Campus Quality of Service © 2000, Cisco Systems, Inc © 2000, Cisco Systems, Inc Objectives Upon completion of this module, you will be able to perform the following tasks: • Describe the characteristics of QoS in the campus • Describe reasons why campus QoS is needed • Describe the steps required to implement QoS in the campus • Describe solutions available to solve campus QoS problems • Explain IP Precedence ã Define Differential Service Code Point â 2000, Cisco Systems, Inc www.cisco com econ_387_05_010.ppt The objective of this module is to define the quality of service (QoS) tools which must be implemented to provide a voice-enabled transport service for IP telephony A QoS-enabled transport infrastructure is the prime prerequisite for end-to-end IP telephony, which is covered in the following chapters The key design consideration here is to make sure the proper hardware and Cisco IOS releases are in place, along with sufficient bandwidth, to support the added requirements that voice will place on a data network © 2000, Cisco Systems, Inc Campus QoS Campus QoS Issues –Prioritization (Marking and Queuing) © 2000, Cisco Systems, Inc © 2000, Cisco Systems, Inc www.cisco com econ_387_05_010.ppt Campus QoS Server Farm Access Layer • Hierarchical design • Minimize Layer • Switched 10/100 to desktop • GE/GEC trunks • Fast convergence • Define & enforce a trust boundary • Over-provision & undersubscribe BW Distribution Layer Core Layer Distribution Layer Access Layer WAN © 2000, Cisco Systems, Inc Internet www.cisco.com PSTN econ_387_05_010.ppt Enterprise customers are building hierarchical campus networks These networks minimize the use of Layer technology and attempt to solve problems if possible with Layer 3, for example, route around problems This graphic illustrates a typical network of today The 10/100 Ethernet to the desktop has to be switched Do not support IP Telephony in any way, shape, or form over shared media; switched to the desktop is required, ideally at 100 Mb Gigabit Ethernet trunks should be overprovisioned, and undersubscribed in a campus network QoS in the campus today is like an air bag It’s there It’s ve ry comforting that it’s there, but who wants to use it every day? If using it every day, a large call bill develops All of these QoS mechanisms are important and have to be there because they add value to the network Another important factor is the establishment of a trusted boundary within a network The PC, the attached device, has typically been viewed as something to entrust, just based on the port But now that voice is running - and in the future, video and data - it is imperative that this trust boundary be defined Finally, some characteristics must be identified, some way to identify voice, versus video, versus data on the ingress to the network itself © 2000, Cisco Systems, Inc Need for Campus QoS Speed Mismatch 10 Mbps Many-to-One Aggregation Switching Fabric 1000 Mbps Packets that Made It Through; Rest Are Dropped Buffers Link Utilization 60% • Any of the above scenarios could result in packet loss and/or delay • Delay-sensitive applications like voice need QoS © 2000, Cisco Systems, Inc Example: 100-Mbps Link Packets from Different Applications www.cisco.com econ_387_05_010.ppt Why is QoS needed in the campus? One reason is speed mismatches, going from Gigabit Ethernet to Fast Ethernet Many-to-one means having a lot of things coming down to a common link and oversubscribing it If there is a Catalyst® 6000 with 384 Fast Ethernet ports on it, it is possible to oversubscribe the uplink So potentially, all of these things are reasons to be able to identify voice, and perhaps treat it differently from data © 2000, Cisco Systems, Inc Steps for Campus QoS Steps for Campus QoS Implementation • Marking Marking the packet with a specific priority Establish a trust boundary • Queuing Assigning packets to one of multiple queues (based on classification) for expedited treatment through the network © 2000, Cisco Systems, Inc www.cisco.com econ_387_05_010.ppt The two steps required for campus QoS are marking and queuing It is necessary to distinguish among voice, video, and data traffic The traffic must be marked and a trust boundary established If the traffic is marked at the edge, hopefully, the further into the network, the less the worry about trusting a given packet Next, use that criteria, however the traffic has been classified, to give it preferential treatment, perhaps in the wide-area networks If you can classify at the edge, as you go through the wide-area network you can use that classification mechanism as the entrance criteria, for example, to a priority queue for the WAN The second step is queuing, or assigning packets to one of multiple queues, based on the classification technique employed, within the campus for expedited treatment through the network © 2000, Cisco Systems, Inc Marking What is it? Marking is the QoS feature component that “colors” a packet so that it can be identified and distinguished among other packets in QoS treatment: – Differentiated Services Code Point (DSCP) – IP Precedence – QoS-Group – 802.1p © 2000, Cisco Systems, Inc www cisco.com econ _387_05_010 ppt Packets entering the network may have been marked previously If this marking is from a trusted source, then classification may be based on the previous mark If the marking is not from a trusted source, then classification may be used to determine what the new marking should be Marking can occur at Layer or Layer 3, however many QoS features are based on the IP Precedence bit or Differentiated Services Code Point (DSCP) settings There are methods of marking that will map Layer Class of Service (CoS) bits to Layer IP Precedence or DSCP settings A QoS-group is internal to a router It allows us to virtually mark packets as they come into a router, then use that virtual marking for outbound policy The biggest advantage to virtual marking is that it does not alter the traffic passing through the router © 2000, Cisco Systems, Inc Solutions for Campus QoS Issues • Marking – CoS/ToS/DSCP • Congestion avoidance (WRED) • Scheduling & queuing – Priority queuing WRR ã Policing â 2000, Cisco Systems, Inc www.cisco.com econ_387_05_010.ppt What are the available classification schemes? There is CoS, a Layer scheme, 802.1P, and 802.1Q At Layer are the preferred schemes However, it’s not always possible to classify at Layer The benefit of classifying at Layer is that classification potentially follows a packet from the source to the destination, irrespective of how many hops it traverses This is true as long as you don't re-classify Congestion avoidance schemes, such as WRED, don’t really a great deal for voice directly It uses the UDP, so dropping a packet is not going to help much But it will improve handling TCP traffic, allowing you to throttle it back which helps voice indirectly Another issue is queuing and scheduling The current preferred queuing mechanism is LLQ, which is really PQ-CBWFQ is a rigid traffic prioritization scheme: if packet A has a higher priority than packet B, packet A always goes through the interface before packet B When you define an interface's QoS property as priority queuing, four queues are automatically created on the interface: high, medium, normal, and low Packets are placed in these queues based on priority queuing policies you define on the interface Unclassified packets are placed in the normal queue This allows you to exhaust the voice queue before attempting to deliver other classes of traffic © 2000, Cisco Systems, Inc Weighted round-robin (WRR) scheduling is used on Catalyst 8500 family switch routers (Layer switches) on egress ports to manage the queuing and sending of packets WRR places a packet in one of four queues based on IP precedence, from which it derives a delay priority With WRR, each queue is given a weight This weight is used when congestion occurs on the port to give weighted priority to high-priority traffic without starving low priority traffic The weights provide the queues with an implied bandwidth for the traffic on the queue The higher the weight, the greater the implied bandwidth The queues are not assigned specific bandwidth, however, and when the port is not congested, all queues are treated equally Finally, policing is another QoS tool QoS Policy Manager (QPM) lets you define QoS policies at a more abstract level than can be defined using device commands For example, with QPM you can define policies for groups of devices rather than one device at a time You can also create policies that apply to applications or groups of hosts more easily than can be defined using device commands © 2000, Cisco Systems, Inc Assuming that this Layer device either didn’t have the capability to this classification or you chose not to it at that point, you could classify at the distribution layer The design recommendation has long been that the distribution layer be a Layer device If using a Catalyst® 6000 with a Policy Feature Card (PFC), or the MFSC, you can map the CoS to a DSCP If using VLANs, you can map the VLAN through an ACL on the VLAN Or you could even map the IP address to a DSCP This illustrates the importance of identifying phones uniquely by using a different IP address range The design recommendation is to use RFC1918 addresses for the phones for network 10 For example, at home you have an IP telephone, but your DSL box at home gives you a network 10 address You’d like to be able to give 10.1 to phones, and 10.2 to PCs Again, you want an easy way at Layer to be able to distinguish one kind of traffic from the other From this point into the network onwards, you don’t have to worry about trust You've established your trust boundary; in this case, the trust boundary is the telephone itself You’ve extended the trust to that device; but you’ve achieved classification at Layer and Layer From this point on, you just use your DSCP or IP precedence as the entrance criteria to any fancy queuing you have to achieve You have now achieved end-to-end QoS © 2000, Cisco Systems, Inc 10 Classify at Layer or Layer Layer IPV4 Standard IPV4: Three MSB called IP Precedence (DiffServ (DSCP) may use six D.S bits plus two for flow control) Version ToS Len ID Length Byte Layer ISL ISL Header 26 Bytes Offset TTL Proto FCS IP-SA IP-DA Data Three bits used for CoS (Class of Service) Encapsulated Frame 1…24.5 KBytes Three bits used for CoS (User Priority) Layer 802.1Q/p PREAM SFD FCS Bytes DA SA TAG Bytes PT DATA FCS QoS Tags: Layer = CoS & Layer = ToS © 2000, Cisco Systems, Inc www.cisco.com econ_387_05_010.ppt Traffic Classification Types The goal of protecting voice traffic from being run over by data traffic is accomplished by classifying voice traffic as high priority and then allowing it to travel in the network before low-priority traffic Classification can be done at Layer or at La yer as follows: • At Layer using the bits in the 802.1p field (referred to as class of service or CoS), which is part of the 802.1Q tag • At Layer using the bits of DSCP field in the type of service (ToS) byte of the IP header Classification is the first step towards achieving QoS Ideally, this step should be done as close to the source as possible Trust Boundaries The concept of trust is an important and integral one to deploying QoS Once the end devices have set CoS or ToS values, the switch has the option of trusting them If the switch trusts the values, it does not need to any reclassification; if it does not trust the values, then it must perform reclassification for the appropriate QoS The notion of trusting or not trusting forms the basis for the trust boundary Ideally, classification should be done as close to the source as possible If the end device is capable of performing this function, then the trust boundary for the network is at the access layer in the wiring closet If the device is not capable of performing this function, or the wiring closet switch does not trust the classification done by the end device, the trust boundary may shift How this shift happens depends on the capabilities of the switch in the wiring closet If the switch can reclassify the packets, then the trust boundary remains in the wiring closet If the switch cannot perform this function, then the task falls to other devices in the network going towards the backbone In this case, the rule of thumb is to perform reclassification at the distribution layer This means that the trust boundary has shifted to the distribution layer It is more than likely that there is a high-end switch in the distribution layer with features to support this function If possible, try to avoid performing this function in the core of the network © 2000, Cisco Systems, Inc 11 In summary, try to maintain the trust boundary in the wiring closet If necessary, move it down to the distribution layer on a case-by-case basis, but avoid moving it down to the core of the network This advice conforms with the general guidelines to keep the trust boundary as close to the source as possible This discussion assumes a three-tier network model, which has proven to be a scalable architecture If the network is small, and the logical functions of the distribution layer and core layer happen to be in the same device, then the trust boundary can reside in the core layer if it has to move from the wiring closet Traffic Classification at Layer Using the 802.1p bits within the 802.1Q tag provides the desired QoS results at Layer When traffic has to cross a Layer boundary, however, it becomes imperative to implement these mechanisms using Layer parameters, such as the three IP precedence bits (commonly referred to as ToS) or the new DSCP parameter, which uses the six most significant bits within the ToS byte of the IP header Traffic crosses a Layer boundary when packets are routed between subnets by Layer switches or routers Traffic also crosses a Layer boundary when packets need to go out of the campus network onto the WAN through edge routers When this happens, Layer classification does not help Layer classification is needed for achieving the desired level of QoS All of the QoS techniques employed by the routers (including the very important WAN QoS) rely on Layer classification Layer classification can be achieved by using the appropriate platforms in the campus Beginning with the IP phones, packets are already presented to the switch with CoS = ToS = This Layer classification is preserved even if the packets travel all the way through to the WAN edge router where the Layer header is removed So, if the trust boundary is at the source (IP phone), voice traffic has the ToS bits set to and is presented to the network devices for appropriate treatment WAN routers can use this classification to employ any of the queuing techniques If the trust boundary is not at the source and packets need to be reclassified, then the device performing this function should be capable of doing it at Layer before it can cross a Layer boundary © 2000, Cisco Systems, Inc 12 IP Precedence IP Precedence marks packets into six classes (two reserved): Number 8500 Name Server routine priority immediate flash flash-override critical internet – reserved network – reserved Handset 7500 3600 IP Precedence is used to determine the weight for QoS policy, for example for WFQ, WRED © 2000, Cisco Systems, Inc GSR 7200 www cisco.com PBX 8500 Server econ _387_05_010 ppt IP is normally thought of as being a “best effort” only protocol But IP has always had a mechanism for supporting differentiated services The IP ToS field and the IP Precedence bits provide this capability Because the majority of applications today are IP-based, why not leverage IP for end-to-end QoS policy signaling? IP Precedence takes advantage of in-band signaling The ToS field can be used to bind business policies into network behavior IP Precedence utilizes the three precedence bits in the IP header ToS field to specify class of service for each packet You can partition traffic in up to six classes of service using IP Precedence (two others are reserved for internal network use) The queuing technologies throughout the network can then use this signal to provide the appropriate expedited handling IP Precedence enables service classes to be established using existing network queuing mechanisms with no changes to existing applications and with no complicated network requirements This same approach is easily extended to the next generation of IP, IP version 6, using its Priority field For historical reasons, each precedence corresponds to a name These names, which continue to evolve, are defined in the RFC 791 document Currently Cisco is using precedence for voice traffic, and down to for prioritized applications The higher the precedence, the more quickly the packet should get sent across the network © 2000, Cisco Systems, Inc 13 Differentiated Service Code Point DS field DSCP CU DS field is the ex-ToS Field for IPv4 (RFC 791) and Traffic Class octet for IPv6 • There is a DS field in header of every IPv4 and IPv6 packet DSCP is the field identifying what treatment the packet should receive • DSCP : Differentiated Service Code Point, bits ã CU: Currently Unused, bits â 2000, Cisco Systems, Inc www cisco.com econ _387_05_010 ppt The Internet Engineering Task Force (IETF) defines the six most significant bits of the 1-byte ToS field as the Differentiated Services Code Point (DSCP) The priority represented by a particular DSCP value is configurable DSCP values range from to 63 The slide shows the breakout of the DSCP field Six bits are used for the Differentiated Service Code Point, and bits are currently unused Layer IP packets can carry either an IP Precedence value or a DSCP value MQC supports the use of either value in set and match commands The recommended settings of the DSCP field are backwards-compatible with IP precedence (see the following material) RFC2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers, Dec 98 For additional information, refer to: http://www.ietf.org/rfc/rfc2474.txt © 2000, Cisco Systems, Inc 14 What Are 802.1P and Inter-Switch Link? QoS for a Layer Ethernet switched world! On trunk ports only • 802.1P QoS is: – An IEEE specification – Focuses on support for QoS over LANs and 802.1Q trunks – Supports classes of service • Inter-switch link (ISL) QoS is: – Cisco specification – Focuses on support for QoS over ISL trunks © 2000, Cisco Systems, Inc www cisco.com econ _387_05_010 ppt CoS values range from zero for low-priority to seven for high-priority They can only be applied on trunks (because an encapsulation is only ava ilable on trunks with space for the bits) Inter-Switch Link (ISL) frame headers have a 1-byte User field that carries the CoS value in the three least significant bits IEEE 802.1P and 802.1Q frame headers have a 2-byte Tag Control Information field that carries the CoS value in the three most significant bits, which are called the User Priority bits Other frame types cannot carry CoS values In general, Layer switches can examine, use, or alter MAC layer markings, not IP precedence or DSCP settings, since those are Layer Layer markings are applied on egress trunk ports © 2000, Cisco Systems, Inc 15 How 802.1p QoS Functions • Edge QoS based on 802.1P CoS: – Mark 802.1P priority bits on untagged packets on per port basis – Devices with trunking-capable Network Interface Card (NICs) can their own marking – Do you trust the device on the port to set the bits correctly? • Upstream Layer device performs TOS mapping to map 802.1P to IP Precedence or DSCP © 2000, Cisco Systems, Inc www cisco.com econ _387_05_010 ppt More notes from the Catalyst 6000 series: QoS uses transmit queue drop thresholds to schedule transmission of network traffic from the switch This is called Egress Port Scheduling QoS configures each port with a low priority transmit queue and a high priority transmit queue The default QoS configuration allocates 80 percent of the total transmit queue bandwidth to the low priority queue and 20 percent to the high priority queue Each transmit queue has two drop thresholds that function as follows: • Frames with CoS 0, 1, 2, or go to the low priority transmit queue (queue 1): – Using transmit queue drop threshold 1, the switch drops frames with CoS or when the low priority transmit queue buffer is 40 percent full – Using transmit queue drop threshold 2, the switch drops frames with CoS or when the low priority transmit queue buffer is 100 percent full • Frames with CoS 4, 5, 6, or go to the high priority transmit queue (queue 2): – Using transmit queue drop threshold 1, the switch drops frames with CoS or when the high priority transmit queue buffer is 40 percent full – Using transmit queue drop threshold 2, the switch drops frames with CoS or when the high priority transmit queue buffer is 100 percent © 2000, Cisco Systems, Inc full 16 Campus QoS—An Example Area’s Where QoS May Be a Concern 171.68.192.100 10.0.1.100 TX IP Phone Use DSCP Upstream TX TX TX 1/ Access Layer (L2) 2/ Distribution Layer Voice CoS =5 IP Prec = DSCP = EF 1/ CoS used as entrance criteria to PQ 1/ Map CoS to DSCP, map VLAN to DSCP Reclassify CoS = 2/ Where support exists, map CoS to DSCP, map VLAN to DSCP 2/ Map IP addr to DSCP PC © 2000, Cisco Systems, Inc www.cisco.com 3/ Map L4 to DSCP econ_387_05_010.ppt This graphic shows a typical campus deployment You have an access switch, which is just a Layer device In this example, assuming you’re using 802.1Q between the phone and the switch, you will classify all of the telephony packets on the IP phone This classification occurs for both the control plane, for example, for the RTP Control Protocol (RTCP) traffic going to the Cisco CallManager; and for the bearer plane, for example, the actual RTP stream, classified as CoS equals Then IP precedence equals will be used as the Layer classification for the RTP stream itself So when yo u actually make a telephone call, all of your packets will be marked as IP precedence equals If the PC marks IP precedence, there’s nothing the phone can The packet will just flow through the device It can only reclassify CoS Layer Assuming the first switch you hit is a Catalyst 3500, and the PC doesn’t support 802.1Q, on the switch itself you can reclassify the traffic in the native virtual LAN (VLAN) to whatever CoS value you like If this were a 3500, you’d have two queues on egress: a priority queue for CoS 4-7, and a low-priority queue for CoS 0-3 In this manner, you’ve prioritized voice on egress from the switch, achieving QoS at Layer in that device If that switch were a Catalyst 6500 with a PFC, you would be able to match CoS to IP precedence or DSCP Anything that comes in as IP precedence 5, or DSCP Expedited Forwarding, which maps to IP precedence 5, remains a Anything that comes in from the PC with a zero, maps to DSCP zero And once again, you can use those as the entrance criteria to a priority queue on egress from that switch © 2000, Cisco Systems, Inc 17 Branch QoS—An Example Area’s where QoS Maybe a concern 171.68.192.100 10.0.1.100 TX IP Phone Voice PC © 2000, Cisco Systems, Inc Use DSCP Upstream TX TX TX 1/ Access Layer (L2) 2/ WAN layer CoS =5 IP Prec = DSCP = EF 1/ CoS used as entrance Criteria to PQ 1/ Map IP Addr to DSCP Reclassify CoS = 2/ Where support exists Map CoS to DSCP Map VLAN to DSCP 2/ Map L4 to DSCP www.cisco.com econ_387_05_010.ppt The other end of the conversation may reside in a branch office That branch office could have any Ethernet switch Once again, of course, it can't be a hub, but in this case that switch may not be able to classify If that switch could classify traffic, ideally the process is exactly the same as before On a Catalyst 3500 you can reclassify CoS and use that as the entrance criteria to a priority queue At the WAN edge router, you could use policy based routing to map an IP address (based on the assumption you are using different addresses for the phones versus the PC) to map an IP address to a DSCP You can now establish your trust boundary once again right at the edge and not worry about any classification further into the network You've achieved classification based on the Layer criteria and that can then be used further into the network to decide how you want to handle that packet For example, yo u want to allow it into a priority queue on a WAN link? This ability is a key differentiator in achieving QoS © 2000, Cisco Systems, Inc 18 Campus QoS Review • Is delay less prevalent in the WAN or LAN? • What component of the network planning is crucial to the QoS of a network, but is the most forgotten? • Should shared media be used in the Campus? • Is the IP phone a Layer or Layer device? • What is the design recommendation for the IP address range of phones? • What type capability must the line cards in the switch have in order to use CoS? • Can CoS be mapped to the DSCP? • Voice is identified as RTP traffic within the standard audio range of what UDP ports? © 2000, Cisco Systems, Inc www.cisco com econ_387_05_010.ppt Review some key points regarding QoS considerations in the campus Answer these questions, then, check you answers against those provided on the last slide For additional information about Campus QoS, refer to the following URL: http://wwwin.cisco.com/Mkt/Training/field_training/felc/us/pre_vt/campus/ht ml/data_0505.htm © 2000, Cisco Systems, Inc 19 Summary In this chapter you have learned: • That a QoS-enabled infrastructure is necessary in both the WAN and campus to minimize quality reduction from loss, delay, and jitter • How QoS tools protect voice traffic from data traffic using prioritization, link efficiency, and traffic shaping • How LLQ has evolved as the preferred prioritization tool beginning with IOS 12.0(7) • How QoS tools protect voice traffic from other voice traffic using admission control strategies • When and where to apply QoS tools both in the campus and in the WAN • What Cisco IOS issues affect deployment © 2000, Cisco Systems, Inc © 2000, Cisco Systems, Inc www.cisco.com econ_387_05_010.ppt 20 ... 802.1p field (referred to as class of service or CoS), which is part of the 802.1Q tag • At Layer using the bits of DSCP field in the type of service (ToS) byte of the IP header Classification is... econ_387_05_010.ppt The objective of this module is to define the quality of service (QoS) tools which must be implemented to provide a voice-enabled transport service for IP telephony A QoS-enabled... based on the IP Precedence bit or Differentiated Services Code Point (DSCP) settings There are methods of marking that will map Layer Class of Service (CoS) bits to Layer IP Precedence or DSCP