Thanks to all time best Cisco instructor Kevin Willis for sharing his video on Youtube! I watched his video to revist QoS fundamentals and re-consolidate previous knowledge. KW, you’re a Legend!
“Quality of Service is a managed unfairness.”
Agenda
- Learn QoS Mechanisms
- QoS is like a tool box with various number of tools, not just one thing
- Understand QoS Markings
- how do we mark different traffics
- Demystify Weighted RED
- Weighted Random Early Detection
- Select Appropriate Queuing
- g.) LAN is running 1GB but WAN network is only 10mb, how does the router handle the 100:1 speed ratio,
- High priority traffic such as Real-time streaming video or voice vs download/gaming traffic?
- Explain the ‘Token bucket’
- Configure QoS using MQC
Fundamentals of Quality of Service (QoS):
“Quality of Service is a managed unfairness.”
- Learn QoS Mechanisms
If you have all different application fighting for the same bandwidth, you have to decide based on the characteristics of each traffic. Know what the applications are and what the business needs are.
10Gb links everywhere, no big deal to have a QoS.
Even within LAN, on high speed network the aggregation point becomes a bottleneck.
IntServ = RSVP (Resource Reservation Protocol). Sometimes called “hard-QoS”. Bandwidth is pinned-up (reserved) so a certain traffic can use on demand. These days, we rarely see IntServ in use due to inflexible nation of this QoS mechanism.
DiffServ = Differentiated Service. Router will differentiate different traffic types. Put different traffic types for different class. Create no more than 11 different traffic (if everyone is special, nobody is special) <<<Cisco recommendation.
Best effort = FIFO, first in firs served. No QoS enabled.
Common QoS Mechanisms – QoS is not a single tool that you just activate. QoS is a collection of tools.
- Classification and Marking –
e.g.) Boarding pass for an airline – priority marking on boarding pass
Cisco tells us to classify your traffic into no more than 11 network traffic types. Classify and mark the traffic as early as possible on your network, changing bits on the header. Routers and switches can look at the header information and quickly decide whether to forward/drop packets, so the decision becomes really fast. Use access lists (NBAR) to do this. Once the traffic is classified, put the marking on it. However, classification and marking alone does not do anything.
- Queuing –
E.g.) 1GB or 10GB Switch network traffics coming into router network with 10MB link out. If we had FIFO. We only have a limited amount of memory to queue all traffics, once the queue buckets fill-up, the excess traffics will start dropping overflowing from the single bucket. So to make this more efficient based on different traffic’s characteristics, this bucket can be sub-divided into a few smaller buckets, then different traffic can fill-up and use different buckets with varying priorities.
Mark the traffics and it can be put into different buckets. e.g.) VoIP goes into different bucket vs Best effort traffic. Typically VoIP traffic gets DSCP 46 (Differentiated Services Code Point). If VoIP is marked with a DSCP of 46, then put this traffic into one bucket. Everybody else can go into the other bucket. This is called queue separation. Even though the Best Effort buckets gets full and start dropping packets, the VoIP bucket will fill up occasionally and will not get full and impacted by the Best Effort bucket’s performance.
Cisco has many tools to help us on how to manage queues and dictate emptying these queues. Different Queue mechanisms supported on Cisco IOS? Weighted Fair Queuing, Class-based weighted Queuing, Low Latency Queuing, Priority queuing, Custom Queuing, In the real world scenario, Class-based weighted Queuing and Low Latency Queuing are most often used.
The beauty of queuing is that it can protect certain traffic just simply separating different traffics into different buckets.
- Congestion Avoidance –
RED – Random Early Detection, drop random traffic for the good of many.
- Policing and Shaping –
Traffic conditioners
Policing – sets speed limit, if some packet is trying to transmit more than allowed, policing drops any exceeding traffic packet and these traffics must be retransmitted if they are TCP packets. If this is UDP packets, there is no retransmission.
Shaping – also sets speed limit, but softer, not enough bandwidth, buffer (delay) the packets and then send them off.
- Link Efficiency –
Not as important as it used to be as we have higher WAN links these days.
- Link Fragmentation and Interleaving (LFI) = Sometime on the network on a slow speed link (56kbps link), there is a 1500byte data packet queued up and tiny voice packet has been queued up behind this packet. 214ms to send 1500bytes through 56kbps link.
Voice packet speed requirement:
<150ms transmission speed is OK.
>150ms = will start to get bad
>200ms = really get bad
E.g.) Analogy, metaphor – Caught at Traffic light and three trailer truck (Data packet) is in front of your sports car (voice packet). Fragment the 3 trailers and send them, but the sports car can swivel through them and get passed through. One issue: due to fragmentation, now you have three headers on each of the trailer, so increased header size. @768kbps (WAN link), if you are sending voice over IP, if less than 768kbps speed, use of LFI will help. If 768kbps or more, do not use LFI, it will hurt the network more than helping.
- Compression – sending the same amount of data using less bandwidth
The main use on today’s network is ‘RTP header compression’
RTP (Real Time Protocol) is a L4 protocol, depending on what sort of codec we use, the size of the payload could be 20 bytes, add L3 IP header + L4 UDP header + L4 RTP header = 40 bytes of header alone. Your header is 2 times the size of your payload. The payload to header ratio is 1:2. Turn on RTP header compression on the router interface. The routers looks at the voice packets arriving on its interface and see the commonalities between every packets in the same communication, it seems like every packet has the same destination IP address, same source and destination port IDs, why are we sending the same information multiple times? On each end routers, keep the copy of this information and send much smaller header (either 2 bytes or 4 bytes. 4 bytes have checksum. Generally on Cisco devices, it will use 2 bytes). The 2 bytes header contains the session context identifier (CID) which differentiates one voice conversation with another voice conversation. At the far end router, the router uses CID to identify the voice traffic and put the cached header copies onto the coming in traffic and send out to the LAN network.
2. Understand QoS Markings
L2 marking = Class of Service (CoS)
ISL = not used
IEEE802.1Q = 4 bits added, (3 bits = 8 values (0-7) bits.)
6 and 7 bits = reserved for network use
cos 5 = voice traffic
DSCP Values:
CS (Class Selector)
Issue: Only layer 2 marking, if it goes out through a Router, it gets written over. So, this has to be rewritten at L4 header using Type of Service (TOS) Bytes.
We can use three left bits; we can use IP Precedence (CoS matching only gives 6 classes of traffic as we cannot use 6 & 7 bits as in CoS). IP Precedence is not scalable. We now use DSCP using 6 bits in ToS byte – 0-63 DSCP values can be used. The 64 values gave too many options, so ITF decided to define commonly used DSCP values to set up certain standards.
ITF preselected 21 names Per Hop Behaviours (PHB), we can use the number or names that corresponds to ITF names.
DSCP/PHB Value for Enterprise traffics.
- Demystify Weighted RED
Random Early Detection (RED)
When we get to certain level (Min. threshold), start introducing the possibility of dropping. As it moves up and hit the Max Threshold, the chances of dropping packets get bigger.
MPD = Mark Probability Denominator
Cisco IOS already has MPD values, but this can be manipulated. The following is WRED profiles suggested by Cisco.
Explicit Congestion Notification (ECN)
Uses the 7th bit in ToS Byte for ECT and 8th bit for CE.
The receding router can mark the ECT and CE bits to binary 1’s and ask the other router to slow down. Otherwise, the packets gets dropped and then the TCP slow-start will kick-in (TCP windowing concept, where the window size is doubled continuously until it reaches threshold value and it drops down and TCP slow-start kicks in.)
- Select Appropriate Queuing
CB-WFQ vs LLQ
Cisco recommends us to use no more than 11 traffic classes, but one class already is created by default, “class-default”. Catch-all traffic class, so we can use 12 classes of traffic.
- class-default uses FIFO.
- CB-WFQ – during the time of congestion when QoS kicks in, give minimum of x Mbps of bandwidth, but give more if more bandwidth is available.
- LLQ (priority) queue – during the time of congestion, give up to 3Mbps of bandwidth, but nor more that 3Mbps.
E.g.) Car pool lane or bus lane – if you have more passengers, you have rights to use the special lane, but still needs to keep the speed-limit.
- Explain the ‘Token bucket’
Using Frame-relay network, speed of 128kbps.
How do you send data at the half the rate of the line speed? of if the full line speed is 128kbps, send at 64kbps speed. Use the analogy of car traveling at 100km/h to reach 50kms in 0.5 hours.
Send & stop, send & stop, this is how the policing and shaping does its magic.
- Configure QoS using MQC
MQC Demo
QoS configuration is a 3 steps process:
Step 1: Create Class-maps
#classify EMAIL TRAFFIC
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#class-map ?
WORD class-map name
match-all Logical-AND all matching statements under this classmap
match-any Logical-OR all matching statements under this classmap
type Configure CPL Class Map
R1(config)#class-map match-any EMAIL
R1(config-cmap)#match protocol pop3
R1(config-cmap)#match protocol imap
R1(config-cmap)#match protocol exchange
R1(config-cmap)#match protocol smtp
R1(config-cmap)#exit
R1(config)#class-map VOICE
R1(config-cmap)#match protocol rtp ?
audio Match voice packets
in-app-hierarchy Match protocol in transport hierarchy
payload-type Match an explicit PT
potentially Match protocol, and all potentiall traffic
video Match video packets
<cr>
R1(config-cmap)#match protocol rtp audio
R1(config-cmap)#exit
#WEB TRAFFIC
R1(config)#class-map match-any WEB
R1(config-cmap)#match protocol http
R1(config-cmap)#match protocol secure-http
#SCAVENGER TRAFFIC
R1(config)#class-map SCAVENGER
R1(config-cmap)#match protocol bitt
R1(config-cmap)#match protocol bittorrent
R1(config-cmap)#exit
R1#show class-map
Class Map match-any class-default (id 0)
Match any
Class Map match-any EMAIL (id 1)
Match protocol pop3
Match protocol imap
Match protocol exchange
Match protocol smtp
Class Map match-any WEB (id 3)
Match protocol http
Match protocol secure-http
Class Map match-all VOICE (id 2)
Match protocol rtp audio
Class Map match-all SCAVENGER (id 4)
Match protocol bittorrent
Step 2: Create Policy-maps
R1(config)#policy-map QOS-LAB1
R1(config-pmap)#?
Policy-map configuration commands:
class policy criteria
description Policy-Map description
exit Exit from policy-map configuration mode
no Negate or set default values of a command
R1(config-pmap)#class EMAIL
R1(config-pmap-c)#?
Policy-map class configuration commands:
admit Admit the request for
bandwidth Bandwidth
compression Activate Compression
drop Drop all packets
exit Exit from class action configuration mode
fair-queue Enable Flow-based Fair Queuing in this Class
flow Flow subcommands
log Log IPv4 and ARP packets
measure Measure
netflow-sampler NetFlow action
no Negate or set default values of a command
police Police
priority Strict Scheduling Priority for this Class
queue-limit Queue Max Threshold for Tail Drop
random-detect Enable Random Early Detection as drop policy
service-policy Configure QoS Service Policy
set Set QoS values
shape Traffic Shaping
R1(config-pmap-c)#set dscp af13
R1(config-pmap-c)#bandwidth 512 <<<give this command first before giving ‘random-detect’ command
R1(config-pmap-c)#end
R1(config-pmap-c)#random-detect ?
atm-clp-based Enable atm-clp-based WRED as drop policy
clp parameters for each clp value
cos parameters for each cos value
cos-based Enable cos-class-based WRED as drop policy
discard-class parameters for each discard-class value
discard-class-based Enable discard-class-based WRED as drop
policy
dscp parameters for each dscp value
dscp-based Enable dscp-based WRED as drop policy
ecn explicit congestion notification
exponential-weighting-constant weight for mean queue depth calculation
precedence parameters for each precedence value
precedence-based Enable precedence-based WRED as drop policy
<cr>
R1(config-pmap-c)#random-detect dscp-based <<<default is using cos, this command enables dscp based WRED
R1(config-pmap-c)#random-detect ecn <<<turns on ECN
R1(config-pmap-c)#exit
R1(config-pmap)#class VOICE
R1(config-pmap-c)#priority 256 <<<Enabled LLQ, go first
R1(config-pmap-c)#random-detect dscp-based <<<Since voice traffic is RTP encapsulated in UDP, TCP slow-start will not help us. So, no need to use ECN bits. No need to use WRED.
Must deconfigure priority in this class before issuing this command
R1(config-pmap-c)#exit
R1(config-pmap)#class WEB
R1(config-pmap-c)#bandwidth 768
R1(config-pmap-c)#exit
R1(config-pmap)#class SCAVENGER
R1(config-pmap-c)#police 128000 <<<Set the maximum bandwidth using Policing. This is in bps (bits) not Bps (Bytes).
R1(config-pmap-c-police)#exit
R1(config-pmap-c)#exit
R1(config-pmap)#exit
R1#show policy-map
Policy Map QOS-LAB1
Class EMAIL
set dscp af13
bandwidth 512 (kbps)
Class VOICE
priority 256 (kbps)
Class WEB
bandwidth 768 (kbps)
Class SCAVENGER
police cir 128000 bc 4000
conform-action transmit
exceed-action drop
#Marking only can be done on the inbound traffic.
#Shaping can only be applied to outbound traffic.
#Policing can be applied to either directions.
R1#conf t
R1(config)#int gi0/0
R1(config-if)#service-policy output QOS-LAB1 <<<Apply configuration to outgoing traffic
R1(config-if)#end
R1#show policy-map interface gi0/0
GigabitEthernet0/0
Service-policy output: QOS-LAB1
queue stats for all priority classes:
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
Class-map: EMAIL (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol pop3
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol imap
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol exchange
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol smtp
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
QoS Set
dscp af13
Packets marked 0
bandwidth 512 kbps
Class-map: VOICE (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol rtp audio
Priority: 256 kbps, burst bytes 6400, b/w exceed drops: 0
Class-map: WEB (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol http
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol secure-http
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth 768 kbps
Class-map: SCAVENGER (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol bittorrent
police:
cir 128000 bps, bc 4000 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps
Class-map: class-default (match-any)
3 packets, 180 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 3/180
