Deploying QoS for Enterprise Network Infrastructures

1© 2002, Cisco Systems, Inc. All rights reserved.

PACUG AVVID QOS Seminar

Deploying QoS for Enterprise Network Infrastructures

Mark MontañezEnterprise Solutions Engineering

Design Team: CANI - QoS



Session Objectives

• To be able to design and implement a converged voice, video, and data network that can guarantee voice quality while enabling video conferencing and mission critical data applications

• More information available here:

QoS SRND http://www.cisco.com/application/pdf/en/us/guest/netsol/ns17/c649/ccmigration_09186a00800d67ed.pdf

IP Tel SRND http://www.cisco.com/en/US/netsol/ns110/ns163/ns165/ns268/networking_solutions_design_guidances_list.html



Application LayerApplication Layer

Business LayerBusiness Layer

Highly Available, QoS-Enabled Infrastructure LayerHighly Available, QoS-Enabled Infrastructure Layer

The Enterprise Network Design Model

The OSI Stack Revisited



3 Steps for Implementing QoS

• Classification—Marking the packet with a specific priority denoting a requirement for special service from the network

• Scheduling—Assigning packets to one of multiple queues (based on classification) for preferential treatment throughout the network

• Provisioning—Accurately calculating the required bandwidth for all applications plus element overhead



SiSi

SiSiWAN

QoS Is Needed to Minimize Packet Loss, Delay and Delay Variation

Where QoS Is NeededCentral Campus Remote Branch

• Low-latency queuing

• Data traffic queue provisioning

• Link fragmentation and interleave

• Traffic shaping

• Admission control

• Low-latency queuing

• Data traffic queue provisioning

• Link fragmentation and interleave

• Traffic shaping

• Admission control

QoS—Branch

• Layer 3 policing for content distribution

• Multiple queues on all ports; priority queuing for VoIP

• WRED within data queues for congestion management

• Layer 3 policing for content distribution

• Multiple queues on all ports; priority queuing for VoIP

• WRED within data queues for congestion management

QoS—Campus AccessQoS—Campus Access QoS—Campus Dist.QoS—Campus Dist. QoS—WANQoS—WAN

• Speed and duplex settings

• Classification/trust on IP phone, VC station, Content service and Citrix traffic

• Multiple queues on IP phone and access ports


• Classification/trust on IP phone, VC station, content service, and Citrix server



• Classification/trust on IP phone, VC station, content service, and Citrix server




Agenda

• Quality Concerns with IP Telephony, Multimedia Applications and Mission-Critical Data

• General Enterprise QoS Design Considerations

• Connecting the End-Points

• Designing the Campus

• Enabling the WAN

• QoS Impact

• VoIP and the Telecommuter

• Questions and Answers

• Summary



Example of PCM (64Kbps) IP Telephony Call

• Consistent, easily managed packet rate (default 50pps)• A G.711 call is really ~80Kbps over a data network• Packet loss

Current Cisco GW DSP CODEC algorithms can correct for 30 msec of lost voice—1 G.729A voice packet contains 20 msec of voiceOne lost FAX over IP packet causes a MODEM retrain; 2 drops cause a call disconnectCauses of packet loss: Network quality, network congestion and delay variation (jitter buffer under-runs and over-runs)

64Kbps64Kbps80Kbps80Kbps

Single PCM VoIP CallSingle PCM VoIP Call



Example of 384 Kbps Video (30 fps) Conferencing Traffic (CIF)

• “I” frame is a full sample of the video

• “P” and “B” frames use quantization via motion vectors and prediction algorithms

“P” and “B” Frames128–256 Bytes

“I” Frame1024–1518

Bytes

“I” Frame1024–1518

Bytes

15pps15pps

30pps30pps

600Kbps600Kbps

32Kbps32Kbps



Video Conferencing Traffic Packet Size Breakdown (CIF)

65–128 Bytes 1%

129–256 Bytes 34%129–256

Bytes 34%513–1024 Bytes 20%

513–1024 Bytes 20%

1025–1500 Bytes 37%

1025–1500 Bytes 37%

257–512 Bytes 8%



Some Applications that Require QoS

• Citrix

• DLSw+

• PeopleSoft

• Oracle

• ERP—underlying apps

• PC replication/ multicast applications

• Video distribution

• FTP

• Batch updates

• Backups

• Napster

• KaZaa

• Morpheus

• Grokster



Provisioning for Data:General Principles

• Profile applications to their basic network requirements

• Don’t over-engineer provisioning

• Use proactive policies before reactive (policing) policies

• Seek executive endorsement of relative ranking of application priority prior to rolling out QoS policies for data



Agenda



• Connecting the End-points



• QoS Impact



• Summary



Layer 2 and 3 Traffic Classification

VersionLength Len

Standard IPV4: Three MSB Called IP Precedence(Diffuser May Use Six D.S. Bits Plus Two for Flow Control)

Layer 3IPV4

ID Offset TTL Proto FCS IP-SA IP-DA DataToS

1 Byte

077 12233445566

IP Precedence

DSCP

Flow Controlfor DSCP

Three Bits Used for CoS(802.1D User Priority)

Layer 2802.1Q/p

FCSDATAPTTAG4 Bytes

TAG4 BytesSADASFDPREAM. Type

VLAN IDVLAN IDCFICFIPRIPRI



AF43AF43

AF33AF33

AF23AF23

AF13AF13

AF42AF42

AF32AF32

AF22AF22

AF12AF12

AF41

AF31

AF21

AF11

Diff-Serv Behaviors

EF

Best Effort

Expedited Forwarding

AssuredForwarding

Per-Hop Behaviors (PHB)Per-Hop Behaviors (PHB) Diffuser Code Points (DSCP)Diffuser Code Points (DSCP)

101110

100010 100100 100110

010010 010100 010110

011010 011100 011110

001010 001100 001110

Class Selector (CS) 4

Low Drop Prêt

Low Drop Prêt

Med Drop Prêt

Med Drop Prêt

High Drop Prêt

High Drop Prêt

000000






Diff-Serv Behaviors

AF43AF43

AF33AF33

AF23AF23

AF13AF13

AF42AF42

AF32AF32

AF22AF22

AF12AF12

AF41

AF31

AF21

AF11

EF

Best Effort

Expedited Forwarding

AssuredForwarding

Per-Hop Behaviors (PHB)Per-Hop Behaviors (PHB) Diffuser Code Points (DSCP)Diffuser Code Points (DSCP)

101110

100010 100100 100110

010010 010100 010110

011010 011100 011110

001010 001100 001110


Low Drop Prêt

Low Drop Prêt

Med Drop Prêt

Med Drop Prêt

High Drop Prêt

High Drop Prêt

000000




DSCPDSCP<BE1<BE1<BE2<BE2<BE3<BE3BEBEAF11AF12AF12AF13AF13AF21AF22AF22AF23AF23AF31AF32AF32AF33AF33AF41AF42AF42AF43AF43EF

DecimalDecimal224466

00101212

141418202022222628283030343636383846

BinaryBinary000010000010000100000100000110000110000000000000001010001100001100001110001110010010010100010100010110010110011010011100011100011110011110100010100100100100100110100110101110

IP PRECIP PREC00000000111112222233333444445

BinaryBinary000000000000000000000000001001001001001010010010010010011011011011011100100100100100101



Designing the Campus

• A robust, modern switching design is a requirement Designing High-Performance Campus Intranets with Multilayer Switchinghttp://www.cisco.com/warp/public/cc/so/cuso/epso/entdes/highd_wp.htmGigabit Campus Designhttp://www.cisco.com/warp/public/cc/so/neso/lnso/cpso/camp_wp.htm

Gigabit Campus Network Design— Principles and Architecture

http://www.cisco.com/en/US/netsol/ns110/ns146/ns147/ns17/networking_solutions_implementation_white_paper09186a00800a3e16.shtml

• Multiple queues are required on all interfaces to prevent TX queue congestions/drops

• RTP bearer traffic should always go into the highest priority queue; control should go into separate queue

General Guidelines

SiSi



Building the Branch Office

• The WAN branch router must support advanced Cisco QoS tools

• Map between layer 2 and layer 3 classification schemes

• Use a branch switch with multiple queues

• 802.1Q trunking between the router and switch for multiple VLAN support (separation of voice/data traffic) is preferred

General Guidelines



Enabling the WAN

• QueuingUse CBWFQ for data on all WAN interfaces in a converged network

LLQ for VoIP and video conferencing

• Traffic shaping is required for all frame-relay and ATM/FR networks

• If running VoIP, use LFI on WAN connections below 768KbpsDon’t use LFI on any video over IP solutions with VoIP

• Use cRTP carefully

QoS EnabledWAN

General Guidelines



VoIP Over IPSec VPNs

• Crypto is a FIFO queue, so:Take steps to not over drive the crypto engines capabilities (CAR, skip crypto for voice, new code coming, etc.)

• Use pre-classify when more than ToS byte used for classification• If using IP mc MoH, IPSec GRE tunnel is required• cRTP does not work w/IPSec• See ESE SOHO VPN QoS Design Guide (Part of QoS SRND)• See ESE Web Site V3PN Design Guide (available through your SE)

VPN

General Guidelines



Agenda






• QoS Impact



• Summary



Classification Tools: Trust Boundaries

• A device can be trusted if it correctly classifies packets

• For scalability, classification should be done as close to the edge as possible

• The outermost trusted devices represent the trust boundary

• 1 and 2 are optimal, 3 is acceptable (if access switch cannot perform classification)

SiSi

SiSi

SiSi

SiSi

Endpoints Access Distribution Core WAN Agg.

Trust BoundaryTrust Boundary

11

22

33

11 22 33



PC CoS Settings Are Not Trusted

COS = 5COS = 5

COS = 0

COS = 5COS = 5

COS = 7COS = 7

IP Phone Switch ASICIP Phone Switch ASICUntrusted:

Phone ASIC Will Re-Write CoS 0

Untrusted: Phone ASIC Will Re-Write CoS 0

• set port qos <mod/port> trust-ext _____Only applies to port trust on the IP phone PC Ethernet portUn-related to actual cat6k port trust

• set port qos <mod/port> trust ____Applies to the actual switch port trust rulesuntrusted (default), trust-cos, trust-ipprec, trust-dscpSome 6k 10/100 cards require an additional ACL to actually enable port trust



Connecting the Video Conferencing Stations

• Watch physical speed/duplex settings/negotiation

• Trust classification of known room systems but filter on assigned IP address; VC station is in a conference room where anyone has access to the Ethernet port

• Use H.323 proxy to classify traffic from PC-based VC for admission to WAN PQ

• All video conferencing traffic should be set to DSCP AF41

L3 AwareL3 Aware



Integrating DLSw+

• Default is IP Precedence 5 with no configuration; can cause PQ over subscription if not accounted for

• trust-ipprec from router generating DLSw+ traffic• Use the dlsw remote-peer priority to use the different DLSw+

ports; change the default DLSw+ IP Prec mappingdlsw remote-peer 0 tcp 171.70.234.121 prioritydlsw tos map high 2 medium 2 normal 2 low 2

• DLSw+ is not DSCP aware so we can only set the IP Precedence; admission to mission critical class needs to take this into account

• Place in bandwidth defined class-based weighted fair queue

L3 AwareL3 Aware



Agenda






• QoS Impact



• Summary



Is QoS Needed in the Campus?

Transmit Buffer Management Is Just as Important as Bandwidth Management

Transmit Buffer Management Is Just as Important as Bandwidth Management

“Just throw more bandwidth at it. That will solve the problem!”



Transmit Queue Congestion—WAN

• 100 meg in 128 kb/s out—packets serialize in faster than they can serialize out

• Packets queued as they wait to serialize out slower link

Router

128k Uplink10/100m

WAN

QueuedQueued



Transmit Queue Congestion—LAN

• 1 gig in 100 meg out—packets serialize in faster than they can serialize out

• Packets queued as they wait to serialize out slower link• Many access ports aggregated into single distribution link;

instantaneous periods of congestion

Access Switch

100 Meg Link1 Gig Link

Distribution Switch

QueuedQueued



Transmit Queue Congestion—The Answer

• Multiple queues allow us to protect the queue containing important traffic from drops

• Drops happen in BE only queue(s)

Queue Mgr

RR/WRR/PQQueue Scheduler

Queue 2Queue 2Queue 1

VoiceVoiceData

Round Robin, Weighted Round Robin or Priority Queuing Used for

Scheduling between Queues

Round Robin, Weighted Round Robin or Priority Queuing Used for

Scheduling between Queues



• Cat 6k CatOS - show qos statistics 4/1

• Cat 4500 SupIV - show int fa3/2 count all

• Cat 3550 – show mls qos int statistics fa3/2

Transmit Queue Visibility

Queue Mgr


Queue 2Queue 2

VoiceVoiceData

Queue 1Queue 1



4006-SUPIII-Access#sh int g3/2 count all

.

.

.

Port InPkts 1549-9216 OutPkts 1549-9216

Port InPkts 1549-9216 OutPkts 1549-9216

Gi3/2 0 0

Port Tx-Bytes-Queue-1 Tx-Bytes-Queue-2 Tx-Bytes-Queue-3 Tx-Bytes-Queue-4

Gi3/2 0 0 0 0

Port Tx-Drops-Queue-1 Tx-Drops-Queue-2 Tx-Drops-Queue-3 Tx-Drops-Queue-4

Gi3/2 1122 0 0 0

Port Rx-No-Pkt-Buff RxPauseFrames TxPauseFrames PauseFramesDrop

Gi3/2 0 0 0 0

Transmit Queue—Visibility 4500 SUPIV

Queue Mgr


Queue 2Queue 2

VoiceVoiceData

Queue 1Queue 1



Access Layer Classification and Scheduling

SiSi

SiSiSiSi

Access

Distribution

Core

SiSi

QoS RequiredQoS Required

Required towards Phone and Distribution Layer



Campus QoS

• Access

2900/3500—2Q1T

2950 4Q (priority schedule or WRR)

3550—1P3Q2T or 4Q2T

4000/SUPII—2Q1T

4500/SUPIV—1P3Q2T (priority config)

6500—2Q2T TX (10/100 classic)

1Q4T RX (10/100 classic)

1P2Q2T TX (gig classic)

1P1Q4T RX (gig classic)

• Distribution/core

4500/SUPIV—1P3Q2T

6500—2Q2T TX (10/100 classic)

1Q4T RX (10/100 classic)

1P2Q2T TX (gig classic)

1P1Q4T RX (gig classic)

1P3Q1T TX (10/100 fabric)

1P1Q RX (10/100 fabric)

1P2Q1T TX (gig fabric)

1P1Q8T RX (gig fabric)

Queuing/Scheduling Capabilities Depend on Hardware:

Catalyst Switches which Support Multiple Queues



Campus QoS

• 1P2Q2T

1P2Q2T—One priority queue

1P2Q2T—Two additional queues

1P2Q2T—Two drop thresholds for each queue

• 2Q2T

2Q2T—Two queues

2Q2T—Two drop thresholds for each queue

Queuing/Scheduling Capabilities Depend on Hardware:

Catalyst Switches which Support Multiple Queues



QoS in Catalyst 3550

• 4 transmit queues (1P3Q2T or 4Q2T)

• Need to configure PQ and insure that CoS 5 traffic serviced via PQ

Configurable PQ for 4th queue

priority-queue outConfigurable CoS to specific queue

wwr-queue 4 5Configurable queue depth (expert mode)

Configurable queue weight (expert mode)

• 802.1p, DSCP or ACL-based QoS

• Trust DSCP, or CoS (policy maps)

• Can set DSCP or CoS by port (marked/rewriteor unmarked)

• Mapping from CoS to DSCP/DSCP to CoS

• Now shipping with inline power

SiSi

65006500

35503550 35503550

65006500

35503550



Catalyst 3550 Example

mls qos map cos-dscp 0 10 18 26 34 46 48 56mls qos!!interface GigabitEthernet0/12 description Uplink to Distribution no ip address flowcontrol send off mls qos trust dscp wrr-queue cos-map 4 5 priority-queue out!interface Fastthernet0/1 description to IP Phone no ip address mls qos trust CoS wrr-queue cos-map 4 5 priority-queue out switchport voice vlan 111 switchport access vlan 11 switchport priority extend cos 0

Access Layer—Access Port and UplinkSiSi

65006500

35503550 35503550

65006500

35503550




mls qos map cos-dscp 0 10 18 26 34 46 48 56mls qos!class-map match-all VoIP-Bearermatch access-group name VoIP-Bearerclass-map match-all Mission-Criticalmatch access-group name Mission-Criticalclass-map match-all VoIP-Controlmatch access-group name VoIP-Control!policy-map VoIP-Policyclass VoIP-Control set ip dscp 26 class VoIP-Bearer set ip dscp 46 class Mission-Critical set ip dscp 18!interface GigabitEthernet0/1 description Classification no ip address flowcontrol send off service-policy in VoIP-Policy wrr-queue cos-map 4 5 priority-queue out

Access Layer—ClassificationSiSi

65006500

35503550 35503550

65006500

35503550



QoS in Catalyst 4500—Access (SUPIV)

• 4 queues (1P3Q2T or 4Q2T)Need to configure PQ and insure that CoS 5 traffic serviced via PQConfigurable PQ for 3rd queue tx-queue 3 Priority highConfigurable queue depth (expert mode)Configurable queue weight (expert mode)

• 802.1p, DSCP or ACL-based QoS (policy maps)

• Can set DSCP or CoS by port (marked/rewrite or unmarked)

• Trust DSCP or CoS • Mapping from CoS to DSCP/DSCP to CoS• 4500 shipping with inline power (no PEM)

SiSi

SiSiSiSi

4000SUPIII4000SUPIII



Catalyst 4000 (SUPIII) Example

qos map cos 1 to dscp 10 qos map cos 2 to dscp 18 qos map cos 3 to dscp 26 qos map cos 4 to dscp 34 qos map cos 5 to dscp 46 qos!! interface GigabitEthernet1/1 description Uplink to Distribution qos trust dscp no snmp trap link-status tx-queue 3 priority high!!interface FastEthernet4/1 description To IP Phone qos trust cos no snmp trap link-status switchport voice vlan 111 switchport vlan 11 switchport priority extend cos 0 tx-queue 3 priority high

Access Layer—Access Port and UplinkCore

Distribution

SiSi

SiSiSiSi

Access 40004000



Catalyst 4000 (SUPIII) Example

qos map cos 1 to dscp 10 qos map cos 2 to dscp 18 qos map cos 3 to dscp 26 qos map cos 4 to dscp 34 qos map cos 5 to dscp 46 qos!class-map match-all VoIP-Bearer match access-group name VoIP-Bearerclass-map match-all Mission-Critical match access-group name Mission-Criticalclass-map match-all VoIP-Control match access-group name VoIP-Control!policy-map VoIP-Policy class Mission-Critical set ip dscp 18 class VoIP-Control set ip dscp 26 class VoIP-Bearer set ip dscp 46!interface GigabitEthernet1/1 qos trust cos service-policy in VoIP-Policy tx-queue 3 priority high

Access Layer—ClassificationCore

Distribution

SiSi

SiSiSiSi

Access 40004000



QoS in 6500 Switches—Access (PFC)

• Redundant SUP’s, transmit and receive queues, priority queues and multiple drop thresholds


• Trust DSCP or CoS

• Can set by port DSCP or CoS (marked/rewrite or unmarked)


• Port can trust DSCP, IP Prec or CoSRecommended: trust-cos (access to RX PQ)

10/100 cards require an additional step of configuring ACL to trust traffic

• Output scheduling consists of:Assigning traffic to queues based on CoS

Configuring threshold levels

Modifying buffer sizes (expert mode)

Assigning weights for WRR (expert mode)

SiSi

SiSiSiSi

65006500




Access Layer—Catalyst 6000

cat6k-access> (enable) set qos enablecat6k-access> (enable) set qos cos-dscp-map 0 10 18 26 34 46 48 56

cat6k-access> (enable) set qos ipprec-dscp-map 0 10 18 26 34 46 48 56

cat6k-access> (enable) set qos map 1p2q2t tx 2 1 cos 3cat6k-access> (enable) set qos map 2q2t tx 2 1 cos 3cat6k-access> (enable) set port qos 5/1-48 trust trust-coscat6k-access> (enable) set port qos 5/1-48 cos-ext 0cat6k-access> (enable) set port qos 5/1-48 vlan-basedcat6k-access> (enable) set qos acl ip ACL_IP-PHONES trust-cos ip any any

cat6k-access> (enable) commit qos acl allcat6k-access> (enable) set qos acl map ACL_IP-PHONES 110cat6k-access> (enable) set port qos 1/1-2 trust trust-cos

SiSi

SiSiSiSi

Access40004000



Distribution Layer Classification and Scheduling

SiSi

Access

Distribution

SiSiSiSiCoreQoS RequiredQoS Required

SiSi

Required to/from Access Layer



QoS in Catalyst 4500—Distribution (SUPIV)

• 4 queues (1P3Q2T or 4Q2T)Need to configure PQ and insure that CoS 5 traffic serviced via PQ

Configurable PQ for 3th queue

tx-queue 3

Priority high

Configurable queue depth (expert mode)

Configurable queue weight (expert mode)


• Trust DSCP or CoS

• Can set by port DSCP or CoS (marked/rewrite or unmarked)


• Careful w/over-subscribed cards—32g max

SiSi

SiSiSiSi

4006w/SUPIII



Catalyst 4500 (SUPIV) Example

qos map cos 1 to dscp 10 qos map cos 2 to dscp 18 qos map cos 3 to dscp 26 qos map cos 4 to dscp 34 qos map cos 5 to dscp 46 qos!interface GigabitEthernet4/1 qos trust cos no snmp trap link-status tx-queue 3 priority high!interface GigabitEthernet4/2 qos trust dscp no snmp trap link-status tx-queue 3 priority high

Distribution Layer—DownlinkCore

Distribution

SiSi

SiSiSiSi

Access 40004000



QoS in 6500—Distribution

• Redundant sups, transmit and receive queues, priority queues and multiple drop thresholds

• CoS, DSCP or ACL-based QoS (policy maps)• Trust DSCP or CoS• Can set by port DSCP or CoS

(marked/rewrite or unmarked)• Mapping from CoS to DSCP/DSCP to CoS• Port can trust DSCP, IP Prec or CoS

Recommended: trust-cos (access to RX PQ)10/100 cards require an additional step of configuring ACL to trust traffic

• Output scheduling consists of:Assigning traffic to queues based on CoSConfiguring threshold levels Modifying buffer sizes (expert mode)Assigning weights for WRR (expert mode)

SiSi

SiSiSiSi

65006500



Catalyst 6500 Example—Hybrid

SiSi

Hybrid6500cat6k-distrib> (enable) set qos enable

cat6k-distrib> (enable) set qos ipprec-dscp-map 0 10 18 26 34 46 48 56cat6k-distrib> (enable) set qos cos-dscp-map 0 10 18 26 34 46 48 56cat6k-distrib> (enable) set qos map 1p2q2t tx queue 2 1 cos 3cat6k-distrib> (enable) set qos map 2q2t tx queue 2 1 cos 3cat6k-distrib> (enable) set port qos 1/1-2 trust trust-coscat6k-distrib> (enable) set port qos 3/2 trust trust-dscpcat6k-distrib> (enable) set port qos 9/1 trust trust-dscpcat6k-distrib> (enable) set port qos 9/1 port-based cat6k-distrib> (enable) set qos acl ip ACL_TRUST-WAN trust-dscp ip any anycat6k-distrib> (enable) commit qos acl ACL_TRUST-WANcat6k-distrib> (enable) set qos acl map ACL_TRUST-WAN 9/1

Distribution Layer—Catalyst 6000



Catalyst 6500 Example—Native

Native-IOS6500

mls qosmls qos map ip-prec-dscp 0 10 18 26 34 46 48 56mls qos map cos-dscp 0 10 18 26 34 46 48 56int range gigabitEthernet 1/1 - 2 wrr-queue cos-map 2 1 3 wrr-queue cos-map 2 2 4

! Trust DSCP from the Layer-3 aware enabled Access Switchinterface GigabitEthernet2/1 description trunk port to PFC enabled cat6k-access no ip address wrr-queue cos-map 2 1 3 wrr-queue cos-map 2 2 4 mls qos vlan-based mls qos trust dscp switchport switchport trunk encapsulation dot1q switchport mode trunk

Distribution Layer—Catalyst 6000SiSi



! Trust CoS from the Layer 2 only Catalyst 4000 Access Switchinterface GigabitEthernet2/2 description trunk port to layer 2-only cat4k no ip address wrr-queue cos-map 2 1 3 wrr-queue cos-map 2 2 4 mls qos vlan-based mls qos trust cos switchport switchport trunk encapsulation dot1q switchport mode trunk! Trust CoS from the Layer 2 only 3500 Access Switchinterface GigabitEthernet3/1 description trunk port to layer 2-only 3500 no ip address wrr-queue cos-map 2 1 3 wrr-queue cos-map 2 2 4 mls qos vlan-based mls qos trust cos switchport switchport trunk encapsulation dot1q switchport mode trunk

Catalyst 6500 Example—Native (Cont.)

Distribution Layer—Catalyst 6000

Native-IOS6500

SiSi



Is QoS Needed in the Campus?

“Buffer management is as important as bandwidth management…”

Just Throw Bandwidth at It…NOT!Just Throw Bandwidth at It…NOT!



WAN

Auto QoS—What Is It?

One Command per Interface to Enable and Configure QoS; Modify Global and Interface Settings to Make QoS for VoIP Work

•

•

•

•

•

•

Callmanager Unity Voice Applications

Voice Gateways

•

•

•

•

•

•



Auto QoS What does it do?

• Enforce Trust boundary at the phone

• Enforce Trust boundary on access ports and Uplink/Downlink

• Setup Priority Queuing where required

• Modify Queue Admission criteria where required

• Modify CoS to DSCP and IP Prec to DSCP maps where required

Campus

WAN• Builds QoS VoIP Modular Quality of Service Policy

• Provides LLQ for VoIP Bearer

• Provides Bandwidth CBWFQ for VoIP Control

• Sets up Traffic Shaping per QoS DG where required

• Sets up LFI (FRF.12 or MLP) where required



Agenda






• QoS Impact



• Summary



General Guidelines

QoS in the WAN

• The sum of all queues should be <75% of available bandwidth; LLQ should not be more than 33% of link

• Use LLQ anytime VoIP over the WAN is involved

• Traffic shaping is a requirement for Frame Relay/ATM environments

• Use LFI techniques for all links below 768KbpsDon’t use LFI for any video conferencing over IP applications

• TX-ring sizes may require modifications

• Properly provision the WAN bandwidth

• Mission critical applications (Cytrix, DLSW+, etc.)

• Bandwidth hog applications = less than BE traffic

• Use cRTP carefully



MC-DataMC-DataCBWFQCBWFQ

Layer 3 Queuing Subsystem Layer 2 Queuing Subsystem

FragmentFragment

Interleave

WFQWFQ

Link Fragmentationand Interleave


Low Latency QueuingLow Latency Queuing

PacketsOut

PacketsIn

Police

Low-Latency Queuing Logic Tree

PQ VoicePQ Voice

PQ VCPQ VC PQPQ

LTBELTBE

VoIP-CntrlVoIP-Cntrl

DefaultDefault

TXRingTX

Ring



MC-DataMC-DataCBWFQCBWFQ

Layer 3 Queuing Subsystem Layer 2 Queuing Subsystem

FragmentFragment

Interleave

WFQWFQ



Low Latency QueuingLow Latency Queuing

PacketsOut

PacketsIn

Police

Low-Latency Queuing Logic Tree

PQ VoicePQ Voice

PQ VCPQ VC PQPQ

LTBELTBE

VoIP-CntrlVoIP-Cntrl

DefaultDefault

TXRingTX

Ring

Prior to 12.2 the Priority Queue Was Policing All the Time for Frame Relay on 7200 and below; for ATM and Leased Lines It Was

Policing Only during Periods of Congestion;after 12.2 the PQ ONLY Polices when There Is Congestion on the Link for All Platforms



map-class frame voipofr frame cir 128000 frame mincir 1280 frame bc 1280 frame frag 160

interface ATM1/0.1 point-to-point

LLQ Example—WAN Router

class-map VoIP-Bearer match ip dscp EFclass-map VoIP-Control match ip dscp AF31class-map Video match ip dscp AF41class-map mc-data match ip dscp AF21 match ip precedence 2!policy-map QoS-Policy class VoIP-Bearer priority percent 17 class Video priority percent 16 30000 class VoIP-Control bandwidth percent 2 class mc-data bandwidth percent 25 class class-default random-detect dscp-based fair-queue

!

VoIPovFR: 12.2(3)VoIPovFR: 12.2(3)

ATM: 12.2(3)ATM: 12.2(3)

VoIP—Queuing Leased Lines: 12.2(5.6)Leased Lines: 12.2(5.6)

interface Multilink 1

service-policy output QoS-Policy service-policy output QoS-Policy



*See Roles and Config Documents Located at ESE Web Site



Calculating VoIP Bandwidth Requirements

CODECCODEC Sampling RateSampling Rate Voice Payloadin Bytes

Voice Payloadin Bytes

Packets per Second

Packets per Second

Bandwidth perConversion

Bandwidth perConversion

G.711G.711 20 msec20 msec 160160 5050 80 kbps80 kbps

240240 3333

2020 5050

G.711G.711

G.729AG.729A

G.729AG.729A

30 msec30 msec

20 msec20 msec

30 msec30 msec 3030 3333

74 kbps74 kbps

24 kbps24 kbps

19 kbps19 kbps

CODECCODEC 801.Q Ethernet+ 32 L2 Bytes

801.Q Ethernet+ 32 L2 Bytes

MLP+ 13 L2 Bytes

MLP+ 13 L2 Bytes

Frame-Relay+ 8 L2 BytesFrame-Relay+ 8 L2 Bytes

ATM+ Variable L2 Bytes

(Cell Padding)

ATM+ Variable L2 Bytes

(Cell Padding)

G.711 at 50 ppsG.711 at 50 pps 93 kbps93 kbps 86 kbps86 kbps 84 kbps84 kbps 106 kbps106 kbps

78 kbps78 kbps 77 kbps77 kbps

30 kbps30 kbps 28 kbps28 kbps

G.711 at 33 ppsG.711 at 33 pps

G.729A at 50 ppsG.729A at 50 pps

G.729A at 33 ppsG.729A at 33 pps

83 kbps83 kbps

37 kbps37 kbps

27 kbps27 kbps 22 kbps22 kbps 21 kbps21 kbps

84 kbps84 kbps

43 kbps43 kbps

28 kbps28 kbps

A more accurate method for provisioning is to include the Layer 2 Overhead into the bandwidth calculations:



After

Elastic Traffic MTUElastic Traffic MTUReal-Time MTUReal-Time MTU

Elastic MTUElastic MTU Real-Time MTUReal-Time MTUElastic MTUElastic MTU

214 ms Serialization Delayfor 1500 Byte Frame at 56 kbps

Slow Link Efficiency Tools

Fragmentation and Interleave Not Needed on Links Greater than 768 kbps

Before

Elastic MTUElastic MTU

10ms Delay Frags

FragSize

FragSize

80 Bytes80 Bytes160 Bytes160 Bytes320 Bytes320 Bytes640 Bytes640 Bytes

1000 Bytes1000 Bytes

56 kbps56 kbps 70 Bytes70 Bytes64 kbps64 kbps

128 kbps128 kbps256 kbps256 kbps512 kbps512 kbps768 kbps768 kbps

Link orVC Speed

Link orVC Speed

2000 Bytes2000 Bytes1536 kbps1536 kbps

64Bytes

64Bytes

8 ms8 ms4 ms4 ms2 ms2 ms

1 ms1 ms640

Used640

Used

Serialization Delay Matrix

56 kbps56 kbps 9 ms9 ms64 kbps64 kbps

128 kbps128 kbps256 kbps256 kbps512 kbps512 kbps

768 kbps768 kbps

128Bytes

128Bytes

256Bytes

256Bytes

512Bytes

512Bytes

1024Bytes

1024Bytes

1500Bytes

1500Bytes

16 ms16 ms8 ms8 ms4 ms4 ms2 ms2 ms

1.2 ms1.2 ms

18 ms18 ms


2.6 ms2.6 ms

36 ms36 ms


5 ms5 ms

72 ms72 ms


10 ms10 ms

144 ms144 ms


15 ms15 ms

214 ms214 ms



TX-Ring Sizing

• TX-Ring is an un-prioritized FIFO buffer which holds packets just before media transmission

• Used to make sure enough packets are queued in order to maximize available BW

• Will add to E-2-E delay numbers because serialization delay really equals:Serialization delay * number of packets in the TX-Ring buffer

Misc. VoIP QoS Tools

Default TX-Ring BufferSizing (Packets)

Default TX-Ring BufferSizing (Packets)

22

8192—Must Be Changedfor Low Speed Vcs

8192—Must Be Changedfor Low Speed Vcs

64 (Per Main T1 Interface )64 (Per Main T1 Interface )

PPPPPP 66

MLPPPMLPPP

ATMATM

Frame RelayFrame Relay

MediaMediaRecommended TX-

Ring BufferSizing (Packets)

Recommended TX-Ring Buffer

Sizing (Packets)

33

33

33

33

128 kbps128 kbps 33

192 kbps192 kbps

256 kbps256 kbps

512 kbps512 kbps

768 kbps768 kbps

Link Speed/CIR/PVC

Link Speed/CIR/PVC



WAN QoS—Leased Lines

LFILFI MLPPP—Link Speeds =< 768kbMLPPP—Link Speeds =< 768kb

Leased-Line Circuits

QueuingQueuing Low-Latency QueuingLow-Latency Queuing

cRTPcRTP Supported—See Roles Doc at ESE Web SiteSupported—See Roles Doc at ESE Web Site

VoIP over Leased-Line Minimum IOS 12.2(5.6)



PPP QoS Example

interface Multilink1 ip address 10.1.61.1 255.255.255.0 no ip mroute-cache load-interval 30 service-policy output QoS-Policy ppp multilink ppp multilink fragment-delay 10 ppp multilink interleave multilink-group 1!interface Serial0 bandwidth 256 no ip address encapsulation ppp no ip mroute-cache load-interval 30 no fair-queue ppp multilink multilink-group 1



VoIP over Frame Relay Minimum IOS 12.2(5.6)

WAN QoS—Frame Relay

Link Speeds < 768kbpsFragment Size = Max_Allowed_Jitter/(1 Byte/Line Speed in kbps)Link Speeds < 768kbpsFragment Size = Max_Allowed_Jitter/(1 Byte/Line Speed in kbps)

Shape to CIR - flags and CRC overheadBc = CIR/100Be = 0MINCIR >= Sum of all configured queues

Shape to CIR - flags and CRC overheadBc = CIR/100Be = 0MINCIR >= Sum of all configured queues

cRTPcRTP

LFILFI

QueuingQueuing Low-Latency Queuing per VCLow-Latency Queuing per VC

FRF.12FRF.12

Supported—See Roles Document at ESE Web SiteSupported—See Roles Document at ESE Web Site

Traffic ShapingTraffic Shaping Frame Relay Traffic ShapingFrame Relay Traffic Shaping

Frame-RelayNetwork



768 kbps

Remote SitesT1

CentralSite

Frame Relay, ATM

128 kbps

256 kbps

512 kbps

T1

Buffering which Will Cause Delay and Eventually Dropped Packets

Traffic Shaping—Why?

1. Central to remote site speed mismatch2. To avoid remote to central site over-subscription3. To prohibit bursting above committed rate

What are you guaranteed above your committed rate?

Misc. VoIP QoS Tools Result:Result:



768 kbps

Remote SitesT1

CentralSite

Frame Relay, ATM

128 kbps

256 kbps

512 kbps

T1

Buffering which Will Cause Delay and Eventually Dropped Packets

Traffic Shaping—Why?

1. Central to remote site speed mismatch2. To avoid remote to central site over-subscription3. To prohibit bursting above committed rate

What are you guaranteed above your committed rate?

Misc. VoIP QoS Tools Result:Result:

What about Adaptive Shaping? ESE Did Some Testing; Net-Net the Buffers in the Frame Switch Must Be Tuned Extremely Small to Achieve Timely Notification of

Frame Network Congestion; EDCS-124026



Frame Relay Traffic Shaping (FRTS) Operation

0ms 125 250 375 500 625 750 875 1000

125ms Interval = 125ms Interval = 7000 Bits 7000 Bits

56000 bps56000 bps

Line RateT1

Interval = Interval = Bc Bc

CIRCIR

56k0

Bits 7k 14k 21k 28k 35k 42k 49k

Important:Flags and

CRC Are Not Included in

Shaper Calculations

Important:Flags and

CRC Are Not Included in

Shaper Calculations

When 7000bits (Bc) Transmitted Credits Are Exhausted No More Packets Are Sent in that Interval; This Can Happen at the 4.5ms Point of the Interval; This

Could Add 104.5 Milliseconds Delay in between Packets

When 7000bits (Bc) Transmitted Credits Are Exhausted No More Packets Are Sent in that Interval; This Can Happen at the 4.5ms Point of the Interval; This

Could Add 104.5 Milliseconds Delay in between Packets

Time—1 SecondTime—1 Second

4.5ms4.5ms



Frame Relay QoS Example

interface Serial1 no ip address encapsulation frame-relay load-interval 30 frame-relay traffic-shaping!interface Serial1.71 point-to-point bandwidth 256ip address 10.1.71.1 255.255.255.0 frame-relay interface-dlci 71 class VoIP!map-class frame-relay VoIP frame-relay cir 250880 frame-relay bc 2509 frame-relay be 0 frame-relay mincir 250000 no frame-relay adaptive-shaping service-policy output QoS-Policy frame-relay fragment 320





Allow for Flags and CRC

95% of of CIRShape to CIR * Frame_Sz/[Frame_Sz

+ (Flags+CRC)]

256000*320 / (320+4) = 252840

Flag1 ByteFlag

1 ByteHeader2 BytesHeader2 Bytes Data Variable

CRC2 Bytes

Frame Format

Flag1 ByteFlag

1 Byte





Allow for Flags and CRC

95% of of CIRShape to CIR * Frame_Sz/[Frame_Sz

+ (Flags+CRC)]

256000*320 / (320+4) = 252840

Flag1 ByteFlag

1 ByteHeader2 BytesHeader2 Bytes Data Variable

CRC2 Bytes

Frame Format

Flag1 ByteFlag

1 Byte CIR by the Formula

CIR by the Formula

56 kbps56 kbps

64 kbps64 kbps

128 kbps128 kbps

256 kbps256 kbps

512 kbps512 kbps

768 kbps768 kbps

LinkSpeed

LinkSpeed

Traffic Shaping Do the Math…

99%99% 98%98% 97%97% 96%96% 95%95% 94%94%

253440253440

6336063360

5544055440

126720126720

506880506880

250880

6272062720

5488054880

125440125440

501760501760

752640752640

248320248320

6208062080

5432054320

124160

496640496640

744960744960

245760245760

6144061440

5376053760

122880122880

491520491520

737280737280

240640240640

60160

5264052640

120320120320

481280481280

721920721920

238080238080

5952059520

52080

119040119040

476160476160

714240714240

252832

60952

52968

124872

508816

764936

Formula = (Bandwidth X Fragment Size) ÷ (Fragment Size + 4 Bytes)

760320



WAN QoS—ATM to Frame Relay

VoIP over Hybrid Networks 12.2(3)

Shape to CIR—Flags and CRC OverheadBc = CIR/100Be = 0MINCIR >= Sum of All Configured Queues

Shape to CIR—Flags and CRC OverheadBc = CIR/100Be = 0MINCIR >= Sum of All Configured Queues

Frame-Relay Traffic ShapingFrame-Relay Traffic Shaping

Shape to Low VCSet MLPPP fragmentTo fit in ATM Cells

Shape to Low VCSet MLPPP fragmentTo fit in ATM Cells

cRTPcRTP

LFILFI


MLPPP over ATM and Frame-Relay in 12.2(3)MLPPP over ATM and Frame-Relay in 12.2(3)

See Roles Doc on ESE Web SiteSee Roles Doc on ESE Web Site

Traffic ShapingTraffic ShapingGeneric Traffic ShapingGeneric Traffic Shaping

Frame RelayNetwork

FRF.8FRF.8

ATMNetwork



ATM to Frame Relay Interworking QoS Example

Remote Frame-Relay Configurationinterface Serial6/0 description T1 to Frame Relay switch no ip address encapsulation frame-relay load-interval 30 no arp frame-relay frame-relay traffic-shaping!interface Serial6/0.73 point-to-point description 3640 no arp frame-relay frame-relay interface-dlci 73 ppp Virtual-Template2 class VoIP-256kbs!interface Virtual-Template2 bandwidth 254 ip address 10.1.37.51 255.255.255.0 service-policy output QoS-Policy ppp authentication chap ppp chap hostname R72HQ ppp chap password 7 05080F1C2243 ppp multilink ppp multilink fragment-delay 10 ppp multilink interleave

Central ATM Configurationinterface ATM2/0 no ip address no ip mroute-cache no shutdown atm pvc 1 0 16 ilmi no atm ilmi-keepalive!interface ATM2/0.37 point-to-point pvc cisco37 0/37 tx-ring-limit 3 abr 256 256 protocol ppp Virtual-Template2 !!interface Virtual-Template2 bandwidth 254 ip address 10.1.37.52 255.255.255.0 service-policy output QoS-Policy ppp authentication chap ppp chap hostname HQ_7200 ppp chap password 7 05080F1C2243 ppp multilink ppp multilink fragment-delay 10 ppp multilink interleave



WAN QoS—ATM

Shape to MCR/SCR, Based on Service ClassShape to MCR/SCR, Based on Service Class

VoIP over ATM Minimum 12.2(3)

cRTPcRTP

LFILFI


MLPPP over ATM in 12.2(3)MLPPP over ATM in 12.2(3)

12.2(4)XV2—See Roles Doc ESE Web Site12.2(4)XV2—See Roles Doc ESE Web Site

Traffic ShapingTraffic Shaping

Generic Traffic ShapingGeneric Traffic Shaping

ATMNetwork



PPPoATM MLPPP ATM Cell Optimization

• Modify delay and bandwidth to arrive at fragment that is multiple of 48 bytes and still gives 10ms of serialization delay

Frag Size(Cells)

Frag Size(Cells)

56 kbps56 kbps

64 kbps64 kbps

192 kbps192 kbps

320 kbps320 kbps

384 kbps384 kbps

PVCSpeed

PVCSpeed

PPP Multi-Link Fragment-DelayPPP Multi-Link Fragment-Delay

11 msec11 msec

10 msec10 msec

12 msec12 msec

10 msec10 msec

10 msec10 msec

10 msec10 msec

10 msec10 msec448 kbps448 kbps

576 kbps576 kbps

704 kbps704 kbps

768 kbps768 kbps

640 kbps640 kbps

512 kbps512 kbps

10 msec10 msec

10 msec10 msec

10 msec10 msec

10 msec10 msec

10 msec10 msec

256 kbps256 kbps

22

22

66

99

1111

1212

1616

1919

2121

1717

1414

77

Real DelayReal Delay

12.0 msec12.0 msec

12.0 msec12.0 msec

11.0 msec11.0 msec

10.8 msec10.8 msec

10.5 msec10.5 msec

10.3 msec10.3 msec

10.4 msec10.4 msec

10.7 msec10.7 msec

10.2 msec10.2 msec

10.5 msec10.5 msec

57 kbps57 kbps

68 kbps68 kbps

202 kbps202 kbps

337 kbps337 kbps

414 kbps414 kbps

BandwidthBandwidth

452 kbps452 kbps

606 kbps606 kbps

721 kbps721 kbps

798 kbps798 kbps

644 kbps644 kbps

529 kbps529 kbps

260 kbps260 kbps

13.7 msec13.7 msec

10.5 msec10.5 msec

128 kbps 11 msec4 12.0 msec132 kbps



ATM QoS Example

interface ATM2/0 no ip address no ip mroute-cache atm pvc 1 0 16 ilmi no atm ilmi-keepalive!interface ATM2/0.37 point-to-point pvc cisco37 0/37 tx-ring-limit 3 vbr-nrt 128 128 protocol ppp Virtual-Template2!interface Virtual-Template2 bandwidth 132 ip address 10.1.37.52 255.255.255.0 service-policy output QoS-Policy ppp authentication chap ppp chap hostname HQ_7200 ppp chap password 7 05080F1C2243 ppp multilink ppp multilink fragment-delay 11 ppp multilink interleave



QoS in the Branch Office

• If any VoIP over the WAN is part of the design, advanced QoS tools are a requirement; specifically, LLQ and LFI

• Branch router will typically be 1700, 2600, 3600, 3700.

• L3 to L2 classification for L2 QoSAll of these support VoIP gateway interfaces: Classify VoIP traffic

• Catalyst scheduling capabilities depends on hardware:Catalyst 2950, 3550, or 3524-XL

Catalyst 4000

Catalyst 6500

• NBAR to classify LTBE traffic

• Mission critical applications



Branch Office Design

cat4k> (enable) set vlan 70 name data70cat4k> (enable) set vlan 170 name voice170cat4k> (enable) set vlan 70 2/1-48cat4k> (enable) set port host 2/1-48cat4k> (enable) set port auxiliaryvlan 2/1-48 170cat4k> (enable) set port speed 2/1-49 autocat4k> (enable) set trunk 2/49 on dot1q 1-1005

NativeVLAN=70

Aux VLAN=170Aux VLAN=170

interface FastEthernet1/0 description Catalyst 4000 Branch Office Switch no ip address ip route cache policy no ip mroute-cache load-interval 30 speed 100 full-duplex !interface FastEthernet1/0.70 description native subnet 10.1.70.0 data encapsulation dot1Q 70 ip address 10.1.70.1 255.255.255.0 service-policy output output-L3-to-L2 no ip mroute-cache!interface FastEthernet1/0.170 description native subnet 10.1.170.0 voice encapsulation dot1Q 170 ip address 10.1.170.1 255.255.255.0 service-policy output output-L3-to-L2

802.1Q Trunking



Layer 3 to Layer 2 Classification Mapping at the Branch

WAN

Requires the mod-cli Commands Available in IOS 12.1(5)T*Requires the mod-cli Commands Available in IOS 12.1(5)T*

class-map L3-to-L2-VoIP-RTP match ip dscp EFclass-map L3-to-L2-Video-Conf match ip dscp AF41class-map L3-to-L2-VoIP-Control match ip dscp AF31!policy-map output-L3-to-L2 class L3-to-L2-VoIP-RTP set cos 5 class L3-to-L2-Video-Conf set cos 4 class L3-to-L2-VoIP-Control set cos 3!interface e0/0 service-policy output output-L3-to-L2



NBAR to Identify Applications

• Peer to peer applications like Napster, KaZaa, Morpheus, Grokster

• Citrix and other applications that are not easy to profile/recognize—dynamic/changing ports

• PDLM definitions available at: http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm

Leased Line,Frame Relay,ATM Network



NBAR to Classify P2P Apps and Assign Less than Best Effort Treatment

• Download the latest PDLMs and copy to flash:http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm

• Activate PDLM into RAM: ip nbar pdlm flash:gnutella.pdlm• Use MQC “match protocol” statements to classify the traffic

class-map match-any P2P match protocol gnutella match protocol fasttrack (identifies KaZaa, Morphius and Groekster) match protocol napster (napster.pdlm already embedded into IOS 12.2)

• WRED DSCP-based to cause drops from this traffic firstpolicy-map P2P class P2P set dscp 2

• Alternative is to place in separate bandwidth based queue with very small bandwidth guarantee policy-map P2P class P2P set dscp 2

policy-map QoS-Policy

class class-default

fair-queue

random-detect dscp-based

policy-map P2P-CBWFQ-MIN

class P2P

bandwidth percent 1

Tim Szigeti

i think strict policing should also be included as an optionpolicy-map P2P-POLICING class P2P police 8000 1000 conform-action transmit exceed-action drop



Config Example – NBAR for <BE traffic

ip nbar pdlm flash:gnutella.pdlmip nbar pdlm flash:fasttrack.pdlm!!ip cef!class-map match-all peer-2-peer match protocol napster match protocol napster non-std match protocol gnutella match protocol fasttrack!!policy-map peer-2-peer class peer-2-peer set ip dscp 2!interface FastEthernet0/0 ip address 10.1.1.1 255.255.255.0 speed 100 full-duplex service-policy input peer-2-peer

class-map match-all <BE match ip dscp 2 !policy-map <BE class <BE bandwidth percent 2 class class-default fair-queue random-detect dscp-based!interface Serial0/0 ip address 10.100.1.1 255.255.255.252 service-policy output <BE



WAN QoS Summary

• Classification

• Scheduling

• Provisioning

• Lot’s of tools—LLQ/CBWFQ, FRF.12, MLPPP, WRED, etc.

• More than just VoIP and videoMission-critical applications = bandwidth classes

Bandwidth hogs = <BE treatment



Agenda






• QoS Impact



• Summary



The Solution Test Bed—What We Tested

Leased LinesFrame Relay

ATM to FrameInternetworking

125 Remote Sites



Traffic Profile—QoS without cRTP

DNS4%

FTP15%FTP15%

Standard HTTP10%

Standard HTTP10%

Mission-Critical HTTP (TOS2)

10%

Mission-Critical HTTP (TOS2)

10%

Call Setup (TOS3)

5%

RTP45%RTP45%

TN3270 (TOS2)

10%

TN3270 (TOS2)

10%

Email1%

Traffic Profile



Details on the ESE Page

• Get the details at:

http://wwwin.cisco.com/ent/ese/cani/ins/qos.shtml

• Performance documents (WAN Agg and branch routers)

• Roles document

• Config quick reference



Adding QoS Features—Loss

• Impact of QoS on RTP (voice) streams (ToS 5)

• Lost data (RTP streams) from campus to branch drops from a range of 0.4—36% to 0% loss (all platforms)

PVC SpeedPVC Speed

75007500

PlatformPlatform % Loss(Before)% Loss(Before)

17.5017.50

2.202.20

0.400.40

34.5034.50

2.302.30

1.401.40

36603660

12.3512.35

2.262.26

1.381.38

11.7911.79

72007200

% Loss(After)

% Loss(After)

13.0013.00

0.000.00

00.000.0

00.000.0

0.000.00

0.000.00

0.00

0.000.00

0.000.00

0.000.00

0.000.00

00.000.0

00.000.0

128 kbps128 kbps

256 kbps256 kbps

1536 kbps1536 kbps

256 kbps256 kbps

768 kbps768 kbps

1536 kbps

256 kbps256 kbps

1536kbps1536kbps

768 kbps768 kbps

128 kbps128 kbps

128 kbps128 kbps

768 kbps768 kbps

36.58



Adding QoS Features—Delay

• RTP latency from campus to branch also improves

Target for Latency Is < 50 msec

PVC SpeedPVC Speed

75007500

PlatformPlatform Latency msec(Before)

Latency msec(Before)

462.00462.00

1050.001050.00

1861.00 1861.00

347.25347.25

1048.241048.24

1851.531851.53

36603660

258.74258.74

1047.741047.74

482.86482.86

72007200

Latency msec(After)

Latency msec(After)

621.00621.00

22.6022.60

21.8021.80

17.5017.50

23.8223.82

22.0422.04

23.6323.63

22.4422.44

22.0822.08

22.1522.15

24.28

24.2124.21

22.8022.80

128 kbps128 kbps

256 kbps256 kbps

1536 kbps1536 kbps

256 kbps256 kbps

768 kbps768 kbps

1536 kbps1536 kbps

256 kbps256 kbps

1536kbps1536kbps

768 kbps768 kbps

128 kbps

128 kbps128 kbps

768 kbps768 kbps

182.54182.54

1862.42



Adding QoS Features—Delay Variation

• Jitter (RTP streams) from campus to branch also shows a noticeable improvement

Target for Jitter Is < 5 msec

PVC SpeedPVC SpeedPlatformPlatform Jitter msec(Before)

Jitter msec(Before)

10.0010.00

19.3019.30

17.1017.10

19.5019.50

21.9021.90

7.517.51

19.3019.30

12.1212.12

Jitter msec(After)

Jitter msec(After)

14.4014.40

2.45

2.702.70

3.703.70

2.672.67

3.713.71

3.303.30

2.792.79

3.443.44

3.723.72

2.472.47

2.552.55

3.933.93

128 kbps

256 kbps256 kbps

1536 kbps1536 kbps

256 kbps256 kbps

768 kbps768 kbps

1536 kbps1536 kbps

256 kbps256 kbps

1536kbps1536kbps

768 kbps768 kbps

128 kbps128 kbps

128 kbps128 kbps

768 kbps768 kbps

11.7011.70

22.2922.29

22.40 75007500

36603660

72007200



CPU Impact of Basic Voice QoS Features on 7500/VIP4-80

• LLQ/LFI is part of the reason for the additional CPU load, in that PPS actually goes up, as the smaller (RTP) packets

are prioritized:Qos Impact to PPS on 7500/VIP-4-80

11849

24592

32706 34057

19768

35106

40992 41765

0

5000

10000

15000

20000

25000

30000

35000

40000

45000

128K 256K 768K 1536K

PVC Bandwidth

pp

s

7500 Baseline

7500 QoS Enabled



Branch Router QoS Performance Tests

• 1751—Frame Relay and leased line—12.2(7.5)T

• 2651—Frame Relay, leased line and ATM—12.2(7.6)

• 3640—Frame Relay, leased line and ATM—12.2(7.6)

• 3725—Frame Relay, leased line and ATM (DS3)—12.2(7.6)T1

• Pass/fail determined by RTP loss, delay and jitter (drawn from Chariot), and by router proc cpu

Line SpeedLine SpeedNumber of

CallsNumber of

Calls

2828

44

8080

1212

128k128k

256k256k

2.048M2.048M

4.5 M4.5 M

768k768k

2 2



3725 CPU Utilization QoS + cRTP

2 2.87

11.2

24.7

2 3.7

9.1 9

23.6

1.9 37.8

12.4

31.3

0102030405060708090

100

128K 256K 768K 2.048M 4.5M

Frame Relay

ATM

Leased Line

3725 CPU by WAN Media Type(QoS and cRTP Enabled

x C

PU

(O

ne

Min

ute

Avg

.)

Link Speed



3640 CPU Utilization QoS + cRTP

Frame Relay

0102030405060708090

100

128K 256K 768K 2048K 4645k

Baseline

QoS Enabled

QoS + cRTP

CP

U U

tili

zati

on

PVC Bandwidth

QoS Impact on CPU 3640



Branch Device Summary

• 1751—Nice low-bandwidth branch router

• 2651—Nice low-bandwidth branch router

• 3640—Problems with higher-bandwidths

• 3725—CPU to spare for what we tested;

• Results on the ESE QoS page:http://wwwin.cisco.com/ent/ese/cani/ins/qos.shtmlQOS Performance Guide for WAN Branch Platforms



Agenda






• QoS Impact



• Summary



Crypto VPN Applications

VPN

Enterprise Branch VPN

VPN

Telecommuter VPN

VPN Client



VoIP + Crypto: Where Are We?

• Some customers are already doing this

• V3PN launch underway

• Site to site, QoS enabled, and SOHO DG’s from your SE

• Project in the works—Queuing mechanism for the crypto engine (LLQ before crypto)

• Beginning to work w/ SPs on how to provide this service; CPN certification underway with AVVID friendly SLA’s: http://www.cisco.com/pcgi-bin/cpn/cpn_pub_bassrch.pl



Provisioning: VoIP Bandwidth Calculations with IPSec

LinkHeader

LinkHeaderIP HeaderIP Header

UDP Header

RTPHeader

RTPHeader

VoIP Packet

X Bytes20 Bytes8 Bytes12 Bytes

Voice PayloadVoice

Payload

X Bytes

CODECCODEC IP UDP RTP and IPSec

IP UDP RTP and IPSec

PPPPPPATM Cells

53b Cells 48b Payload

ATM Cells53b Cells 48b

Payload

G.711 at 50 ppsG.711 at 50 pps 112 kbps112 kbps 114.40 kbps114.40 kbps 127.20 kbps127.20 kbps

54.4 kbps54.4 kbps 56.8 kbps56.8 kbpsG.729A at 50 ppsG.729A at 50 pps

63.6 kbps 63.6 kbps

IPSec and GRE Headers

IPSec and GRE Headers

76/80 Bytes(Variable)

VoIP with IPSec MLPPP over ATM



Traffic Shaping

• Traffic shaping to uplink speed

• Avoid uplink congestion

• Ensure that QoS honored

DSLBackbone

3d-PartyDSL Modem

806/1710 To Head End

128k Uplink10/100m Ethernet Shaped



Classification and Scheduling, LFI, and Traffic Shaping

ISDN, Wireless

Etc.

Others

PIX 501 80xTo Head End

Others

Variations:VPN 3002 Can Be Used in Place of PIX 501 if Firewall Not Required

Variations:VPN 3002 Can Be Used in Place of PIX 501 if Firewall Not Required

9x5 CableBackbone

3d-PartyCable Modem

806/1710

To Head End

Single-Box

Two-Box

Third-PartyModem

Cable

827

PIX 501

DSLBackbone

3d-PartyDSL Modem

806/1710

Single-Box

Two-Box

Third-PartyModem

Variation:VPN 3002 Can Be Used in Place of PIX 501 if Firewall Not Required

Variation:VPN 3002 Can Be Used in Place of PIX 501 if Firewall Not Required

To Head End DSL

PIX 501



DSL Options

• Classification and scheduling LLQ/CBWFQ

• Link fragmentation and Interleave (MLPPP)

• PPPoATM vs PPPoEthernet

• PPPoATM fragment size to ATM Cell considerations

PIX 501

827DSL

Backbone

3d-PartyDSL Modem

806/1710

To Head End

Single-Box

Two-Box

Third-Party Modem



Config Example—PPPoATM (827)class-map match-all voice

match ip dscp EF

class-map match-all signaling

match ip dscp AF31

!

policy-map telework

class voice

priority 64

class signaling

bandwidth 8

class class-default

fair-queue

!

interface ATM0

no ip address

pvc 1/100

vbr-rt 128 128

tx-ring-limit 3

encapsulation aal5mux ppp dialer

dialer pool-member 1

interface Dialer0

bandwidth 132

ip address negotiated

ip nat outside

encapsulation ppp

no ip mroute-cache

load-interval 30

dialer pool 1

dialer-group 1

service-policy output telework

no cdp enable

ppp authentication chap callin

ppp chap hostname 827a

ppp chap password 7 104D000A0618

ppp multilink

ppp multilink fragment-delay 11

ppp multilink interleave



Agenda






• QoS Impact



• Summary



What Questions Do You Have?



Summary

• Classification (trust boundary), scheduling, provisioning

• Mission-critical data, voice, video

• QoS in the LAN—not just bandwidth—transmit buffer management/congestion avoidance

• Lots of tools—LLQ/CBWFQ, PQ, WRR, WRED, LFI—FRF.12, MLPPP, traffic shaping

• QoS is an end-to-end proposition; look Quality of Service Policy Manager (QPM) in World of Solutions and keep an eye out for Auto QoS…

Deploying QoS for Enterprise Network Infrastructures

Documents

Transcript of Deploying QoS for Enterprise Network Infrastructures