Upload
private
View
8.254
Download
6
Tags:
Embed Size (px)
DESCRIPTION
This was a presentation given describing the fundamentals needed to understand Cisco Quality of Service as deployed in a typical enterprise network.
Citation preview
Quality of Service
Deploying Cisco QoS in the Enterprise
Tanner HilandMay 17, 2007
Updated March 25, 2010
2
AcronymsDo you know what these stand for?
CoSToSDSCPPHBEF / AF / CSIPP1p3q8tPQ / CQ / CBWFQ / LLQWREDWTD
3
Overview
• Main CategoriesPreferential Traffic TreatmentSquelch Traffic TreatmentEverything Else
• ReasoningBuild networks to withstand the unexpectedSaturated network linksNetwork Attacks
4
QoS Components
Classification and Marking
Congestion Management• Scheduling and Queuing
Congestion Avoidance• WRED
Bandwidth Management• Policing and Markdown
Monitoring
5
CLASSIFICATION
6
7
ClassificationWhat traffic do you want to match?
•MAC Address
•802.1p CoS
Layer 2•IP
Address
•DSCP/IPP
Layer 3
•Protocol (TCP/UDP)
•TCP/UDP Port Number
Layer 4
•Network-Based Application Recognition (NBAR)
Layer 7
8
Classification Configuration Example
access-list 100 permit tcp host 1.1.1.1 any eq 80
class-map match-all CLASS-VOICE match dscp ef
ip nbar custom SYSLOG_CUSTOM 1 variable priority 3 udp 514
class-map match-any CLASS-POLICE-SYSLOG match protocol SYSLOG_CUSTOM priority 190
Match by Access-List
Match by existing DSCP value
Match by Payload with NBAR
9
Classification NBAR In-(not-so-much) Depth
• Full layer-7 inspection– Match protocols + payload data
• ExamplesMatch Citrix applicationMatch HTTP URL’sMatch syslog levelMatch RTP stream based on codec (G.711/G.729a)
• Does it slow down traffic?Yes, but not much. First packet deeply inspected,
subsequent packets are CEF-switched
class-map match-any CLASS-CRITICAL match protocol citrix app WORD match protocol http url *.site.com* match protocol http mime image/jpeg
10
MARKING
11
MarkingHow do you want to indicate packet priority?
Layer 2
• CoS (3-bits)
Layer 3
• IPP (3-bits)• DSCP (6-bits)• ECN
Let’s look at the packet…
12
MarkingIP Header
802.1Q/p VLAN Frame Format
DSCP FormatIP Precedence (IPP) Format
IPv4 ToS Bits
13
Marking Example
policy-map POLICY-QOS-INGRESS class CLASS-VOICE-STREAM set cos 5
policy-map POLICY-QOS-INGRESS class CLASS-VOICE-STREAM set dscp ef
Mark to CoS Value
Mark to DSCP Value
14
MarkingDSCP Terminology
• DSCP– Value in numeric form (e.g., DSCP 46, 24)
• Per-Hop Behaviors (PHBs)– Define forwarding behavior• Class Selectors (CS1-7, maps to IPP values)• Assured Forwarding (AFxy)
x = DiffServ Class ranging from 1-4y = Drop Preference from 1-3 (3 being dropped most often)
• Expedited Forwarding (EF)
15
MarkingEndpoints and Trust
Untrusted
WorkstationsServers
Uncontrolled Nodes
Trusted
CallManagerWireless Access Points
Voice GatewaysFaxes
Conference Phones
Conditionally-Trusted
Cisco IP Phones
16
MarkingEndpoints and Trust
17
Classification and Marking DesignQoS Baseline Marking Recommendations
ApplicationL3 Classification
DSCPPHBIPP CoS
Transactional Data 18AF212 2
Call Signaling 24CS3*3 3
Streaming Video 32CS44 4
Video Conferencing 34AF414 4
Voice 46EF5 5
Network Management 16CS22 2
L2
Bulk Data 10AF111 1
Scavenger 8CS11 1
Best Effort 000 0
Routing 48CS66 6
Mission-Critical Data 26AF31*3 3
18
RFC 4594 - Configuration Guidelines for DiffServ Service ClassesNew
(ish)
19
Marking Notes
• External Packet Prioritization TagsTransmitted IGP/EGP packets are auto-marked DSCP
CS6 by default• Internal Packet Prioritization Tags
IGP’s (EIGRP, OSPF, etc.) are internally marked “PAK_PRIORITY” for intra-router preferential treatment
• CoS-DSCP Maps, DSCP Mutation, etc.• DSCP passes through if switch QoS disabled
20
SCHEDULING & QUEUING
21
Scheduling & Queuing
Output Queue
Priority Queuing
(PQ)
Custom Queuing (CQ)
Weighted Fair Queuing
(WFQ) Class-Based Weighted Fair
Queuing (CBWFQ)
Low Latency Queuing (LLQ)
TxRing
22
Queuing• Why queuing?– Rearrange packets waiting to be
transmitted• LLQ– Combo of PQ (strict) + CBWFQ– Typically PQ (strict) + CBWFQ + FQ
• Caveats– Platform specific priority and transmit
queues (Q1 vs Q4, 1P2Q2T)
23
QueuingLLQ Diagram
24
VoIP Bandwidth Requirements
Calculate bandwidth per call• Stream (codec + L3 + L2 overhead)– G.711 = 77-93 Kbps (without cRTP)– G.729A = 21-37 Kbps (without cRTP)
• Call Signaling– 150 bytes per phone for voice control
• Call Admission Control (CAC)– Prevents CUCM from placing WAN call if not enough
priority bandwidth
25
QueuingExample
policy-map POLICY-QOS-EGRESS class CLASS-ROUTING bandwidth percent 2 class CLASS-VOICE-STREAM priority percent 20 class CLASS-VIDEO-INTERACTIVE bandwidth percent 29 class CLASS-CALL-SIGNALING bandwidth percent 3 class CLASS-MISSION-CRITICAL bandwidth percent 24 random-detect dscp-based class CLASS-SCAVENGER bandwidth percent 1 random-detect dscp-based class class-default bandwidth percent 21 random-detect dscp-based
interface Serial 0/1/0 bandwidth 1536 ip nbar protocol-discovery max-reserved-bandwidth 100 service-policy output POLICY-QOS-EGRESS
26
CONGESTION AVOIDANCE
27
Congestion Avoidance• Why care about congestion avoidance?
– Manages the tail of the queue– Queue full = no QoS
• Mechanisms– Random Early Detect (RED)– Weighted Random Early Detect (WRED)– DSCP-based WRED– WRED sets IP ECN bits
• Examplepolicy-map POLICY-QOS-EGRESSclass CLASS-SCAVENGER bandwidth percent 1 random-detect dscp-based
28
Congestion AvoidanceMonitoring Drops
Check Total Interface Drops
sh int s1/0 | i drop Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops:
344321
Check Drop Detailssh policy-map int s1/0 output Class-map: CLASS-SCAVENGER (match-any) (depth/total drops/no-buffer drops) 0/336172/0 dscp Transmitted Random drop Tail drop Minimum Maximum Mark pkts/bytes pkts/bytes pkts/bytes thresh thresh probaf42 0/0 0/0 0/0 28 40 1/10af43 0/0 0/0 0/0 24 40 1/10 cs1 1714453/21300774 330232/478897145 5940/8446381 22 40 1/10 cs2 0/0 0/0 0/0 24 40 1/10 cs3 0/0 0/0 0/0 26 40 1/10
29
POLICING & MARKDOWN
30
Policing & Markdown• Switch
– Only supports single-rate policerpolicy-map POLICY-QOS-INGRESS class CLASS-VOICE-STREAM set dscp ef police 128000 8000 exceed-action {drop|policed-dscp-transmit}
• Router– Two-Rate Policerpolice 128000 8000 conform-action transmit exceed-action set-dscp-
transmit af32 violate-action set-dscp-transmit af33• exceed-action :: action when rate is within conform and conform + exceed burst• violate-action :: action when rate is greater than conform + exceed burst
31
ExamplesSwitch (Mapping on Catalyst 3750)
mls qos map cos-dscp 0 8 16 24 32 46 48 54mls qos map policed-dscp 0 10 18 24 25 26 34 to 8
mls qos srr-queue output cos-map queue 1 threshold 3 5mls qos srr-queue output cos-map queue 2 threshold 1 2 4mls qos srr-queue output cos-map queue 2 threshold 2 3mls qos srr-queue output cos-map queue 2 threshold 3 6 7mls qos srr-queue output cos-map queue 3 threshold 3 0mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 46mls qos srr-queue output dscp-map queue 2 threshold 1 16mls qos srr-queue output dscp-map queue 2 threshold 1 18 20 22mls qos srr-queue output dscp-map queue 2 threshold 1 32mls qos srr-queue output dscp-map queue 2 threshold 1 34 36 38mls qos srr-queue output dscp-map queue 2 threshold 2 24 26mls qos srr-queue output dscp-map queue 2 threshold 3 48 56mls qos srr-queue output dscp-map queue 3 threshold 3 0mls qos srr-queue output dscp-map queue 4 threshold 1 8mls qos srr-queue output dscp-map queue 4 threshold 3 10 12 14
mls qos queue-set output 1 threshold 2 70 80 100 100mls qos queue-set output 1 threshold 4 40 100 100 100mls qos
Output Queuing using CoS
Output Queuing
using DSCP
Queue Drop
Thresholds
32
ExamplesSwitch (Mark and Police)
mls qos map policed-dscp 0 10 18 24 25 26 34 to 8
ip access-list extended ACL-VOICE-STREAM remark --- VoIP RTP Call Stream permit udp 10.0.0.0 0.0.0.255 any range 16384 32768
class-map match-all CLASS-VOICE-STREAM match access-group name ACL-VOICE-STREAM
policy-map POLICY-QOS-INGRESS class CLASS-VOICE-STREAM set dscp ef police 128000 8000 exceed-action drop class class-default set dscp 0 police 5000000 8000 exceed-action policed-dscp-transmit
interface FastEthernet 1/0/1 srr-queue bandwidth share 1 70 25 5 srr-queue bandwidth shape 3 0 0 0 priority-queue out service-policy input POLICY-QOS-INGRESS
33
ExamplesRouter LAN (Marking)class-map match-all CLASS-MARK-MISSION-CRITICAL match protocol http url orders.cisco.com* match input-interface FastEthernet 0/0
class-map match-any CLASS-MARK-SCAVENGER match protocol bittorrent match protocol edonkey match protocol fasttrack match protocol gnutella match protocol kazaa2 match protocol napster match protocol winmx
policy-map POLICY-QOS-INGRESS class CLASS-MARK-MISSION-CRITICAL set dscp af31 class CLASS-MARK-SCAVENGER set dscp cs1
interface FastEthernet 0/1 description --- FROM LAN ip nbar protocol-discovery service-policy input POLICY-QOS-INGRESS
34
ExamplesRouter WAN (Queuing)class-map match-all CLASS-ROUTING match dscp cs6class-map match-all CLASS-VOICE-STREAM match dscp efclass-map match-any CLASS-SCAVENGER match dscp cs1
policy-map POLICY-QOS-EGRESS class CLASS-ROUTING bandwidth percent 2 class CLASS-VOICE-STREAM priority percent 20 class CLASS-SCAVENGER bandwidth percent 1 random-detect dscp-based class class-default bandwidth percent 21 random-detect dscp-based
interface Serial 0/1/0 max-reserved-bandwidth 100 ip nbar protocol-discovery service-policy output POLICY-QOS-EGRESS
35
ExamplesRouter WAN (Remark)
class-map match-any CLASS-REMARK-AF31-TO-AF41 match dscp af31class-map match-any CLASS-REMARK-AF21-TO-AF31 match dscp af21
policy-map POLICY-QOS-WAN-INGRESS description --- Remark DSCP values from carrier class CLASS-REMARK-AF31-TO-AF41 set dscp af41 class CLASS-REMARK-AF21-TO-AF31 set dscp af31
interface Serial 0/1/0 service-policy input POLICY-QOS-WAN-INGRESS
36
Best Practices
• Classify and mark applications as close to their sources as technically and administratively feasible.
• Use DSCP markings whenever possible• Always enable QoS policies in hardware (switch)— rather than software
(router)—whenever a choice exists• Follow standards-based DSCP PHB markings to ensure interoperability
and future expansion• Police traffic flows as close to their sources as possible.• Whenever supported, markdown should be done according to
standards-based rules• The only way to provide service guarantees is to enable queuing at any
node that has the potential for congestion• Limit the amount of strict priority queuing to no more than 33 percent
of link capacity
37
More
• SRND– http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmig
ration_09186a008049b062.pdf
• CallManager CAC– http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_impleme
ntation_design_guides_list.html
• Crypto and QoS– http://
cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a00800b3d15.shtml