quality of service cat 6500

1

1 Copyright 2005

Quality of ServiceOn the Catalyst 6500

Ron Trunk, CCIE, CISSPSr. Consultant

Chesapeake Netcraftsmen, LLC

2 Copyright 2005

About Chesapeake NetCraftsmen

• Chesapeake NetCraftsmen delivers high-availability solutions for Network Design, Operating Systems, Applications, Security, Storage and IP Telephony with deeply experienced CCIEs who excel at Knowledge Transfer.

• Chesapeake NetCraftsmen consultants include some of the most experienced Cisco CCIEs in the country.

• In fact, many of our consultants were among the first to gain those credentials, which is why we have some of the earliest certification numbers.

• Our technical staff averages at least 10 years of experience in the networking industry and many have taught Cisco Certified training.

2

3 Copyright 2005

Topics

• Quality of Service Review

• QoS For Convergence• QoS for Security• QoS Technology and

Tools• QoS Best Practices• Configuring QoS on

Catalyst 6500

4 Copyright 2005

The Tao of Caffeine

• Caffeine is a highly complex bitter alkaloid– From the same family of plant derivatives as

• morphine• codeine

• Acts on the body’s dopamine receptors– Think of it like Prozac-lite

• Caffeine is the only psychoactive drug that does not have any legal restrictions – Approved by the FDA as a food additive

3

5 Copyright 2005

Caffeine Harmony

too little too much

Cranky, irritable, jittery, frustration

Side Effects

Sleepy, day dreaming, confusion

Side Effects

How do you spell QoS again!??

QoS. Yep, I get it. Now shut up!!

Wow, this is great! This Ron guy is REALLY

smart!

Happy, cheery, attentive, focused, think highly of other people

Side Effects

6 Copyright 2005

Caffeine Delivery Vectors

0102030405060708090

100

Tea

Coca-

Cola

Mou

ntai

n Dew Jo

lt

Red B

ull

Coffe

e (d

rip)

Level (mg)

4

7 Copyright 2005

What is Quality of Service (QoS)?

• Every application gets some QoS– You just may not like what it’s getting!

• A collection of technologies which allows applications/users to request and receive predictable service levels of bandwidth, delay and delay variations (jitter)

• Quality of Service is the acknowledgement that application performance depends on network performance

8 Copyright 2005

What is QoS? (con’t)

• Quality of service is “managed unfairness”

• Quality of service is the opposite of traffic engineering

• Quality of Service is the science (and art) of allocating limited network resources to various applications based on their needs and importance

5

9 Copyright 2005

Congestion The Root of the Problem

• Congestion is caused by lack of bandwidth

• It can happen even if your network is not overloaded

• Congestion occurs in many normal situations

10 Copyright 2005

Congestion

• Speed Mismatch

• Aggregation512K

512K

512K

T1

1000Mb 10Mb

6

11 Copyright 2005

Congestion Effects

• Congestion causes delay– Packets are buffered (queued) before being transmitted

• Congestion causes jitter– Buffered packets are transmitted with varying delays

• Congestion causes packet loss– Buffers fill up – additional packets are dropped

12 Copyright 2005

Congestion

• Packet Loss

Output Queue

When queue is full, additional packets are dropped

7

13 Copyright 2005

What Happens When Data Is Dropped?

• Tail Drop – queue fills up, all additional traffic is dropped

• UDP sources rely on application to detect drop and retransmit

• TCP sources slow down and retransmit– Tail Drop causes global synchronization of data flows– Greatly reduces efficiency of data links

14 Copyright 2005

Time

Bandwidth Utilization100%

Tail Drop

3 Traffic Flows Start at Different Times

Another Traffic FlowStarts at This Point

TCP Global Synchronization: The Need for Congestion Avoidance

All TCP Flows Synchronize inWaves Wasting Much of the Available Bandwidth

8

15 Copyright 2005

Topics




Catalyst 6500

16 Copyright 2005

Voice QoS RequirementsEnd-to-End Latency

Delay Target

Avoid the “Human Ethernet”

Time (msec)0 100 200 300 400

CB ZoneCB Zone

Satellite QualitySatellite Quality

Fax Relay, BroadcastFax Relay, BroadcastHigh QualityHigh Quality

500 600 700 800

ITUITU’’s G.114 Recommendation: s G.114 Recommendation: ≤≤ 150msec One150msec One--Way DelayWay Delay

Hello? Hello?

9

17 Copyright 2005

Voice QoS RequirementsElements That Affect Latency and Jitter

Campus Branch Office

IP WAN

PSTN

EndEnd--toto--End Delay (Must Be End Delay (Must Be ≤≤ 150 ms)150 ms)

20–50 ms

Jitter Buffer

FixedFixed(6.3 (6.3 µµs/Km) +s/Km) +

Network DelayNetwork Delay(Variable)(Variable)

PropagationPropagationand Networkand Network

Variable

Serialization

VariableVariable

QueuingQueuing

G.729A: 25 msG.729A: 25 ms

CODECCODEC

18 Copyright 2005

Voice QoS RequirementsPacket Loss Limitations

• Cisco DSP codecs can use predictor algorithms to compensate for a single lost packet in a row

• Two lost packets in a row will cause an audible clip in the conversation

VoiceVoice

11

VoiceVoice

22

Voice

3

VoiceVoice

44

VoiceVoice

11

VoiceVoice

22

Voice

3

Voice

3

VoiceVoice

44

Voice

3

Voice

3

Voice

3

Voice

3 Reconstructed Voice Sample

10

19 Copyright 2005

Jitter

56KbpsWAN1 2 3

4 5 67 8 9

* 8 #

1 2 34 5 67 8 9

* 8 #

10 Mbps Ethernet

10 Mbps Ethernet

Voice packet60 bytesEvery 20 mS

Voice packet60 bytesEvery >214 mS

Voice packet60 bytesEvery 214 mS

20 Copyright 2005

Voice QoS RequirementsProvisioning for Voice

• Latency ≤ 150 ms• Jitter ≤ 30 ms• Loss ≤ 1%• 17–106 kbps guaranteed

priority bandwidth per call• 150 bps (+ Layer 2 overhead)

guaranteed bandwidth for Voice-Control traffic per call

• CAC must be enabled• Smooth• Benign• Drop sensitive• Delay sensitive• UDP priority

VoiceOne-WayRequirements

11

21 Copyright 2005

“P” and “B” Frames128–256 Bytes

“I” Frame1024–1518

Bytes

“I” Frame1024–1518

Bytes

15pps

30pps

450Kbps

32Kbps

Video QoS RequirementsVideo Conferencing Traffic Example (384 kbps)

• “I” frame is a full sample of the video• “P” and “B” frames use quantization via motion vectors

and prediction algorithms

22 Copyright 2005

Video QoS RequirementsVideo Conferencing Traffic Packet Size Breakdown

65–128 Bytes 1%

129–256 Bytes 34%513–1024 Bytes

20%

1025–1500 Bytes 37%

257–512 Bytes 8%

12

23 Copyright 2005

Video QoS RequirementsProvisioning for Interactive Video

• Latency ≤ 150 ms• Jitter ≤ 30 ms• Loss ≤ 1%• Minimum priority bandwidth

guarantee required is:– Video-stream + 10-20% – e.g. a 384 kbps stream could

require up to 460 kbps of priority bandwidth

• CAC must be enabled

• Bursty• Drop sensitive• Delay sensitive• UDP priority

VideoOne-WayRequirements

24 Copyright 2005

Data QoS RequirementsApplication Differences

Oracle SAP R/3

0–64Bytes

1024–1518Bytes

512–1023Bytes

253–511Bytes

128–252Bytes

65–127Bytes

1024–1518Bytes

512–1023Bytes

253–511Bytes

128–252 Bytes65–127 Bytes

0–64 Bytes

13

25 Copyright 2005

Data QoS Requirements Version Differences

Client VersionVA01 # of

Bytes

SAP GUI Release 3.0 F 14,000SAP GUI Release 4.6C, No Cache 57,000

SAP GUI Release 4.6C, with Cache 33,000

SAP GUI for HTML, Release 4.6C 490,000

SAP Sales OrderEntry Transaction

• Same transaction takes over 35 times more traffic from one version of an application to another

0

100,000

200,000

300,000

400,000

500,000

SAP GUI,Release

3.0F

SAP GUI,Release

4.6C, withCache

SAP GUI,Release4.6C, noCache

SAP GUI(HTML),Release

4.6C

26 Copyright 2005

Data QoS Requirements Provisioning for Data

• Use four/five main traffic classes:– Mission-critical apps—business-critical client-server

applications– Transactional/interactive apps—foreground apps: client-server

apps or interactive applications– Bulk data apps—background apps: FTP, e-mail, backups,

content distribution– Best effort apps—(default class)– Optional: Scavenger apps—peer-to-peer apps, gaming traffic

• Additional optional data classes include internetwork-control (routing) and network-management

• Most apps fall under best-effort, make sure that adequate bandwidth is provisioned for this default class

14

27 Copyright 2005

Data QoS Requirements Provisioning for Data

• Different applications have different traffic characteristics

• Different versions of the same application can have different traffic characteristics

• Classify data into four/five data classes model:– Mission-critical apps– Transactional/interactive apps– Bulk data apps– Best effort apps– Optional: Scavenger apps

Data

• Smooth/bursty• Benign/greedy• Drop insensitive• Delay insensitive• TCP retransmits

28 Copyright 2005

Topics




Catalyst 6500

15

29 Copyright 2005

Business Security Threat EvolutionExpanding Scope of Theft and Disruption

Scop

e of

Dam

age

1980’s 1990’s Today Future

IndividualComputer

1st GenBoot Viruses

Sophistication of Threats

Next GenInfrastructure

Hacking, Flash Threats,

Massive Worm Driven DDoS,

Negative Payload Viruses,

Worms and Trojans

GlobalImpact

RegionalNetworks

3rd GenMulti-Server DoS, DDoS,

Blended Threat (Worm+ Virus+ Trojan), Turbo

Worms, Widespread

System Hacking

MultipleNetworks

2nd GenMacro Viruses, Trojans, Email, Single Server DoS, Limited

Targeted Hacking

IndividualNetworks

30 Copyright 2005

Emerging Speed of Network AttacksDo You Have Time To React?

1980s-1990sUsually had Weeks

or Months to Put Defense in Place

2000-2002Attacks ProgressedOver Hours, Time

to Assess Danger and Impact;Time to Implement Defense

2003-FutureAttacks Progress on the

Timeline of Seconds

SQL Slammer Worm:Doubled Every 8.5 SecondsAfter 3 Min: 55M Scans/Sec1Gb Link Is Saturated After

One MinuteIn Half the Time It Took to Read

This Slide, Your Networkand All of Your Applications Would

Have Become UnreachableSQL Slammer Was A Warning,

Newer “Flash” Worms AreExponentially Faster

16

31 Copyright 2005

1—The Enabling Vulnerability

Impact of an Internet WormAnatomy of a Worm: Why It Hurts

2—Propagation Mechanism

3—Payload

2—Propagation Mechanism

32 Copyright 2005

Impact of an Internet Worm – Part 1 Direct and Collateral Damage

Inte

rnet

Inte

rnet

Inte

rnet

SiSi

SiSi

Primary Data Center

L2VPNBBDSL

L3VPN

SiSi

SiSi

SiSi SiSi SiSi SiSi SiSi SiSi

SiSi SiSi

Campus Branch

Teleworker

Secondary Data Center

MetroE

End SystemsOverloaded

Control PlaneOverloaded

Data PlaneOverloaded

17

33 Copyright 2005

QoS Tools and Tactics for SecurityQoS for Self-Defending Networks

• Control Plane Policing• Data Plane Policing (Scavenger-Class QoS)• NBAR for Known-worm Policing

34 Copyright 2005

• All end systems generate traffic spikes, but worms create sustained spikes

• Normal/Abnormal threshold set at approx 95% confidence• No dropping at campus access-edge! Only remarking

Policing and Remarking (if necessary)

Data Plane Policing Part 1 - First Order Anomaly Detection

Normal/Abnormal Threshold

18

35 Copyright 2005

Data Plane Policing

• Queuing only engages if links become congestedWhen congestion occurs, drops will also occur

• Scavenger-class QoS allows for increased intelligence in the dropping decision

‘abnormal’ traffic flows will be dropped aggressively‘normal’ traffic flows will continue to receive network service

Police

Queuing will engage when links become congestedand traffic previously marked as Scavenger is dropped aggressively

WAN/VPN links will likely congest firstCampus uplinks may also congest

36 Copyright 2005

Impact of an Internet Worm – Part 2 Integrating Security and QoS

Inte

rnet

Inte

rnet

Inte

rnet

SiSi

SiSi

Primary Data Center

L2VPNBBDSL

L3VPN

SiSi

SiSi

SiSi SiSi SiSi SiSi SiSi SiSi

SiSi SiSi

Campus Branch

Teleworker

Secondary Data Center

MetroE

End SystemsOverloaded

Control PlaneOverloaded

Data PlaneOverloaded

Prevent the Attack• Intrusion Detection • Cisco Guard• Firewall• ACLs & NBAR

Protect the End Systems• Cisco Security Agent

Protect the Control Plane• Control Plane Policing

Protect the Data Plane• Data Plane Policing(Scavenger-Class QoS)

19

37 Copyright 2005

Topics




Catalyst 6500

38 Copyright 2005

QoS Technologies

• Best Effort• Integrated Services (IntServ)• Differentiated Services (DiffServ)

20

39 Copyright 2005

Best Effort

• Best Effort is really no QoS.• It’s what you are probably using now.• Everything gets treated the same.

40 Copyright 2005

Best Effort

• With no QoS, variations in traffic rates will cause unpredictable delay and jitter

• Traffic peaks can bring down entire network– Flash crowds– Slammer– Code Red– The “social user”– Etc.

To: All Users in Company

From: The Social User

Subject: Really funny video

Hey! You gotta check out this video clip of (pick one)

Dancing baby

Politician/Celebrity doing something undignified

Cute animal in human-like pose

You can get it at www.use-all-my-bandwidth.com

21

41 Copyright 2005

Integrated Services (IntServ)

• Allows end device to request network services• End device requests bandwidth for application

• Resource reSerVation Protocol (RSVP) used to signal

42 Copyright 2005

Integrated Services

• Uses RSVP Resource Reservation Protocol• Receiver requests resources from the network• Each device along the path reserves resources• When flow is done, devices release resources

22

43 Copyright 2005

RSVP At A Glance

1 2 3

4 5 67 8 9

* 8 #

1 2 34 5 67 8 9

* 8 #

1 2 34 5 67 8 9

* 8 #

Sender

Receiver

Data flow

Reserve 15KBandwidth

RSVP msg

RSVP msg



Note: Two separate reservations are required for 2-way voice!

RSVP msg

44 Copyright 2005

RSVP Pros and Cons

• Pros– Automatic QoS– Granular

• Cons– Doesn’t scale well– Network overhead for signaling messages– Requires recent software– Not yet integrated with gateways

• RSVP goes in and out of favor.

23

45 Copyright 2005

Differentiated Services (DiffServ)

• Acknowledges that different kinds of traffic need to be treated differently.

• Separates data flows into classes– Uses layer 2,3 and 4 info

• Classes of data are treated according to predefined rules– Maximum, minimum bandwidth, delay, etc

46 Copyright 2005

General DiffServ Strategy

• Classify traffic– Use predefined classes according to layer 2,3 or 4

information• Mark Traffic

– Tag traffic so that its class can easily be determined by downstream devices

• Police and/or shape traffic– Limit data flows to maximum rates

• Schedule flows on downstream devices to allocate resources– Use congestion management and avoidance techniques

24

47 Copyright 2005

Classification ToolsEthernet 802.1Q/p Class of Service

• 802.1p user priority field also called Class of Service (CoS)

• Different types of traffic are assigned different CoS values

• CoS 6 and 7 are reserved for network use

TAGTAG4 Bytes4 Bytes

Three Bits Used for CoS(802.1p User Priority)

Data FCSPTSADASFDPream. Type

802.1Q/pHeader

PRIPRI VLAN IDVLAN IDCFICFI

Ethernet Frame

1

2

3

4

5

66

7

00 Best Effort DataBest Effort Data

Bulk Data

Critical Data

Call Signaling

Video

Voice

RoutingRouting

ReservedCoS Application

48 Copyright 2005

Classification ToolsIP Precedence and DiffServ Code Points

• IPv4: Three most significant bits of ToS byte are called IP Precedence (IPP)—other bits unused

• DiffServ: Six most significant bits of ToS byte are called DiffServ Code Point (DSCP)—remaining two bits used forflow control

• DSCP is backward-compatible with IP precedence

77 66 55 44 33 22 11 00

ID Offset TTL Proto FCS IP SA IP DA DataLenVersionLength

ToSToSByteByte

DiffServ Code Point (DSCP)DiffServ Code Point (DSCP) IP ECN

IPv4 Packet

IP PrecedenceIP Precedence UnusedUnusedStandard IPv4

DiffServ Extensions

25

49 Copyright 2005

Classification ToolsDSCP Per-Hop Behaviors

• IETF RFCs have defined special keywords, called Per-Hop Behaviors, for specific DSCP markings

• EF: Expedited Forwarding (RFC3246, formerly RFC2598)– (DSCP 46)

• CSx: Class Selector (RFC2474)– Where x corresponds to the IP Precedence value (1-7)– (DSCP 8, 16, 24, 32, 40, 48, 56)

• AFxy: Assured Forwarding (RFC2597)– Where x corresponds to the IP Precedence value

(only 1-4 are used for AF Classes)• And y corresponds to the Drop Preference value (either 1 or 2 or 3)

– With the higher values denoting higher likelihood of dropping– (DSCP 10/12/14, 18/20/22, 26/28/30, 34/36/38)

• BE: Best Effort or Default Marking Value (RFC2474)– (DSCP 0)

50 Copyright 2005

Scavenger ClassLess than Best Effort

• The Scavenger class is an Internet 2 Draft Specification for a “less-than best effort” service

• There is an implied “good faith” commitment for the “best effort” traffic class– It is generally assumed that at least some network resources

will be available for the default class– That assumption is not true for scavenger

• Scavenger class markings can be used to distinguish out-of-profile/abnormal traffic flows from in-profile/normal flows– The Scavenger class marking is DSCP CS1 (8)

• Scavenger traffic is assigned a “less-than best effort”queuing treatment whenever congestion occurs

26

51 Copyright 2005

Policing

• Policers can take different actions when traffic exceeds level– Drop Traffic– Change classification i.e. Markdown

52 Copyright 2005

Policing ToolsRFC 2697 Single Rate Three Color Policer

Action ActionAction

Overflow

B<Tc B<Te

ConformConform Exceed ViolateViolate

CBS EBS

CIR

Yes Yes

No No

ActionAction

Packet ofSize B

27

53 Copyright 2005

Shaping ToolsTraffic Shaping

• Policers typically drop traffic• Shapers typically delay excess traffic, smoothing bursts

and preventing unnecessary drops• Very common on Non-Broadcast Multiple-Access (NBMA)

network topologies such as Frame-Relay and ATM

With Traffic Shaping

Without Traffic ShapingLineRate

ShapedRate

Traffic Shaping Limits the Transmit Rate to a Value Lower than Line Rate

54 Copyright 2005

Scheduling ToolsQueuing Algorithms

• Congestion can occur at any point in the network where there are speed mismatches

• Routers use Cisco IOS-based software queuing– Low-Latency Queuing (LLQ) used for highest-priority traffic

(voice/video)– Class-Based Weighted-Fair Queuing (CBWFQ) used for guaranteeing

bandwidth to data applications

• Cisco Catalyst® switches use hardware queuing

Voice

Video

Data33

2 2

1 1

28

55 Copyright 2005

312302021201

TAIL DROP

3

3

3

WRED

01

0

1

0

3

Queue

Scheduling ToolsCongestion Avoidance Algorithms

• Queueing algorithms manage the front of the queue– i.e. which packets get transmitted first

• Congestion avoidance algorithms, like Weighted-Random Early-Detect (WRED), manage the tail of the queue

– i.e. which packets get dropped first when queuing buffers fill• WRED can operate in a DiffServ compliant mode which will drop

packets according to their DSCP markings• WRED works best with TCP-based applications, like data

56 Copyright 2005

WRED Operation (1)

• Two classes, two thresholds each:

– Gold• 100% high• 60% low

– Blue• 80% high• 30% low

• When queue depth exceeds 30%, some random blue packets are dropped

0%

100%

Bit Bucket

Gold High 100%

Blue High 80%

Gold Low 60%

Blue Low 30%

29

57 Copyright 2005

WRED Operation (2)




• As queue depth increases, drop rate for blue packets increases

0%

100% Gold High 100%

Blue High 80%

Gold Low 60%

Blue Low 30%

Bit Bucket

58 Copyright 2005

WRED Operation (3)




• When queue depth exceeds 60%, drop rate for blue packets increases and gold packets become subject to random drops

0%

100% Gold High 100%

Blue High 80%

Gold Low 60%

Blue Low 30%

Bit Bucket

30

59 Copyright 2005

Bit Bucket

WRED Operation (4)

• Two classes, two thresholds each:– Gold

• 100% high• 60% low


• When queue depth exceeds 80%, tail-drop occurs for blue packets (all exceed packets dropped), and drop rate for gold packets increases

0%

100% Gold High 100%

Blue High 80%

Gold Low 60%

Blue Low 30%

60 Copyright 2005

Scheduling ToolsDSCP-Based WRED Operation

AverageQueueSize

100%

0

DropProbability

BeginDropping

AF13

Drop AllAF11

AF = (RFC 2597) Assured Forwarding

Max QueueLength

(Tail Drop)

Drop AllAF12

Drop AllAF13

BeginDropping

AF12

BeginDropping

AF11

50%

31

61 Copyright 2005

Topics




Catalyst 6500

“I haven’t the slightest idea who he is. He came bundled with the software.”

62 Copyright 2005

1) Strategically define the business objectives to be achieved via QoS.

2) Analyze the service-level requirements of the various traffic classes to be provisioned for.

3) Design and test the QoS policies prior to production-network rollout.

4) Roll-out the tested QoS designs to the production-network in phases, during scheduled downtime.

5) Monitor service levels to ensure that the QoS objectives are being met.

How is QoS Optimally Deployed?

32

63 Copyright 2005

How is QoS Usually Deployed?

“The CEO says our new expensive IP Phone system

sounds like இ¥‽✺!♐.

Fix it!! Now!!!”

64 Copyright 2005

Classification and Marking DesignQoS Baseline Marking Recommendations

ApplicationL3 Classification

DSCPPHBIPP CoS

Transactional Data 18AF212 2

Call Signaling 24CS3*3 3

Streaming Video 32CS44 4

Video Conferencing 34AF414 4

Voice 46EF5 5

Network Management 16CS22 2

L2

Bulk Data 10AF111 1

Scavenger 8CS11 1

Best EffortBest Effort 000000 00

RoutingRouting 4848CS6CS666 66

Mission-Critical Data 26AF31*3 3

33

65 Copyright 2005

How Many Classes of Service Do I Need?Example Strategy for Expanding the Number of Classes over Time

4/5 Class Model

Scavenger

Critical Data

Call Signaling

Best EffortBest Effort

Realtime

8 Class Model

Critical Data

Video

Call Signaling


Voice

Bulk Data

Network ControlNetwork Control

Scavenger

QoS Baseline Model

Network Management

Call SignalingStreaming Video

Transactional Data

Interactive-VideoVoice


IP RoutingIP Routing

Mission-Critical Data

Scavenger

Bulk Data

Time

66 Copyright 2005

Mission Critical Applications

• Classify mission critical applications for preferred handling

• Think long and hard before you do this• If you still want to do it, take some aspirin and lie

down for a while• Assumes you know

– Traffic characteristics of application– Understand how network performance affects application

• Hint: probably less than you think

• Assumes you can (and want to) navigate through the managerial and political implications.

34

67 Copyright 2005

A Better Idea

• Classify time insensitive traffic “Bulk Traffic”– Bulk traffic– FTP– File Backup– Database Synchronization– Email transfer

• Bulk gets limited best effort and scavenger treatment

68 Copyright 2005

Classification and Marking DesignWhere and How Should Marking Be Done?

• QoS policies (in general) should always be performed in hardware, rather than software, whenever a choice exists

• Classify and mark applications as close to their sources as technically and administratively feasible

• Use DSCP markings whenever possible • Follow standards-based DSCP PHBs to ensure

interoperation and future expansion – RFC 2474 Class Selector code points– RFC 2597 Assured Forwarding classes– RFC 3246 Expedited Forwarding

35

69 Copyright 2005

Campus Queuing DesignRealtime, Best Effort and Scavenger Queuing Rules

Real-Time ≤ 33%

Critical Data

Best Effort≥ 25%

Scavenger/Bulk ≤ 5%

70 Copyright 2005

Best Practices Summary

• Allocate 33% bandwidth for realtime (voice) traffic• Allocate no less than 25% for best effort• Don’t drive yourself nuts with classifications. Keep

it simple.– There are plenty of other things that will drive you nuts

• Resist classifying Mission-critical traffic• Consider a Bulk class• Allocate 5% or less to Scavenger• Keep your queuing policies consistent throughout

your campus as hardware allows

• These are “rules of thumb.” Your thumbs may be different

36

71 Copyright 2005

Topics




Catalyst 6500

72 Copyright 2005

Configuring QoS on CAT 6500

• QoS features are rapidly emerging• Hardware and software have not caught up to

theoretical design• The availability of QoS features is highly

dependent on:– Hybrid (CatOS) vs. Native (IOS)– Supervisor and daughter cards (PFC1, PFC2 PFC3)– Line Cards (Queue configuration and ASIC type)– FlexWAN or OSM cards– Software Version

• Read release notes on hardware and software carefully!!! Otherwise you may be in for a nasty surprise.

37

73 Copyright 2005

ClassifyClassify

Catalyst 6500 QoS Model

IngressIngressPolicePolice

ReceiveInterface

EgressEgressPolicePolice

InputInputQueueQueue

ScheduleSchedule

CongestionAvoidance

TransmitInterface

OutputQueue

Schedule

QoS Actions at Ingress Port ASIC

QoS Actions at PFC/DFC

QoS Actions at Egress Port ASIC

MarkMark

74 Copyright 2005

Input Queues vs. Output Queues

• Typical example:– Traffic from core over Gigabit uplink– Destination is user port (10Mb)

• Q: Which queue buffers packets? • A: Output Queue

• So why have input queues?

1000Mb 10Mb

38

75 Copyright 2005

Why Input Queues

• Switching fabric is 256Gbps• But older linecards have 8 Gbps (full duplex)

connection to fabric• So a WS-X6516 (16 port GBIC linecard) can, in

theory, drop packets if all ports are running at line rate.

• Input queuing and scheduling controls flow from input queue to switching fabric/bus

• So we have to guarantee that we drop low priority traffic first

• In practice, it is very hard to fill input queues

76 Copyright 2005

Input Queue Scheduling

• Input scheduling only performed if port configured to trust COS

• Scheduling based on input COS• Input must be a VLAN trunk (or Aux VLAN)• Implements tail-drop thresholds

– Thresholds at which packets with different COS values are dropped

• Queue structure example: 1p1q4t– One strict-priority queue, one standard queue

with four tail-drop thresholds

FAQ: What Are The Buffer Sizes and Queue Structures for the Different Modules?http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/buffe_wp.pdf

39

77 Copyright 2005

Why Not Input Scheduling?

• Input scheduling only performed if port configured to trust COS

• If port trusts COS, then it ignores DSCP value– New DSCP value is set according to COS-DSCP map table

• Since CoS has only 8 values, your DSCP values may change– AF41, AF42, AF43 all re-written to AF41, assuming you

have consistent mapping tables

• Requires that input is a VLAN trunk (or use Aux VLAN) in order to carry 802.1p info

78 Copyright 2005

Classification

• Selects traffic for further QoS processing– Marking– Policing

• Based on—– Port trust– QoS ACLs

40

79 Copyright 2005

QoS ACLs

• Used to classify traffic based on Layer 3 and Layer 4 information

• Hardware support for standard and extended IPv4 and MAC QoS ACLs

• Use QoS TCAM and other ACL resources to classify traffic for marking and policing

• Dedicated QoS TCAM– 32K entries/4K masks

• Share other resources (LOUs and labels) with security ACLs

80 Copyright 2005

Marking

• Untrusted port—Set a default QoS value

• Trusted port—Use the marking (COS, precedence, DSCP) provided by upstream device

• QoS ACLs—Set QoS values based on standard or extended ACL match

41

81 Copyright 2005

Campus QoS ConsiderationsEstablishing Trust-Boundaries

SiSi

SiSi

SiSi

SiSi

Endpoints Access Distribution Core WAN Aggregators

TRUST BOUNDARY

11

22

33

112233

Optimal Trust Boundary: Trusted Endpoint

Sub-Optimal Trust Boundary

Optimal Trust Boundary: Untrusted Endpoint

82 Copyright 2005

Catalyst 6500 Trust Modes

• Port can be set to trust– CoS value of incoming frame– DSCP value of incoming packet– IP Precedence of incoming packet

• If port is trusted, value is preserved – (sort of)

• Port can be set to untrusted– CoS value is re-written to default value (0)

• Port can be set to conditional trust– Trust only if endpoint is Cisco phone

• Uses CDP to determine

42

83 Copyright 2005

Should You Trust?

• Trust model was based on IP telephony application• Trusting CoS doesn’t fit QoS baseline• Goal was to prevent user from generating

unauthorized high priority traffic– But CDP can be spoofed

• With a Cisco Phone, data always re-written to CoS 0 by default– Can configure to trust data port

84 Copyright 2005

Practical Trust Model

• Access Layer– All ports UNTRUSTED– Use ACLs for classification and policing– Limit (police) high priority traffic to expected values

• e.g. 128K for voice• 460K for Video conferencing• Other as needed

– Drop or markdown violating traffic

• Distribution/Core– Trust DSCP as a general rule– Trust CoS if you need input scheduling

• Be careful with rewriting DSCP values

43

85 Copyright 2005

QoS Marking within the 6500

• When CoS is trusted, the Catalyst uses a table to map a CoS value into a DSCP value.

• When the packet leaves the switch, another table is used to map DSCP back to CoS.

• The DSCP value is retained in the sent packet• ONLY CoS is used in scheduling and WRED for

Ethernet linecards.

1 8Received CoS Value

CoS to DSCP Map

8 1

DSCP to CoS Map

Xmitted CoS ValueInternal DSCP Value

86 Copyright 2005

DSCP to CoS

• Switch uses DSCP-CoSmap table to derive CoSvalue from DSCP value

• CoS value is used in output queue scheduling

• Also written to packet if interface is a trunk

756 - 63648 – 55540 – 47432 – 39324 – 31216 – 2318 – 1500 – 7CoSDSCP

Default DSCP-CoS map

44

87 Copyright 2005

Policing

• Defines a policy for traffic on a port or VLAN, based on the rate at which traffic is received

• Based on a classic token bucket scheme– Tokens (1 byte each) added to bucket at fixed

rate (up to max)– Packets with adequate tokens are “in profile”:

packet transmitted, tokens removed from bucket

– Packets without adequate tokens are dropped or marked down

• Note! PFC2 uses Layer 3 packet size; PFC3 uses Layer 2 frame size

88 Copyright 2005

Policing Details

• Aggregate policers—Bandwidth limit applied cumulatively to all flows that match the ACL

– Example—All FTP flows limited in aggregate to configured rate

• Microflow policers—Bandwidth limit applied separately to each individual flow that matches the ACL

– Leverages NetFlow table

• Sup 2 supports “full flow” microflow policing only.– Full flow means source/destination address/port (layer 4)– Ex: multiple FTP sessions from one host are policed separately– Think “BitTorrent”

• Sup 720 and 32 allow “source only” or “destination only” mask– Source only means only source address defines flow– Multiple FTP flows from source are policed together

45

89 Copyright 2005

Reclassification/Remarking

• Policing action may reclassify and remark certain traffic– For example, transmit with

marked-down DSCP– Catalyst switches use a

“markdown” table to determine new DSCP value

CAT6500-PFC2-CATOS> (enable) set qos policed-dscp-map 0,24,46:8

CAT6500-IOS(config)# mls qos map policed-dscp 0 24 46 to 8

90 Copyright 2005

Policing Design PrinciplesWhere and How Should Policing Be Done?

• Police traffic flows as close to their sources as possible

• Perform markdown according to standards-based rules, whenever supported

RFC 2597 specifies how assured forwarding traffic classes should be marked down (AF11 AF12 AF13) which should be done whenever DSCP-based WRED is supported on egress queuesCisco Catalyst platforms currently do not support DSCP-based WRED, so Scavenger-class remarking is a viable alternativeAdditionally, non-AF classes do not have a standards-based markdown scheme, so Scavenger-class remarking is a viable option

46

91 Copyright 2005

Cisco Catalyst 6500 QoS Design Globally Enabling QoS in Cisco Catalyst OS and Cisco IOS

CAT6500-PFC2-CATOS> (enable) set qos enableQoS is enabled.CAT6500-PFC2-CATOS> (enable)CAT6500-PFC2-CATOS> (enable) show qos statusQoS is enabled on this switch.CAT6500-PFC2-CATOS> (enable)

CAT6500-PFC2-IOS(config)# mls qosCAT6500-PFC2-IOS(config)#endCAT6500-PFC2-IOS#CAT6500-PFC2-IOS# show mls qosQoS is enabled globallyMicroflow policing is enabled globallyVlan or Portchannel(Multi-Earl) policies supported: Yes----- Module [2] -----QoS global counters:Total packets: 65IP shortcut packets: 0Packets dropped by policing: 0IP packets with TOS changed by policing: 0IP packets with COS changed by policing: 0Non-IP packets with COS changed by policing: 0

CAT6500-PFC2-IOS#

92 Copyright 2005

Policing Example (Part 1)

CAT6500-IOS(config)# class-map match-all VOICE_TRAFFICCAT6500-IOS(config-cmap)# match access-group name VOICE_TRAFFICCAT6500-IOS(config-cmap)#

CAT6500-IOS(config-cmap)# class-map match-all CALL_SIGNALINGCAT6500-IOS(config-cmap)# match access-group name

CALL_SIGNALINGCAT6500-IOS(config-cmap)#CAT6500-IOS(config-cmap)# class-map match-all VIDEO_TRAFFICCAT6500-IOS(config-cmap)# match access-group name VIDEO_TRAFFICCAT6500-IOS(config-cmap)#CAT6500-IOS(config-cmap)# class-map match-all CRITICAL_DATACAT6500-IOS(config-cmap)# match access-group name CRITICAL_DATACAT6500-IOS(config-cmap)#

CAT6500-IOS(config-cmap)# class-map match-all BULK_DATACAT6500-IOS(config-cmap)# match access-group name BULK_DATACAT6500-IOS(config-cmap)# exitCAT6500-IOS(config)#

47

93 Copyright 2005

Policing Example (part 2)

CAT6500-IOS(config)# policy-map ACCESS_LAYERCAT6500-IOS(config-pmap-c)# class VOICE_TRAFFICCAT6500-IOS(config-pmap-c)# set ip dcsp 46CAT6500-IOS(config-pmap-c)# police 128000 8000 exceed-action dropCAT6500-IOS(config-pmap-c)# CAT6500-IOS(config-pmap-c)# class CALL_SIGNALINGCAT6500-IOS(config-pmap-c)# set ip dscp 24CAT6500-IOS(config-pmap-c)# police 32000 8000 exceed-action policed-dscp-transmitCAT6500-IOS(config-pmap-c)# CAT6500-IOS(config-pmap-c)# class VIDEO_TRAFFICCAT6500-IOS(config-pmap-c)# set ip dscp 34CAT6500-IOS(config-pmap-c)# police 496000 8000 exceed-action policed-dscp-transmitCAT6500-IOS(config-pmap-c)# CAT6500-IOS(config-pmap-c)# class CRITICAL_DATACAT6500-IOS(config-pmap-c)# set ip dscp 25CAT6500-IOS(config-pmap-c)# police 5000000 8000 exceed-action policed-dscp-transmitCAT6500-IOS(config-pmap-c)# CAT6500-IOS(config-pmap-c)# class BULK_DATACAT6500-IOS(config-pmap-c)# set ip dscp 10CAT6500-IOS(config-pmap-c)# police 5000000 8000 exceed-action policed-dscp-transmitCAT6500-IOS(config-pmap-c)# CAT6500-IOS(config-pmap-c)# class class-defaultCAT6500-IOS(config-pmap-c)# police 5000000 8000 exceed-action policed-dscp-transmitCAT6500-IOS(config-pmap-c)# ExitCAT6500-IOS(config)#

94 Copyright 2005

Policing Example (part 3)

CAT6500-IOS(config)# mls qos map policed-dscp 0 10 18 24 25 34 to 8CAT6500-IOS(config)# interface gigabitEthernet 1/1CAT6500-IOS(config-if)# switchport access vlan 10CAT6500-IOS(config-if)# switchport voice vlan 110CAT6500-IOS(config-if)# service-policy input ACCESS_LAYERCAT6500-IOS(config-if)#exitCAT6500-IOS(config)# access-list extended VOICE_TRAFFICCAT6500-IOS(config-ext-nacl)# permit udp 172.25.0.0 0.0.255.255 any range

16384 32767CAT6500-IOS(config-ext-nacl)# access-list extended CALL_SIGNALNGCAT6500-IOS(config-ext-nacl)# permit tcp 172.25.0.0 0.0.255.255 eq h323-

rasCAT6500-IOS(config-ext-nacl)# access-list extended VIDEO_TRAFFICCAT6500-IOS(config-ext-nacl)# permit udp any any range 16384 32767CAT6500-IOS(config-ext-nacl)# access-list extended CRITICAL_DATACAT6500-IOS(config-ext-nacl)# permit tcp any any eq sqlnetCAT6500-IOS(config-ext-nacl)# access-list extended BULK_DATACAT6500-IOS(config-ext-nacl)# permit any any eq ftp-dataCAT6500-IOS(config-ext-nacl)# end

48

95 Copyright 2005

Monitoring Service Policies (Marking and Policing)

6506#show policy-map interface vlan 100

Service-policy input: VLAN-100

class-map: NET-44-TCP (match-all)

Match: access-group name POL-44-TCP

police :

100000000 bps 100000 limit 100000 extended limit

Earl in slot 6 :

2940073472 bytes

5 minute offered rate 358172704 bps

aggregate-forwarded 608631808 bytes action: transmit

exceeded 2331441664 bytes action: drop

aggregate-forward 100352000 bps exceed 384495616 bps

class-map: NET-55 (match-all)

Match: access-group name MARK-55

set precedence 5:

Earl in slot 6 :

2940069888 bytes

5 minute offered rate 358172616 bps

aggregate-forwarded 2940069888 bytes

6506#

• Cisco IOS: show policy-map interface*

• Catalyst OS: show qos statistics {aggregate-policer | l3stats}

PolicedClass

MarkedClass

* Shows aggregate policer stats only; use NetFlow table to monitor UBRL

96 Copyright 2005

Queuing Design PrinciplesWhere and How Should Queuing Be Done?

• The only way to provide service GUARANTEES is to enable queuing at any node that has the potential for congestion– Regardless of how rarely—in fact—this may occur

• At least 25 percent of a link’s bandwidth should be reserved for the default Best Effort class

• Limit the amount of strict-priority queuing to 33 percent of a link’s capacity

• Whenever a Scavenger queuing class is enabled, it should be assigned a minimal amount of bandwidth

• To ensure consistent PHBs, configure consistent queuing policies in the Campus + WAN + VPN, according to platform capabilities

• Enable WRED on all TCP flows, whenever supported– Preferably DSCP-based WRED

49

97 Copyright 2005

Congestion Avoidance

• Congestion AVOIDANCEmechanism

• Weighted because some classes of traffic are more important or sensitive than others

• Random in that the packets to discard are randomly chosen within a class– Which classes are more subject to discards is

configurable• Prevents global TCP window synchronization and

other disruptions

Weighted Random Early Detection (WRED):

98 Copyright 2005

WRED Thresholds

• Each queue has multiple WRED thresholds• Low threshold is the point at which random

discards will begin for a particular class• High threshold is the point at which tail-drop for

the particular class begins• As buffers fill…

– Rate of discards increases for traffic associated with lower thresholds

– Higher thresholds are reached, and new traffic classes are subject to random discards

50

99 Copyright 2005

Output Queue Scheduling

• Scheduling based on COS– Even if you’re trusting DSCP– CoS derived from DSCP value

• Implements tail-drop or WREDthresholds

• PFC3 supports per-user microflow policing and control plane policing (Sup720 & Sup32)

• Linecards determine queuing structure– 2Q2T– 1P2Q1T 1P2Q2T– 1P3Q1T 1P3Q8T– 1P1Q8T

100 Copyright 2005

Understanding Queuing Nomenclature

2Q2T

Two standard priority queues

Each standard queue has two configurable TAIL-DROP thresholds

51

101 Copyright 2005

Understanding Queuing Nomenclature

1P2Q2T

One strict priority queue

Two standard priority queues

Each standard queue has two configurable WRED thresholds

(and one non-configurable at 100%)

Priority

102 Copyright 2005

Cisco Catalyst 6500 QoS DesignQueuing Structures by Linecard

128KB per Port2Q2T1Q4TCatalyst 6500 48-Port 10/100 Inline Power RJ-45 ModuleWS-X6348-RJ45V

128KB per Port2Q2T1Q4TCatalyst 6500 48-Port 10/100 RJ-45 Module (Upgradable to Voice)WS-X6348-RJ-45


128KB per Port2Q2T1Q4TCatalyst 6000 48-Port 10/100 RJ-21 ModuleWS-X6348-RJ-21

128KB per Port2Q2T1Q4TCatalyst 6000 24-Port 100FX MT-RJ SMF Module (with Enhanced QoS)WS-X6324-100FX-SM

128KB per Port2Q2T1Q4TCatalyst 6000 24-Port 100FX MT-RJ MMF Module (with Enhanced QoS)WS-X6324-100FX-MM

512KB per Port1P2Q2T1P1Q4TCatalyst 6000 16-Port 1000TX GigabitEthernet RJ-45 ModuleWS-X6316-GE-TX

1MB per 8 Ports1P2Q2T1Q2TCatalyst 6500 48-Port 10/100/1000 Inline Power RJ-45 Module WS-X6148V-GE-TX

1MB per 8 Ports1P2Q2T1Q2TCatalyst 6500 48-Port 10/100/1000 RJ-45 ModuleWS-X6148-GE-TX


128KB per Port2Q2T1Q4TCatalyst 6500 48-Port 10/100; RJ-45 Module (Upgradable to Voice)WS-X6148-RJ45


128KB per Port2Q2T1Q4TCatalyst 6500 48-Port 10/100 RJ-21 Module (Upgradable to Voice)WS-X6148-RJ21

64KB per Port2Q2T1Q4TCatalyst 6000 24-Port 10BaseFL MT-RJ ModuleWS-X6024-10FL-MT

Buffer SizeTx QueuingRx QueuingDescriptionClassic/CEF256 Ethernet Modules

52

103 Copyright 2005


512KB per Port1P2Q2T1P1Q4TCatalyst 6500 16-Port GigabitEthernet Module (Fabric-Enabled; Requires GBICs)WS-X6816-GBIC

1MB per 8 Ports1P2Q2T1Q2TCatalyst 6500 48-Port 10/100/1000 RJ-45 Module (Fabric-Enabled)WS-X6548-GE-TX

1MB per 8 Ports1P2Q2T1Q2TCatalyst 6500 48-Port 10/100/1000 Inline Power RJ-45 Module (Fabric-Enabled)WS-X6548V-GE-TX

1MB per Port1P3Q1T1P1Q0TCatalyst 6500 48-Port 10/100 RJ-45 Module (Crossbar-Enabled)WS-X6548-RJ-45

1MB per Port1P3Q1T1P1Q0TCatalyst 6500 48-Port 10/100 RJ-21 Module (Fabric-Enabled)WS-X6548-RJ-21

1MB per Port1P3Q1T1P1Q0TCatalyst 6500 24-Port 100FX MT-RJ Module (Fabric-Enabled)WS-X6524-100FX-MM

512KB per Port1P2Q2T1P1Q4TCatalyst 6500 16-Port GigabitEthernet Copper Module; (Crossbar-Enabled)WS-X6516-GE-TX

512KB per Port1P2Q2T1P1Q4TCatalyst 6500 16-Port GigabitEthernet Module (Fabric-Enabled; Requires GBICs)WS-X6516-GBIC

1MB per Port1P2Q2T1P1Q4TCatalyst 6500 16-Port GigabitEthernet Module (Fabric-Enabled; Requires GBICs)WS-X6516A-GBIC

64MB per Port1P2Q1T1P1Q8TCatalyst 6500 10 GigabitEthernet Base Module (Requires OIM)WS-X6502-10GE

64MB per Port1P2Q1T1P1Q8TPort 10 GigabitEthernet Module WS-X6501-10GEX4

512KB per Port1P2Q2T1P1Q4TCatalyst 6000 16-Port GigabitEthernet MT-RJ Module WS-X6416-GE-MT

512KB per Port1P2Q2T1P1Q4TCatalyst 6000 16-Port GigabitEthernet Module (Requires GBICs)WS-X6416-GBIC

512KB per Port1P2Q2T1P1Q4TCatalyst 6000 8 Port GigabitEthernet Module (with Enhanced QoS; Requires GBICs)WS-X6408A-GBIC

Buffer SizeTx QueuingRx QueuingDescriptionClassic/CEF256 Ethernet Modules

104 Copyright 2005


1MB per Port1P3Q8T1Q8T;

(2Q8T with DFC3a)

Catalyst 6500 48-Port GigabitEthernet SFP ModuleWS-X6748-SFP


(2Q8T with DFC3a)

Catalyst 6500 48-Port 10/100/1000 RJ-45 ModuleWS-X6748-GE-TX


(2Q8T with DFC3a)

Catalyst 6500 24-Port GigabitEthernet SFP ModuleWS-X6724-SFP

16MB per Port1P7Q8T

1Q8T (8Q8T with

DFC3a)

Catalyst 6500 4-Port 10 GigabitEthernet ModuleWS-X6704-10GE

Buffer SizeTx-QueuingRx-QueuingDescriptionC2 (xCEF720)

Modules

53

105 Copyright 2005

Output Queue Scheduling Operation

Strict Priority Queue Serviced First if Traffic Present

(D)WRRUsed to

Schedule Between

NormalQueues

1p3q8t

Switch Fabric

Low Med High Strict

(D)WRREgress

Port

Weights (Expressed as Ratio) Determine How Much Traffic Is Transmitted from Each Queue

100100 150150 200200

106 Copyright 2005

WRR and DWRR Scheduling

• Weighted Round Robin (WRR)– Uses ratio to determine number of packets to transmit

from one queue before moving to the next queue– Higher weight = more packets transmitted from that queue– Unfair with variable-length packets in different queues

• Deficit WRR– Also uses ratio, but tracks bytes in each queue using

deficit counter– Packet(s) transmitted during queue servicing

only if size of next packet to transmit is <= deficit counter

– Deficit counter “refreshed” at beginning of each queue servicing period

– Results in fair scheduling over time

54

107 Copyright 2005

Monitoring Ingress and Egress Queuing

• Cisco IOS: show queuing interface• Catalyst OS: show qos statistics <mod/port>

– 6506#show queuing interface gig 1/2 | begin Packets dropped

– Packets dropped on Transmit:

– BPDU packets: 0

– queue thresh dropped [cos-map]

– ---------------------------------------------------

– 1 1 5994368 [0 1 ]

– 1 2 8 [2 3 ]

– 2 1 3444 [4 6 ]

– 2 2 0* [7 ]

– 3 1 0* [5 ]

– * - shared transmit counter

108 Copyright 2005

2Q2T

Queue 2(70%)

CoS 3

CoS 2

CoS 4CoS 6CoS 7

Queue 1Queue 1(30%)(30%)CoS 0

CoS 1

Q1T2

Q1T1

Q2T1

Q2T2

CoS 5

Cisco Catalyst 6500 QoS DesignQueuing Design (2Q2T)

Network Management

Call Signaling

Streaming Video

Transactional Data

Interactive Video

Voice

Application

Bulk Data

AF21

CS3

CS4

AF41

EF

CS2

AF11

Scavenger CS1

Best EffortBest Effort 00

Internetwork ControlInternetwork Control CS6CS6

Mission-Critical Data AF31

DSCP

Network ControlNetwork Control --

CoS 2

CoS 3

CoS 4

CoS 4

CoS 5

CoS 2

CoS 1

CoS 1

00

CoS 6CoS 6

CoS 3

CoS

CoS 7CoS 7

Critical Traffic AF31

Video Traffic AF41

Scavenger CS1

55

109 Copyright 2005

Cisco Catalyst 6500 QoS Design Queuing Design (2Q2T: Cisco IOS)

CAT6500-PFC3-IOS(config)# interface range FastEthernet6/1 - 48CAT6500-PFC3-IOS(config-if)# wrr-queue queue-limit 30 70

! Sets the buffer allocations to 30% for Q1 and 70% for Q2CAT6500-PFC3-IOS(config-if)# wrr-queue bandwidth 30 70

! Sets the WRR weights for 30:70 (Q1:Q2) bandwidth servicingCAT6500-PFC3-IOS(config-if)#

CAT6500-PFC3-IOS(config-if)# wrr-queue threshold 1 40 100! Sets Q1T1 to 40% to limit Scavenger/Bulk within Q1

CAT6500-PFC3-IOS(config-if)# wrr-queue threshold 2 80 100! Sets Q2T1 to 80% to always have room in Q2 for VoIP

CAT6500-PFC3-IOS(config-if)#

CAT6500-PFC3-IOS(config-if)# wrr-queue cos-map 1 1 1! Maps Scavenger/Bulk to Q1T1

CAT6500-PFC3-IOS(config-if)# wrr-queue cos-map 1 2 0! Maps Best Effort to Q1T2

CAT6500-PFC3-IOS(config-if)# wrr-queue cos-map 2 1 2 3 4 6 7! Maps CoS 2,3,4,6 and 7 to Q2T1

CAT6500-PFC3-IOS(config-if)# wrr-queue cos-map 2 2 5! Maps VoIP to Q2T2

CAT6500-PFC3-IOS(config-if)#endCAT6500-PFC3-IOS#

110 Copyright 2005

1P2Q2T

Queue 2(30%)

CoS 3

CoS 2

CoS 4

CoS 6

CoS 7

Q2T1

Q2T2

Q3 (30%)Priority Queue

CoS 5

Cisco Catalyst 6500 QoS DesignQueuing Design (1P2Q2T)

Queue 1Queue 1(40%)(40%)

CoS 0CoS 0

CoS 1CoS 1 Q1T1

Q1T2Network Management

Call Signaling

Streaming Video

Transactional Data

Interactive Video

Voice

Application

Bulk Data

AF21

CS3

CS4

AF41

EF

CS2

AF11

Scavenger CS1

Best EffortBest Effort 00

Internetwork ControlInternetwork Control CS6CS6

Mission-Critical Data AF31

DSCP

Network ControlNetwork Control --

CoS 2

CoS 3

CoS 4

CoS 4

CoS 5

CoS 2

CoS 1

CoS 1

00

CoS 6CoS 6

CoS 3

CoS

CoS 7CoS 7

Critical Traffic AF31

Video Traffic AF41

Scavenger CS1

56

111 Copyright 2005

Cisco Catalyst 6500 QoS Design Queuing Design (1P2Q2T: Cisco Catalyst OS)

CAT6500-PFC2-CATOS> (enable) set qos txq-ratio 1p2q2t 40 30 30! Allocates buffers: 40% for Q1, 30% for Q2, 30% for Q3 (PQ)

CAT6500-PFC2-CATOS> (enable) set qos wrr 1p2q2t 30 70! Sets the WRR weights for 30:70 (Q1:Q2) bandwidth servicing

CAT6500-PFC2-CATOS> (enable)

CAT6500-PFC2-CATOS> (enable) set qos wred 1p2q2t tx queue 1 40:80 80:100! Sets Q1 WRED T1 to 40:80 to limit Scavenger/Bulk within Q1! Sets Q1 WRED T2 to 80:100 for congestion-avoidance for Best Effort

CAT6500-PFC2-CATOS> (enable) set qos wred 1p2q2t tx queue 2 70:80 80:100! Sets Q2 WRED T1 to 70:80 to provide congestion-avoidance! Sets Q2 WRED T2 to 80:100 to force room for Network Control traffic


CAT6500-PFC2-CATOS> (enable) set qos map 1p2q2t tx 1 1 cos 1! Maps Scavenger/Bulk to Q1 WRED Threshold 1

CAT6500-PFC2-CATOS> (enable) set qos map 1p2q2t tx 1 2 cos 0! Maps Best Effort to Q1 WRED Threshold 2

CAT6500-PFC2-CATOS> (enable) set qos map 1p2q2t tx 2 1 cos 2,3,4! Maps CoS 2,3,4 to Q2 WRED Threshold 1

CAT6500-PFC2-CATOS> (enable) set qos map 1p2q2t tx 2 2 cos 6,7! Maps Network/Internetwork Control to Q2 WRED Threshold 2

CAT6500-PFC2-CATOS> (enable) set qos map 1p2q2t tx 3 1 cos 5! Maps VoIP to PQ


112 Copyright 2005

Cisco Catalyst 6500 QoS Design Queuing Design (1P2Q2T: Cisco IOS): Part 1

CAT6500-PFC3-IOS(config)#interface range GigabitEthernet4/1 - 8CAT6500-PFC3(config-if-range)# wrr-queue queue-limit 40 30

! Sets the buffer allocations to 40% for Q1 and 30% for Q2! Indirectly sets PQ (Q3) size to equal Q2 (which is set to 30%)

CAT6500-PFC3(config-if-range)# wrr-queue bandwidth 30 70 ! Sets the WRR weights for 30:70 (Q1:Q2) bandwidth servicing

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)# wrr-queue random-detect min-threshold 1 40 80! Sets Min WRED Thresholds for Q1T1 and Q1T2 to 40 and 80, respectively

CAT6500-PFC3(config-if-range)# wrr-queue random-detect max-threshold 1 80 100! Sets Max WRED Thresholds for Q1T1 and Q1T2 to 80 and 100, respectively

CAT6500-PFC3(config-if-range)# wrr-queue random-detect min-threshold 2 70 80! Sets Min WRED Thresholds for Q2T1 and Q2T2 to 70 and 80, respectively

CAT6500-PFC3(config-if-range)# wrr-queue random-detect max-threshold 2 80 100! Sets Max WRED Thresholds for Q2T1 and Q2T2 to 80 and 100, respectively

57

113 Copyright 2005

Cisco Catalyst 6500 QoS Design Queuing Design (1P2Q2T: Cisco IOS): Part 2

CAT6500-PFC3(config-if-range)# wrr-queue cos-map 1 1 1! Maps Scavenger/Bulk to Q1 WRED Threshold 1

CAT6500-PFC3(config-if-range)# wrr-queue cos-map 1 2 0! Maps Best Effort to Q1 WRED Threshold 2

CAT6500-PFC3(config-if-range)# wrr-queue cos-map 2 1 2 3 4! Maps CoS 2,3,4 to Q2 WRED Threshold 1

CAT6500-PFC3(config-if-range)# wrr-queue cos-map 2 2 6 7! Maps Network/Internetwork Control to Q2 WRED Threshold 2

CAT6500-PFC3(config-if-range)# priority-queue cos-map 1 5! Maps VoIP to PQ

CAT6500-PFC3(config-if-range)#endCAT6500-PFC3-IOS#

114 Copyright 2005

Cisco Catalyst 6500 QoS Design PC + SoftPhone + Scavenger Model – CatOS Example

CAT6500-PFC2-CATOS> (enable) set qos policed-dscp-map 0,24,46:8! Excess traffic marked DSCP 0 or CS3 or EF will be remarked to CS1

CAT6500-PFC2-CATOS> (enable) CAT6500-PFC2-CATOS> (enable) set qos policer aggregate SOFTPHONE-VOICE-3-1

rate 128 burst 8000 policed-dscp! Defines the policer for SoftPhone VoIP traffic

CAT6500-PFC2-CATOS> (enable) set qos policer aggregate SOFTPHONE-SIGNALING-3-1rate 32 burst 8000 policed-dscp! Defines the policer for SoftPhone Call-Signaling traffic

CAT6500-PFC2-CATOS> (enable) set qos policer aggregate PC-DATA-3-1rate 5000 burst 8000 policed-dscp! Defines the policer for PC Data traffic

CAT6500-PFC2-CATOS> (enable) CAT6500-PFC2-CATOS> (enable) set qos acl ip SOFTPHONE-PC-3-1 dscp 46

aggregate SOFTPHONE-VOICE-3-1 udp any any range 16384 32767! Binds ACL to policer and marks in-profile SoftPhone VoIP to DSCP EF

CAT6500-PFC2-CATOS> (enable) set qos acl ip SOFTPHONE-PC-3-1 dscp 24aggregate SOFTPHONE-SIGNALING-3-1 tcp any any range 2000 2002! Binds ACL to policer marks in-profile Call-Signaling to DSCP CS3

CAT6500-PFC2-CATOS> (enable) set qos acl ip SOFTPHONE-PC-3-1 dscp 0aggregate PC-DATA-3-1 any! Binds ACL to policer and marks in-profile PC Data traffic to DSCP 0

CAT6500-PFC2-CATOS> (enable) CAT6500-PFC2-CATOS> (enable) commit qos acl SOFTPHONE-PC-3-1

! Commits ACL to PFC memoryCAT6500-PFC2-CATOS> (enable) set port qos 3/1 trust untrusted

! Sets the port trust state to untrustedCAT6500-PFC2-CATOS> (enable) set port qos 3/1 cos 0

! Sets the CoS value for untrusted packets to 0CAT6500-PFC2-CATOS> (enable) set qos acl map SOFTPHONE-PC-3-1 3/1

! Attaches ACL to switch portCAT6500-PFC2-CATOS> (enable)

58

115 Copyright 2005

Cisco Catalyst 6500 AutoQoS VoIP (CatOS Only)

Options: autoqos voip cisco-phone autoqos voipciscosoftphoneauto qos voip trust

IOS does not (yet) support Conditional Trust or AutoQoS

set qos enableset qos map 2q2t tx 2 1 cos 1set qos map 2q2t tx 2 1 cos 2set qos map 2q2t tx 2 1 cos 3set qos map 2q2t tx 2 2 cos 5set qos drop-threshold 2q2t tx queue 1 100 100…set qos cos-dscp-map 0 10 18 26 34 46 48 56set qos ipprec-dscp-map 0 10 18 26 34 46 48 56set qos policed-dscp-map 0,26,46:0set qos policed-dscp-map 1:1…set qos policed-dscp-map 63:63clear qos acl all#ACL_IP-PHONESset qos acl ip ACL_IP-PHONES trust-cos ip any any#commit qos acl all!set vlan 100 3/1set port qos 3/1 trust-device ciscoipphoneset trunk 3/1 off negotiate 1-1005,1025-4094set spantree portfast 3/1 enableset port qos 3/1 trust trust-cosset qos acl map ACL_IP-PHONES 3/1set port qos 3/1-48 policy-source localset port channel 3/1 mode off

set qos autoqosset port qos 3/1 autoqos voip ciscoipphone

116 Copyright 2005

Topics




Catalyst 6500

59

117 Copyright 2005

Summing It Up

• Know what problem you are trying to solve– Protect Voice, Protect Network, etc

• Know your application requirements • Understand your hardware and software limitations

– Defines your set of QoS tools and strategies• For now, no more than 5 or 6 data classes• Think long and hard before defining a “mission

critical” application• Deploy QoS end to end

– Not just on a router or two

118 Copyright 2005

Summing It Up

• Classify and mark your traffic as close to the source as feasible

• Police as close to the source as feasible• Policing w/DSCP markdown/scavenger is an

important DoS mitigation strategy• No trust at user ports• Trust DSCP at distribution and core• Trust CoS only if you have to

60

119 Copyright 2005

Thank You

• Questions?• Coffee?

• Contact Info:– Ron Trunk– Chesapeake Netcraftsmen, LLC– (301) 943-0173– [email protected]

quality of service cat 6500

Documents