7. Classification
What traffic do you want to match?
• MAC Address
• 802.1p CoSLayer 2
• IP Address
• DSCP/IPPLayer 3
• Protocol (TCP/UDP)
• TCP/UDP Port NumberLayer 4
• Network-Based Application
Recognition (NBAR)Layer 7
7
8. Classification
Configuration Example
access-list 100 permit tcp host 1.1.1.1 any eq 80
class-map match-all CLASS-VOICE
match dscp ef
ip nbar custom SYSLOG_CUSTOM 1 variable priority 3
udp 514
class-map match-any CLASS-POLICE-SYSLOG
match protocol SYSLOG_CUSTOM priority 190
Match by Access-List
Match by existing DSCP value
Match by Payload with NBAR
8
9. Classification
NBAR In-(not-so-much) Depth
• Full layer-7 inspection
– Match protocols + payload data
• Examples
Match Citrix application
Match HTTP URL’s
Match syslog level
Match RTP stream based on codec (G.711/G.729a)
• Does it slow down traffic?
Yes, but not much. First packet deeply inspected,
subsequent packets are CEF-switched
9
class-map match-any CLASS-CRITICAL
match protocol citrix app WORD
match protocol http url *.site.com*
match protocol http mime image/jpeg
14. Marking
DSCP Terminology
• DSCP
– Value in numeric form (e.g., DSCP 46, 24)
• Per-Hop Behaviors (PHBs)
– Define forwarding behavior
• Class Selectors (CS1-7, maps to IPP values)
• Assured Forwarding (AFxy)
x = DiffServ Class ranging from 1-4
y = Drop Preference from 1-3 (3 being dropped most often)
• Expedited Forwarding (EF)
14
27. Congestion Avoidance
• Why care about congestion avoidance?
– Manages the tail of the queue
– Queue full = no QoS
• Mechanisms
– Random Early Detect (RED)
– Weighted Random Early Detect (WRED)
– DSCP-based WRED
– WRED sets IP ECN bits
• Example
policy-map POLICY-QOS-EGRESS
class CLASS-SCAVENGER
bandwidth percent 1
random-detect dscp-based
27
28. Congestion Avoidance
Monitoring Drops
Check Total Interface Drops
sh int s1/0 | i drop
Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops:
344321
Check Drop Details
sh policy-map int s1/0 output
Class-map: CLASS-SCAVENGER (match-any)
(depth/total drops/no-buffer drops) 0/336172/0
dscp Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
af42 0/0 0/0 0/0 28 40 1/10
af43 0/0 0/0 0/0 24 40 1/10
cs1 1714453/21300774 330232/478897145 5940/8446381 22 40 1/10
cs2 0/0 0/0 0/0 24 40 1/10
cs3 0/0 0/0 0/0 26 40 1/10
28
30. Policing & Markdown
• Switch
– Only supports single-rate policer
policy-map POLICY-QOS-INGRESS
class CLASS-VOICE-STREAM
set dscp ef
police 128000 8000 exceed-action {drop|policed-dscp-
transmit}
• Router
– Two-Rate Policer
police 128000 8000 conform-action transmit exceed-action set-
dscp-transmit af32 violate-action set-dscp-transmit af33
• exceed-action :: action when rate is within conform and conform + exceed burst
• violate-action :: action when rate is greater than conform + exceed burst
30
32. Examples
Switch (Mark and Police)
mls qos map policed-dscp 0 10 18 24 25 26 34 to 8
ip access-list extended ACL-VOICE-STREAM
remark --- VoIP RTP Call Stream
permit udp 10.0.0.0 0.0.0.255 any range 16384 32768
class-map match-all CLASS-VOICE-STREAM
match access-group name ACL-VOICE-STREAM
policy-map POLICY-QOS-INGRESS
class CLASS-VOICE-STREAM
set dscp ef
police 128000 8000 exceed-action drop
class class-default
set dscp 0
police 5000000 8000 exceed-action policed-dscp-transmit
interface FastEthernet 1/0/1
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
service-policy input POLICY-QOS-INGRESS
32
33. Examples
Router LAN (Marking)
class-map match-all CLASS-MARK-MISSION-CRITICAL
match protocol http url orders.cisco.com*
match input-interface FastEthernet 0/0
class-map match-any CLASS-MARK-SCAVENGER
match protocol bittorrent
match protocol edonkey
match protocol fasttrack
match protocol gnutella
match protocol kazaa2
match protocol napster
match protocol winmx
policy-map POLICY-QOS-INGRESS
class CLASS-MARK-MISSION-CRITICAL
set dscp af31
class CLASS-MARK-SCAVENGER
set dscp cs1
interface FastEthernet 0/1
description --- FROM LAN
ip nbar protocol-discovery
service-policy input POLICY-QOS-INGRESS
33
34. Examples
Router WAN (Queuing)
class-map match-all CLASS-ROUTING
match dscp cs6
class-map match-all CLASS-VOICE-STREAM
match dscp ef
class-map match-any CLASS-SCAVENGER
match dscp cs1
policy-map POLICY-QOS-EGRESS
class CLASS-ROUTING
bandwidth percent 2
class CLASS-VOICE-STREAM
priority percent 20
class CLASS-SCAVENGER
bandwidth percent 1
random-detect dscp-based
class class-default
bandwidth percent 21
random-detect dscp-based
interface Serial 0/1/0
max-reserved-bandwidth 100
ip nbar protocol-discovery
service-policy output POLICY-QOS-EGRESS
34
35. Examples
Router WAN (Remark)
class-map match-any CLASS-REMARK-AF31-TO-AF41
match dscp af31
class-map match-any CLASS-REMARK-AF21-TO-AF31
match dscp af21
policy-map POLICY-QOS-WAN-INGRESS
description --- Remark DSCP values from carrier
class CLASS-REMARK-AF31-TO-AF41
set dscp af41
class CLASS-REMARK-AF21-TO-AF31
set dscp af31
interface Serial 0/1/0
service-policy input POLICY-QOS-WAN-INGRESS
35
36. Best Practices
• Classify and mark applications as close to their sources as
technically and administratively feasible.
• Use DSCP markings whenever possible
• Always enable QoS policies in hardware (switch)— rather than
software (router)—whenever a choice exists
• Follow standards-based DSCP PHB markings to ensure
interoperability and future expansion
• Police traffic flows as close to their sources as possible.
• Whenever supported, markdown should be done according to
standards-based rules
• The only way to provide service guarantees is to enable queuing at
any node that has the potential for congestion
• Limit the amount of strict priority queuing to no more than 33
percent of link capacity
36
CoS – Class of Service (802.1p)ToS – Type of Service (ToS bits in the IPv4 header)DSCP – Differentiated Services Code Point, aka DiffServPHB – Per Hop BehaviorEF / AF / CS – PHB’s: Expedited Forwarding, Assured Forwarding, Class SelectorIPP – IP Precedence (pre-DSCP)1p3q8t – Queuing capabilities for a switchport, 1 priority, 3 queues, 8 drop thresholds per queuePQ / CQ / CBWFQ / LLQ – Queuing strategies, Priority Queue, Custom Queue, Class-Based Weighted-Fair Queue, Low-Latency QueueWRED – Weighted Random Early Detect (Congestionavoidence)WTD – Weighted Tail Drop
CiscoQoS Baseline modelUsing every class in the baseline is rare. Simplify/consolidate when possible.
CoS bits are in the 802.1p portion of a 802.1Q tagged frame. In other words, if you don’t have a 802.1Q trunk, you don’t have CoS values going across the wire.
CoS depends on 802.1QCoS = Layer 2 and is rewritten per hopIPP/DSCP use ToS bits at layer 3 which stay with the packethttp://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_538840.html
Remember that when deploying QoS designs for untrusted servers, the applications are usually identified by source ports, and not destination ports (as is the case with client-to-server access lists).The server is typically returning traffic to the client, so the source port should be matched by ACL’s.
More than four years after Cisco put forward its QoS Baseline document, RFC 4594 was formally accepted as an informational RFC (in August 2006). Before getting into the specifics of RFC 4594, it is important to comment on the difference between the IETF RFC categories of informational and standard. An informational RFC is an industry recommended best practice, while a standard RFC is an industry requirement. Therefore RFC 4594 is a set of formal DiffServQoS configuration best practices, not a requisite standard. http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSIntro_40.html#wp60882
http://www.cisco.com/en/US/tech/tk543/tk544/technologies_tech_note09186a0080094612.shtml#backinfoCisco IOS marks these IP-based control packets [as DSCP CS6]: Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP) hellos, and keepalives. Telnet packets to and from the router also receive an IP precedence value of 6. The assigned value remains with the packets when the output interface transmits them into the network.
“If excess bandwidth is available, the priority class will be allowed to utilize the bandwidth. If no excess bandwidth is available, the priority traffic will be constrained to the configured rate via packet drops.” “Guaranteed allowed bandwidth, in kbps, for the priority traffic. Beyond the guaranteed bandwidth, the priority traffic will be dropped in the event of congestion to ensure that the nonpriority traffic is not starved.”If a bandwidth or priority class should not exceed its allocated bandwidth during periods of no congestion, you can combine the priority command with the police command. This configuration imposes a maximum rate that is always active on the class. Choosing to configure a police statement in this configuration depends on the policy's objective.”http://www.cisco.com/en/US/partner/tech/tk543/tk757/technologies_tech_note09186a0080103eae.shtml#whichtrafficclassescanuseexcessbandwidth
A summary of the key QoS requirements and recommendations for Voice (bearer traffic) are:• Voice traffic should be marked to DSCP EF per the QoS Baseline and RFC 3246.• Loss should be no more than 1 %.• One-way Latency (mouth-to-ear) should be no more than 150 ms.• Average one-way Jitter should be targeted under 30 ms.• 21–320 kbps of guaranteed priority bandwidth is required per call (depending on the samplingrate, VoIP codec and Layer 2 media overhead).When provisioning for Interactive Video (IP Videoconferencing) traffic, the following guidelines arerecommended:• Interactive Video traffic should be marked to DSCP AF41; excess Interactive-Video traffic can bemarked down by a policer to AF42 or AF43.• Loss should be no more than 1 %.• One-way Latency should be no more than 150 ms.• Jitter should be no more than 30 ms.• Overprovision Interactive Video queues by 20% to accommodate bursts
“Random drop” = Dropped due to WRED“Tail drop” = Dropped due to queue limit being exceeded even with WRED (fields below to compensate)Max threshold = How many packets have to be in queue before WRED starts to drop packetsMin threshold = How many packets have to be in queue before WRED stops dropping packets (max threshold must have been previously triggered)Mark probability = How often incoming packets are marked to be dropped (e.g., 1 out of 10 is 1/10, 1 out of 5 is 1/5)