Professional Documents
Culture Documents
Simplified
BRKCRS-2501
http://tinyurl.com/zuzevge
Agenda
• Campus QoS Design Considerations and Best Practices
• Cisco Catalyst 2960-X QoS Design
• Cisco Catalyst 3650/3850 QoS Design
• Cisco Catalyst 4500 QoS Design
• Cisco Catalyst 6500/6800 QoS Design
• Cisco Nexus 7000/7700 QoS Design
• Campus WLAN QoS Design Considerations and Best Practices
• Cisco IOS XE WLC AVC/QoS Design
• Cisco AireOS WLC AVC/QoS Design
• What are we doing to make this simpler?
• Summary and References
Campus QoS Design
Considerations
and Best Practices
What Do You Consider First?
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
The Case for Campus QoS
• The secondary role of QoS in campus networks is to condition traffic at the access
edge, which can include any of the following:
• Trust
• Classify and Mark
• Police
Why Is Video So Sensitive to Packet Loss?
1920 lines of Vertical Resolution (Widescreen Aspect Ratio is 16:9)
1080p60
1080 lines of Horizontal Resolution
1080 x 1920 lines =
= 2,985,984,000 bps
or 3 Gbps Uncompressed!
Cisco (H264/H.265) codecs transmit 3-5 Mbps per 1080p60 video stream
which represents over 99.8% compression (~ 1000:1)
Packet loss is proportionally magnified by compression ratios
Users can notice a single packet lost in 10,000—
Making HD Video One Hundred Times More Sensitive to Packet Loss than VoIP!
VoIP vs. HD Video—At the Packet Level
1000 1000
Bytes
600 Audio 600
Samples
200 200
120
100 Total Per-Port Buffer: 5.4 MB
80
60 Total Per-Queue Buffer*: 1.35 MB
40
20 Gbps Line Rate: 1 Gbps = 125 MB/s
0 or 125 KB/ms
130
170
210
250
290
330
370
410
450
490
530
570
610
650
690
730
770
810
850
890
930
970
10
50
90
1200
1000
Total Per-Port Buffer: 90 MB
800
600
Total Per-Queue Buffer*: 11.25 MB
400
200
Gbps Line Rate: 10 Gbps = 1.25 GB/s
0
or 1250 KB/ms
130
170
210
250
290
330
370
410
450
490
530
570
610
650
690
730
770
810
850
890
930
970
10
50
90
x 11
Oversubscription in the Campus GE Link
10GE Link
40GE Link
Oversubscription in the Campus GE Link
10GE Link
40GE Link
Know Your Tools
• Catalyst and Nexus switch hardware
• Software and Syntax
• Global Default QoS Settings
• Trust States and Conditional Trust
• Logical vs. Physical Interface QoS
• Ingress and Egress Queuing Models
Economy
Hardware Varies
Australian Version
2016 Cisco Live Melbourne
Utility
Performance
Economy
Hardware Varies
American Version
2015 Cisco Live San Diego
Utility
Performance
Economy
Hardware Varies
Italian Version
2015 Cisco Live Milan
Utility
Performance
Economy
Hardware Varies
German Version
2016 Cisco Live Berlin
Utility
Performance
Economy
Hardware Varies
Canadian Version
2015 Cisco Connect Toronto
Utility
Performance
Software and Syntax Variations
• Catalyst 2960-X / 3560 / 3750 are the last platforms to use Multilayer Switch QoS (MLS QoS)
• QoS is disabled by default and must be globally enabled with mls qos command
• Once enabled, all ports are set to an untrusted port-state
• Catalyst 3650/3850 and 4500 use IOS Modular QoS Command Line Interface (MQC)
• QoS is enabled by default
• All ports are trusted at layer 2 and layer 3 by default
• Catalyst 6500/6800 use Cisco Common Classification Policy Language (C3PL) QoS
• QoS is enabled by default (Sup2T) – Disabled by default (Sup720)
• All ports are trusted at layer 2 and layer 3 by default
• C3PL presents queuing policies similar to MQC, but as a defined “type” of policy
Trust Boundary
Trust Boundary
Centrally-Administered &
Conditionally-Trusted Devices
mls qos trust device
• cisco-phone
• cts
• ip-camera
• media-player
Policy Enforcement Points (PEPs)
• The Policy Enforcement Point (PEP) is the edge where classification and marking policies are enforced
• The PEP may or may not be the same as the trust boundary
• Multiple PEPs may exist for different types of network devices
• e.g. switch PEP vs. router PEP
Note: For the sake of simplification, in this deck PEP will refer to
Trust Boundary
classification and marking policy enforcement points (only)
Switch Router and will not include other policy enforcement points (e.g. queuing).
PEP PEP
Per-Port QoS vs. Per-VLAN QoS
interface Vlan 10
interface gig 1/1-48
service-policy input MARKING
service-policy input MARKING
Campus QoS Design Considerations
Per-Port/Per-VLAN QoS
VLAN Interfaces
DVLAN 10
VVLAN 110
VVLAN Yes
VoIP Classifier Mark EF VoIP Policer (<128 kbps) No
Drop
Yes
Signaling Classifier Mark CS3 Signaling Policer (<32 kbps) No
Drop
Yes
Multimedia Conferencing Classifier
Mark AF41 MM-Conf Policer (<5 Mbps) No
Drop
DVLAN Yes
Signaling Classifier Mark CS3 Signaling Policer (<32 kbps) No
Drop
Yes
Transactional Data Classifier Mark AF21 Trans-Data Policer (<10 Mbps) No
Remark to CS1
Yes
Bulk Data Classifier Mark AF11 Bulk Data Policer (<10 Mbps) No
Remark to CS1
Yes
Scavenger Classifier Mark CS1 Scavenger Policer (<10 Mbps) No
Drop
Yes
Best Effort (Class-Default) Mark DF Best Effort Policer (<10 Mbps) No
Remark to CS1
Catalyst Hardware Queuing
1P3Q1T Example
3 Non-Priority
Queues
1P3Q1T
Catalyst Hardware Queuing
1P3Q1T Example
Resume
Interrupt
Scheduling
Weighted Tail Drop (WTD) Operation
3T WTD Example
Tail Front
of of
Queue Queue
Direction
of
Packet
Flow
Maximum WRED Thresholds for AF11, AF12 and AF13 are set to the tail of the queue in this example
Campus Port QoS Roles
Untrusted Endpoint:
• Port Set to Untrusted State
(or Explicit Policy to Mark to DSCP 0)
• [Optional Ingress Marking and/or Policing]
• [Ingress and] Egress Queuing
Trusted Port
• Trust DSCP
Conditionally-Trusted Endpoint
(Default on all non-MLS QoS platforms)
• Conditional-Trust with Trust-CoS or DSCP
• [Ingress and] Egress Queuing
• [Optional Ingress Marking and/or Policing]
• [Ingress and] Egress Queuing
Campus QoS Design—At-A-Glance
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
Agenda
• Campus QoS Design Considerations and Best Practices
• Cisco Catalyst 2960 QoS Design
• Cisco Catalyst 3650/3850 QoS Design
• Cisco Catalyst 4500 QoS Design
• Cisco Catalyst 6500/6800 QoS Design
• Cisco Nexus 7000/7700 QoS Design
• Campus WLAN QoS Design Considerations and Best Practices
• Cisco IOS XE WLC AVC/QoS Design
• Cisco AireOS WLC AVC/QoS Design
• What are we doing to make this simpler?
• Summary and References
Cisco Catalyst 2960-X
QoS Design
Catalyst 2960-X
QoS Roles in the Campus Access
No Trust +
Ingress Queuing +
Egress Queuing
Trust DSCP +
Ingress Queuing +
Egress Queuing
Conditional Trust +
Ingress Queuing +
C2960-X Egress Queuing
Access
Switch Classification/Marking +
[Optional Policing] +
Distribution Ingress Queuing +
Switches Egress Queuing
Catalyst 2960-X
QoS Design Steps
1. Enable QoS
Note: Catalyst 2960-X is QoS compatible with the
2. Configure Ingress QoS Model(s): Catalyst 3560 & 3750, with the following exceptions:
Trust Models • The Catalyst 3560 & 3750 support ingress queuing
policies, but the 2960-S does not.
Conditional Trust Model
• Similarly, the Catalyst 3560 & 3750 support VLAN-
Service Policy Models based QoS policies, but the 2960-X does not.
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
Catalyst 3650/3750 QoS Design At-A-Glance
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
Agenda
• Campus QoS Design Considerations and Best Practices
• Cisco Catalyst 2960-X QoS Design
• Cisco Catalyst 3650/3850 QoS Design
• Cisco Catalyst 4500 QoS Design
• Cisco Catalyst 6500/6800 QoS Design
• Cisco Nexus 7000/7700 QoS Design
• Campus WLAN QoS Design Considerations and Best Practices
• Cisco IOS XE WLC AVC/QoS Design
• Cisco AireOS WLC AVC/QoS Design
• What are we doing to make this simpler?
• Summary and References
Cisco Catalyst 3650/3850
QoS Design
Catalyst 3650/3850
QoS Roles in the Campus Access
No Trust +
Egress Queuing
Trust DSCP +
C3650/3850 Egress Queuing
Access
Switch Conditional Trust +
Egress Queuing
Classification/Marking +
[Optional Policing] +
Egress Queuing
*Note: Catalyst 3650/3850 IOS MQC trusts all wired ports by default
Prior to IOS XE 3.3, wireless ports were set to an untrusted state by default.
However, this default setting can be globally disabled with the following command:
no qos wireless-default-untrust
Beginning with IOS XE 3.3, wireless ports are also trusted by default
Catalyst 3650/3850 Only match-any is supported
(i.e. match-all is not supported)
Conditional Trust Models
Conditional-Trust
Cisco IP Phone (Cisco IP Phone)
Conditional TrustExample:
Example
class-map match-any VOICE CoS
CoSmust
mustbebe
match cos 5 matched
matchedasasCisco
Conditional-Trust Models: class-map match-any SIGNALING
Cisco
IP
IPPhones
Phonesonly
only
interface GigabitEthernet 1/0/1 match cos 3 remark
remarkat
atLayer
Layer22
trust device cisco-phone [or]
trust device cts [or] policy-map CISCO-IPPHONE
trust device ip-camera [or] class VOICE
trust device media-player set dscp ef
class SIGNALING
set dscp cs3
Only one type of device can be configured for class class-default
conditional trust on an interface at a given time set dscp default
interface GigabitEthernet 1/0/1
trust device cisco-phone
service-policy input CISCO-IPPHONE
Catalyst 3650/3850
Marking Policy Example
[class-maps omitted for brevity] ! This section attaches the service-policy
policy-map MARKING-POLICY ! to a wired interface(s)
class VOIP interface range GigabitEthernet 1/0/1-48
set dscp ef service-policy input MARKING
class MULTIMEDIA-CONFERENCING
set dscp af41 ! This section attaches the service-policy
class SIGNALING ! to a wireless interface(s) at the SSID level
set dscp cs3 wlan EMPLOYEE-WLAN
class TRANSACTIONAL-DATA service-policy input MARKING
set dscp af21
class BULK-DATA ! This section attaches the service-policy
set dscp af11 ! to a wireless interface(s) at the client level
class SCAVENGER wlan EMPLOYEE-WLAN
set dscp cs1 service-policy client input MARKING
class default
set dscp default
Inclusion of the client keyword applies
the service-policy at the client level
All markdown and/or
Catalyst 3650/3850 mapping operations
are configured
through table-maps
Marking & Policing Policy Example—Part 1 of 2
policy-map MARKING&POLICING …[continued]
class VVLAN-VOIP class TRANSACTIONAL-DATA
set dscp ef set dscp af21 table-map TABLE-MAP
police 128k police 10m map from 0 to 8
conform-action transmit conform-action transmit map from 10 to 8
exceed-action drop exceed-action TABLE-MAP map from 18 to 8
class VVLAN-SIGNALING class BULK-DATA
set dscp cs3 set dscp af11
police 32k police 10m
conform-action transmit conform-action transmit
exceed-action drop exceed-action TABLE-MAP
class MULTIMEDIA-CONFERENCING class SCAVENGER
set dscp af41 set dscp cs1 Policing to remark traffic
police 5m police 10m is done by referencing
conform-action transmit conform-action transmit the previously-configured
exceed-action drop exceed-action drop table-map
class SIGNALING class class-default
set dscp cs3 set dscp default
police 32k police 10m
conform-action transmit conform-action transmit
exceed-action drop exceed-action TABLE-MAP
… Policers can may be set to either remark or drop excess traffic
Catalyst 3650/3850
Service policies applied to the
Marking & Policing Policy Example—Part 2 of 2 SSID level are actually
applied to the BSSID
(that is, per SSID/AP pair)
! This section attaches the service-policy to a wired interface(s)
interface range GigabitEthernet 1/0/1-48
service-policy input POLICING
! This section attaches the service-policy to a wireless interface(s) at the SSID level
! The policy will be applied to all clients belonging to the SSID at an aggregate level
wlan EMPLOYEE-WLAN
service-policy input POLICING
! This section attaches the service-policy to a wireless interface(s) at the client level
! The policy will be applied to individual clients at an aggregate level
wlan EMPLOYEE-WLAN
service-policy client input POLICING
The inclusion of the client keyword
changes the application of the policer
from the SSID-aggregate level to the
client-aggregate level
Catalyst 3650/3850
Per-Port/Per-VLAN Policy
class-map VVLAN
match vlan 110 Individual
Individual (trunked)
(trunked) VLANs
VLANs are
are
class-map DVLAN matched
matched byby the
the match
match vlan
vlan command
command
match vlan 10
policy-map VLAN-POLICERS
class VVLAN
police 192k
conform-action transmit exceed-action drop Policers are applied on a per-VLAN
Policers are applied on a Per-VLAN basis
class DVLAN basis
police 50m
conform-action transmit exceed-action drop
Interrupt
Interrupt
Scheduling
Scheduling
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model
policy-map 50MBPS-SHAPER
class class-default Defines the sub-line rate (CIR)
shape average 50000000
service-policy 2P6Q3T Provides back-pressure to the system to
interface GigabitEthernet 1/0/1 engage the (previously-defined) queuing
service-policy output 50MBPS-SHAPER policy, so that packets are properly
prioritised within the sub-line rate
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
Agenda
• Campus QoS Design Considerations and Best Practices
• Cisco Catalyst 2960-X QoS Design
• Cisco Catalyst 3650/3850 QoS Design
• Cisco Catalyst 4500 QoS Design
• Cisco Catalyst 6500/6800 QoS Design
• Cisco Nexus 7000/7700 QoS Design
• Campus WLAN QoS Design Considerations and Best Practices
• Cisco IOS XE WLC AVC/QoS Design
• Cisco AireOS WLC AVC/QoS Design
• What are we doing to make this simpler?
• Summary and References
Cisco Catalyst 4500
QoS Design
Catalyst 4500
QoS Roles in the Campus Distribution
Trust DSCP +
Egress Queuing
Core Switches
Access
Switches Catalyst 4500
Distribution
Switches
Catalyst 4500
QoS Design Steps
1. Configure Ingress QoS Model(s):
DSCP-Trust Model*
Conditional Trust Model
Service Policy Models
policy-map CISCO-IPPHONE
class VOICE
set dscp ef
class SIGNALING
set dscp cs3
class class-default
set dscp default
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
Agenda
• Campus QoS Design Considerations and Best Practices
• Cisco Catalyst 2960-X QoS Design
• Cisco Catalyst 3650/3850 QoS Design
• Cisco Catalyst 4500 QoS Design
• Cisco Catalyst 6500/6800 QoS Design
• Cisco Nexus 7000/7700 QoS Design
• Campus WLAN QoS Design Considerations and Best Practices
• Cisco IOS XE WLC AVC/QoS Design
• Cisco AireOS WLC AVC/QoS Design
• What are we doing to make this simpler?
• Summary and References
Cisco Catalyst 6500 & 6800
QoS Design
Cisco Catalyst 6500/6800
QoS Roles in the Campus Core
Catalyst 6500/6800
Core Switches
Trust DSCP
+ Ingress Queuing
+ Egress Queuing
Cisco Catalyst 6500/6800
QoS Design Steps
Default Queue
Best Effort DF DF
(WRED)
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/qos_policy_based_queueing.html
Unless specified otherwise, the
default C3PL class-map and
Cisco Catalyst 6500/6800—2P6Q4T Model policy-map type is qos
(classification, marking, policing)
Part 1 of 3—Common Ingress & Egress Queuing Class-Maps
class-map type lan-queuing match-all VOICE-PQ1 Class-maps and policy-maps
match dscp ef used for ingress and/or egress
class-map type lan-queuing match-all VIDEO-PQ2 queuing policies must be explicitly
match dscp cs4 cs5 configured as type lan-queuing
class-map type lan-queuing match-all CONTROL-MGMT-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all MULTIMEDIA-CONFERENCING-QUEUE
match dscp af41 af42 af43
class-map type lan-queuing match-all MULTIMEDIA-STREAMING-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all TRANSACTIONAL-DATA-QUEUE
match dscp af21 af22 af23
class-map type lan-queuing match-all SCAVENGER-BULK-DATA-QUEUE
match dscp cs1 af11 af12 af13
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
Cisco Catalyst 6500-Sup720 QoS Design At-A-Glance
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
Agenda
• Campus QoS Design Considerations and Best Practices
• Cisco Catalyst 2960-X QoS Design
• Cisco Catalyst 3650/3850 QoS Design
• Cisco Catalyst 4500 QoS Design
• Cisco Catalyst 6500/6800 QoS Design
• Cisco Nexus 7000/7700 QoS Design
• Campus WLAN QoS Design Considerations and Best Practices
• Cisco IOS XE WLC AVC/QoS Design
• Cisco AireOS WLC AVC/QoS Design
• What are we doing to make this simpler?
• Summary and References
Cisco Nexus 7000/7700
QoS Design
Cisco Nexus 7000/7700
QoS Roles in the Campus Core
Trust DSCP
+ Ingress Queuing
+ Egress Queuing
Cisco Nexus 7000/7700
QoS Design Steps
VoIP EF 8e-4q8q-out-q2
CoS 5 CoS 7
BWR 5%
Broadcast Video CS5
8e-4q8q-out-q3
Multimedia Conferencing AF4 CoS 6 BWR 5%
CoS 4
Realtime Interactive CS4
CoS 4 8e-4q8q-out-q4
Multimedia Streaming AF3 BWR 20%
CoS 3
Signaling CS3 8e-4q8q-out-q5
CoS 3 BWR 20%
Transactional Data AF2
CoS 2 8e-4q8q-out-q6
CoS 2
Network Management CS2 BWR 15%
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
Agenda
• Campus QoS Design Considerations and Best Practices
• Cisco Catalyst 2960-X QoS Design
• Cisco Catalyst 3650/3850 QoS Design
• Cisco Catalyst 4500 QoS Design
• Cisco Catalyst 6500/6800 QoS Design
• Cisco Nexus 7000/7700 QoS Design
• Campus WLAN QoS Design Considerations and Best Practices
• Cisco IOS XE WLC AVC/QoS Design
• Cisco AireOS WLC AVC/QoS Design
• What are we doing to make this simpler?
• Summary and References
Campus WLAN QoS Design
Considerations
and Best Practices
The Case for Wireless QoS
http://www.cisco.com/en/US/prod/collateral/wireless/cisco_avc_application_improvement.pdf
Know Your Tools
• IEEE 802.11
• User Priorities (UP)
• Access Categories (AC)
• Arbitration Inter-frame Spacing (AIFS)
• Contention Windows (CW)
• Enhanced Distributed Coordination Function (EDCF)
• DSCPUP Mapping
• Trust Boundaries
• Policy-Enforcement Points
• Application Visibility and Control (AVC)
IEEE 802.11 User Priority (UP)
Video 2 Video 7 15
UP 5 Video
Signaling CS3 Access
UP 4 Category
UP 3 Best Effort
Transactional Data AF2 Access
UP 0 Category
Background
UP 2
Best Effort DF Access
UP 1
Category
Downstream DSCP-to-UP Mapping Model
Ratified Cisco Consensus Model (June 2015)
Key Point:
Radio Upstream
QoS requires the
device to set UP
markings correctly
3-Bit UP 6-Bit DSCP First 3 Bits are copied
Last 3 Bits are zeroed-out
Upstream DSCP Trust Model
https://tools.ietf.org/html/draft-szigeti-tsvwg-ieee-802-11-00
Cisco WLAN QoS Design At-A-Glance
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
Agenda
• Campus QoS Design Considerations and Best Practices
• Cisco Catalyst 2960-X QoS Design
• Cisco Catalyst 3650/3850 QoS Design
• Cisco Catalyst 4500 QoS Design
• Cisco Catalyst 6500/6800 QoS Design
• Cisco Nexus 7000/7700 QoS Design
• Campus WLAN QoS Design Considerations and Best Practices
• Cisco IOS XE WLC AVC/QoS Design
• Cisco AireOS WLC AVC/QoS Design
• What are we doing to make this simpler?
• Summary and References
Cisco IOS XE WLC
AVC/QoS Design
Cisco IOS XE WLC
QoS Roles in the Wireless LAN Centralised Deployment Model
CAPWAP Tunnel
• IOS XE WLCs can be deployed
in either a Centralised or a
Converged Access Deployment CT5760 WLC
• In either model:
• Trust Boundary is at the AP Converged Access Deployment Model
• PEP is at the AP
CAPWAP Tunnel
Catalyst
3650/3850
Or 4500-Sup8
Trust Boundary
PEP
Cisco IOS XE WLC
AVC/QoS Design Steps
1. Enable Application Visibility
a) Create a Flow Record
b) (Optional) Create a Flow Exporter
c) Create a Flow Monitor
d) Apply the Flow Monitor to the WLAN
Specifies
WHICH interface and
WHAT you want to COLLECT
WHICH direction
Match protocol enables NBAR2 classification
Cisco IOS XE WLC Note: Only 4 match protocol statements are supported per class-map
AFD BLOCK
Policer Multicast Queue
EF Q0
Voice EF CS6 Priority Level 1
CS3 (Limited to 10% of BW)
Q1
Interactive Video AF4 AF4 Priority Level 2
(Limited to 20% of BW)
Network Control CS6
AF2 Q2
Bulk Data AF1
Unicast-
Non-Realtime Queue
CS1
(63% BWR)
Transactional Data AF2
DF
Scavenger CS1
Q3
Multicast Non-Realtime Queue
Best Effort DF (7% BWR)
IOS XE WLC AFD
2P2Q+AFD Wireless Port Egress Queuing Config
class-map match-any REALTIME-1
match dscp ef
match dscp cs6
Note: This policy is applied automatically to all wireless ports.
match dscp cs3
Therefore, no explicit service-policy command is required
class-map match-any REALTIME-2
to attach the policy to a wireless interface(s).
match dscp af41
match dscp af42
match dscp af43
policy-map port_child_policy
class non-client-nrt-class System-defined (but configurable) queuing policy
bandwidth remaining ratio 7
class REALTIME-1
priority level 1 System defined queue for multicast wireless traffic
police rate percent 10 conform-action transmit exceed-action drop
class REALTIME-2
priority level 2 Two-levels
Two-levels of
of priority
priority queuing
queuing are
are supported
supported
police rate percent 20 conform-action transmit exceed-action drop
class class-default
bandwidth remaining ratio 63
Default unicast queue (non-priority queue)
IOS-XE WLC QoS Design
Step 4) Configure Custom Table Maps – Part 1 of 2
Table Map DSCP_TO_DSCP DSCP-to-DSCP is used for upstream from wireless,
from 8 to 8 to verify that only standard DSCP values are forwarded to the LAN
from 10 to 10
from 12 to 12
from 14 to 14
from 16 to 16
from 18 to 18
from 20 to 20
from 22 to 22
from 24 to 24
from 26 to 26
from 28 to 28 policy-map TRUST-SSID-IN
from 30 to 30 class class-default
from 32 to 32 set dscp dscp table DSCP_TO_DSCP
from 34 to 34
from 36 to 36 This policy trusts RFC 4594 DSCPs received from the client
from 38 to 38 and bleaches (zeroes-out) all other non-standard DSCP values
from 40 to 40
from 44 to 44
from 46 to 46
default ignore
IOS-XE WLC QoS Design
Step 4) Configure Custom Table Maps – Part 2 of 2
Table Map DSCP_TO_UP policy-map QUEUING-SSID-CHILD DSCP_TO_UP Mapping
from 8 to 1 class VOICE-PQ1
aligns IETF (RFC 4594)
from 10 to 2 priority level 1
police cir 6000000 bc 187500
with IEEE (802.11) for
from 12 to 2
from 14 to 2 conform-action transmit downstream flows.
from 16 to 0 exceed-action drop
from 18 to 3 admit cac wmm-tspec
from 20 to 3 rate 1500 (kbps)
from 22 to 3 wlan-up 6
from 24 to 4 class VIDEO-PQ2
from 26 to 4 priority level 2
from 28 to 4 police cir 6000000 bc 187500
from 30 to 4 conform-action transmit
from 32 to 5 exceed-action drop
from 34 to 4
from 36 to 4 policy-map QUEUING-SSID Standard DSCPs are
from 38 to 4 class class-default preserved (via table-map
from 40 to 5 set dscp dscp table DSCP_TO_DSCP from previous slide)
from 44 to 6 set wlan user-priority dscp table DSCP_TO_UP
from 46 to 6 bandwidth remaining ratio 100 UP markings are derived
default 0 service-policy APIC_EM-QUEUING-SSID-CHILD from DSCP_TO_UP Map
Cisco IOS XE QoS Design At-A-Glance
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
Agenda
• Campus QoS Design Considerations and Best Practices
• Cisco Catalyst 2960-X QoS Design
• Cisco Catalyst 3650/3850 QoS Design
• Cisco Catalyst 4500 QoS Design
• Cisco Catalyst 6500/6800 QoS Design
• Cisco Nexus 7000/7700 QoS Design
• Campus WLAN QoS Design Considerations and Best Practices
• Cisco IOS XE WLC AVC/QoS Design
• Cisco AireOS WLC AVC/QoS Design
• What are we doing to make this simpler?
• Summary and References
Cisco AireOS WLC
AVC/QoS Design
Cisco AireOS WLC
QoS Roles in the Wireless LAN
CAPWAP Tunnel
AireOS WLC
Trust Boundary
PEP
With AireOS 8.1MR+ the
trust-boundary can be
extended to the AP
Cisco AireOS WLC
QoS Design Steps
1. Select and Tune the WLAN QoS Profile
2. Configure an AVC Profile
3. Apply the QoS and AVC Profile to the WLAN and Enable Application Visibility
4. Modify default DSCP-to-UP mappings and enable Upstream DSCP-Trust
AireOS WLC
Tuning QoS Profiles
• QoS Profiles are applied to both upstream
& downstream flows on egress
• The WLAN QoS Profile defines:
WLAN Maximum Priority
• It recommended to set the Maximum
Priority to voice on multiservice WLANs
Unicast and Multicast Default Priority
• Typically these values are
recommended to be set to best effort
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
Cisco AirOS QoS Mapping At-A-Glance
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
Agenda
• Campus QoS Design Considerations and Best Practices
• Cisco Catalyst 2960-X QoS Design
• Cisco Catalyst 3650/3850 QoS Design
• Cisco Catalyst 4500 QoS Design
• Cisco Catalyst 6500/6800 QoS Design
• Cisco Nexus 7000/7700 QoS Design
• Campus WLAN QoS Design Considerations and Best Practices
• Cisco AireOS WLC AVC/QoS Design
• Cisco IOS XE WLC AVC/QoS Design
• What are we doing to make this simpler?
• Summary and References
What are we doing to
make this simpler?
The Why / How / What of Enterprise Networking
Cisco
Enterprise
Vision
https://cisco.box.com/s/6t7a0ahzh0pyqg6z1f86zauxund1fevd
EasyQoS Solution
Applications can interact with APIC-EM via Northbound
APIs, informing the network of application-specific and
dynamic QoS requirements
EM
Southbound APIs translate
business-intent to platform-
specific configurations
* 1P7Q4T can be implementing as an alternate ingress queueing structure to 2P6Q4T on some linecards, but we have chosen to
implement the 2P6Q4T instead with Easy-Qos, as it is a superior queueing structure and consistent with the Catalyst 3650/3850.
1Q8T – Ingress Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
1Q8T Ingress Queueing Linecards
CoS 7 Q1T8—100%
Network Control (CS7)
CoS 7
Internetwork Control CS6 CoS 6
Q1T7—95%
VoIP EF CoS 6
CoS 5
Broadcast Video CS5
Q1T6—90%
CoS 5
Multimedia Conferencing AF4
CoS 4
Q1T5—85%
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3 Q1T4—80%
Signaling CS3 CoS 3
Transactional Data AF2
CoS 2 Q1T3—75% All noted thresholds are
Network Management CS2 CoS 2
tail-drop thresholds
Interface GigabitEthernet1/1
service-policy type lan-queuing input APIC_EM-QUEUING-1Q8T-IN
2Q4T – Ingress Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
2Q4T Ingress Queueing Linecards
VoIP EF CoS 6
CoS 5
Broadcast Video CS5
CoS 5
Multimedia Conferencing AF4
CoS 4
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3
Signaling CS3 CoS 3 Q1 60% BW
CoS 7 Q2T4—100%
Network Control (CS7)
CoS 7
Internetwork Control CS6 CoS 6
Q2T3—95%
VoIP EF CoS 6
CoS 5
Broadcast Video CS5 Q2T2—90%
CoS 5
Multimedia Conferencing AF4
CoS 4 Q2 40% BW
Q2T1—85%
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3 Q1T4—100%
Signaling CS3 CoS 3 Q1 60% BW
interface GigabitEthernet1/3/1
service-policy type lan-queuing input APIC_EM-QUEUING-2Q4T-IN
interface TenGigabitEthernet1/3/4
service-policy type lan-queuing input APIC_EM-QUEUING-2Q4T-IN
2Q8T – Ingress Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
2Q8T Ingress Queueing Linecards
• WS-X6724-SFP with DFC4/DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)
• WS-X6748-SFP and WS-X6748-GE-TX with DFC4/DFC4XL upgrade (WS-F6k-DFC4-
A, WS-F6k-DFC4-AXL)
• WS-X6824-SFP-2T and WS-X6824-SFP-2TXL
• WS-X6848-SFP-2T, WS-X6848-SFP-2TXL, WS-X6848-TX-2T and WS-X6848-TX-
2TXL
Cisco Catalyst 65xx-E/6807-XL with Sup2T
2Q8T Ingress Queuing Models—CoS-to-Queue Mapping
Application-Class DSCP CoS 2Q8T
VoIP EF CoS 6
CoS 5
Broadcast Video CS5
CoS 5
Multimedia Conferencing AF4
CoS 4
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3
Signaling CS3 CoS 3 Q1 60% BW
CoS 7 Q2T4—100%
Network Control (CS7)
CoS 7
Internetwork Control CS6 CoS 6
Q2T3—95%
VoIP EF CoS 6
CoS 5
Broadcast Video CS5 Q2T2—90%
CoS 5
Multimedia Conferencing AF4
CoS 4 Q2 40% BW
Q2T1—85%
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3 Q1T4—100%
Signaling CS3 CoS 3 Q1 60% BW
interface GigabitEthernet1/3/2
service-policy type lan-queuing input APIC_EM-QUEUING-2Q8T-IN
8Q4T – Ingress
Queueing
DSCP to Queue Mapping
DSCP-based WRED
8Q4T Ingress Queueing Linecards
* Potentially similar behavior with the Sup2T ports as seen in slides #25 & #26
How to Disable or Display the State of GigabitEthernet
Interfaces on the Sup2T
o23-6500-1(config)#platform qos 10g-only Global command disables GigabitEthernet interfaces on the
Sup2T.
…
How to Enable or Display Performance Mode on Linecards
Global command enables
performance mode on a port
o23-6500-1(config)#no hw-module slot 5 oversubscription port-group 4 group of a linecard
DF Default Queue
(25% BW + DSCP-WRED)
Cisco Catalyst 65xx-E/6807-XL —8Q4T Ingress Model
class-map type lan-queuing match-all APIC_EM-REALTIME-8Q4T-QUEUE
match dscp cs4 cs5 ef
class-map type lan-queuing match-all APIC_EM-CONTROL-8Q4T-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all APIC_EM-MM_CONF-8Q4T-QUEUE
match dscp af41 af42 af43
class-map type lan-queuing match-all APIC_EM-MM_STREAM-8Q4T-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-8Q4T-QUEUE
match dscp af21 af22 af23
class-map type lan-queuing match-all APIC_EM-BULK_DATA-8Q4T-QUEUE
match dscp af11 af12 af13
class-map type lan-queuing match-all APIC_EM-SCAVENGER-8Q4T-QUEUE
match dscp cs1
Cisco Catalyst 65xx-E/6807-XL —8Q4T Ingress Model
policy-map type lan-queuing APIC_EM-QUEUEING-8Q4T-IN
class APIC_EM-REALTIME-8Q4T-QUEUE
bandwidth percent 10
class APIC_EM-CONTROL-8Q4T-QUEUE
bandwidth percent 10
class APIC_EM-MM_CONF-8Q4T-QUEUE
bandwidth percent 20
random-detect dscp-based
random-detect dscp af41 percent 80 100
random-detect dscp af42 percent 70 100
random-detect dscp af43 percent 60 100
class APIC_EM-MM_STREAM-8Q4T-QUEUE
bandwidth percent 20
random-detect dscp-based
random-detect dscp af31 percent 80 100
random-detect dscp af32 percent 70 100
random-detect dscp af33 percent 60 100
Cisco Catalyst 65xx-E/6807-XL —8Q4T Ingress Model
[continued]
class APIC_EM-TRANS_DATA-8Q4T-QUEUE
bandwidth percent 10
random-detect dscp-based
random-detect dscp af21 percent 80 100
random-detect dscp af22 percent 70 100
random-detect dscp af23 percent 60 100
class APIC_EM-BULK_DATA-8Q4T-QUEUE
bandwidth percent 4
random-detect dscp-based
random-detect dscp af11 percent 80 100
random-detect dscp af12 percent 70 100
random-detect dscp af13 percent 60 100
class APIC_EM-SCAVENGER-8Q4T-QUEUE
bandwidth percent 1
class class-default
random-detect dscp-based
random-detect dscp default percent 80 100
interface TenGigabitEthernet1/3/4
service-policy type lan-queuing input APIC_EM-QUEUEING-8Q4T-IN
8Q8T – Ingress
Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
8Q8T Ingress Queueing Linecards
• WS-X6704-10GE supported with a DFC4/DFC4XL upgrade
(WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)
o23-6500-1#show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL10478SWP
2 8 DCEF2T 8 port 10GE WS-X6908-10G SAL172682AK
3 5 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G SAL1702WNR0
5 16 CEF720 16 port 10GE WS-X6716-10GE SAL1228WYB7
6 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL15013XBH
interface TenGigabitEthernet1/3/4
service-policy type lan-queuing input APIC_EM-QUEUEING-8Q8T-IN
1P7Q2T – Ingress
Queueing
DSCP to Queue Mapping
DSCP-based WRED
1P7Q2T Ingress Queueing Linecards
Application-Class DSCP EF
Realtime Queue
CS5 (Priority)
Network Control (CS7)
CS4
Internetwork Control CS6
CS7
VoIP EF CS6 Control Plane Queue
CS3 (10% BWR)
Broadcast Video CS5 CS2
Multimedia Conferencing AF4
AF4
Realtime Interactive CS4 Multimedia-Conferencing Queue
(20% BWR + DSCP-WRED)
Multimedia Streaming AF3
AF3 Multimedia-Streaming Queue
(15% BWR + DSCP-WRED)
Signaling CS3
DF Default Queue
(30% BWR + DSCP-WRED)
Cisco Catalyst 65xx-E/6807-XL - 1P7Q2T Ingress Model
class-map type lan-queuing match-all APIC_EM-REALTIME-1P7Q2T-QUEUE
match dscp cs4 cs5 ef
class-map type lan-queuing match-all APIC_EM-CONTROL-1P7Q2T-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all APIC_EM-MM_CONF-1P7Q2T-QUEUE
match dscp af41 af42 af43
class-map type lan-queuing match-all APIC_EM-MM_STREAM-1P7Q2T-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-1P7Q2T-QUEU
match dscp af21 af22 af23
class-map type lan-queuing match-all APIC_EM-BULK_DATA-1P7Q2T-QUEUE
match dscp af11 af12 af13
class-map type lan-queuing match-all APIC_EM-SCAVENGER-1P7Q2T-QUEUE
match dscp cs1
Cisco Catalyst 65xx-E/6807-XL —1P7Q2T Ingress Model
interface TenGigabitEthernet1/3/4
service-policy type lan-queuing input APIC_EM-QUEUEING-1P7Q2T-IN
2P6Q4T Ingress &
Egress Queueing
DSCP to Queue Mapping
DSCP-based WRED
2P6Q4T Ingress Queueing Linecards
Q2T3—80%
Network Management CS2 AF11
Bulk Data Queue
AF12 Q2T2—70%
(14% BWR + DSCP-WRED)
Bulk Data AF1 AF13
CS1 Q2T1—60%
[continued]
class APIC_EM-BULK_DATA-2P6Q4T-QUEUE
bandwidth remaining percent 14
random-detect dscp-based
random-detect dscp af11 percent 80 100
random-detect dscp af12 percent 70 100
random-detect dscp af13 percent 60 100
class APIC_EM-SCAVENGER-2P6Q4T-QUEUE
bandwidth remaining percent 1
class class-default
random-detect dscp-based
random-detect dscp default percent 80 100
interface TenGigabitEthernet1/1/13
service-policy type lan-queuing input APIC_EM-QUEUEING-2P6Q4T
service-policy type lan-queuing output APIC_EM-QUEUEING-2P6Q4T
1P3Q8T – Egress
Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
1P3Q8T Egress Queueing Linecards
• WS-X6724-SFP, WS-X6748-SFP and WS-X6748-GE-TX with CFC
• WS-X6724-SFP, WS-X6748-SFP, and WS-X6748-GE-TX with a DFC4 or
DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)
• WS-X6824-SFP-2T and WS-X6824-SFP-2TXL
• WS-X6848-SFP-2T, WS-X6848-SFP-2TXL, WS-X6848-TX-2T and WS-
X6848-TX-2TXL
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P3Q8T Egress Queuing Models—CoS-to-Queue Mapping
1P3Q8T
Application-Class DSCP CoS
interface GigabitEthernet1/3/2
service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q8T-OUT
1P3Q4T – Egress
Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
1P3Q4T Egress Queueing Linecards
interface GigabitEthernet1/3/1
service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q4T-OUT
interface TenGigabitEthernet1/3/4
service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q4T-OUT
1P7Q4T –Egress
Queueing
DSCP to Queue Mapping
DSCP-based WRED
1P7Q4T Egress Queueing Linecards
Application-Class DSCP EF
Realtime Queue
CS5 (Priority)
Network Control (CS7)
CS4
Internetwork Control CS6
CS7
VoIP EF CS6 Control Plane Queue
CS3 (10% BWR)
Broadcast Video CS5 CS2
Multimedia Conferencing AF4
AF4
Realtime Interactive CS4 Multimedia-Conferencing Queue
(20% BWR + DSCP-WRED)
Multimedia Streaming AF3
AF3 Multimedia-Streaming Queue
(15% BWR + DSCP-WRED)
Signaling CS3
DF Default Queue
(30% BWR + DSCP-WRED)
Cisco Catalyst 65xx-E/6807-XL —1P7Q4T Egress Model
interface TenGigabitEthernet1/3/4
service-policy type lan-queuing output APIC_EM-QUEUING-1P7Q4T-OUT
1P7Q8T – Egress
Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
1P7Q8T Egress Queueing Linecards
interface TenGigabitEthernet1/3/4
service-policy type lan-queuing output APIC_EM-QUEUING-1P7Q8T-OUT