Cisco Presentation Guide

1© 2002, Cisco Systems, Inc. All rights reserved.

Albert Garcia, [email protected]

David Mindel, [email protected]

November 20, 2002

NJEDge.Net QoS Update

mailto:[email protected]

mailto:[email protected]


Agenda

• Purpose and Goal

• Quality of Service Overview

• Cisco QoS Router Configuration

• Reference Material


Shouldn’t you have some kind of equipment or

something?

Purpose: Understand WAN QoS issues and toolsGoal: Best Practices for NJ Edge to implement WAN QoS

It’s the Quality of the Service, our methods are not always apparent.

Q o S


Video Conferencing Traffic Packet Size Breakdown (CIF)

65–128 Bytes 1%

129–256 Bytes 34%

513–1024 Bytes 20%

1025–1500 Bytes 37%

257-512 Bytes 8%


NJEDge Recommended Basic NJEDge Recommended Basic Connectivity Connectivity

Firewall

H.323 Gatekeeper

Proxy

QoS & Multicast-capable SwitchedLAN Infrastructure

Customer Edge Customer Edge Device (CE)Device (CE)

H.323

NJEdge NetNJEdge Net

H.323 H.323

• Separate Cisco IOS H.323 Gatekeeper positioned behind Firewall

• Isolates functionality of Internet Router

• Interop with Scheduling Packages

• Provides Call Admission Control by zone, supports multiple zones

• Provides trust, control, and ease of QoS marking


Video Endpoints and Quality (Why QoS)

• Latency (one-way delay)

May impact audio or video fidelity (seen as lost packets)

Higher latency - more likely both parties will speak at same time

• Jitter (variation in delay)

Endpoints resilient to some jitter (de-jitter buffer)

Depends on endpoints, testing is best

• Drops (lost or greatly delayed packets)

1-3% loss may be acceptable over minutes - but when drops occur – typically all packets over seconds


QoS Primer: What

• Admission Control: Allowing sessions based on the capabilities of the network, and disallowing sessions which would bring the traffic total beyond that point

• Classification: Marking, trusting, or accepting traffic with a specific priority denoting a requirement for special service from the network

• Scheduling: Assigning traffic to one of multiple queues (based on classification) and delivering preferential treatment to each queue as needed

• Provisioning: Accurately calculating the required bandwidth for all applications plus element overhead


QoS Primer: How

• Admission Control: Gatekeepers (Zone bandwidth) and Scheduling packages

• Classification: Using 802.1P CoS, IP ToS byte, and other IP fields to assign traffic to classes via CBWFQ

• Scheduling: CBWFQ and LLQ, WRED, traffic shaping, LFI

• Provisioning: Assignment of bandwidth to traffic classes, calculating needed bandwidth


SiSi

SiSiWAN

QoS Is Needed to Minimize Packet Loss, Delay and Delay Variation

Where QoS Is NeededCentral Campus Remote Branch

Low-latency Queuing

Data Traffic Queue Provisioning

Link Fragmentation and Interleave

Traffic Shaping

Admission Control

Low-latency Queuing

Data Traffic Queue Provisioning

Link Fragmentation and Interleave

Traffic Shaping

Admission Control

QoS—Branch

Layer 3 Policing for Content Distribution

Multiple Queues on All Ports; Priority Queuing for VoIP

WRED Within Data Queues for Congestion Management

Layer 3 Policing for Content Distribution

Multiple Queues on All Ports; Priority Queuing for VoIP

WRED Within Data Queues for Congestion Management

QoS—Campus AccessQoS—Campus Access QoS—Campus Dist.QoS—Campus Dist. QoS—WANQoS—WAN

Speed and Duplex Settings

Classification/trust on IP Phone , Video Endpoint, Content service and Citrix traffic

Multiple Queues on IP Phone and Access Ports


Classification/trust on IP Phone , Video Endpoint, Content service and Citrix Server



Classification/trust on IP Phone , Video Endpoint, Content service and Citrix Server



• Distribution/Core4000/SUPIII—1P3Q2T

6500—2Q2T TX (10/100 classic)

1Q4T RX (10/100 classic)

1P2Q2T TX (gig classic)

1P1Q4T RX (gig classic)

1P3Q1T TX (10/100 fabric)

1P1Q RX (10/100 fabric)

1P2Q1T TX (gig fabric)

1P1Q8T RX (gig fabric)

Campus QoS

• Access2900/3500—2Q1T

2950 4Q (Priority Schedule or WRR)

3550—1P3Q2T or 4Q2T

4000/SUPII—2Q1T

4000/SUPIII—1P3Q2T (priority config)

6500—2Q2T TX (10/100 classic)

1Q4T RX (10/100 classic)

1P2Q2T TX (gig classic)

1P1Q4T RX (gig classic)

Queuing/Scheduling Capabilities Depend on Hardware:

Catalyst Switches which Support Multiple Queues


Admission Control

NJEdge NetNJEdge NetIP/VPNIP/VPN

1.5mbps

10mbps

H.323

H.323 H.323

gatekeeper

zone local main main.school.org 10.236.1.5

zone local A A.school.org

zone local B B.school.org

zone remote NJEportal NJEportal.verizon.com <GK IP@> 1719

no zone main default enable

zone subnet main 10.1.0.0/16 enable

no zone A default enable

zone subnet A 10.2.0.0/16 enable

no zone B default enable

zone subnet B 10.3.0.0/16 enable

zone prefix NJEportal 0*

zone prefix A 0011609555*

zone prefix B 0011609444*

zone prefix main 0011609333*

lrq forward-queries

bandwidth interzone default 1536 (allows up to 768k call bwidth)

bandwidth session default 768 (allows max single call b/w of 384k)

bandwidth remote 7680 (allows up to ~5mbps out to NJE)

no shutdown (10 384k calls from this member)

endpoint ttl 60

Remote A10.2.0.0/16

Remote B10.3.0.0/16

Main10.1.0.0/16

GK

http://www.cisco.com/warp/public/788/voip/add_control_gk.pdf


least significant bit

ToS byte

77 5566 44 33 22 11 00

!class-map match-all real-time video match ip precedence 4class-map match-any priority-data match ip precedence 2 match ip precedence 6class-map match-all voice match ip precedence 5!

Classification: IP Precedence

IP PrecedenceIP Precedence PriorityPriority

DSCP DSCP

- 4 Classes Provided By NJ Edge

- 0 = best effort, 2 = priority data, 4 = real-time video, 5 = real-time voice- Assume that voice/video call-setup will be in real-time video class

- Video endpoints may need to be configured, may use precedence 3 for signaling - Or re-mark signaling packets to precedence 4 before transmission to IP VPN

- If devices not trusted, can set precedence by VLAN#, IP address or port range- Can be done at LAN switch , which also sets 802.1P CoS- Can be done by WAN router based on IP addresses, TCP/UDP Port #s,

- IOS marks IP routing protocol hellos and advertisements as precedence 6- May need to map BGP to an existing class and remark if issues under load- Or leave as best effort classification, but guarantee b/w out from edge


Classification


1.5mbps

10mbps

H.323

H.323 H.323

proxy h323

!

interface Loopback0

ip address 10.1.1.5 255.255.255.255

h323 interface

h323 qos ip-precedence 4

h323 h323-id InstitutionA-3725-Proxy

h323 gatekeeper ipaddr 10.1.1.5

h323 t120 bypassRemote A10.2.0.0/16

Remote B10.3.0.0/16

Main10.1.0.0/16

GK/Proxy

To IP VPN- For video, look for all traffic from Proxy

!class-map match-any video-nje match access-group name theproxy!!ip access-list extended theproxy permit ip host 10.1.1.5 any!

GK/Proxy

WAN Router


Classification


1.5mbps

10mbps

H.323

H.323 H.323

Remote A10.2.0.0/16

Remote B10.3.0.0/16

Main10.1.0.0/16

GK

If no Proxy, and for intra-institution WAN links…- Look for RTP traffic and H.323 setupFor video to/from IP/VPN- With firewall, must open up 16000 ports

- With Proxy, just allow in/out from Proxy for these ports

!class-map match-any video match access-group name videolist match ip rtp 16384 16383!ip access-list extended videolist permit tcp any any range 1720 1731 permit tcp any range 1720 1731 any!

WAN Router

Or can classify by IP address, VLAN, CoS value, etc. Many options


Layer 3 to Layer 2 Classification Mapping to the Campus

IP/VPN or WAN

Requires the mod-cli Commands Available in IOS 12.1(5)T* Bandwidth statements not needed due to LAN speedsRequires the mod-cli Commands Available in IOS 12.1(5)T*

Bandwidth statements not needed due to LAN speedsclass-map L3-L2-Voice match ip precedence 5class-map L3-L2-Video-Conf match ip precedence 4class-map L3-L2-Priority-Data match ip precedence 2!policy-map output-L3-to-L2 class L3-to-L2-Voice set cos 5 class L3-to-L2-Video-Conf set cos 4 class L3-to-L2-Priority-Data set cos 2!interface FastEthernet1/0.170 encapsulation dot1Q 170 ip address 10.1.1.5 255.255.255.0 policy output output-L3-to-L2


CBWFQCBWFQ

Layer 3 Queuing Subsystem Layer 2 Queuing Subsystem

FragmentFragment

Interleave

WFQWFQFIFO queue(small is good)FIFO queue(small is good)

Low Latency QueuingLow Latency Queuing

PacketsOut

PacketsIn

Police

Scheduling: Low Latency Queuing, CBWFQ

PQ VoicePQ Voice PQPQ

DefaultDefault

High DataHigh Data

TXRing

•Can have one Priority Queue (always serviced first)•Signaling and routing protocols require guaranteed service

• May need to piggyback on another class, provision sufficient bandwidth• Fragment (LFI) NOT recommended if voice & video in different classes• LFI NOT recommended for WAN speeds above 768kbps•TX ring adjustment may be needed• Best to not guarantee > 75% of sustained bandwidth (scr)

VideoConVideoCon


TX-Ring Sizing

• TX-Ring is an un-prioritized FIFO buffer which holds packets just before media transmission

• Used to make sure enough packets are queued in order to maximize available BW

• serialization delay really equals:Serialization delay * number of packets in the TX-Ring buffer

Misc. VoIP QoS Tools

Default TX-Ring BufferSizing (Packets)

Default TX-Ring BufferSizing (Packets)

22

8192—Must Be ChangedFor Low Speed Vcs

8192—Must Be ChangedFor Low Speed Vcs

64 (Per Main T1 Interface )64 (Per Main T1 Interface )

PPPPPP 66

MLPPPMLPPP

ATMATM

Frame-RelayFrame-Relay

MediaMediaRecommended TX-

Ring BufferSizing (Packets)

Recommended TX-Ring Buffer

Sizing (Packets)

33

5-75-7

8-108-10

Try defaultTry default

512kbps512kbps 33

768 kbps768 kbps

1536 kbps1536 kbps

2048 kbps2048 kbps

> 2048kbps> 2048kbps

Link Speed/CIR/SCR

Link Speed/CIR/SCR


Scheduling


1.5mbps

10mbps

H.323

H.323 H.323

Remote A10.2.0.0/16

Remote B10.3.0.0/16

Main10.1.0.0/16

GK

Use the traffic classes to create QoS Policies

- Can have a different policy for different interfaces- A policy defines one or more classes (queues)- Each queue gets appropriate guaranteed b/w- Each queue may mark IP precedence (QoS)

or 802.1P CoS (depending on direction)

Set bandwidth and shaping for the ATM PVC

Apply QoS policy to each appropriate interface

High priority Data traffic will be policed by IP VPN

Best Effort traffic may be delayed, -but is not Policed by IP VPN

- Voice & priority data classes not prioritized today- Treated as best effort, will be prioritized in future


Classify/Schedule/Provision: To NJ Edge IP VPN!

class-map match-any video-nje match access-group name theproxy!Class-map match-any priority-data match access-group name hidata

match protocol BGP!

ip access-list extended theproxy permit ip host 10.1.1.5 anyIp access-list extended hidata permit <rules for important data apps>!Policy-map out-to-nje class video-nje bandwidth percent 50 set ip precedence 4 class priority-data bandwidth percent 20 set ip precedence 2!Interface a0/0.50 description out to remote A ip address 14?.15?.?.? 255.255.?.? pvc 0/50 vbr-rt 1536 1536 100 service-policy out out-to-nje

Define queues,bandwidth, andSet precedence

Define shaping and QoS

under PVC

Define classes, interesting trafficvia access-lists


Classify/Schedule/Provision: Intra-Institution Remotes!class-map match-any video match access-group name videolist match ip rtp 16384 16383Class-map match-any priority-data match access-group name hidata!ip access-list extended videolist permit tcp any any range 1720 1731 permit tcp any range 1720 1731 anyIp access-list extended hidata permit <rules for important data apps>!Policy-map out-to-remotes class video bandwidth percent 50 set ip precedence 4 class priority-data bandwidth percent 20 set ip precedence 2!Interface a0/0.50 description out to remote A ip address 14?.15?.?.? 255.255.?.? pvc 0/50 vbr-rt 1536 1536 100 service-policy out out-to-remotes

Define queues,bandwidth, andSet precedence

Define shaping and QoS

under PVC

Define classes, interesting trafficvia access-lists,

no proxy betweenlocal zones


How To Check if QoS is Functioning

dmindel-837#sh policy interface a0.35

ATM0.35: VC 0/35 -

Service-policy output: VoIP_IPSec

Class-map: voice (match-all)

23393 packets, 3462164 bytes

30 second offered rate 57000 bps, drop rate 0 bps

Match: ip precedence 5

Queueing

Strict Priority

Output Queue: Conversation 40

Bandwidth 64 (kbps) Burst 1600 (Bytes)

(pkts matched/bytes matched) 4771/706108

(total drops/bytes drops) 0/0

Class-map: call-setup (match-all)



Match: ip precedence 3

Queueing

Output Queue: Conversation 41

Bandwidth 5 (%)

Bandwidth 8 (kbps) Max Threshold 64 (packets)

(pkts matched/bytes matched) 10/1368

(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)



Match: any

Queueing

Flow Based Fair Queueing

Maximum Number of Hashed Queues 32

(total queued/total drops/no-buffer drops) 0/0/0

exponential weight: 9


How To Check if QoS is Functioning

End of show policy interface a0.35: (Different time period)

class Transmitted Random drop Tail drop Minimum Maximum Mark

pkts/bytes pkts/bytes pkts/bytes thresh thresh prob

0 94831/8944845 2923/754828 0/0 20 40 1/10

1 0/0 0/0 0/0 22 40 1/10

2 0/0 0/0 0/0 24 40 1/10

3 0/0 0/0 0/0 26 40 1/10

4 0/0 0/0 0/0 28 40 1/10

5 0/0 0/0 0/0 30 40 1/10

6 0/0 0/0 0/0 32 40 1/10

7 0/0 0/0 0/0 34 40 1/10

rsvp 0/0 0/0 0/0 36 40 1/10

Queueing only occurs during congestion

However the counters will still increase

Show Queueing and show queueProvide a summary of counters and flows

dmindel-837>show queue atm 0 vc 0/35

Interface ATM0 VC 0/35

Queueing strategy: weighted fair

Output queue: 0/512/64/2923 (size/max total/threshold/drops)

Conversations 0/4/32 (active/max active/max total)

Reserved Conversations 1/1 (allocated/max allocated)

Available Bandwidth 48 kilobits/sec

Show ip statistics:Fast switching is good!


Site ASite A Site BSite B

BGP Routing Protocol and QoS

Service Provider Routers

BGP Hello

• If there are no issues with BGP, then nothing needs to be done, if there are... •IOS maintains Internal Packet Priority Tag, PAK_PRIORITY, within a router

• Packets with PAK_PRIORITY set have priority for transmission

• EIGRP & OSPF hello packets are PAK_PRIORITY_HIGH

• BGP hello packets are marked IP precedence 6, but NOT PAK HIGH…

• May require scheduling (include BGP in a class w/guaranteed service)• unless this is policed, then set up a separate class with precedence 0

http://www.cisco.com/warp/public/105/rtgupdates.html

VideoVideo

http://www.cisco.com/warp/public/105/rtgupdates.html


Bandwidth Provisioning

• Don’t guarantee > 75% of sustained cell rate (SCR) to video/voice/hi-data classes

• The overhead varies by endpoint and compression

• www.njedge.net/documents/cost/bandwidth-planning.html


!

class-map match-all video–and-call-setup

match ip precedence 4

class-map match-any priority-data


class-map match-all voice


Class-map match-all bgprouting

match protocol bgp

!

Video Target 50% of Link

Reasonable Number of Calls. Requires Testing to Confirm

Bandwidth Provisioning ATM T1 Example

Traffic Categories

Video32%

VoIP11%

All Other Data37%

All Other Data37%

Mission Critical

20%

Mission Critical

20%

IP Precedence 2 & 5 may be policed above contracted amount when thoseClasses are supported in the future

BGP Routing

5%

BGP Routing

5%


Branch Router Policy-Map ATM T1 1536kbps SCR Example

Underlying ATM PVC at 1536kbps

ATM Traffic Shape toSustained Cell Rate

!

policy-map video-nje

class voice

priority 168

class video-and-call-setup

bandwidth 496

class priority-data

bandwidth 328

Class bgprouting

bandwidth 72

class class-default

fair-queue

random-detect

!

Default Max-Reserved Bandwidth 75%

Default Max-Reserved Bandwidth 75%

Class– Default 25%

Class– Default 25%

Video 32%

Class–Default 32%

Class–Default 32%

VoIP11%VoIP11%

MissionCritical

20%

MissionCritical

20%

BGP 5%

Example supports one 386kbps video call


Line RateKbps

Line RateKbps

MaxNumber of 384k/

768kCalls

MaxNumber of 384k/

768kCalls

Max Calls as a % ofLine rate

Max Calls as a % ofLine rate

KbpsFor

Video

KbpsFor

Video

Signaling 5% inKbps

built into video

Signaling 5% inKbps

built into video

MissionCritical20% in kbps

MissionCritical20% in kbps

Max-Reserved-Bandwidth

Max-Reserved-Bandwidth

15361536 1/01/0 33%33% 500500 N/aN/a 307307 11521152

20482048 2/12/1 50%50% 10001000 N/aN/a 410410 15361536

40964096 4/24/2 50%50% 20002000 N/aN/a 820820 30723072

81928192 8/48/4 50%50% 40004000 N/aN/a 16401640 61446144

1024010240 10/510/5 50%50% 50005000 N/aN/a 20482048 76807680

1536015360 15/715/7 50/45%50/45% 75007500 N/aN/a 30723072 1152011520

2048020480 20/1020/10 50%50% 1000010000 N/aN/a 40964096 1536015360

# of H.323 Video Calls by Line RateFor NJE document recommended provisioning at 30% overhead


Internetwork Performance Monitor (IPM)

IPM measures network latency, jitter, availability, packet loss, and errors


Summary

High Quality Video requires QoS

-Tested best practices can provide today

- Requires coordination

- Between LAN & NJ Edge IP VPN

QoS Reference Documents:www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt2/qcfwfq.htm#xtocid9

• www.cisco.com/warp/public/105/video-qos.html

• www.cisco.com/warp/enterprise/771/srnd/qos_srnd.pdf

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt2/qcfwfq.htm#xtocid9

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt2/qcfwfq.htm#xtocid9

http://www.cisco.com/warp/public/105/video-qos.html

http://www.cisco.com/warp/enterprise/771/srnd/qos_srnd.pdf

Cisco Presentation Guide

Documents

Transcript of Cisco Presentation Guide