other branch sites.
• If all the per-tunnel BW amounts are 5 Mbps or greater, we use a BRR value of BW / 1 Mbps. (i.e. 10 Mbps is BRR of 10, 50 Mbps is BRR of 50, etc.)
• If any of the per-tunnel BW values are less than 5 Mbps, we use a BRR value of BW / 100 Kbps. (i.e. 3 Mbps is BRR of 30, 1.5 Mbps is BRR of 15, etc.)
Bandwidth Remaining Ratio
Shape(100 Mbps)
BRR=50
BRR=50
BRR=20
BRR=20
BRR=10
BRR=10
50 Mbps
50 Mbps
20 Mbps
20 Mbps
10 Mbps
10 Mbps
Per-Tunnel shapers
Service rate
shaper
If the total bandwidth exceeds 100 Mbps, each of the
per-tunnel shapers will get their fair share based on
their BRR values.
Example:
50 Mbps site gets 50 / 160 or 31.25%
20 Mbps site gets 20 / 160 or 12.5%
10 Mbps site gets 10 / 160 or 6.25%
46BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
The 12-class view is preserved across the enterprise even though we treat it differently at the egress of the router and send it to different channels within the SP network
The twelve classes remain intact on the inner header and the outer tunnel header is remarked as the traffic leaves the tunnel interface
The remarked outer header is discarded after arriving at the tunnel interface on the receiving router, thus leaving the inner header marking unchanged
Enterprise to SP Mapping
48BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
class-map INTERACTIVE-VIDEO
match dscp af41
policy-map egress-queuing
class INTERACTIVE-VIDEO
set dscp af31
interface GigabitEthernet0/0/1
service-policy output egress-queuing
Term-A
Term-B
GRE
Tunnel
10.1.0.1
Gig0/0/0
10.1.0.2
10.2.0.1
10.2.0.2
SP
Network
L2
Dest
L2
SrcType
User IP
Header
User
Data
Src IP: 10.1.0.1
Dst IP: 10.3.0.1
DSCP: 0
Packet View 1
Src IP: 10.1.0.1
Dst IP: 10.3.0.1
DSCP: af41
Src IP: 10.1.0.1
Dst IP: 10.3.0.1
DSCP: af41
Src IP: 172.16.0.1
Dst IP: 172.16.0.2
DSCP: af31
Packet View 3
Tun10
172.16.0.1
Tun10
172.16.0.2
Gig0/0/1
192.168.0.1
192.168.0.2
Src IP: 10.1.0.1
Dst IP: 10.3.0.1
DSCP: af41
L2
Dest
L2
SrcType
User IP
Header
User
Data
Packet View 2
L2
Dest
L2
SrcType
User IP
Header
User
Data
GRE IP
Header
L2
Dest
L2
SrcType
User IP
Header
User
Data
Packet View 4
DSCP copied Inner-to-Outer *BUT*
we over-write Outer after the copy
10.3.0.1
10.3.0.2
Enterprise to SP MappingSet dscp outbound on physical (Branch)
Video Flow from
Term-A To Term-B
49
class-map match-all MULTIMEDIA_CONFERENCING-NBAR
match protocol attribute traffic-class multimedia-conferencing
match protocol attribute business-relevance business-relevant
policy-map traffic-marking
class MULTIMEDIA_CONFERENCING-NBAR
set dscp af41
interface GigabitEthernet0/0/0
service-policy input traffic-marking
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
class-map INTERACTIVE-VIDEO
match dscp af41
policy-map egress-queuing
class INTERACTIVE-VIDEO
set dscp tunnel af31
interface Tunnel10
service-policy output egress-queuing
Term-A
Term-B
GRE
Tunnel
10.1.0.1
Gig0/0/0
10.1.0.2
10.2.0.1
10.2.0.2
SP
Network
L2
Dest
L2
SrcType
User IP
Header
User
Data
Src IP: 10.1.0.1
Dst IP: 10.3.0.1
DSCP: 0
Packet View 1
Src IP: 10.1.0.1
Dst IP: 10.3.0.1
DSCP: af41
Src IP: 10.1.0.1
Dst IP: 10.3.0.1
DSCP: af41
Src IP: 172.16.0.1
Dst IP: 172.16.0.2
DSCP: af31
Packet View 3
Tun10
172.16.0.1
Tun10
172.16.0.2
Gig0/0/1
192.168.0.1
192.168.0.2
Src IP: 10.1.0.1
Dst IP: 10.3.0.1
DSCP: af41
L2
Dest
L2
SrcType
User IP
Header
User
Data
Packet View 2
L2
Dest
L2
SrcType
User IP
Header
User
Data
GRE IP
Header
L2
Dest
L2
SrcType
User IP
Header
User
Data
Packet View 4
10.3.0.1
10.3.0.2
Enterprise to SP MappingSet dscp tunnel outbound on tunnel (Hub)
‘Set dscp tunnel’ means don’t copy
but instead remember and mark this
value once tunnel header is imposed
Video Flow from
Term-A To Term-B
50
class-map match-all MULTIMEDIA_CONFERENCING-NBAR
match protocol attribute traffic-class multimedia-conferencing
match protocol attribute business-relevance business-relevant
policy-map traffic-marking
class MULTIMEDIA_CONFERENCING-NBAR
set dscp af41
interface GigabitEthernet0/0/0
service-policy input traffic-marking
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enterprise to SP MappingExample: 4-Class SP Model
4-Class Model
SP-VOICEEF
SP-CLASS1DATA
(UDP)AF31
SP-CLASS2DATA
(TCP)
SP-DEFAULTDF
AF21
Network Management
Signaling
Real-Time Interactive
Transactional Data
Multimedia Conferencing
Bulk Data
Scavenger
Best Effort
Multimedia Streaming
Broadcast Video
VoIP
Application
Internetwork Control
AF21
CS3 AF21
CS4 AF31
AF41 AF31
CS2 AF21
AF11 AF21
CS1
DF
AF31
CS5 AF31
EF
CS6
DSCPCS6 Sent
Unchanged
51BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
4-Class SP QoS Model ConfigurationTunnel Interface IWAN Hub BR
policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
set dscp tunnel af31
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
set dscp tunnel af31
class NET-CTRL-MGMT
bandwidth remaining percent 5
set dscp tunnel cs6
class CALL-SIGNALING
bandwidth remaining percent 4
set dscp tunnel af21
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
set dscp tunnel af21
class SCAVENGER
bandwidth remaining percent 1
set dscp tunnel default
class VOICE
priority level 1
police cir percent 10
set dscp tunnel ef
class class-default
bandwidth remaining percent 25
random-detect
set dscp tunnel default
policy-map RS-GROUP-10MBPS-POLICY
class class-default
shape average 10 Mbps
bandwidth remaining ratio 10
service-policy WAN
interface Tunnel10
bandwidth <service-rate>
nhrp map group RS-GROUP-10MBPS service-policy
output RS-GROUP-10MBPS-POLICY
interface GigabitEthernet0/0
bandwidth 10000
service-policy output POLICY-TRANSPORT-1
!
interface Tunnel10
bandwidth 10000
nhrp group RS-GROUP-10MBPS
tunnel source GigabitEthernet0/0
tunnel vrf IWAN-TRANSPORT-1
Hub Router:
Branch Router:
52BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
4-Class SP QoS Model ConfigurationPhysical Interface IWAN Branch
policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
set dscp af31
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
set dscp af31
class NET-CTRL-MGMT
bandwidth remaining percent 5
set dscp cs6
class CALL-SIGNALING
bandwidth remaining percent 4
set dscp af21
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
set dscp af21
class SCAVENGER
bandwidth remaining percent 1
set dscp default
class VOICE
priority level 1
police cir percent 10
set dscp ef
class class-default
bandwidth remaining percent 25
random-detect
set dscp default
policy-map POLICY-TRANSPORT-1
class class-default
shape average 10 Mbps
service-policy WAN
interface GigabitEthernet0/0
bandwidth 10000
service-policy output POLICY-TRANSPORT-1
Branch Router:
53BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enterprise to SP MappingExample: 5-Class SP Model
5-Class Model
SP-VOICEEF
SP-CLASS1DATA
(UDP)AF31
SP-CLASS2DATA
(TCP)
SP-DEFAULTDF
AF21
Network Management
Signaling
Real-Time Interactive
Transactional Data
Multimedia Conferencing
Bulk Data
Scavenger
Best Effort
Multimedia Streaming
Broadcast Video
VoIP
Application
Internetwork Control
AF21
CS3 AF21
CS4 AF31
AF41 AF31
CS2 AF21
AF11 AF21
CS1 AF11
DF
AF31
CS5 AF31
EF
CS6
DSCPCS6 Sent
Unchanged
SP-CLASS3DATAAF11
* - Specified by ISP
*
Reference
54BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
5-Class QoS Model ConfigurationPhysical InterfaceIWAN Branch
policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
set dscp af31
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
set dscp af31
class NET-CTRL-MGMT
bandwidth remaining percent 5
set dscp cs6
class CALL-SIGNALING
bandwidth remaining percent 4
set dscp af21
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
set dscp af21
class SCAVENGER
bandwidth remaining percent 1
set dscp AF11
class VOICE
priority level 1
police cir percent 10
set dscp tunnel ef
class class-default
bandwidth remaining percent 25
random-detect
set dscp default
policy-map POLICY-TRANSPORT-1
class class-default
shape average 10 Mbps
service-policy WAN
interface GigabitEthernet0/0
bandwidth 10000
service-policy output POLICY-TRANSPORT-1
Branch Router:
Reference
55BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enterprise to SP MappingExample: 6-Class SP Model
6-Class Model
SP-VOICEEF
SP-CLASS1DATA
(UDP)AF31
SP-CLASS2DATA
(TCP)
SP-DEFAULTDF
AF21
Network Management
Signaling
Real-Time Interactive
Transactional Data
Multimedia Conferencing
Bulk Data
Scavenger
Best Effort
Multimedia Streaming
Broadcast Video
VoIP
Application
Internetwork Control
AF21
CS3 AF21
CS4 AF41
AF41
CS2 AF21
AF11 AF21
CS1 AF11
DF
AF31
CS5 AF1
EF
CS6
DSCPCS6 Sent
Unchanged
SP-CLASS3DATAAF11
SP-VIDEOAF41
* - Specified by ISP
*
Reference
56BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
6-Class QoS Model ConfigurationPhysical InterfaceIWAN Branch
policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
set dscp af41
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
set dscp af31
class NET-CTRL-MGMT
bandwidth remaining percent 5
set dscp cs6
class CALL-SIGNALING
bandwidth remaining percent 4
set dscp af21
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
set dscp af21
class SCAVENGER
bandwidth remaining percent 1
set dscp af11
class VOICE
priority level 1
police cir percent 10
set dscp ef
class class-default
bandwidth remaining percent 25
random-detect
set dscp default
policy-map POLICY-TRANSPORT-1
class class-default
shape average 10 Mbps
service-policy WAN
interface GigabitEthernet0/0
bandwidth 10000
service-policy output POLICY-TRANSPORT-1
Branch Router:
Reference
57BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application
Class
Per-Hop
Behavior
Queuing &
Dropping
12-Class 8-Class
For IWAN Router
6-Class For
Tunnel
5-class For
Tunnel
4-Class For
Tunnel
Internetwork Control
CS6 BR Queue Net-Ctrl NET-CTRL CS6 CS6 CS6
VoIP Telephony EF Priority Queue (PQ) Voice VOICE EF EF EF
Multimedia Conferencing
AF4 BR Queue + DSCP WRED
Interactive-Video INTERACTIVE-VIDEO AF41 AF31 AF31
Real-Time Interactive
CS4 BR Queue + DSCP WRED
Real-Time INTERACTIVE-VIDEO AF41 AF31 AF31
Broadcast Video CS5 BR Queue + DSCP WRED
Broadcast-Video STREAMING-VIDEO AF31 AF31 AF31
Multimedia Streaming
AF3 BR Queue + DSCP WRED
Streaming-Video STREAMING-VIDEO AF31 AF31 AF31
Signaling CS3 BR Queue Call-Signaling CALL-SIGNALING AF21 AF21 AF21
Ops / Admin / Mgmt CS2 BR Queue + DSCP WRED
Net-Mgmt CRITICAL-DATA AF21 AF21 AF21
Transactional Data AF2 BR Queue + DSCP WRED
Transactional-Data
CRITICAL-DATA AF21 AF21 AF21
Bulk Data AF1 BR Queue + DSCP WRED
Bulk-Data CRITICAL-DATA AF21 AF21 AF21
Best Effort DF BR Queue + RED Default DEFAULT Default Default Default
Scavenger CS1 Min BR Queue Scavenger SCAVENGER AF11 AF11 Default
Enterprise to SP Mapping: Summary
Relevant
Default
Irrelevant BRKRST-2043 58
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN QoS Design: At-A-Glance
http://tinyurl.com/hw4sbj6
Reference
BRKRST-2043 59
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Click to administer
application policies
APIC-EM – IWAN App
62BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Business-Relevant Class-Map (List of Categories that are Business-Relevant)
class-map match-any prm-biz-relevant-cats
match protocol attribute category business-and-productivity-tools
match protocol attribute category voice-and-video
match protocol attribute category backup-and-storage
match protocol attribute category software-updates
match protocol attribute category file-sharing
match protocol attribute category email
match protocol attribute category database
match protocol attribute category browsing
class-map match-all prm-nbar-12-cls#BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#BULK-DATA
match protocol attribute traffic-class bulk-data
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#INTERACTIVE-VIDEO
match protocol attribute traffic-class real-time-interactive
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#NETWORK-CONTROL
match protocol attribute traffic-class network-control
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#MULTIMEDIA-CONFERENCING
match protocol attribute traffic-class multimedia-conferencing
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#VOICE
match protocol attribute traffic-class voip-telephony
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#SIGNALING
match protocol attribute traffic-class signaling
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#MULTIMEDIA-STREAMING
match protocol attribute traffic-class multimedia-streaming
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#SCAVENGER
match class-map prm-biz-irrelevant-cats
Parent Class-Maps to Combine
Category-Based BR with Traffic-Classes
IWAN-App QoS ConfigClassification and Marking Policy
class-map match-any prm-biz-irrelevant-cats
match protocol attribute category consumer-file-sharing
match protocol attribute category consumer-messaging
match protocol attribute category consumer-internet
match protocol attribute category consumer-streaming
match protocol attribute category gaming
match protocol attribute category social-networking
match protocol attribute category instant-messaging
Business-Irrelevant Class-Map
(List of Categories that are Business-Irrelevant)
policy-map prm-nbar-12-cls
class prm-nbar-12-cls#VOICE
set dscp ef
class prm-nbar-12-cls#BROADCAST-VIDEO
set dscp cs5
class prm-nbar-12-cls#INTERACTIVE-VIDEO
set dscp cs4
class prm-nbar-12-cls#MULTIMEDIA-CONFERENCING
set dscp af41
class prm-nbar-12-cls#MULTIMEDIA-STREAMING
set dscp af31
class prm-nbar-12-cls#SIGNALING
set dscp cs3
class prm-nbar-12-cls#NETWORK-CONTROL
set dscp cs6
class prm-nbar-12-cls#NETWORK-MANAGEMENT
set dscp cs2
class prm-nbar-12-cls#TRANSACTIONAL-DATA
set dscp af21
class prm-nbar-12-cls#BULK-DATA
set dscp af11
class prm-nbar-12-cls#SCAVENGER
set dscp cs1
class class-default
set dscp default
RFC 4594-Based Marking Policy-Map
Implements Category-to-Business-Relevance mapping
Vs.
Application-to-Business-Relevance mapping
63BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ingress Marking on LAN
interface GigabitEthernet0/0/0.10
description Data
encapsulation dot1Q 10
ip address 10.5.10.3 255.255.255.0
ip helper-address 10.4.49.10
ip pim sparse-mode
standby version 2
standby 1 ip 10.5.10.1
standby 1 priority 105
standby 1 authentication md5 key-string c1sco123
performance monitor context IWAN-Context
service-policy input prm-nbar-12-cls
policy-map prm-dscp#iwan-8-id0
class prm-iwan8#VOICE
priority level 1
police cir percent 10
set dscp ef
class prm-iwan8#STREAMING-VIDEO
bandwidth remaining percent 10
set dscp af31
random-detect dscp-based
class prm-iwan8#CALL-SIGNALING
bandwidth remaining percent 4
set dscp cs3
class prm-iwan8#NET-CTRL-MGMT
bandwidth remaining percent 5
set dscp cs6
class prm-iwan8#INTERACTIVE-VIDEO
bandwidth remaining percent 30
set dscp af41
random-detect dscp-based
class prm-iwan8#CRITICAL-DATA
bandwidth remaining percent 25
set dscp af21
random-detect dscp-based
class prm-iwan8#SCAVENGER
bandwidth remaining percent 1
set dscp cs1
class class-default
bandwidth remaining percent 25
set dscp default
random-detect dscp-based
Child Policy:
8-class WAN queuing and 6-class SP
IWAN-App QoS ConfigIngress Marking and Egress Queuing in Branch
64
interface GigabitEthernet0/0/2
bandwidth 30000
ip vrf forwarding IWAN-TRANSPORT-1
ip address 10.5.5.102 255.255.255.252
media-type rj45
negotiation auto
no cdp enable
service-policy output prm-dscp#iwan-8-id0#shape#30.0
Egress Queuing on Physical Interface
policy-map prm-dscp#iwan-8-id0#shape#30.0
class class-default
shape average 30000000
service-policy prm-dscp#iwan-8-id0
Parent Policy:
Shape for Service Rate
Marking Policy Map on Previous Page
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Key Takeaways
IWAN Considerations
Design Issues
Aggregate Priority Load
Latency for Low Speed
IPSec Anti-Replay
IWAN 2.1 CVD
Ingress LAN Marking
NBAR2 QoS Attributes
Traffic-Class
Business-Relevance
Coming in IWAN 2.1.1 CVD
Egress WAN Queuing
QoS and App Control
WAN Queuing
Sub-Line Rate Interfaces
DMVPN Per Tunnel QoS
Enterprise to SP Mapping
IWAN 2.1 CVD
66BRKRST-2043
Or … just click on the “Easy” button with the APIC-EM IWAN App!
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Design Guides for Intelligent WAN
IWAN Technology Design Guide
IWAN DIA and Guest Wireless Design Guide
IWAN WAAS and Akamai Design Guide
http://www.cisco.com/go/cvd/wan
Technical Design Guide Profile Type Design Models
IWAN Technology
IWAN Config FilesBase
ASR 1K
CSR 1K (Hub MC)
ISR 4K
ISR G2
Hybrid
Dual Internet
Single Router
Dual Router
Transit Site
Hub BR Scaling
IWAN DIA and Guest Advanced ISR 4KRemote Site Direct Internet Access
Remote Site Guest Wireless
IWAN WAAS and Akamai Advanced ISR 4KWAAS
Akamai Connect
Design Overview Technology Type Design Models
WAN Design IWAN / WAN All Overview
IWAN 2.1 CVD
Feb 2016
67BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Recommended Reading
68
Coming
Soon
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• TECCRS-2004 – Implementing the Intelligent WAN
• BRKCRS-2000 – Intelligent WAN Architecture
• BRKRST-2043 – IWAN AVC/QoS Design
• BRKRST-2362 – IWAN Implementing Performance Routing (PfRv3)
• BRKRST-2514 – Cisco Intelligent WAN (IWAN) & Application Optimization
• BRKRST-3413 – IWAN Serviceability: Deploying, Monitoring, and Operating
• BRKCRS-2007 – Migrating Your Existing WAN to Cisco’s IWAN
• BRKCRS-1244 – SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN)
• BRKNMS-1040 – IWAN and AVC Management with Cisco Prime Infrastructure
• BRKSDN-2099 – IWAN Management via APIC-EM (SDN Controller)
• BRKARC-3004 – APIC-EM: Controller Workflow and Use Cases
Other IWAN Related Sessions
69BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us.
70BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
71BRKRST-2043
Please join us for the Service Provider Innovation Talk featuring:
Yvette Kanouff | Senior Vice President and General Manager, SP Business
Joe Cozzolino | Senior Vice President, Cisco Services
Thursday, July 14th, 2016
11:30 am - 12:30pm, In the Oceanside A room
What to expect from this innovation talk
• Insights on market trends and forecasts
• Preview of key technologies and capabilities
• Innovative demonstrations of the latest and greatest products
• Better understanding of how Cisco can help you succeed
Register to attend the session live now or
watch the broadcast on cisco.com
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
R&S Related Cisco Education Offerings
Course Description Cisco Certification
CCIE R&S Advanced Workshops (CIERS-1 &
CIERS-2) plus
Self Assessments, Workbooks & Labs
Expert level trainings including: instructor led workshops, self
assessments, practice labs and CCIE Lab Builder to prepare candidates
for the CCIE R&S practical exam.
CCIE® Routing & Switching
• Implementing Cisco IP Routing v2.0
• Implementing Cisco IP Switched
Networks V2.0
• Troubleshooting and Maintaining
Cisco IP Networks v2.0
Professional level instructor led trainings to prepare candidates for the
CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in
self study eLearning formats with Cisco Learning Labs.
CCNP® Routing & Switching
Interconnecting Cisco Networking Devices:
Part 2 (or combined)
Configure, implement and troubleshoot local and wide-area IPv4 and IPv6
networks. Also available in self study eLearning format with Cisco Learning
Lab.
CCNA® Routing & Switching
Interconnecting Cisco Networking Devices:
Part 1
Installation, configuration, and basic support of a branch network. Also
available in self study eLearning format with Cisco Learning Lab.
CCENT® Routing & Switching
76
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
QoS Tools Review: Classification & Marking
• Classification:
• An action that organizes packets into different traffic types, to which different policies can then be applied
• Classification of packets can happen without marking
• Marking:
• Writes a value into the packet header
• Establishes a trust boundary at the network edge
• Can be used in other locations in the network and is not always used solely for purposes of classification
Classification vs. Marking
BRKRST-2043 78
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
QoS Tools Review: Classification & Marking Tools
• Classification can be done on:
• Layer 1 criteria—such as ingress physical interface
• Layer 2 criteria—such as IEEE 802.1Q/p CoS
• Layer 3 criteria—such as IP DSCP
• Layer 4 criteria—such as TCP/UDP port(s)
• Layer 7 criteria—such as NBAR application signatures
• Marking can be done on:
• Layer 2 fields—such as IEEE 802.1Q/p CoS
• Layer “2.5” fields—such as MPLS EXP
• Layer 3 fields—such as IP DSCP
• Internal fields—such as QoS Group
Classification and Marking Options for the WAN
BRKRST-2043 79
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ToS IP SA IP DA SrcPort
DstPort
Protocol
• Identifies ~1400 applications and protocols
• Application payload deep packet inspection
• Supports application media-sub-component classification
TCP/UDP Segment
Deep Packet Inspection
Data PayloadIP Packet
QoS Tools Review: Classification & Marking ToolsLayer 7 Classification: Network Based Application Recognition (NBAR/NBAR2)
class-map CISCO-JABBER-VOICE
match protocol cisco-jabber-audio
class-map CISCO-JABBER-VIDEO
match protocol cisco-jabber-video
class-map CISCO-JABBER-MESSAGING
match protocol cisco-jabber-im
class-map CISCO-JABBER-SIGNALING
match protocol cisco-jabber-control
BRKRST-2043 80
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• 802.1p User Priority field also called Class of Service (CoS)
• Different types of traffic are assigned different CoS values
• CoS 6 and 7 are reserved for network use
802.1Q
4 Bytes
Three Bits Used for CoS
(802.1p Class of Service)
Data FCSPTSADASFDPream Type
PRI VLAN IDCFI
Ethernet Frame
CoS Acronym Traffic characteristics
0 BE Best Effort
1 BK Background
2 EE Excellent Effort
3 CA Critical Applications
4 VI Video, < 100 ms latency
5 VO Voice, < 10 ms latency
6 IC Internetwork Control
7 NC Network Control
IEEE 802.1Q-2005
QoS Tools Review: Classification & Marking ToolsLayer 2 Marking: IEEE 802.1Q/p CoS
class-map VOICE
match cos 5
policy-map MARKING
class INTERACTIVE-VIDEO
set cos 4
BRKRST-2043 81
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• IP Precedence (relegated): Three most significant bits of ToS byte are called IP
Precedence (IPP)—other bits unused
• Differentiated Services: Six most significant bits of ToS byte are called DiffServ
Code Point (DSCP)—remaining two bits used for Explicit Congestion Notification
(ECN)
• DSCP and ECN are also used in IPv6
7 6 5 4 3 2 1 0
ID Offset TTL Protocol FCS IP SA IP DA DataLengthVersion/
Header_Len
ToS
Byte
DiffServ Code Point (DSCP) IP ECN
IPv4 Packet
IP Precedence Unused
QoS Tools Review: Classification & Marking ToolsLayer 3 Marking: IP Type of Service (ToS) Byte
BRKRST-2043 82
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
x x x y y 0AFxy
Class Drop
Precedence
DSCP
IP Header ToS Byte
EF
Default Forwarding
(Best Effort)
RFC 2474
AF11
AF21
AF31
AF41
AF12
AF22
AF32
AF42
Expedited Forwarding
RFC 3246
Assured Forwarding
RFC 2597
Per-Hop Behaviors (PHB) Diff-Serv Code Points
101110
001010 001100 001110
010010 010100 010110
011010 011100 011110
100010 100100 100110
Class 1
Class 2
Class 3
Class 4
Low Drop
Pref
Med Drop
Pref
High Drop
Pref
000000
46
10 12 14
18 20 22
26 28 30
34 36 38
0DF
QoS Tools Review: Classification & Marking ToolsLayer 3 Marking: DSCP Per-Hop Behaviors (PHBs)
class-map VOICE
match dscp ef
policy-map MARKING
class INTERACTIVE-VIDEO
set dscp af41
Class Selector
(Matches IP Precedence)
RFC 2474
0010008
CS1
AF13
AF23
AF33
AF43
83
CS2 CS3
CS4 CS5 CS6
01000016
01100024
10000032
10100040
11000048
CS0
CS7 11100056
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
QoS Tools Review: Policing & Shaping Tools
• Policers:
• Perform checks for traffic violations against a configured rate and take immediate prescribed actions (such as remarking or dropping)
• Policers do not delay traffic
• Policers may be applied to the data plane or the control plane
• Shapers:
• Smooth out traffic flows so that it never exceeds the configured rate
• If the offered traffic momentarily spikes above the contracted rate, the excess traffic is buffered and delayed until the offered traffic once again dips below the defined rate
• Shapers usually are employed to meet a Service Level Agreement (SLA)
Policers vs. Shapers
BRKRST-2043 85
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Action Action
Overflow
B<Tc B<Te
Conform Exceed Violate
CBS EBS
CIR
Yes Yes
No No
Action
Packet of
Size B
QoS Tools Review: Policing & Shaping ToolsRFC 2697 Single-Rate Three-Color Marker
CIR = Committed Information Rate
CBS = Committed Burst Size
EBS = Excess Burst Size
Tc = Token Committed (CBS)
Te = Token Excess (EBS)
Bc = Burst Committed (CBS)
Be = Burst Excess (EBS)BRKRST-2043 86
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Action Action
Overflow
B<Tc B<Te
Conform Exceed Violate
CBS EBS
CIR
Yes Yes
No No
Action
Packet of
Size B
QoS Tools Review: Policing & Shaping ToolsRFC 2697 Single-Rate Three-Color Marker
policy-map RFC2697-POLICER
class CLASS-1
police cir 500000 bc 10000 be 10000
conform-action set-dscp-transmit af11
exceed-action set-dscp-transmit af12
violate-action set-dscp-transmit af13
CIR = Committed Information Rate
CBS = Committed Burst Size
EBS = Excess Burst Size
Tc = Token Committed (CBS)
Te = Token Excess (EBS)
Bc = Burst Committed (CBS)
Be = Burst Excess (EBS)BRKRST-2043 87
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ActionAction
B>Tp B>Tc
ExceedViolate
PBS CBS
PIR
Yes Yes
No No
Conform
Action
Packet of
Size B
CIR
QoS Tools Review: Policing & Shaping ToolsRFC 2698 Two-Rate Three-Color Marker
PIR = Peak Information Rate
PBS = Peak Burst Size
CIR = Committed Information Rate
CBS = Committed Burst Size
Tp = Token Peak (PBS)
Tc = Token Committed (CBS)
Bc = Burst Committed (CBS)
Be = Burst Excess (PBS)BRKRST-2043 88
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ActionAction
B>Tp B>Tc
ExceedViolate
PBS CBS
PIR
Yes Yes
No No
Conform
Action
Packet of
Size B
CIR
QoS Tools Review: Policing & Shaping ToolsRFC 2698 Two-Rate Three-Color Marker
policy-map RFC2698-POLICER
class CLASS-2
police cir 500000 bc 10000 pir 100000 be 10000
conform-action set-dscp-transmit af11
exceed-action set-dscp-transmit af12
violate-action set-dscp-transmit af13
PIR = Peak Information Rate
PBS = Peak Burst Size
CIR = Committed Information Rate
CBS = Committed Burst Size
Tp = Token Peak (PBS)
Tc = Token Committed (CBS)
Bc = Burst Committed (CBS)
Be = Burst Excess (PBS)BRKRST-2043 89
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
QoS Tools Review: Policing & Shaping ToolsPriority Queue with Conditional Policer
P1
Police
20M
priority data class-default
100 Mbps
Interface
30 Mbps
30 Mbps
Offered
Load
Congestion
Feedback
30 Mbps
Expected
Throughput
Per Class
Behavior with No Congestion
P1
Police
20M
priority data class-default
100 Mbps
Interface
30 Mbps
20 Mbps
Congestion
Feedback
20 Mbps
Behavior with Congestion
90 Mbps
80 Mbps
policy-map CONDITIONAL-POLICER
class PRIORITY
priority 200000
No Congestion
No Policing
BRKRST-2043 90
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Aggregate Priority LoadPriority Queue with Always On Policer (Explicit Policer)
P1
Police
20M
priority data class-default
100 Mbps
Interface
30 Mbps
20 Mbps
Offered
Load
20 Mbps
Expected
Throughput
Per Class
Behavior with No Congestion
P1
Police
20M
priority data class-default
100 Mbps
Interface
30 Mbps
20 Mbps
20 Mbps
Behavior with Congestion
90 Mbps
80 Mbps
policy-map ALWAYS-ON-POLICER
class PRIORITY
priority level 1
police cir 200000
Always On
Policer
BRKRST-2043 91
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
QoS Tools Review: Policing & Shaping ToolsShaping Effect on Traffic Patterns
With Traffic Shaping
Without Traffic ShapingLineRate
ServiceRate
Traffic Shaping Limits the Transmit Rate to a Value Lower Than Line Rate
policy-map CLASS-BASED-SHAPER
class class-default
shape average 10 Mbps
service-policy WAN
• Policers typically drop traffic
• Shapers delay excess traffic, smooth bursts
and prevent unnecessary drops
BRKRST-2043 92
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Packets In Packets OutTx-Ring
IOS Interface Buffers
If the Tx-Ring is filled to capacity,
then the IOS software knows that the interface
is congested and it should activate any
LLQ/CBWFQ policies that have been
applied to the interface
QoS Tools Review: Queuing & Dropping ToolsTx-Ring
interface Serial2/0
tx-ring-limit 4
BRKRST-2043 94
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Packets In
Packets Out
A flow is defined by five matching tuples:
Source Address + Source Port
Destination Address + Destination Port
Layer 4 Protocol (TCP or UDP)
QoS Tools Review: Queuing & Dropping Tools(Flow-Based) Fair-Queuing
policy-map FQ
class class-default
fair-queue
Fair-Queuing
Sorter/Pre-Sorter
BRKRST-2043 95
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Packets In
Packets Out
IOS Interface Buffers
Tx-Ring
Multimedia Conferencing CBWFQ
Multimedia Streaming CBWFQ
Network Control CBWFQ
Call Signaling CBWFQ
OAM CBWFQ
Transactional Data CBWFQ
Bulk Data CBWFQ
Best Effort / Default CBWFQ
Scavenger CBWFQ
CBWFQ
Scheduler
FQ
FQ
FQ
FQ
Pre-Sorters
FQ
FQ
QoS Tools Review: Queuing & Dropping ToolsCBWFQ policy-map WAN
class NETWORK-CONTROL
bandwidth remaining percent 5
class CALL-SIGNALING
bandwidth remaining percent 4
class STREAMING-VIDEO
bandwidth remaining percent 10
fair-queue
random-detect dscp-based
class MM-CONFERENCING
bandwidth remaining percent 30
fair-queue
random-detect dscp-based
…
BRKRST-2043 96
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Packets InPackets Out
IOS Interface Buffers
Tx-Ring
CBWFQ
Scheduler
LLQ
10% Strict
VOICE
Policer
FQ
Pre-SortersCBWFQs
policy-map WAN
class VOICE
priority level 1
police cir percent 10
QoS Tools Review: Queuing & Dropping ToolsLLQ: Single-LLQ Operation and Configuration
BRKRST-2043 97
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Packets InPackets Out
Tx-Ring
CBWFQ
Scheduler
LLQ
1 Mbps
VOICE
Policer
4 Mbps
Bscst-Video
Policer
5 Mbps
RT-Interactive
Policer
CBWFQs
policy-map MULTI-LLQ
class VOICE
priority 1000
class BROADCAST-VIDEO
priority 4000
class REALTIME-INTERACTIVE
priority 5000
QoS Tools Review: Queuing & Dropping ToolsLLQ: Multi-LLQ Operation and Configuration
BRKRST-2043 98
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Time
Bandwidth
Utilization100%
BW
Tail Drop
Three Traffic Flows
Start at Different Times
Another Traffic Flow
Starts at This Point
QoS Tools Review: Queuing & Dropping ToolsThe Need for Congestion Avoidance
All TCP flows synchronize in waves
TCP synchronization wastes available bandwidth
BRKRST-2043 99
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Bulk Data CBWFQ
Fair-
Queuing
Pre-Sorter
AF13 Minimum WRED Threshold:
Begin randomly dropping AF13 packets
AF12 Minimum WRED Threshold:
Begin randomly dropping AF12 packets
AF11 Minimum WRED Threshold:
Begin randomly dropping AF11 packets
Maximum WRED Thresholds for AF11, AF12 and AF13 are set to the tail of the queue in this example
Front
of
Queue
Tail
of
Queue
Direction
of
Packet
Flow
policy-map BULK-WRED
class BULK
bandwidth remaining percent 10
random-detect dscp-based
QoS Tools Review: Queuing & Dropping ToolsDSCP-Based WRED
BRKRST-2043 100
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Layers
MPLS Routing Internet Routing
Overlay Routing Protocol (BGP, EIGRP)
Transport Independent Design (DMVPN)
PfRAVC QoS
Infrastructure Routing
Transport Overlay
Overlay routing
over tunnels
Intelligent Path
Selection
ZBFW
CWS
BRKRST-2043 102
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
PfRv3 – How it Works
Path Enforcement
Define path optimization
policies on the Hub MC
load balancing,
path preference, application
metrics
DSCP Based Policies
Application Based Policies
Traffic flowing through the
Border Routers (BRs) that
match a policy are learned
Traffic Classes
Unified Performance
Monitor
Report the measured TC
performance metrics to
the Master Controller for
policy compliance
Unified Performance
Monitor
Master Controller directs
BR path changes to keep
traffic within policy
Route Enforcement
module in feature path
MeasurementLearn the TrafficDefine your Traffic Policy
ISR G2
ASR1K MC
BR BR
MC
BR BR
Performance
MeasurementsMC
BR BR
Learning
Active TCs
Traffic
Classes
TC Path
BRKRST-2043 103
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Design – PfR Policy
• Create the PfR classes with matching policy names and DSCP values to simplify the configuration
• Define the path preference for traffic
• Load balance non-priority traffic
domain IWAN
vrf default
master hub
load-balance
class VOICE sequence 10
match dscp ef policy voice
path-preference MPLS fallback INET
class INTERACTIVE_VIDEO sequence 20
match dscp cs4 policy real-time-video
match dscp af41 policy real-time-video
match dscp af42 policy real-time-video
match dscp af43 policy real-time-video
path-preference MPLS fallback INET
class LOW_LATENCY_DATA sequence 30
match dscp cs2 policy low-latency-data
match dscp cs3 policy low-latency-data
match dscp af21 policy low-latency-data
match dscp af22 policy low-latency-data
match dscp af23 policy low-latency-data
path-preference MPLS fallback INET
IWAN Master Controller
class BULK_DATA sequence 40
match dscp af11 policy bulk-data
match dscp af12 policy bulk-data
match dscp af13 policy bulk-data
path-preference MPLS fallback INET
class SCAVENGER sequence 50
match dscp cs1 policy scavenger
path-preference INET fallback MPLS
class DEFAULT sequence 60
match dscp default policy best-effort
path-preference INET fallback MPLS
BRKRST-2043 104
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
PfR Built-in Policy Templates
Pre-defined
Template
Threshold Definition
Voice priority 1 one-way-delay threshold 150 threshold 150 (msec)
priority 2 packet-loss-rate threshold 1 (%)
priority 2 byte-loss-rate threshold 1 (%)
priority 3 jitter 30 (msec)
Real-time-video priority 1 packet-loss-rate threshold 1 (%)
priority 1 byte-loss-rate threshold 1 (%)
priority 2 one-way-delay threshold 150 (msec)
priority 3 jitter 20 (msec)
Low-latency-
data
priority 1 one-way-delay threshold 100 (msec)
priority 2 byte-loss-rate threshold 5 (%)
priority 2 packet-loss-rate threshold 5 (%)
Pre-defined
Template
Threshold Definition
Bulk-data priority 1 one-way-delay threshold 300 (msec)
priority 2 byte-loss-rate threshold 5 (%)
priority 2 packet-loss-rate threshold 5 (%)
Best-effort priority 1 one-way-delay threshold 500 (msec)
priority 2 byte-loss-rate threshold 10 (%)
priority 2 packet-loss-rate threshold 10 (%)
Scavenger priority 1 one-way-delay threshold 500 (msec)
priority 2 byte-loss-rate threshold 50 (%)
priority 2 packet-loss-rate threshold 50 (%)
BRKRST-2043 105
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
PfR Manages Traffic Class
INETMPLS
10.1.10.0/24 10.1.11.0/2410.1.12.0/2410.1.13.0/24
IWAN POP
MC1
BR1 BR2
R10 R11 R12 R13
Traffic Class
Destination Prefix
DSCP Value
Application (N/A when DSCP policies used)
Prefix DSCP AppID Dest SiteNext-Hop
10.1.11.0/24 EF N/A Site 11 ?
10.1.11.0/24 AF41 N/A Site 11 ?
10.1.11.0/24 AF31 N/A Site 11 ?
10.1.11.0/24 0 N/A Site 11 ?
10.1.10.0/24 EF N/A Site 10 ?
10.1.10.0/24 AF41 N/A Site 10 ?
10.1.10.0/24 AF31 N/A Site 10 ?
10.1.10.0/24 0 N/A Site 10 ?
Traffic with EF, AF41, AF31 and 0
BRKRST-2043 106
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Click to administer
application policies
APIC-EM – IWAN App
108BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Categorize applications
Add custom applications
IWAN App – Categorize Applications
109BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Drag and drop each application
(one ore more) from one
business class to the other
IWAN App – Categorize Applications
110BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application priority policy
setting in IWAN app
Path preference: Set
primary and action on
threshold crossing, which
can be a second path or
drop traffic
Drag and drop
business buckets
Drag and Drop a business
category among: business
critical | scavenger | default
IWAN App – Define Application Policy
111BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Business-Relevant Class-Map (List of Categories that are Business-Relevant)
class-map match-any prm-biz-relevant-cats
match protocol attribute category business-and-productivity-tools
match protocol attribute category voice-and-video
match protocol attribute category backup-and-storage
match protocol attribute category software-updates
match protocol attribute category file-sharing
match protocol attribute category email
match protocol attribute category database
match protocol attribute category browsing
class-map match-all prm-nbar-12-cls#BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#BULK-DATA
match protocol attribute traffic-class bulk-data
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#INTERACTIVE-VIDEO
match protocol attribute traffic-class real-time-interactive
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#NETWORK-CONTROL
match protocol attribute traffic-class network-control
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#MULTIMEDIA-CONFERENCING
match protocol attribute traffic-class multimedia-conferencing
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#VOICE
match protocol attribute traffic-class voip-telephony
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#SIGNALING
match protocol attribute traffic-class signaling
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#MULTIMEDIA-STREAMING
match protocol attribute traffic-class multimedia-streaming
match class-map prm-biz-relevant-cats
class-map match-all prm-nbar-12-cls#SCAVENGER
match class-map prm-biz-irrelevant-cats
Parent Class-Maps to Combine
Category-Based BR with Traffic-Classes
IWAN-App QoS ConfigClassification and Marking Policy
class-map match-any prm-biz-irrelevant-cats
match protocol attribute category consumer-file-sharing
match protocol attribute category consumer-messaging
match protocol attribute category consumer-internet
match protocol attribute category consumer-streaming
match protocol attribute category gaming
match protocol attribute category social-networking
match protocol attribute category instant-messaging
Business-Irrelevant Class-Map
(List of Categories that are Business-Irrelevant)
policy-map prm-nbar-12-cls
class prm-nbar-12-cls#VOICE
set dscp ef
class prm-nbar-12-cls#BROADCAST-VIDEO
set dscp cs5
class prm-nbar-12-cls#INTERACTIVE-VIDEO
set dscp cs4
class prm-nbar-12-cls#MULTIMEDIA-CONFERENCING
set dscp af41
class prm-nbar-12-cls#MULTIMEDIA-STREAMING
set dscp af31
class prm-nbar-12-cls#SIGNALING
set dscp cs3
class prm-nbar-12-cls#NETWORK-CONTROL
set dscp cs6
class prm-nbar-12-cls#NETWORK-MANAGEMENT
set dscp cs2
class prm-nbar-12-cls#TRANSACTIONAL-DATA
set dscp af21
class prm-nbar-12-cls#BULK-DATA
set dscp af11
class prm-nbar-12-cls#SCAVENGER
set dscp cs1
class class-default
RFC 4594-Based Marking Policy-Map
Implements Category-to-Business-Relevance mapping
Vs.
Application-to-Business-Relevance mapping
112BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ingress Marking on LAN
interface GigabitEthernet0/0/0.10
description Data
encapsulation dot1Q 10
ip address 10.5.10.3 255.255.255.0
ip helper-address 10.4.49.10
ip pim sparse-mode
standby version 2
standby 1 ip 10.5.10.1
standby 1 priority 105
standby 1 authentication md5 key-string c1sco123
performance monitor context IWAN-Context
service-policy input prm-nbar-12-cls
policy-map prm-dscp#iwan-8-id0
class prm-iwan8#VOICE
priority level 1
police cir percent 10
set dscp ef
class prm-iwan8#STREAMING-VIDEO
bandwidth remaining percent 10
set dscp af31
random-detect dscp-based
class prm-iwan8#CALL-SIGNALING
bandwidth remaining percent 4
set dscp cs3
class prm-iwan8#NET-CTRL-MGMT
bandwidth remaining percent 5
set dscp cs6
class prm-iwan8#INTERACTIVE-VIDEO
bandwidth remaining percent 30
set dscp af41
random-detect dscp-based
class prm-iwan8#CRITICAL-DATA
bandwidth remaining percent 25
set dscp af21
random-detect dscp-based
class prm-iwan8#SCAVENGER
bandwidth remaining percent 1
set dscp cs1
class class-default
bandwidth remaining percent 25
set dscp default
random-detect dscp-based
Child Policy:
8-class WAN queuing and 6-class SP
IWAN-App QoS ConfigIngress Marking and Egress Queuing in Branch
113
interface GigabitEthernet0/0/2
bandwidth 300000
ip vrf forwarding IWAN-TRANSPORT-1
ip address 10.5.5.102 255.255.255.252
media-type rj45
negotiation auto
no cdp enable
service-policy output prm-dscp#iwan-8-id0#shape#300.0
Egress Queuing on Physical Interface
policy-map prm-dscp#iwan-8-id0#shape#300.0
class class-default
shape average 300000000
service-policy prm-dscp#iwan-8-id0
Parent Policy:
Shape for Service Rate
Marking Policy Map on Previous Page
BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Monitoring at the Receiver• Short Term: Monitor loss per tunnel OR Rx-rate per tunnel (aggregate tunnel monitoring)
• Long term: Monitor loss per policy/class on a tunnel
• Monitoring & Feedback is a recurring/periodic process
• Feed-back loss per tunnel to the sender (any transport of choice)
• Processing at the Sender• Receive feedback from receiver
• Read relevant tunnel’s Tx-rate at the sender
• Evaluate loss based on difference between Rx-rate and Tx-rate
• Once loss is known at the sender (through explicit feed-back of loss or via <Rx-rate, Tx-rate> calculation), map it to QoS policy/class
• Adjust shape rate to dynamically adjust to the current Internet BW if required
Adaptive QoS with DMVPNHow To Compute Available BW & Adjust Shapers
Static Bandwidth Management - Not adapting shapers in fluctuating BW environments can make the
shapers irrelevant and admins would lose control of which applications are getting dropped!
BRKRST-2043 115
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
DMVPN
Spoke Site
Internet
based
WAN
DMVPN
Hub Site
5 Mbps
Shaper towards this spoke
= 6 Mbps (offered)
Egress shaper
= 5 Mbps (offered)
6 Mbps
Adaptive QoSHow To Compute Available BW & Adjust Shapers
BRKRST-2043 116
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
DMVPN
Spoke Site
Internet
based
WAN
DMVPN
Hub Site
Egress shaper
= 3 Mbps available)
Shaper towards this spoke
= 4 Mbps (available)
Available BW check:Tunnel Rx Loss,Rx/Tx compute
Algorithm to compute available upstream and downstream BW
Available downstream BW = 4 Mbps
Available upstream BW = 3 Mbps
• Accurate view of available BW in
non SLA environments
• Adapting business critical
applications to what is available
on link
• No more indiscriminate drops -
tighter control of business
policies for IWAN
Benefits:
Compute
Available
BW -
function of
the router
Adaptive QoSHow To Compute Available BW & Adjust Shapers
BRKRST-2043 117
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Adaptive QoS For DMVPNHow Does It Work?
Adapt shaping rate at the Sender based on the available bandwidth between specific Sender and Receiver (two end-points of a DMVPN tunnel)
Sender Receiver
• Configure MQC Policy with Adaptive Shaping
• Attach service-policy to nhrp-group in Egress
DMVPN Tunnel
Transport Monitoring Enablement Message
Create State for Periodic Collection of Stats
on a Relevant Target
Transport Received Rate
1) Calculate Available Bandwidth in the Cloud
2) Adapt Egress Shaper to New Calculated Rate
BRKRST-2043 118
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
High Level Algorithm to Compute Available BW
• Use a Training Period to estimate Transmit and Receive Counter Clock Shift (roughly)
• After Compensating for the Clock Shift, use transmit and receive count values difference to determine whether losses have occurred
• Transmitter shapes the traffic to a configured percentage of bottleneck link bandwidth once drops are detected
• If no drop is detected for a period of time, the shaper will increase its rate
BRKRST-2043 119
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Algorithm To Compute Available BWDRAC (Dynamic Rate Control)
Sink
Sent pkt
Received pkt
Source
DroppedShaped Rate
Transmit
Intelligent, determine shaper rate based on transmit and
receive count difference
Receive
Passive, feedback receive counter values every 10sec
BRKRST-2043 120
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Adaptive QoS for DMVPNConfiguration (Hub)
interface Tunnel1
ip address 192.168.1.1 255.255.255.0no ip redirectsip nhrp authentication GetDm0ip nhrp group 1ip nhrp map multicast dynamic
ip nhrp map group 1 service-policy output qosip nhrp network-id 1ip tcp adjust-mss 1360load-interval 30cdp enabletunnel source Loopback1tunnel mode gre multipointtunnel key 10001tunnel protection ipsec profile P1
HUB
policy-map qosclass class-default
shape adaptive upper-bound 6000000 lower-bound 2000000 service-policy child
policy-map childclass prec5priority percent 20class class-defaultbandwidth percent 80
Policy on DMVPN Tunnel -Assigned per NHRP spoke - consistent with Per Tunnel QoS
Hub->Spoke, Spoke-Hub- Adaptive shapers supported on hub->spoke & spoke->hub
- spoke->spoke in roadmap
Adaptive Shaper on Parent Class -Not allowed to configuring in Child Class
shape adaptive upper-bound <<bps> | percent <value>>
[lower-bound <<bps> | percent <value>>]
upper-bound : Mandatory (max ceiling for shaper) & Initial Value
lower-bound : Optional (0 if not specified)
BRKRST-2043 121
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Adaptive QoS for DMVPNConfiguration (Spoke)
interface Tunnel1
ip address 192.168.1.2 255.255.255.0no ip redirectsip nhrp authentication GetDm0ip nhrp group 1ip nhrp map 192.168.1.1 11.1.1.1ip nhrp map multicast 11.1.1.1
ip nhrp map group 1 service-policy output qosip nhrp network-id 1ip nhrp nhs 192.168.1.1ip nhrp server-onlyip nhrp hold-time 360ip tcp adjust-mss 1360load-interval 30cdp enabletunnel source Loopback1tunnel mode gre multipointtunnel key 10001tunnel protection ipsec profile P1
Spoke
policy-map qosclass class-default
shape adaptive upper-bound 6000000 lower-bound 2000000 service-policy child
policy-map childclass class-defaultbandwidth percent 80service-policy grand_child
policy-map grand_childclass class-default
Policy on DMVPN Tunnel -Assigned per NHRP spoke - consistent with Per Tunnel QoS
Hub->Spoke, Spoke-Hub- Adaptive shapers supported on hub->spoke & spoke->hub
- spoke->spoke in roadmap
Adaptive Shaper on Parent Class -Not allowed to configuring in Child Class
shape adaptive upper-bound <<bps> | percent <value>>
[lower-bound <<bps> | percent <value>>]
upper-bound : Mandatory (max ceiling for shaper) & Initial Value
lower-bound : Optional (0 if not specified)
BRKRST-2043 122
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Adaptive QoS Summary
The Adaptive QoS feature is not going to be documented in the CVD, but
is a valid corner case that can be used in portions of a customers network.
Adaptive QoS conflicts with PfR, because they are both trying to control
traffic on the same interface at the same time.
Adaptive QoS and PfR have not been officially tested together. Using it
with IWAN is considered a custom design.
123BRKRST-2043
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ethernet Overhead Accounting
The Ethernet Overhead Accounting feature enables the router to
account for downstream Ethernet frame headers when applying
shaping to packets.
Overhead can be calculated using keywords or with the user defining
the value for themselves.
Example for 14 bytes of Ethernet:
policy-map ethernet_overhead
class class-default
shape average 200000 account user-defined 14
interface GigabitEthernet1/0/0
service-policy output ethernet_overhead
125
http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/qos/configuration/guide/2_xe/qos_xe_book/eth_overhead_acctng_xe.html
BRKRST-2043