SEEREN2 Summer School Heraklion, Sept 25th Routing Issues: QoS/CoS

Jean-Marc Uz Liaison Research & Education, EMEA juze@juniper.net

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

Agenda: QoS/CoS Workshop

Module 1: Overview of QoS/CoS Module 2: JUNOS CoS implementation (J/M/T-Series) Module 3: Introduction to JUNOS CLI Module 4: GEANT2 QoS services Implementation

The content of this module is courtesy of Dante (http://www.dante.net)

http://www.dante.net/nep/geantqos/ http://www.dante.net/tf-ngn/activities.html

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

Module 4:

GEANT2 QoS services implementation GANT Network and Services Premium IP Less than Best Effort Queuing on GANT and status Router Configuration Premium IP Management

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

GEANT2 / Dante
10 Gb/s IP/MPLS backbone with Juniper T640s, M160s, M40s 4 x 10 Gb/s to North America Dark fiber and WDM optical technology Connecting 34 European Countries and 30 National R&E Networks European connectivity to over 3000 R&E institutions Advanced Services: IPv6 Premium IP Multicast v4 + v6 Best Effort Less Than Best Effort Layer 2 VPN
Copyright 2006 Juniper Networks, Inc. www.juniper.net

Global Connectivity

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

IP QoS Services on GANT

Premium IP
upper-bounded one-way delay upper-bounded IPDV negligible packet loss guaranteed capacity

Less than Best Effort

class of traffic using the un-utilised Best Effort and higher classes of service bandwidth

http://www.geant.net/server/show/nav.00700a009

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

AGENDA GANT Network and Services Premium IP Less than Best Effort Queuing on GANT and status Router Configuration Premium IP Management

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

Premium IP Model
End-to-end service across multiple management domains
using diffserv, ATM CBR or over-provisioning(!) packet tagged DSCP 46 (EF - 101110) destination aware service packet with other DSCP are left untouched (packets from other service) Premium IP bandwidth limited to 10% of the link capacity can cope with 20% in case of circuit failure

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

GEANT and IP Premium Service

Source: http://www.dante.net/sequin

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

Premium IP on GEANT
Protection of authorised Premium IP traffic
under normal circumstances, the Premium IP traffic of a circuit is limited to 10% of the circuit capacity
20% in case of another circuit failure

bullet-proof all the GANT accesses against unauthorised Premium IP traffic (tagged DSCP 46) on all the ingress interfaces
if DSCP 46 packet arrives on GANT and part of an unauthorised flow: classify the packet into the Best Effort queue and remark it as Best Effort (DSCP 0) if DSCP 46 packet arrives on GANT and is part of an authorised flow: check against policer according capacity requested in the SLA (in-profile accepted, out-of-profile dropped)

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

10

Premium IP on GEANT
Protection of authorised Premium IP traffic [cont]
per next AS rate-limitation (implemented by Juniper for GANT) can also do source-destination IP addresses when NREN dont do it. (NREN = National Research & Education Network, a Dante customer network directly connected to GEANT)

Trust the Premium IP traffic received from a GANT backbone interface.

Traffic checked at the GANT ingresses.

Configure queuing mechanism on the backbone and access interfaces.

strict-high priority is configured to the Premium IP queue.
Dont forget that the amount of Premium traffic expected in the Premium IP queue is 10% of the link capacity (service overprovisioned by a factor 9); this is assured by ingress policing.

90% for the BE and 5% for the network control (and 5% for LBE)
Copyright 2006 Juniper Networks, Inc. www.juniper.net

11

Test result end-to-end IP Premium

Jitter distribution in VBR traffic - BE & Premium IP
70%
percentage of packets

60% 50% 40% 30% 20% 10% 0% 0.00 0.19 0.38 0.56 0.75 0.94 1.13 1.31 1.50 1.69 1.88 2.07 2.25 2.44 2.63 2.82 3.01 3.19 3.38 3.57
Premium IP BE

jitter[ms]

Avg. jitter vs. packet size - BE & Premium IP

14
avg. jitter [ms]

12 10 8 6 4 2 0
78 17 1 20 2 26 2 44 3 52 0 74 7 85 3 98 5 12 34 13 30 13 55 13 82 13 84 14 01 14 26 14 45 14 50 14 80 14 90
Premium IP BE packet size [bytes]

Copyright 2006 Juniper Networks, Inc.

3.76

www.juniper.net

12

AGENDA GANT Network and Services Premium IP Less than Best Effort Queuing on GANT and status Router Configuration Premium IP Management

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

13

Less than Best Effort

Class of traffic using the un-utilised Best effort and higher classes of service bandwidth
in case of competition for resources, the LBE traffic will de discarded before any Best-Effort or higher classes of traffic. use the DSCP 8 (001000) - same as Internet2 scavenger service.

Congestion on an interface due to LBE

should be transparent to the BE or higher classes of services no BE or higher classes of services packet loss

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

14

Less than Best Effort

No end-to-end guarantees
no metric needed to quantitatively describe the service

Can be supported on one interface

anywhere else, the LBE tagging should be passed transparently.

Application scenarios
mirroring, test traffic, some GRID data transfers, network backups, protection of research traffic from student dormitory one.

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

15

LBE Queuing Technique

For algorithm with bandwidth shared assignment, as Weighted Wound Robin and Weighted Fair Queuing, a very small bandwidth share is allocated to the LBE queue.
Typically between 0% and 5%

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

16

LBE: Measurement with congestion

One-way delay
Increase of LBE maximum one-way delay of 1.5ms Increase of BE maximum one-way delay of 400s

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

17

LBE live test: ER2002 Demo - VLBI - dataGRID

Normal Traffic + Radio Astronomy Data + Less Than Best Effort 2.0 Gbit/s Normal Traffic

+ Less Than Best Effort 2.0 Gbit/s Normal Traffic

+ Radio Astronomy Data 500 Mbit/s Normal Traffic

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

18

AGENDA GANT Network and Services Premium IP Less than Best Effort Queuing on GANT and status Router Configuration Premium IP Management

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

19

Queuing Technique
WRR - Juniper M-series
Weight
Assure the queue to be given a minimum amount of bandwidth proportional to the weight. queue with high priority are served before the low priority allow the BE (and other high priority queues) to be served first until empty before serving the LBE one. is used to limit the queuing delay in case of congestion use to protect one class of traffic over the other within a queue.

Priority

WRED

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

20

DSCP/ToS Values used by GEANT

The DSCP/ToS values used in GANT to classify the traffic of the different QoS classes are shown in the table below. In addition to the three service classes offered to transiting traffic there is a DWS (IP commodity service) and a Network Control class, which are traffic classes used internally to the GANT network.

Service Premium IP LBE DWS Network control 1 Network control 2

DSCP value

ToS value

Juniper alias

ToS (hex)

DSCP-ToS binary 101110 101110xx 001000 001000xx 100000 100000xx 110000 110000xx 111000 111000xx

46 8 32 48 56

184 32 128 192 224

ef cs1 cs4 cs6 cs7

B8 20 80 C0 E0

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

21

Juniper Networks and CoS Services GEANT with IP Premium + LBE Service
Queue 0 1 2 3 FC BE EF LBE NC LP low high low high low high low high Service Best Effort DWS Premium IP / Less than BE Retag to BE Network control Network control DSCP / 32 46 / 8 0 48 56 Weight 90% N/A 5% 5% Priority Buffer Low 50% Stricthigh low high 15% 30% 5%

WRR

Junos CoS features include policing, (strict) priority queuing, weighted round robin (WRR), precedence/DSCP field rewrite, and random early drop RED. On a Juniper M-series Router each port has 4 Queues Weighted Round Robin Percentages can be set for each Queue New generation Q-PICs offers multiples queues per logical interfaces (Ethernet VLAN, ATM PVC, etc.)
Source: http://www.dante.net/nep/geantqos/ and http://www.dante.net/tf-ngn/activities.html

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

22

QoS Configuration on GEANT

The configuration has completed on most of the GEANT routers allowing Premium IP, BE and LBE to co-exist.
The routers where the three services have been enable are represented as green on the following map. The routers coloured yellow are Juniper routers where old FPCs have been re-used from TEN-155 (1999) These old FPCs that do not allow for the full functionality of QoS.
As such BE is not ideally protected by LBE and the bandwidth is effectively shared. Premium IP only is supported.

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

23

Current QoS Configuration on GEANT

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

24

AGENDA GANT Network and Services Premium IP Less than Best Effort Queuing on GANT and status Router Configuration Premium IP Management

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

25

Router Configuration
Each router in the GANT network contains certain QoS building blocks in order to configure Per Hop Behaviors (PHB). The configuration shown here is taken from a Juniper M160 router with JUNOS 5.7 and with E-FPC (enhanced FPCs) and SDH interfaces.

Classifiers, schedulers and rewrite rules can be associated to each interface. In GANT two types of interface configurations are used for QoS
a backbone interface an access interface (i.e. the interface where the traffic from an NREN is entering GANT)

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

26

DSCP and ToS Values Type of Service field illustration

Illustration of DSCP Type of Service field configuration

Service Premium IP LBE DWS Network control 1 Network control 2 DSCP value 46 8 32 48 56 ToS value 184 32 128 192 224 Juniper alias ef cs1 cs4 cs6 cs7 ToS (hex) B8 20 80 C0 E0 DSCP-ToS binary 101110 - 101110xx 001000 - 001000xx 100000 - 100000xx 110000 - 110000xx 111000 - 111000xx

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

27

Router Interfaces
Backbone interface
so-7/0/0 { scheduler-map MAP-BASIC; unit 0 { classifiers { dscp backbone-classifier; } rewrite-rules { dscp basic-rewrite-rules; } } }

Access interface
so-0/2/3 { scheduler-map MAP-BASIC; unit 0 { classifiers { dscp access-classifier; } rewrite-rules { dscp basic-rewrite-rules; } } }

In addition, the access interface may contain filters in order to classify and police Premium IP traffic. The following configurations apply to all (access and backbone) interfaces.

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

28

Drop Profiles
Drop profile define the parameters used by the Random Early Detection (RED) mechanism that MAY be used in a queue
dws-drop-profile { fill-level 35 drop-probability 10; fill-level 40 drop-probability 100; } be-drop-profile { fill-level 15 drop-probability 30; fill-level 19 drop-probability 50; fill-level 24 drop-probability 70; fill-level 30 drop-probability 100; } less-than-be-drop-profile { fill-level 25 drop-probability 30; fill-level 30 drop-probability 50; fill-level 40 drop-probability 70; fill-level 50 drop-probability 100; }

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

29

Queues and Schedulers

1. Associate a name with each queue

Note: a queue is sometimes also called a forwarding class forwarding-classes { queue 0 best-effort; queue 1 expedited-forwarding; queue 2 less-than-best-effort; queue 3 network-control; } The Premium IP traffic is classified into the expedited-forwarding queue. The naming of the queues is performed once and applies to all interfaces of the router.

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

30

Queues and Schedulers

2. Define scheduler configurations

scheduler weight, queue size and priority as set at the GANT router for each queue:
sch-best-effort { transmit-rate percent 90; buffer-size percent 50; priority low; } sch-expedited-forwarding { buffer-size percent 15; priority strict-high; } sch-less-than-best-effort { transmit-rate percent 5; buffer-size percent 30; priority low; drop-profile-map loss-priority low protocol any drop-profile less-than-be-drop-profile; drop-profile-map loss-priority high protocol any drop-profile be-drop-profile; } sch-network-ctrl { transmit-rate percent 5; buffer-size percent 5; priority high; }

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

31

Queues and Schedulers

3. Associate a scheduler with a queue (FC)

The main advantage of the scheduler-map is that it can be applied to more than one interface.

MAP-BASIC { forwarding-class best-effort scheduler sch-best-effort; forwarding-class expedited-forwarding scheduler sch-expedited-forwarding; forwarding-class less-than-best-effort scheduler sch-less-than-best-effort; forwarding-class network-control scheduler sch-network-ctrl; }

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

32

Classification
The classifier is a functional block located at the input interface that sets three internal bits for each IP packet
Two bits that select the output-queue. There are four output queues, also called forwardingclasses, per port. One bit to indicate the loss-priority, the packets classified in an output-queue can have two different values of loss-priority (low or high).

Best Effort (BE) and Less than Best Effort (LBE) traffic is classified by the classifier rules as shown below. Note that it is also possible to classify packets by means of an input firewall filter
This is used for classifying Premium IP traffic according to the source/destination address and optionally the DSCP value of the packet. Excess Premium IP traffic is discarded (policer)

Backbone Classifier
dscp backbone-classifier { import default; forwarding-class best-effort { loss-priority low code-points [ af11 af12 af13 ]; loss-priority high code-points cs4; } forwarding-class less-than-best-effort { loss-priority low code-points cs1; } }

Access Classifier
dscp access-classifier { import default; forwarding-class best-effort { loss-priority low code-points [ af11 af12 af13 ]; } forwarding-class less-than-best-effort { loss-priority low code-points cs1; loss-priority high code-points [ ef cs4 ]; }

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

33

Marking
The marking of packets with a DSCP value is the last QoS action performed before the transmission of the packet (hence after firewall filter evaluation)
dscp basic-rewrite-rules { forwarding-class best-effort { loss-priority high code-point cs4; } forwarding-class expedited-forwarding { loss-priority low code-point ef; } forwarding-class network-control { loss-priority low code-point nc1; loss-priority high code-point nc2; } forwarding-class less-than-best-effort { loss-priority high code-point be; loss-priority low code-point cs1; } }

Service Authorised Premium IP Un-authorised Premium IP DWS LBE Network Control Best Effort

Incoming DSCP value 46 46 32 8 48/56 other values

New DSCP value 46/drop 0/5 0 8 48 Unchanged

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

34

AGENDA GANT Network and Services Premium IP Less than Best Effort Queuing on GANT and status Router Configuration Premium IP Management

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

35

Useful Tool
Feature of the NANOG traceroute to discover the DSCP changes along the path (Simon Leinen from Switch:-)
[root]# ./traceroute -t 184 193.171.2.1 traceroute to 193.171.2.1 (193.171.2.1), 30 hops max, 40 byte packets 1 css7-ATM4-0-0-101-dmsk.man.poznan.pl (150.254.160.62) 1 ms 1 ms 1 ms 2 150.254.163.118 (150.254.163.118) 2 ms 2 ms 2 ms 3 z-pozmanu-oc3.poznan-gw.pol34.pl (212.191.127.49) 2 ms 2 ms 2 ms 4 pol-34.pl1.pl.geant.net (62.40.103.109) 2 ms 2 ms 2 ms 5 pl.cz1.cz.geant.net (62.40.96.45) 22 ms (TOS=0!) 22 ms 22 ms 6 cz.de1.de.geant.net (62.40.96.38) 30 ms 30 ms 30 ms 7 de1-1.de2.de.geant.net (62.40.96.130) 30 ms 30 ms 31 ms 8 de.at1.at.geant.net (62.40.96.5) 43 ms 43 ms 43 ms 9 aconet-gw.at1.at.geant.net (62.40.103.2) 43 ms 43 ms 43 ms 10 193.171.2.1 (193.171.2.1) 45 ms * 45 ms

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

36

Need for Automation Service management was done manually Service set up, maintenance and termination was done by phone calls and emails Considerable manual effort required Complexity in keeping track of:
Path information Current and future reservations Premium IP utilisation levels Changes in network topology

Multi-party communication
Copyright 2006 Juniper Networks, Inc. www.juniper.net

37

System Architecture Java web-based architecture Using Apache 1.3 web server, Tomcat servlet container & MySQL Database

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

38

Premium IP Reservation Tool Features (1) Authentication & Authorisation Path Finder
Find shortest path between two end points
Dynamic based upon configured IS-IS cost

Utilisation Monitoring
Check Premium IP reservation levels on each intermediate link along the path Take into account all active reservation during the given time period Display the available Premium IP capacity

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

39

Premium IP Reservation Tool Features (2) Reservation Management

View, Request, Modify, Cancel Based upon available Premium IP capacity
Contact management IP Address management

Automated email notification

to User, DANTE - Premium IP team, NOC upon Reservation Request, Modification, Cancellation

Router Configuration update (script) Others: IS-IS cost, Reports, Archival, System Administration...
Copyright 2006 Juniper Networks, Inc. www.juniper.net

40

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

41

Thank you
Jean-Marc Uz
Liaison Research & Education, EMEA juze@juniper.net
31 Place Ronde, 92986 Paris-La-Defense, France

Mobile: +33615432512

Copyright 2006 Juniper Networks, Inc.

www.juniper.net

42