Professional Documents
Culture Documents
AutoQoS
AutoQoS VOIP
Creates a QoS policy to prioritize Voice Over IP traffic ONLY, cannot be used to discover and implement QoS for other traffic types.
AutoQoS Enterprise
Uses Network-Based Application Recognition (NBAR) to discover traffic types on the Network and create a QoS Policy based on bestpractices for each flow.
Voice: Highest Priority Mission-Critical: Transactional (Database) Best-Effort: Email, Web Browsing, FTP, etc Scavenger: P2P Apps, less than Best-Effort
How much bandwidth to reserve for a particular class Which traffic to prioritize and give preferential treatment to Define a policy for how to manage congestion
IP ToS Byte
8-Bit Field within the IP Header of a packet, mainly used for marking packets with IP Precedence values.
Classification Tools
Network-based Application Recognition (NBAR) Policy-Based Routing (PBR) Access Control Lists (ACLs)
Marking
Methods of Marking:
Class of Service (COS) Frame Relay DE Bit MPLS Experimental (EXP) bits IP Precedence Differentiated Services Code Point (DSCP)
In best practices you should limit the number of traffic classes for provisioning QoS to about 4 or 5 classes. If more is needed, usually no more than 11 different classes are necessary. An 11-Class QoS model might be benefit a large enterprise that requires more granularity for classes.
What is CoS?
Turning on bits in the 802.1P (user priority) field within the 802.1Q Header (or Cisco ISL Header) of an Ethernet Frame. Supported values are 0-5, 7 and 6 are reserved and typically are not used to classify traffic. CoS 5 should be treated for high priority (i.e: Voice) traffic.
Limitation of COS
Devices that receive packets on non-trunking or Ethernet ports will not preserve the L2 headers and the 802.1Q (or ISL) field, by stripping them of their priority markings. Therefore, CoS Markings should be mapped to mechanism which preserves the CoS as it transits other network devices, such as mapping CoS Values at Layer 2 to IP Precedence or DSCP values within header of packets at Layer 3 (IP).
set ip precedence
Sets the IP Precedence for a class of traffic
Per-Hop Behaviors
Per-Hop Behaviors
Commonly used for Mission Critical traffic Consists of four classes and Three Drop Preference Levels. Guarantees a minimum amount of bandwidth
AF Classes:
AF1 = Lowest Priority AF2 & AF3 = Medium Priority AF4 = Highest Priority
AF DSCP Values
Value AF11 AF12 AF13 AF21 AF22 AF23 AF31 AF32 AF33 AF41 AF42 AF Class AF1 AF1 AF1 AF2 AF2 AF2 AF3 AF3 AF3 AF4 AF4 Drop Pref Low Medium High Low Medium High Low Medium High Low Medium Binary (DSCP) 001010 001100 001110 010010 010100 010110 011010 011100 011110 100010 100100
AF43
AF4
High
100110
Per-Hop Behaviors
What are the Drop Preference Levels for?
The Drop Preference is used as a tie-breaker between packets of the same class during congestion. For example, If the router receives two packets of class AF1, it will check which packet has a higher drop preference set and discard that one in favor of the packet with the lower preference.
Drop Preference is ignored between packets of different classes. If a packet marked with AF11 (Low Drop) and a packet with AF43 (High Drop) arrive at the router, the first one will be dropped because it is in the lower class, even though the other packet has a higher Drop Preference. The higher class is always favored.
Class-Selector (CS)
For backwards compatibility with IP Precedence devices. Uses the first 3 left-most bits Remaining 3 bits set to 0s
For example, we tell the router to mark incoming packets with CS5 (101000), Non-DiffServ compliant devices that receive theses packets only read the first 3 bits of 101, which it interprets as IP Precedence 5. The last 3 bits are completely ignored.
ip nbar protocol-discovery
Inspects packets and discovers the traffic types that go in or out of the interface
QoS Pre-Classification
QoS & VPN Tunnels:
By default, Cisco IOS devices that use Tunnel interfaces copy the ToS byte from the IP header of Packets and attach them to the ToS byte of the Tunnel Headers before put on the VPN. QoS Preclassify: Used when you want to classify traffic not based on the ToS Byte / DSCP markings as they traverse a tunnel. A Device uses a QoS policy on the original IP Header of the packet rather than the Tunnel Header. qos pre-classify You can confirm Pre-classification is enabled on an interface by running show interface <int> and seeing (QoS Pre-classification) on the Queuing Strategy line.
mls qos trust changes port state to trusted on the selected switch port.
mls qos trust cos <cos> Trust the cos marking received, but not dscp. Maps CoS-to-DSCP values before switching to output interface.
mls qos trust dscp <dscp> Trust the dscp marking received, but not the cos. Maps DSCP-to-CoS values before switching to output interface.
mls qos trust cos mls qos trust device cisco-phone switchport priority extend cos 0
NOTE: the last command enables the IP Phone to change CoS markings received on packets from an attached device (i.e: a laptop)
Congestion Management
Mechanisms for managing queues and giving preferential forwarding to delaysensitive traffic. If the Hardware Queue (TxQ) is congested, the Software Queue (Queuing Mechanisms) will take over and schedule packets as they arrive at the interface. The TxQ queue ALWAYS uses FIFO and cannot be configured to use anything else. If the TxQ queue is not congested, then any packets that arrive at the interface will bypass the software queuing process and be sent directly to the hardware queue to be sent out the physical interface.
Software interfaces (i.e: Subinterfaces) only congest when the Hardware Queue for the Interface has reached capacity
Queuing Mechanisms:
Priority Queuing (PQ) - Obsolete Custom Queuing (CQ) - Obsolete Weighted Fair Queuing (WFQ) Class-Based Weighted Fair Queuing (CBWFQ) Low-Latency Queuing (LLQ)
Queuing
Weighted Fair Queuing (WFQ)
Normally does not require any configuration Priority given to low-bandwidth traffic
WFQ Explained
How does it work?
WFQ dynamically creates queues for each flow. A Flow is determined based on matching: Source & Destination IP, Ports or ToS values. A queue is established as long as there are packets being sent. When the queue for that flow is empty and no more packets need to be sent, the queue is removed from the routers memory. Even though a connection might still be established with the other end, if no packets are being sent, there are no queues for it.
Finish Time
Used by the WFQ Algorithm, pckets with larger Finish Times are more likely to be discarded during congestion. WFQ is turned on by default for Serial Interfaces under 2.048mbps. It cannot be manually configured by the Administrator.
Class-Based WFQ
Good for everything BUT Voice & Video Guarantees a chunk of bandwidth per class Not supported on Subinterfaces queue-limit <limit>
Adjusts the queue size for a class, by setting the maximum # of packets that the queue can hold before congestion occurs and packets start to drop. The default queue size is set to 64
Class-Based WFQ
bandwidth bandwidth percent bandwidth remaining percent These commands are used for bandwidth reservations for a traffic class. NOTE: Once bandwidth is reserved to a class using kbps, the bandwidth percent command cannot be applied to other classes within that same policy-map. This would confuse the router and make improper calculations when reserving bandwidth.
Class-Based WFQ
max-reserved-bandwidth Changes the default max bandwidth that can be reserved for user-defined classes (not the default). The default value is 75% of the links bandwidth (or whats defined in the CIR agreement) can be reserved to different classes. Whatever is left on the link is reserved for keepalives and the default class (non-classified traffic).
AKA: CBWFQ + PQ Uses a Priority Queue Recommended for Voice Policed bandwidth for priority traffic WFQ or FIFO used for regular traffic PQ is serviced entirely before other queues
Traffic in the PQ cannot consume more bandwidth than what is assigned to it. If the limit is exceeded those packets are tail-dropped.
Policing prevents starvation of other classes.
priority <bandwidth in kbps> Guarantees priority bandwidth to a class The random-detect and queue-limit commands are not supported for priority classes.
Queuing on a Switch
Contain up to four queues Some have configurable drop thresholds Packet drops occur in Standard queues Packets NEVER dropped in Priority Queues
Queue 4 is a high priority queue used for Mission Critical or Voice traffic.
Can be set as a 'Strict-Priority' queue Expedite queues are recommended for reducing delay with Voice
Tells the switch what Queue to place packets with specific CoS markings in
show wrr-queue bandwidth Displays bandwidth allocations for the four different queues show wrr-queue cos-map Displays the cos-value to queue ID mappings.
TCP Starvation
However, because RED actively drops flows that are only TCP-
based, a large UDP packet can quickly fill the queue and prevent the router from buffering possibly more critical traffic.
RED is not supported on Cisco routers. WRED is the preferred congestion avoidance alternative for devices running Cisco IOS.
Differentiates flows by means of CBWFQ Drops less important packets based on marking. Supports both DSCP and IP Precedence Enable DSCP with: random-detect dscp-based
Applies the same 3 RED drop modes to each class of traffic defined with existing CBWFQ configuration Each class can have their drop modes set to different values. Allows the ability to drop the less important traffic (i.e: BE) earlier and minimize congestion for more important traffic. Utilizes the Assured Forwarding PHB Classes in DSCP.
Changes the default min,max and MPD values for packets marked with IP Precedence values.
random-detect dscp <dscp-value> <min> <max> <drop> Changes these values for certain DSCP markings, random-detect dscp-based must be entered before DSCP markings can be used with WRED. show policy-map interface Verify configuration of WRED on an interface
Bits for ECN: 00 = ECN not in use 01 or 10 = ECT Bit (ECN enabled) 11 = CE Bit (Congestion has occurred)
ECN + WRED
When packets in a queue exceed the minimum drop threshold set for WRED, the router begins to transmit packets marked with an ECN bit to the host sending the TCP segments. This informs the sender that the router is experiencing congestion, this signals the host to reduce its window size and transmission speed and prevents tail drops from occurring.
In order for ECN to be effective, applications need to support the ECN standard of IP, which a lot of applications do not at this point in time. Tail drops can still occur if the Avg queue length is beyond the max threshold.
ECN Commands
random-detect ecn Enables ECN + WRED for a traffic class show policy-map show policy-map interface <int> Displays WRED + ECN info and statistics.
Policing
TCP/IP applications by default will consume as much bandwidth as they need if it is available, at the expense of others.
Policing limits how much bandwidth a flow (Application) can consume before those packets get dropped from queue or remarked with a lower priority QoS marking (ie: 0 for Best-Effort)
By dropping or lowering the priority of packets from aggressive flows you can effectively free up the queues on interfaces and prevent congestion A common practice is to police non-mission critical traffic such as peer-to-peer file sharing applications (i.e: Limewire).
Tokens
Both Policing and Shaping use a mathematical concept known as Tokens and Token Buckets. A Token is the amount of data that can be sent in a single second, several Tokens might be required to send a single packet of data. For every second, a number of tokens are placed inside a Bucket. For a packet to be sent, a number of tokens must be present inside the Token Bucket. If there are insufficient Tokens in the bucket to transmit the data, an exceed action occurs.
Tokens (contd)
With a single Token bucket, when there are not enough tokens in it to send the packet it is dropped. A way to prevent this is to implement a Dual-Bucket model, where Tokens can be taken from it when the first bucket does not have enough to send the packet.
A second bucket (Be) accumulates packets by data being sent below the CIR (Bc) of the first bucket.
Todays networks that use Policing either use a Dual or Single Token Bucket model.
Tokens Example
A Packet of 1500 Bytes needs to be sent. To send this packet a total of 400 Tokens is required. If there are 400 Tokens or more available in Bucket #1 the packet is transmitted. If there are less than 400 Tokens available, the packet is discarded. If a Dual-Bucket model is used and there are 400 or more Tokens in the second bucket, tokens are taken from Bucket #2 to transmit the packet. If there are insufficient Tokens to send the packet from either bucket, it is ultimately discarded.
Terminology
Conform-Action When a bucket has enough Tokens to send the packet. The necessary amount of Tokens are subtracted from the total and the packet is transmitted out the interface. Exceed-Action When there are not enough Tokens in the first bucket to send the packet, so it is either dropped or re-marked with a lower priority (depending on the policy configured). Violate-Action
Dual-Metering
Consists of a CIR (Bc) and a Peak Information Rate (PIR) bucket (Be). Tokens taken from the CIR bucket are also subtracted from the PIR bucket when a conform-action is met. An exceed-action occurs when there are insufficient Tokens in the PIR bucket to send the packet. Insufficient tokens in either bucket is a violate-action
Policing (contd)
Service Providers use policing (aka Metering) to limit a customers upload/download speed based on the level of service they are paying for, called the Committed Information Rate (CIR). Actual link speed is called the Committed Access Rate (CAR). Policing is generally implemented in the Access or Distribution Layer of a network and Shaping is deployed on the WAN edge
Class-Based Policing
Bandwidth for a class of traffic can be policed in bits per second (bps) or allocated a fraction of bandwidth from the link. The default is to use bits per second. using bits
police <bps> conform-action <action> exceed-action <action> violate-action <action>
using percentage
police percent <percentage> conform-action <action> exceed-action <action> violate-action <action>
By using percentage rather than bps, this same policy can be applied to multiple interfaces regardless of what their link capacity is. Defaults The default unit used in configuring policing is bits per second the default conform-action is transmit and the default exceed-action is drop.
One or more QoS markings can be applied to a single packet when an exceed-action is triggered.
These are called Multiaction statements
Traffic Shaping
A companies HQ is connected via a 1Gbps Fiber link over the WAN to a Branch office router using a 64Kbps serial link. Data being sent from HQ would overwhelm the router used at the Branch office because it is sent from much faster from the HQ than the Branch can receive at once. This is called oversubscription and results in congestion on the Wide Area Network. Shaping prevents this phenomena by buffering packets that are sent in excess of the speed of the link on the connected device. A policy can be implemented to say that packets destined for the Branch office are limited to a rate of 64Kbps instead of the full link capacity of 1Gbps.
A Shaping technique used on Frame Relay interfaces that reduces the average shaping rate by 25% of the current value when frames marked with the BECN bits are received. When BECN frames are not received for certain time interval, the shaping rate gradually increases back to the previous average.
The command to enable this in MQC is shape adaptive <rate>
Notifies original sender by requesting the receiver to send a random frame of data, known as a Q.922 Test Frame, that the Frame Relay switch then sets the BECN bit on.
This tells the sender that congestion is occurring in the direction of the receiver and to reduce its transmission rate, even though "real" data has not been sent to the sender. The command to enable this is..
shape fecn-adapt
Software compression techniques introduce processing delay which causes the CPU to work more when forwarding packets. Therefore, compression done in hardware is recommended.
On a slow link Without LFI, a large frame must be transmitted in its entirety before frames behind it can be sent.
64 * 4 = 256kbps
80 * 4 = 320 bytes
FRF.12 Fragmentation
FRF.12 can be configured on Frame Relay circuits to reduce latency for VoIP packets. The fragment size configured on a VC should be no less than a single frame carrying voice. If it is configured to be less, Voice will be fragmented along with data packets and produce undesirable results. G.711 VoIP packets require 200 bytes, provisioning a VC to fragment frames below that number will degrade a call using G.711.
FRF.12 Fragmentation
End-to-End FRF.12 Fragmentation is the only Frame Relay fragmentation option (for VoIP) available on Cisco IOS devices. This means FRF.12 must be provisioned on both sides of a circuit for it to operate. Enabling Frame Relay Traffic Shaping (FRTS) or Distributed Traffic Shaping (DTS) on the interface (or DLCI) is also a prerequisite. frame-relay traffic-shaping
Enables FRTS on the interface.
FRF.12 Fragmentation
Configuration map-class frame-relay <map name>
Creates a frame relay map-class for specifying QoS parameters
FRF.12 Fragmentation
Verifying Configuration
show frame-relay fragment
Displays FRF.12 statistics for all interfaces and DLCIs