QoS Part II: Congestion Management, Traffic Policing and Shaping


When we are talking about the QoS Congestion Management and Avoidance, the three most important terms are: queuing, dropping and scheduling. Queuing places the packets into the different software queues based on the QoS labels. After the traffic is classified and marked with QoS labels, you can assign the traffic into a certain number different queues based on the QoS labels.

WRED (Weighted Random Early Detection) is the only RED method used by Cisco to drop the last packets in the certain queues. Threshold is a number of packets in a queue that when reached the packets start being dropped. 

The number of QUEUES and THRESHOLDS will depend on the Switch characteristics. Different configurations will be applied accordingly. Refer to the list of devices for details:

Dedicate the BW to each of the queues. Set the VOICE traffic as the single strict priority queue to guarantee a minimum delay, and the WRR scheduling method for the remaining queues to guarantee the bandwidth.


You can check the QoS capabilities such as Ingress/Egress number of Queues, Priority Queues and Thresholds on each interface using the following command:


SW_CISCQUEROS_A21# show interfaces GigabitEthernet 7/1 capabilities 
GigabitEthernet7/1
  Model:                 WS-SUP32-GE-3B
  Type:                  1000BaseSX
  Speed:                 1000
  Duplex:                full
  Trunk encap. type:     802.1Q,ISL
  Trunk mode:            on,off,desirable,nonegotiate
  Channel:               yes
  Broadcast suppression: percentage(0-100)
  Flowcontrol:           rx-(off,on,desired),tx-(off,on,desired)
  Membership:            static
  Fast Start:            yes
  QOS scheduling:        rx-(2q8t), tx-(1p3q8t)
  QOS queueing mode:     rx-(cos), tx-(cos)



Within the LAN Network the best practice would be marking the packets on the INGRESS interfaces, and applying the queuing methods on the EGRESS interfaces towards the upper layer switches. As you can see from the previous example, the given switch with the Supervisor model 32 has 1P3Q8T:

- 1 Priority Queue that will most likely be used for the VOICE traffic)
- 3 Standard Queues where all the other classes of traffic will
- 8 Thresholds for each of the standard queues 

There is another command that can be pretty useful, but it’s supported only on the Switch Models that support the WRR queuing. It shows the Bandwidth allocation per queue, COS values assigned to each queue and some other interface capacities that are not available within the “capabilities” command:

SW_CISCQUEROS_A21#show queueing interface GigabitEthernet 7/1
Interface GigabitEthernet7/1 queueing strategy:  Weighted Round-Robin
  Port QoS is enabled
Trust boundary disabled

  Trust state: trust DSCP
  Extend trust state: not trusted [COS = 0]
  Default COS is 0
    Queueing Mode In Tx direction: mode-cos
    Transmit queues [type = 1p3q8t]:
    Queue Id    Scheduling  Num of thresholds
    -----------------------------------------
       01         WRR                 08
       02         WRR                 08
       03         WRR                 08
       04         Priority            01

    WRR bandwidth ratios:   20[queue 1]  30[queue 2]  35[queue 3] 
    queue-limit ratios:     50[queue 1]  20[queue 2]  15[queue 3]  15[Pri Queue]

  Packets dropped on Transmit:
    BPDU packets:  0

    queue              dropped  [cos-map]
    ---------------------------------------------

    1                        0  [0 2 1 ]
    2                        0  [3 ]
    3                        0  [4 ]
    4                        0  [5 6 7 ]




Please refer to the following examples for details how to configure the QoS.



EXAMPLE 1: 

Switch Model: WS-C3750G-48PS
QoS Egress Capabilities: 4Q2T or 4Q3T (in both cases its actually 4 Queues, 2 configurable Thresholds and 1 non-configurable Threshold)
Supported Queueing Method: SRR

Under the Global Configuration Mode configure the DSCP to CoS mapping:

mls qos map cos-dscp 0 10 18 26 34 46 48 56

Then assign the CoS values into the desired queue and assign the corresponding thresholds:

#the first line assigns the CoS values 5,6 and 7 to the Queue 1, with the Threshold 3 (the non-configurable Threshold)
mls qos srr-queue output cos-map queue 1 threshold 3 5 6 7
mls qos srr-queue output cos-map queue 2 threshold 1 4
mls qos srr-queue output cos-map queue 3 threshold 1 3
mls qos srr-queue output cos-map queue 4 threshold 1 2
mls qos srr-queue output cos-map queue 4 threshold 2 1

#the next line assigns the DSCP values 46 (EF), 48 (CS6) and 56 (CS7) to the Queue 1, with the Threshold 3 (the non-configurable Threshold)
mls qos srr-queue output dscp-map queue 1 threshold 3 46 48 56
mls qos srr-queue output dscp-map queue 2 threshold 1 34 36 38
mls qos srr-queue output dscp-map queue 3 threshold 1 26 0
mls qos srr-queue output dscp-map queue 4 threshold 1 16 18
mls qos srr-queue output dscp-map queue 4 threshold 2 8 10 12 14 

#the next line creates a queue-set for the last queue (queue 4) and defines the 4 drop thresholds to be used by WRED
mls qos queue-set output 1 threshold 4 80 100 100 100

#all the interfaces towards the upper-layer (Distribution or Core) Switches
interface int Gi 1/0/49
 #map the port to the queue-set (previously defined Threshold levels)
 queue-set 1
 # Allocate BW to each queue. Priority queue value is ignored, so put 1.
 srr-queue bandwidth share 1 35 35 20
 #Prevent the VOICE traffic from starving the other BW by limiting it to one third of an entire BandWidth
 srr-queue bandwidth shape 3 0 0 0
 #Next command sets the Queue 1 as the Priority Queue
 priority-queue out



EXAMPLE 2:

Switch Model: WS-C6513, Supervisor: WS-SUP32-GE-3B
QoS Egress Capabilities: 1P3Q8T, 1 Priority Queue, 3 Standard Queues and 8 Thresholds
Supported Queueing Method: WRR

Under the Global Configuration Mode configure the DSCP to CoS mapping:

mls qos map cos-dscp 0 10 18 26 34 46 48 56

#all the interfaces towards the upper-layer (Distribution or Core) Switches
interface GigabitEthernet 8/2

#the first line assigns the CoS values 5,6 and 7 to the Queue 1
 priority-queue cos-map 1 5 6 7
 wrr-queue cos-map 3 1 4
 wrr-queue cos-map 2 1 3
 wrr-queue cos-map 1 1 2 0
 wrr-queue cos-map 1 3 1

#enable the WRED for the standard queues 1 and 3 (this is not the 1 as in the   priority queue, its the 1st of the STANDARD 3 queues)
 wrr-queue random-detect 1
 wrr-queue random-detect 3
 #Allocate BW to each of the 3 standard queues
 wrr-queue bandwidth 20 30 35
 #Define the Threshold Drop values for each of the 3 standard queues
 wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100
 wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100
 wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100
 wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100
 wrr-queue random-detect max-threshold 3 100 100 100 100 100 100 100 100
 wrr-queue random-detect min-threshold 3 80 40 100 100 100 100 100 100

EXAMPLE 3:

Switch Model: WS-C4006
QoS Egress Capabilities: 1P3Q1T, 1 Priority Queue, 3 Standard Queues and 1 Threshold
Supported Queueing Method: MANUAL QUEUES DEFINITION

Under the Global Configuration Mode configure the DSCP to CoS mapping:

qos map cos 0 to dscp 0
qos map cos 1 to dscp 10
qos map cos 2 to dscp 18
qos map cos 3 to dscp 26
qos map cos 4 to dscp 34
qos map cos 5 to dscp 46

Under the Global Configuration Mode map the DSCP one of the 4 Tx-Queues. Note that the queue 3 is the Priority Queue, and the Queue 1 is serviced last.

qos map dscp 46 to tx-queue 3
qos map dscp 34 to tx-queue 4
qos map dscp 26 to tx-queue 2
qos map dscp 18 to tx-queue 2
qos map dscp 0 to tx-queue 2
qos map dscp 10 to tx-queue 1

#all the interfaces towards the upper-layer (Distribution or Core) Switches
interface GigabitEthernet 0/2
#Allocate BW to each of the 4 queues
tx-queue 1
bandwidth 10000000
tx-queue 2
bandwidth 45000000
tx-queue 3
bandwidth 10000000
#define queue 3 as the priority queue, and limit it to 10Mbps (10%)
priority high
shape 10000000
tx-queue 4
bandwidth 35000000
shape 35000000

int Gi 2/13, 2/19
tx-queue 3
no shape
no priority
no bandwidth

EXAMPLE 4: 

Switch Model: WS-C6506, Supervisor: c6sup2_rp
QoS Egress Capabilities: 1P2Q2T, 1 Priority Queue, 2 Standard Queues and 3 Thresholds
Supported Queueing Method: WRR

Under the Global Configuration Mode configure the DSCP to CoS mapping:

mls qos map cos-dscp 0 10 18 26 34 46 48 56

#all the interfaces towards the upper-layer (Distribution or Core) Switches
interface GigabitEthernet 8/2

#assign 50% to each of the standard queues
wrr-queue bandwidth 50 50

#How many packets need to be in the Queue in order for WRED to start dropping, so in this command for queue 1 it will be 70 packets for Threshold 1, and 80 for Threshold 2
wrr-queue random-detect min-threshold 1 70 80
wrr-queue random-detect max-threshold 1 100 100
wrr-queue random-detect min-threshold 2 40 80
wrr-queue random-detect max-threshold 2 100 100
priority-queue cos-map 1 5 6 7
#the next line assigns the CoS value 4 to the Queue 1 and Threshold 1
wrr-queue cos-map 1 1 4
wrr-queue cos-map 1 2 2 3
wrr-queue cos-map 2 1 0
wrr-queue cos-map 2 2 1


EXAMPLE 5

Switch Model: WS-C4503-E (MPC8548), SUPERVISOR 6-E
QoS Egress Capabilities: 1P7Q1T, 1 Priority Queue, 7 Standard Queues and 1 Threshold
Supported Queueing Method: WRR

Cisco models 4500 and 4900 with the Supervisors 6-E and 7-E use the MQC model of QoS Congestion control, and uses the Active queue management (AQM).

*DBL: Active queue management (AQM) is the pro-active approach of informing you about congestion before a buffer overflow occurs. AQM is done using Dynamic buffer limiting (DBL). DBL tracks the queue length for each traffic flow in the switch. When the queue length of a flow exceeds its limit, DBL drop packets or set the Explicit Congestion Notification (ECN) bits in the packet headers.

DBL classifies flows in two categories, adaptive and aggressive. Adaptive flows reduce the rate of packet transmission once it receives congestion notification. Aggressive flows do not take any corrective action in response to congestion notification. For every active flow the switch maintains two parameters, “buffersUsed” and “credits”. All flows start with “max-credits”, a global parameter. When a flow with credits less than “aggressive-credits” (another global parameter) it is considered an aggressive flow and is given a small buffer limit called “aggressiveBufferLimit”

class-map match-any VOICE-QUEUE
match dscp ef
match dscp cs5
class-map match-any CONTROL-MGMT-QUEUE
match dscp cs7
match dscp cs6
class-map match-all VIDEO-QUEUE
match dscp af41 af42 af43
class-map match-all CRITICAL-DATA-QUEUE
match dscp af31 af32 af33
class-map match-all BUSINESS-QUEUE
match dscp af21 af22 af23
class-map match-all BULK-DATA-QUEUE
match dscp 0
class-map match-all SCAVENGER-QUEUE
match dscp cs1
match dscp af11

policy-map 1P7Q1T
class VOICE-QUEUE
 priority
class CONTROL-MGMT-QUEUE
 bandwidth remaining percent 5
class VIDEO-QUEUE
 bandwidth remaining percent 20
class CRITICAL-DATA-QUEUE
 bandwidth remaining percent 20
class BUSINESS-QUEUE
 bandwidth remaining percent 20
 dbl
class SCAVENGER-QUEUE
 bandwidth remaining percent 5
class BULK-DATA-QUEUE
 bandwidth remaining percent 10
 dbl
class class-default
 bandwidth remaining percent 10
 dbl

#all the interfaces towards the upper-layer (Distribution or Core) Switches
interface range GigabitEthernet 3/4
service-policy output 1P7Q1T

Cisco WAAS Part II: Configuration


Cisco WAAS Part II: Configuration


There are a few things we need to know before we configure our traffic to utilize the WAAS:
-          - The protocol WAAS uses is called WCCP (Web Cache Coordination Protocol)
-          - 61 and 62 are the Service Identifier Numbers of WCCP protocol (61 for the origin traffic and 62 for the response traffic)
-           

Create the Access-List with your WAEs (in this case there are 2):
ip access-list standard Cisco_WAES
 permit 10.184.0.196
 permit 10.184.0.197
Create 2 Access Lists, one for the traffic originated in your own network towards the destination network (where the other end of WAAS service is), and the second one for the response traffic from the other side of WAAS service.

ip access-list extended OUR_SIDE2OTHER_SIDE
 deny   tcp host 10.184.116.108 any
 permit tcp 10.162.0.0 0.0.255.255 172.15.0.0 0.0.255.255
 permit tcp 10.162.0.0 0.0.255.255 172.15.182.0 0.0.255.255

ip access-list extended OTHER_SIDE2OUR_SIDE
 deny   tcp any host 10.184.116.108
 permit tcp 172.15.0.0 0.0.255.255 10.162.0.0 0.0.255.255
 permit tcp 172.16.0.0 0.0.255.255 10.162.0.0 0.0.255.255


In the Global Configuration mode apply the ACL with the ORIGINATED traffic to the WCCP Service 61, and the ACL with the RESPONSE traffic to the WCCP Service 62:

ip wccp 61 redirect-list OUR_SIDE2OTHER_SIDE group-list Cisco_WAES
ip wccp 62 redirect-list OTHER_SIDE2OUR_SIDE group-list Cisco_WAES

The last step is to apply the Service 61 to the SOURCE Interface and the Service 62 to the Response interface to your Network. Check the diagram, the pointed interfaces, and the commands below:



interface Fa0/1
ip wccp 61 redirect in
interface Fa0/24
ip wccp 61 redirect in


Cisco WAAS Part I: WAN Link Optimization: How does WAAS work?


Cisco WAAS Part I:  WAN Link Optimization

“Cisco WAAS is a software and hardware-integrated, cloud-ready WAN optimization and application acceleration solution. WAAS appliances offer outstanding deployment scalability and design flexibility while WAAS software delivers best-in-class application acceleration for the enterprise network.”
Cisco.com

Many companies actually offer the WAN Optimization solutions. I´m not getting into details of why I think that for example Riverbed offers better and more complete solution (at a much higher cost though). I´m a Cisco guy, so I´ll stick to Cisco technologies and tell you about all the advantages Cisco WAAS (Wide Area Application Services) offers you.

WAAS (Wide Area Applications Services) is the name of the technology (software related).
WAE (Wide Area Engine) is the name given to the appliances on which WAAS operates (hardware related)

We sure went a long way since we measured the BW by the baud. Now the LANs are a pretty optimized environment, applications linked to each other, high BWs, and everything seems great… until we reach the WAN, where it’s still about long load times and re-transmissions.

Basically the Applications are written with the focus on how they work and look, the part of how to optimize their transmission is never coded, and it´s up to us. What we actually need is the transparent optimization for the applications on the WAN.

WAAS offers many services, such as Transport Flow Optimization (TFO), Application Specific Acceleration (CIFS, NFS, etc.), SSL, but the actual technological breakthrough is offered by Context-Aware DRE or the Adaptive Cache Architecture.

To understand this we need to understand the two types of Data Traffic:
-       Transactional – moves between clients and servers using the same TCP connection back forward
-       Directional – moves in one direction using one the same TCP connection (Video, backups), and we never had a good solution for this traffic! That’s why WAAS has the ability to recognize the Uni-Directional traffic
So how does it all work then? There are 2 BUCKETS, one for the Data Signature, and another one for the Actual Data. As data is sent – a unique signature for that application is created and saved to the WAAS. For Uni-Directional traffic the WAAS can save the signature and recognize the traffic on the Receiving Side, and Cisco says this gives 10-15% performance increase per flow.

It´s only logical that the WAAS had a vendor-approved and optimized method to treat the specific traffic for each of the most popular applications (SAP, Microsoft, Citrix etc.)

Context-Aware DRE (Data Redundancy Elimination) is used to identify redundant data patterns in application traffic, replacing them with signatures that the Cisco WAAS devices transfer across the WAN to regenerate the original data. The result is optimal usage of WAN bandwidth and improved end-user response time. The Cisco WAAS DRE Cache Architecture is shown below:



In your WAAS network, traffic can be intercepted in these INTERCEPTION MODES:
-       Transparent mode (WCCP or PBR), Used for the application traffic, there are no configuration changes required to the client or the client-server applications. In promiscuous WCCP mode, application traffic is transparently redirected by network elements to the local WAE.
-       Nontransparent (explicit) mode (WCCP Version 2 disabled; applicable only to CIFS traffic when using the legacy file services mode)
-       Inline mode - The WAE physically and transparently intercepts traffic between the clients and the router. To use this mode, you must use a WAE with the Cisco WAE Inline Network Adapter installed.

Transparent traffic interception methods that are supported in your WAAS Network:

WCCP (Web Cache Coordination Protocol) Version 2 - Used for transparent interception of application traffic and Wide Area File Services (WAFS) traffic. Used in branch offices and data centers to transparently redirect traffic to the local WAE. The traffic is transparently intercepted and redirected to the local WAE by a WCCP-enabled router or a Layer 3 switch. You must configure WCCP on the router and WAE in the branch office and the router and WAE in the data center.

PBR - In branch offices, used for wide area application optimization. The branch office router is configured to use PBR to transparently intercept and route both client and server traffic to the WAE that resides in the same branch office.

Inline - Used for transparent interception of application traffic and WAFS traffic

ACE or CSM - Cisco Application Control Engine (ACE) or Catalyst 6500 series Content Switching Module (CSM) installed in the data center for data center application optimization. The ACE or CSM allows for both traffic interception and load balancing across multiple WAE(s) within the data center.


WAAS usually works with interception done on WAN routers on both site:
-       On datacenter site (Core WAAS)
-       On remote site (Edge WAAS)




Traffic between the Client (workstation) and the Server on the datacenter (in our case a NAS Server) will be first intercepted on the WAN router and sent to the Edge WAAS (or Edge WAE). The Edge WAAS will mark the packet (optional TCP field) and send it back to the router that will route the packet through the IP network.
Upon receiving the packet on the Server side, the Core WAAS will see that the traffic has been intercepted on the other side (through the before mentioned optional TCP field).
There are two different roles within WAAS:

-          The WAAS Engine :
o    Realizes the network optimization
o    Contains the configuration optimization
Can be either Edge or Core
Edge WAE = WAE on the Remote site.
o    Core WAE = WAE on the Data Center site (Server).

-          The WAAS Console:
o    Contains the configuration of all policies optimizations
o    Doesn’t perform the optimization
o    Manages everything

Core and edge WAAS is more specifically linked with WAAS 4.0 where you define a WAE near to the file server and a WAE on the remote site. On WAAS 4.1 using fully transparent CIFS optimization, you don’t need to define Core/Edge WAE.

QoS Part I: Classification and Marking

QoS Part I: Classification and Marking

Quality of Service (QoS) is the ability to provide different levels of performance for individual applications and services that run over the networks.  Different application attributes such as constant vs. burst bandwidth consumption, jitter, perceived latency, error rate, availability and admission control can be controlled by the proper implementation and deployment of QoS.
The need for QoS has become increasingly necessary, especially within the backbone network where the real time applications like VoIP and Cisco TelePresence needs to be prioritized.  QoS has become crucial for the everyday business needs due to the ever changing traffic load on the network from Internet browsing, streaming media, file transfers, data replication etc. The critical applications should take advantage of QoS and be prioritized, in order to get more preference over non-critical applications.


This is how the switch treats frames by default after the QoS is enabled:
-          A frame enters the switch port and it does not have the frame tagged (it means the port is access port and the frame enters the switch does not have ISL or dot1q encapsulation).
-          The switch encapsulates the frame with the dot1q (ignore ISL because dot1q is the default on all the new switches).
-          Inside the dot1q frame tag, there are three bits called 802.1p priority bits available, which are also called CoS (Class of Service bits). These bits are set to 0 by default.
-          The switch calculates DSCP value based on the CoS-DSCP map table. As per the table, the switch sets the DSCP value to 0. DSCP value is located at the IP header of the packet.

Unlike the routers, the QoS classification and marking acts differently in Cisco Catalyst switches. In Cisco routers, you can classify the packets using MQC either based on the incoming packet DSCP value or based on the access control list (ACL). This depends on whether you trust the QoS label of the incoming packet or not. In the Cisco Catalyst 3750 Switch, you can classify the frames either based on the incoming CoS/DSCP values or based on the ACL.

The configuration based on the incoming CoS/DSCP value is achieved in three different ways:
-          Port based configuration using the mls qos interface based commands
-          MQC based configuration using class-map and policy-map
-          VLAN based configuration

You can use either one of these three methods. You cannot use more than one method in a port. For example, you have configured the mls qos trust cos command on a port. When you configure the port with the

“service-policy input <policy-map-name>” command, it removes the
“mls qos trust cos” command automatically.


You could have as many classes of traffic as you wish, but be sure to adjust it to your networks needs. For the purposes of explaining the QoS I took the 5 most typical classes of services to be implemented within end-to-end from campus network to the backbone network:

- VOICE Class, for VoIP telephony traffic (Marked with CS5, DSCP: EF). Low Latency queue is recommended for this class (more details in Part II of this document)
- VIDEO Class, for Video Conference and Cisco TelePresence traffic (Marked with CS4, DSCP: AF41)
- Critical Data Class (D3), High importance Data Traffic, Critical Applications (Marked with CS3, DSCP: AF31)
- Business Data Class (D2), Medium importance and Default Data Traffic (Marked with CS2 and CS0, DSCP: AF21 and AF0)
- Scavanger (D1), Low importance Data Traffic(Marked with CS1, DSCP: AF11)

Classes 6 and 7 (CS6 and CS7) are NOT to be marked manually as they are reserved for synchronization for a group of critical network protocols (BGP, EIGRP, DNS and etc.) and assigned CS6 and priority by the pak_priority mechanism. They are to be matched though by the traffic treatment policies.
LLQ is ideal for Voice and Video traffic because it provides a guaranteed minimal amount of delay and jitter through the router. Cisco recommends applying the LLQ on up to 33% of the traffic.

You can attach a service policy to either the physical interface or to the switched virtual interface (SVI or VLAN interface). If you attach a service policy to a VLAN interface, the only ports that use this service policy are ports that belong to that VLAN and are configured for VLAN-based QoS. If the port is not set for VLAN-based QoS, the port still uses the default port-based QoS and only looks at the service policy that is attached to the physical interface.

If you are using QoS of both, Layer 3 (DSCP Values) and Layer 3 (CS Values), be sure to define how the values are mapped using the following command from the Global Configuration mode:

 
mls qos map cos-dscp 0 10 18 26 34 46 48 56

MQC Method, Step 1: Define the traffic using the Access Lists
You must tell the router which traffic you want to give QoS, which you can accomplish using an access control list (ACL). In the following example you will see how the VoIP and Video traffic is marked:

VOICE_TRAFFIC: (EF)
ip access-list extended VOICE_TRAFFIC
remark *VOICE: Strict Priority Traffic,10%,DSCP:EF*
 permit udp any any range 32512 32768
 permit udp any range 32512 32768 any

VIDEO_TRAFFIC: (AF41)
ip access-list extended VIDEO_TRAFFIC
remark *VIDEO: Priority Traffic,35%,DSCP:AF41*
remark ---- Video Conference server ----
 permit udp any range 50000 59999 any
 permit udp any any range 50000 59999
remark ---- Cisco TelePresence ----
 permit udp any eq 16388 any
 permit udp any any eq 16388
remark ---- Polycom Video ----
 permit udp any any range 3220 3247
 permit udp any range 3220 3247 any
remark ---- Tandberg Video ----
 permit udp any any range 2326 2485
 permit udp any range 2326 2485 any


MQC Method, Step 2: Create the CLASS MAPS and correlate with the ACLs

A class-map defines the traffic into groups. For example, you could create a class-map called VoIP traffic and put all VoIP protocols under it using the previously defined Access List:

class-map match-any CLASS_VOIP
  match access-group name ACL_VOIP
 
Here are the steps to create the class map based on the already configured Access Lists:
 
class-map match-any VOICE_CLASS
  match access-group name VOICE_TRAFFIC
class-map match-any VIDEO_CLASS
  match access-group name VIDEO_TRAFFIC
class-map match-any CRITICAL_CLASS
  match access-group name CRITICAL_DATA
class-map match-any BUSINESS_CLASS
  match access-group name BUSINESS_DATA
class-map match-any OTHER_DATA_CLASS
  match access-group name OTHER_DATA
 
MQC Method, Step 3: Create POLICY MAP and set the traffic marking
The DSCP can be set to a desired value at the Trust Boundary of the network in order to make it easy for core devices to classify the packet and provide a suitable level of service. Class-Based Packet Marking can be used to set the DSCP value.

The policy maps are an actual step where the DSCP value is assigned to a certain traffic group. First the concepts of DSCP/CoS/ToS need to be explained.

There are 8 DSCP values compatible with each IP precedence binary value:

DSCP Class Selector
DSCP Binary Value
Precedence Value
Range of DSCP values
Default
000000
0
0-7
CS1
001000
1
8-15
CS2
010000
2
16-23
CS3
011000
3
24-31
CS4
100000
4
32-39
CS5
101000
5
40-47 (46 = EF)
CS6
110000
6
48-55
CS7
111000
7
56-63

Assured forwarding (AF) per-hop behavior allows for up to 4 different classes of queuing purposes, each with 3 levels of drop probability that can be implied. To mark these packets, 12 DSCP values are needed, with the names of these values starting with "AF". Assured forwarding on each PHB actually involved to different QoS functions. These are usually done using different QoS tools. The first is queuing, where each router classifies the packets into 4 different classes, and packets from each class are placed in a separate queue. The second function is congestion avoidance, where routers drop packets before tail drop is required. Assured forwarding does not mean that an individual packet is assured of making it across the network, just that attempts will be made to assure that queuing tools provide enough bandwidth, and when congestion does occur, less important will be discarded first.

Low Drop Probability
Medium Drop Probability
High Drop Probability
Class 1
001010
AF11
DSCP 10  
001100
AF12
DSCP 12
001110
AF13
DSCP 14
Class 2
010010
AF21
DSCP 18
010100
AF22
DSCP 20
010110
AF23
DSCP 22
Class 3
011010
AF31
DSCP 26
011100
AF32
DSCP 28
011110
AF33
DSCP 30  
Class 4
100010
AF41
DSCP 34
100100
AF42
DSCP 36
100110
AF43
DSCP 38

Use the following formula if you need to convert AF (Assured Forwarding) values to DSCP:
Decimal from AFxy = (8*x) + (2*y)

Examples:

AF13 = (8*1) + (2*3) = DSCP 14
AF31 = (8*3) + (2*1) = DSCP 26
AF43 = (8*4) + (2*3) = DSCP 38

It can be done by remembering how many bits the different markings use. For example CoS uses three bits to mark. DiffServ uses 6. ToS is 6 bit DSCP + 2 bits for ECN. Example:

CoS :              0 , 1 , 2 ,  3 ,   4 ,   5 ,   6 ,   7
DSCP :          0 , 8 , 16, 24 , 32 , 46 , 48 , 56

When you specify the ip dscp value in the class map command, you have these:  

L3Switch(config)# class-map match-all VOIP
L3Switch(config-cmap)# match ip dscp ?
   <0-63>   Differentiated services codepoint value
   af11     Match packets with AF11 dscp (001010)
   af12     Match packets with AF12 dscp (001100)
   af13     Match packets with AF13 dscp (001110)
   af21     Match packets with AF21 dscp (010010)
   af22     Match packets with AF22 dscp (010100)
   af23     Match packets with AF23 dscp (010110)
   af31     Match packets with AF31 dscp (011010)
   af32     Match packets with AF32 dscp (011100)
   af33     Match packets with AF33 dscp (011110)
   af41     Match packets with AF41 dscp (100010)
   af42     Match packets with AF42 dscp (100100)
   af43     Match packets with AF43 dscp (100110)
   cs1      Match packets with CS1(precedence 1) dscp (001000)
   cs2      Match packets with CS2(precedence 2) dscp (010000)
   cs3      Match packets with CS3(precedence 3) dscp (011000)
   cs4      Match packets with CS4(precedence 4) dscp (100000)
   cs5      Match packets with CS5(precedence 5) dscp (101000)
   cs6      Match packets with CS6(precedence 6) dscp (110000)
   cs7      Match packets with CS7(precedence 7) dscp (111000)
   default  Match packets with default dscp (000000)
   ef       Match packets with EF dscp (101110)

Finally this is how the Policy Map TRAFFIC-CLASSIFICATION needs to be configured in order to correlate with the previously defined Class Maps:
 
policy-map TRAFFIC-CLASSIFICATION
  class VOICE_CLASS
    set ip dscp ef
  class VIDEO_CLASS
    set ip dscp af41
  class CRITICAL_CLASS
    set ip dscp af31
  class OTHER_DATA_CLASS
    set ip dscp af11
  class BUSINESS_CLASS
    set ip dscp af21


MQC Method, Step 4: Apply policy maps to the Access-Switch input interface/s

Like an ACL, you must apply the policy-map to the specific interface you want it to affect. You can apply the policy-map in either output or input mode. Here's the command to use:
 
service-policy output|input {name of policy-map}
 
There are 3 options to apply the policy map: 
 
Option 1 Mark on USER INTERFACES (is the Access Switch can handle the load)
interface range <all physical user interfaces>
service-policy input TRAFFIC-CLASSIFICATION
 
Option 2 Mark on the Egress of the Access SWs (not allowed on some models)
interface range GigabitEthernet <all uplinks to Distribution switches>
service-policy output TRAFFIC-CLASSIFICATION
*PFC QoS supports the output keyword only with PFC3 and only on Layer 3 interfaces (either LAN ports configured as Layer 3 interfaces or VLAN interfaces). With PFC3, you can attach both an input and an output policy map to a Layer 3 interface.
 
* On the Cisco Catalyst 3750 Switch, policing can only be configured on the ingress port. Policing can only be configured through MQC. This means there is no interface specific command to police the traffic. You can configure policing in the policy-map and you can apply the policy-map using only the service-policy input <policy-name> command. You cannot apply any policy-map to the output side of an interface.

Option 3 Mark on VLAN INTERFACES is the one to be implemented
(vlan-based QoS, following the current policy)

interface vlan XXX
service-policy input TRAFFIC-CLASSIFICATION
 
interface range <all physical user interfaces>
mls qos vlan-based

*The other option would be creating separate access lists and policy maps, and applying them only to the corresponding VLANs.


Most Popular Posts