QoS In The Enterprise
•Descargar como PPTX, PDF•
20 recomendaciones•6,442 vistas
This was a presentation given describing the fundamentals needed to understand Cisco Quality of Service as deployed in a typical enterprise network.
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (20)
Similar a QoS In The Enterprise
Similar a QoS In The Enterprise (20)
Último
Último (20)
QoS In The Enterprise
- 1. Quality of Service Deploying Cisco QoS in the Enterprise Tanner Hiland May 17, 2007 Updated March 25, 2010
- 2. Acronyms Do you know what these stand for? CoS ToS DSCP PHB EF / AF / CS IPP 1p3q8t PQ / CQ / CBWFQ / LLQ WRED WTD 2
- 3. Overview • Main Categories Preferential Traffic Treatment Squelch Traffic Treatment Everything Else • Reasoning Build networks to withstand the unexpected Saturated network links Network Attacks 3
- 4. QoS Components Classification and Marking Congestion Management • Scheduling and Queuing Congestion Avoidance • WRED Bandwidth Management • Policing and Markdown Monitoring 4
- 6. 6
- 7. Classification What traffic do you want to match? • MAC Address • 802.1p CoSLayer 2 • IP Address • DSCP/IPPLayer 3 • Protocol (TCP/UDP) • TCP/UDP Port NumberLayer 4 • Network-Based Application Recognition (NBAR)Layer 7 7
- 8. Classification Configuration Example access-list 100 permit tcp host 1.1.1.1 any eq 80 class-map match-all CLASS-VOICE match dscp ef ip nbar custom SYSLOG_CUSTOM 1 variable priority 3 udp 514 class-map match-any CLASS-POLICE-SYSLOG match protocol SYSLOG_CUSTOM priority 190 Match by Access-List Match by existing DSCP value Match by Payload with NBAR 8
- 9. Classification NBAR In-(not-so-much) Depth • Full layer-7 inspection – Match protocols + payload data • Examples Match Citrix application Match HTTP URL’s Match syslog level Match RTP stream based on codec (G.711/G.729a) • Does it slow down traffic? Yes, but not much. First packet deeply inspected, subsequent packets are CEF-switched 9 class-map match-any CLASS-CRITICAL match protocol citrix app WORD match protocol http url *.site.com* match protocol http mime image/jpeg
- 10. MARKING 10
- 11. Marking How do you want to indicate packet priority? Layer 2 •CoS (3-bits) Layer 3 •IPP (3-bits) •DSCP (6-bits) •ECN Let’s look at the packet… 11
- 12. Marking IP Header 802.1Q/p VLAN Frame Format DSCP Format 12 IP Precedence (IPP) Format IPv4 ToS Bits
- 13. Marking Example policy-map POLICY-QOS-INGRESS class CLASS-VOICE-STREAM set cos 5 policy-map POLICY-QOS-INGRESS class CLASS-VOICE-STREAM set dscp ef Mark to CoS Value Mark to DSCP Value 13
- 14. Marking DSCP Terminology • DSCP – Value in numeric form (e.g., DSCP 46, 24) • Per-Hop Behaviors (PHBs) – Define forwarding behavior • Class Selectors (CS1-7, maps to IPP values) • Assured Forwarding (AFxy) x = DiffServ Class ranging from 1-4 y = Drop Preference from 1-3 (3 being dropped most often) • Expedited Forwarding (EF) 14
- 15. Marking Endpoints and Trust Untrusted Workstations Servers Uncontrolled Nodes Trusted CallManager Wireless Access Points Voice Gateways Faxes Conference Phones Conditionally- Trusted Cisco IP Phones 15
- 17. Classification and Marking Design QoS Baseline Marking Recommendations Application L3 Classification DSCPPHBIPP CoS Transactional Data 18AF212 2 Call Signaling 24CS3*3 3 Streaming Video 32CS44 4 Video Conferencing 34AF414 4 Voice 46EF5 5 Network Management 16CS22 2 L2 Bulk Data 10AF111 1 Scavenger 8CS11 1 Best Effort 000 0 Routing 48CS66 6 Mission-Critical Data 26AF31*3 3 17
- 18. RFC 4594 - Configuration Guidelines for DiffServ Service Classes 18
- 19. Marking Notes • External Packet Prioritization Tags Transmitted IGP/EGP packets are auto-marked DSCP CS6 by default • Internal Packet Prioritization Tags IGP’s (EIGRP, OSPF, etc.) are internally marked “PAK_PRIORITY” for intra-router preferential treatment • CoS-DSCP Maps, DSCP Mutation, etc. • DSCP passes through if switch QoS disabled 19
- 21. Scheduling & Queuing Output Queue Priority Queuing (PQ) Custom Queuing (CQ) Weighted Fair Queuing (WFQ) Class-Based Weighted Fair Queuing (CBWFQ) Low Latency Queuing (LLQ) 21 Tx Ring
- 22. Queuing • Why queuing? – Rearrange packets waiting to be transmitted • LLQ – Combo of PQ (strict) + CBWFQ – Typically PQ (strict) + CBWFQ + FQ • Caveats – Platform specific priority and transmit queues (Q1 vs Q4, 1P2Q2T) 22
- 24. VoIP Bandwidth Requirements Calculate bandwidth per call • Stream (codec + L3 + L2 overhead) – G.711 = 77-93 Kbps (without cRTP) – G.729A= 21-37 Kbps (without cRTP) • Call Signaling – 150 bytes per phone for voice control • Call Admission Control (CAC) – Prevents CUCM from placing WAN call if not enough priority bandwidth 24
- 25. Queuing Example policy-map POLICY-QOS-EGRESS class CLASS-ROUTING bandwidth percent 2 class CLASS-VOICE-STREAM priority percent 20 class CLASS-VIDEO-INTERACTIVE bandwidth percent 29 class CLASS-CALL-SIGNALING bandwidth percent 3 class CLASS-MISSION-CRITICAL bandwidth percent 24 random-detect dscp-based class CLASS-SCAVENGER bandwidth percent 1 random-detect dscp-based class class-default bandwidth percent 21 random-detect dscp-based interface Serial 0/1/0 bandwidth 1536 ip nbar protocol-discovery max-reserved-bandwidth 100 service-policy output POLICY-QOS-EGRESS 25
- 27. Congestion Avoidance • Why care about congestion avoidance? – Manages the tail of the queue – Queue full = no QoS • Mechanisms – Random Early Detect (RED) – Weighted Random Early Detect (WRED) – DSCP-based WRED – WRED sets IP ECN bits • Example policy-map POLICY-QOS-EGRESS class CLASS-SCAVENGER bandwidth percent 1 random-detect dscp-based 27
- 28. Congestion Avoidance Monitoring Drops Check Total Interface Drops sh int s1/0 | i drop Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops: 344321 Check Drop Details sh policy-map int s1/0 output Class-map: CLASS-SCAVENGER (match-any) (depth/total drops/no-buffer drops) 0/336172/0 dscp Transmitted Random drop Tail drop Minimum Maximum Mark pkts/bytes pkts/bytes pkts/bytes thresh thresh prob af42 0/0 0/0 0/0 28 40 1/10 af43 0/0 0/0 0/0 24 40 1/10 cs1 1714453/21300774 330232/478897145 5940/8446381 22 40 1/10 cs2 0/0 0/0 0/0 24 40 1/10 cs3 0/0 0/0 0/0 26 40 1/10 28
- 30. Policing & Markdown • Switch – Only supports single-rate policer policy-map POLICY-QOS-INGRESS class CLASS-VOICE-STREAM set dscp ef police 128000 8000 exceed-action {drop|policed-dscp- transmit} • Router – Two-Rate Policer police 128000 8000 conform-action transmit exceed-action set- dscp-transmit af32 violate-action set-dscp-transmit af33 • exceed-action :: action when rate is within conform and conform + exceed burst • violate-action :: action when rate is greater than conform + exceed burst 30
- 31. Examples Switch (Mapping on Catalyst 3750) mls qos map cos-dscp 0 8 16 24 32 46 48 54 mls qos map policed-dscp 0 10 18 24 25 26 34 to 8 mls qos srr-queue output cos-map queue 1 threshold 3 5 mls qos srr-queue output cos-map queue 2 threshold 1 2 4 mls qos srr-queue output cos-map queue 2 threshold 2 3 mls qos srr-queue output cos-map queue 2 threshold 3 6 7 mls qos srr-queue output cos-map queue 3 threshold 3 0 mls qos srr-queue output cos-map queue 4 threshold 3 1 mls qos srr-queue output dscp-map queue 1 threshold 3 46 mls qos srr-queue output dscp-map queue 2 threshold 1 16 mls qos srr-queue output dscp-map queue 2 threshold 1 18 20 22 mls qos srr-queue output dscp-map queue 2 threshold 1 32 mls qos srr-queue output dscp-map queue 2 threshold 1 34 36 38 mls qos srr-queue output dscp-map queue 2 threshold 2 24 26 mls qos srr-queue output dscp-map queue 2 threshold 3 48 56 mls qos srr-queue output dscp-map queue 3 threshold 3 0 mls qos srr-queue output dscp-map queue 4 threshold 1 8 mls qos srr-queue output dscp-map queue 4 threshold 3 10 12 14 mls qos queue-set output 1 threshold 2 70 80 100 100 mls qos queue-set output 1 threshold 4 40 100 100 100 mls qos Output Queuing using CoS Output Queuing using DSCP Queue Drop Thresholds 31
- 32. Examples Switch (Mark and Police) mls qos map policed-dscp 0 10 18 24 25 26 34 to 8 ip access-list extended ACL-VOICE-STREAM remark --- VoIP RTP Call Stream permit udp 10.0.0.0 0.0.0.255 any range 16384 32768 class-map match-all CLASS-VOICE-STREAM match access-group name ACL-VOICE-STREAM policy-map POLICY-QOS-INGRESS class CLASS-VOICE-STREAM set dscp ef police 128000 8000 exceed-action drop class class-default set dscp 0 police 5000000 8000 exceed-action policed-dscp-transmit interface FastEthernet 1/0/1 srr-queue bandwidth share 1 70 25 5 srr-queue bandwidth shape 3 0 0 0 priority-queue out service-policy input POLICY-QOS-INGRESS 32
- 33. Examples Router LAN (Marking) class-map match-all CLASS-MARK-MISSION-CRITICAL match protocol http url orders.cisco.com* match input-interface FastEthernet 0/0 class-map match-any CLASS-MARK-SCAVENGER match protocol bittorrent match protocol edonkey match protocol fasttrack match protocol gnutella match protocol kazaa2 match protocol napster match protocol winmx policy-map POLICY-QOS-INGRESS class CLASS-MARK-MISSION-CRITICAL set dscp af31 class CLASS-MARK-SCAVENGER set dscp cs1 interface FastEthernet 0/1 description --- FROM LAN ip nbar protocol-discovery service-policy input POLICY-QOS-INGRESS 33
- 34. Examples Router WAN (Queuing) class-map match-all CLASS-ROUTING match dscp cs6 class-map match-all CLASS-VOICE-STREAM match dscp ef class-map match-any CLASS-SCAVENGER match dscp cs1 policy-map POLICY-QOS-EGRESS class CLASS-ROUTING bandwidth percent 2 class CLASS-VOICE-STREAM priority percent 20 class CLASS-SCAVENGER bandwidth percent 1 random-detect dscp-based class class-default bandwidth percent 21 random-detect dscp-based interface Serial 0/1/0 max-reserved-bandwidth 100 ip nbar protocol-discovery service-policy output POLICY-QOS-EGRESS 34
- 35. Examples Router WAN (Remark) class-map match-any CLASS-REMARK-AF31-TO-AF41 match dscp af31 class-map match-any CLASS-REMARK-AF21-TO-AF31 match dscp af21 policy-map POLICY-QOS-WAN-INGRESS description --- Remark DSCP values from carrier class CLASS-REMARK-AF31-TO-AF41 set dscp af41 class CLASS-REMARK-AF21-TO-AF31 set dscp af31 interface Serial 0/1/0 service-policy input POLICY-QOS-WAN-INGRESS 35
- 36. Best Practices • Classify and mark applications as close to their sources as technically and administratively feasible. • Use DSCP markings whenever possible • Always enable QoS policies in hardware (switch)— rather than software (router)—whenever a choice exists • Follow standards-based DSCP PHB markings to ensure interoperability and future expansion • Police traffic flows as close to their sources as possible. • Whenever supported, markdown should be done according to standards-based rules • The only way to provide service guarantees is to enable queuing at any node that has the potential for congestion • Limit the amount of strict priority queuing to no more than 33 percent of link capacity 36
- 37. More • SRND – http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmig ration_09186a008049b062.pdf • CallManager CAC – http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_impleme ntation_design_guides_list.html • Crypto and QoS – http://cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a008 00b3d15.shtml 37
Notas del editor
- CoS – Class of Service (802.1p)ToS – Type of Service (ToS bits in the IPv4 header)DSCP – Differentiated Services Code Point, aka DiffServPHB – Per Hop BehaviorEF / AF / CS – PHB’s: Expedited Forwarding, Assured Forwarding, Class SelectorIPP – IP Precedence (pre-DSCP)1p3q8t – Queuing capabilities for a switchport, 1 priority, 3 queues, 8 drop thresholds per queuePQ / CQ / CBWFQ / LLQ – Queuing strategies, Priority Queue, Custom Queue, Class-Based Weighted-Fair Queue, Low-Latency QueueWRED – Weighted Random Early Detect (Congestionavoidence)WTD – Weighted Tail Drop
- CiscoQoS Baseline modelUsing every class in the baseline is rare. Simplify/consolidate when possible.
- CoS bits are in the 802.1p portion of a 802.1Q tagged frame. In other words, if you don’t have a 802.1Q trunk, you don’t have CoS values going across the wire.
- CoS depends on 802.1QCoS = Layer 2 and is rewritten per hopIPP/DSCP use ToS bits at layer 3 which stay with the packethttp://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_538840.html
- Remember that when deploying QoS designs for untrusted servers, the applications are usually identified by source ports, and not destination ports (as is the case with client-to-server access lists).The server is typically returning traffic to the client, so the source port should be matched by ACL’s.
- More than four years after Cisco put forward its QoS Baseline document, RFC 4594 was formally accepted as an informational RFC (in August 2006). Before getting into the specifics of RFC 4594, it is important to comment on the difference between the IETF RFC categories of informational and standard. An informational RFC is an industry recommended best practice, while a standard RFC is an industry requirement. Therefore RFC 4594 is a set of formal DiffServQoS configuration best practices, not a requisite standard. http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSIntro_40.html#wp60882
- http://www.cisco.com/en/US/tech/tk543/tk544/technologies_tech_note09186a0080094612.shtml#backinfoCisco IOS marks these IP-based control packets [as DSCP CS6]: Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP) hellos, and keepalives. Telnet packets to and from the router also receive an IP precedence value of 6. The assigned value remains with the packets when the output interface transmits them into the network.
- “If excess bandwidth is available, the priority class will be allowed to utilize the bandwidth. If no excess bandwidth is available, the priority traffic will be constrained to the configured rate via packet drops.” “Guaranteed allowed bandwidth, in kbps, for the priority traffic. Beyond the guaranteed bandwidth, the priority traffic will be dropped in the event of congestion to ensure that the nonpriority traffic is not starved.”If a bandwidth or priority class should not exceed its allocated bandwidth during periods of no congestion, you can combine the priority command with the police command. This configuration imposes a maximum rate that is always active on the class. Choosing to configure a police statement in this configuration depends on the policy's objective.”http://www.cisco.com/en/US/partner/tech/tk543/tk757/technologies_tech_note09186a0080103eae.shtml#whichtrafficclassescanuseexcessbandwidth
- A summary of the key QoS requirements and recommendations for Voice (bearer traffic) are:• Voice traffic should be marked to DSCP EF per the QoS Baseline and RFC 3246.• Loss should be no more than 1 %.• One-way Latency (mouth-to-ear) should be no more than 150 ms.• Average one-way Jitter should be targeted under 30 ms.• 21–320 kbps of guaranteed priority bandwidth is required per call (depending on the samplingrate, VoIP codec and Layer 2 media overhead).When provisioning for Interactive Video (IP Videoconferencing) traffic, the following guidelines arerecommended:• Interactive Video traffic should be marked to DSCP AF41; excess Interactive-Video traffic can bemarked down by a policer to AF42 or AF43.• Loss should be no more than 1 %.• One-way Latency should be no more than 150 ms.• Jitter should be no more than 30 ms.• Overprovision Interactive Video queues by 20% to accommodate bursts
- “Random drop” = Dropped due to WRED“Tail drop” = Dropped due to queue limit being exceeded even with WRED (fields below to compensate)Max threshold = How many packets have to be in queue before WRED starts to drop packetsMin threshold = How many packets have to be in queue before WRED stops dropping packets (max threshold must have been previously triggered)Mark probability = How often incoming packets are marked to be dropped (e.g., 1 out of 10 is 1/10, 1 out of 5 is 1/5)