NJEDge.Net
DRG/VRG Video QoS
NEXT GENERATION NETWORK
Walter King
wking@cisco.com
© 2006 Cisco Systems, Inc. All rights reserved.
Account System Engineer
1
Agenda
• QoS Technologies Review
• NJEDGE Model
© 2006 Cisco Systems, Inc. All rights reserved.
2
QoS Technologies Review
• QoS overview
• Classification tools
• Scheduling tools
• Policing and shaping tools
• CAC - Call Admission control
© 2006 Cisco Systems, Inc. All rights reserved.
3
Different Types of Traffic Have Different
Needs
• Real-time applications
especially sensitive
Interactive voice
Videoconferencing
• Causes of degraded
performance
Congestion
Convergence
Peak traffic load
Link speed & capacity
differences
Set application service
level objectives
© 2006 Cisco Systems, Inc. All rights reserved.
Sensitivity
Application
Examples
Delay
Jitter
Packet
Loss
Interactive
Voice and
Video
Y
Y
Y
Streaming
Video
N
Y
Y
Transactional
/ Interactive
Y
N
N
N
N
N
Bulk Data
Email
File Transfer
4
Video QoS Requirements
Provisioning for Interactive Video
• Latency ≤ 150 ms
• Jitter ≤ 30 ms
Video
One-Way
Requirements
• Loss ≤ 1%
• Minimum priority bandwidth
guarantee required is
Video-stream + 10–20%
e.g., a 384 kbps stream could require
up to 460 kbps of priority bandwidth
• CAC must be enabled
© 2006 Cisco Systems, Inc. All rights reserved.
• Bursty
• Drop
sensitive
• Delay
sensitive
• UDP priority
5
Video QoS Requirements
Video Conferencing Traffic Example (384 kbps)
“I” Frame
1024–1518
Bytes
“I” Frame
1024–1518
Bytes
450Kbps
30pps
“P” and “B” Frames
128–256 Bytes
15pps
32Kbps
• “I” frame is a full sample of the video
• “P” and “B” frames use quantization via
motion vectors and prediction algorithms
© 2006 Cisco Systems, Inc. All rights reserved.
6
Video QoS Requirements
Video Conferencing Traffic Packet Size Breakdown
1025–1500 Bytes
37%
65–128 Bytes
1%
129–256 Bytes
34%
513–1024 Bytes
20%
257–512 Bytes
8%
© 2006 Cisco Systems, Inc. All rights reserved.
7
Problems in non-CoS Network Scenario
Result:
Buffering = Delay or Dropped Packets
10M
20M
Remote Sites
30M
METRO-E
Frame Relay, ATM
1000M
50M
100M
Central
Site
Central to Remote Site Speed Mismatch
Remote to Central Site Over-subscription
Predictable (contractual) sharing of bandwidth
© 2006 Cisco Systems, Inc. All rights reserved.
8
Quality of Service Operations
How Do QoS Tools Work?
Classification
and Marking
Queuing and
(Selective) Dropping
© 2006 Cisco Systems, Inc. All rights reserved.
Post-Queuing
Operations
9
Classification Tools
Ethernet 802.1Q Class of Service
Pream. SFD
DA
SA
Type
TAG
4 Bytes
PT
Data
FCS
Ethernet Frame
Three Bits Used for CoS
(802.1p User Priority)
PRI
CFI
• 802.1p user priority field also
called Class of Service (CoS)
• Different types of traffic are
assigned different CoS values
• CoS 6 and 7 are reserved for
network use
© 2006 Cisco Systems, Inc. All rights reserved.
802.1Q/p
Header
VLAN ID
CoS
Application
7
Reserved
6
Routing
5
Voice
4
Video
3
Call Signaling
2
Critical Data
1
Bulk Data
0
Best Effort Data
10
Classification Tools
IP Precedence and DiffServ Code Points
ToS
Byte
Version
Length
Len
ID
Offset
TTL
Proto
FCS
IP SA
IP DA
Data
IPv4 Packet
7
6
5
IP Precedence
4
3
2
1
0
Standard IPv4
Unused
DiffServ Code Point (DSCP)
IP ECN
DiffServ Extensions
• IPv4: three most significant bits of ToS byte are
called IP Precedence (IPP)—other bits unused
• DiffServ: six most significant bits of ToS byte are
called DiffServ Code Point (DSCP)—remaining two
bits used for flow control
• DSCP is backward-compatible with IP precedence
© 2006 Cisco Systems, Inc. All rights reserved.
11
Classification Tools
MPLS EXP Bits
Frame Encapsulation
MPLS Shim Header
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label
Stack
Label Header
Layer-2 Header
Label Header
Label
Payload
EXP
EXP S
3
2
TTL
1
0
MPLS EXP
S
• Packet class and drop precedence inferred from
EXP (three-bit) field
• RFC3270 does not recommend specific EXP values
for DiffServ PHB (EF/AF/DF)
• Used for frame-based MPLS
© 2006 Cisco Systems, Inc. All rights reserved.
12
Classification Tools
DSCP Per-Hop Behaviors
• IETF RFCs have defined special keywords, called Per-Hop
Behaviors, for specific DSCP markings
• EF: Expedited Forwarding (RFC3246)
(DSCP 46)
• CSx: Class Selector (RFC2474)
Where x corresponds to the IP Precedence value (1–7)
(DSCP 8, 16, 24, 32, 40, 48, 56)
• AFxy: Assured Forwarding (RFC2597)
Where x corresponds to the IP Precedence value
(only 1–4 are used for AF Classes)
And y corresponds to the Drop Preference value (either 1 or 2 or 3)
With the higher values denoting higher likelihood of dropping
(DSCP 10/12/14, 18/20/22, 26/28/30, 34/36/38)
• BE: Best Effort or Default Marking Value (RFC2474)
(DSCP 0)
© 2006 Cisco Systems, Inc. All rights reserved.
13
Classification Tools
Network-Based Application Recognition
Stateful and Dynamic Inspection
IP Packet
ToS
TCP/UDP Packet
Protocol Source
IP Addr
Dest
IP Addr
Src
Port
Dst
Port
Data Area
Sub-Port/Deep Inspection
• Identifies over 90 applications and protocols TCP
and UDP port numbers
Statically assigned
Dynamically assigned during connection establishment
• Non-TCP and non-UDP IP protocols
• Data packet inspection for matching values
© 2006 Cisco Systems, Inc. All rights reserved.
14
Cisco Service Control Engine
Traffic Shaper
SCE 1000 Series
• 2-GB Ethernet interfaces
• System bypass mechanism
• Deep Packet Inspection for up to 2 million
concurrent unidirectional application flows
• Up to 2Gbps throughput
• Up to 40,000 concurrent subscribers
• FRU AC or DC power supplies/fans
• Redundant management interfaces
SCE 2000 Series
• 4-GB Ethernet interfaces
• System bypass mechanism
• Deep Packet Inspection for up to 2 million
concurrent unidirectional application flows
• Up to 4Gbps throughput
• Up to 80,000 concurrent subscribers
• Support for redundant topologies
• FRU AC or DC power supplies/fans
• Redundant management interfaces
© 2006 Cisco Systems, Inc. All rights reserved.
State of the Art Performance
and Carrier-grade Reliabilty
15
Traffic Reports
Bi-Directional
Bandwidth per Video Service
Global Concurrent
Understand
Session per VoIP/Video Service
Usage Trends of VoIP
Service and Other
Offerings
Global Hourly
Call Minutes per VoIP/Video Service
Hourly SIP/H323
Top Talkers
Top SIP
Domains by Volume
© 2006 Cisco Systems, Inc. All rights reserved.
Voice Experience
Reports
(Part of 3.0.X)
16
Voice Reports—Example
Bi-Directional
Example—Call Minutes Usage
Bandwidth per VoIP Service
Global Concurrent
Session per VoIP Service
Global Hourly
Call Minutes per VoIP Service
Hourly SIP
Top Talkers
My Broadband Customers Are Using
Voiceper
Experience
Skype for 500min of Call Time
Hour…
Top SIP
Domains by Volume
© 2006 Cisco Systems, Inc. All rights reserved.
Reports
(Part of 3.0.X)
17
Policing Tools
RFC 2697 Single Rate Three Color Policer
Overflow
CIR
B<Tc
Packet of
Size B
CBS
EBS
No
No
B<Te
Yes
Yes
Conform
Exceed
Violate
Action
Action
Action
© 2006 Cisco Systems, Inc. All rights reserved.
18
Policing Tools
RFC 2698 Two Rate Three Color Policer
CIR
PIR
B>Tp
Packet of
Size B
Yes
PBS
CBS
No
No
B>Tc
Yes
Violate
Exceed
Conform
Action
Action
Action
© 2006 Cisco Systems, Inc. All rights reserved.
19
Scheduling Tools
Queuing Algorithms
Voice
1
1
Video
2
2
Data
3
3
• Congestion can occur at any point in the network
where there are speed mismatches
• Routers use Cisco IOS-based software queuing
Low-Latency Queuing (LLQ) used for highest-priority traffic
(voice/video)
Class-Based Weighted-Fair Queuing (CBWFQ) used for
guaranteeing bandwidth to data applications
• Cisco Catalyst switches use hardware queuing
© 2006 Cisco Systems, Inc. All rights reserved.
20
TCP Global Synchronization:
The Need for Congestion Avoidance
• All TCP flows synchronize in waves
• Synchronization wastes available bandwidth
Bandwidth
Utilization
100%
Time
Tail Drop
Three Traffic Flows
Start at Different Times
Another Traffic Flow
Starts at This Point
© 2006 Cisco Systems, Inc. All rights reserved.
21
Scheduling Tools
Congestion Avoidance Algorithms
TAIL
DROP
WRED
3
3
Queue
3
1
0
1
2
1
2
0
2
0
3
2
1
3
0
• Queueing algorithms manage the front of the queue
0
 Which packets get transmitted first
3
• Congestion avoidance algorithms manage the tail of
the queue
 Which packets get dropped first when queuing buffers fill
• Weighted Random Early Detection (WRED)
WRED can operate in a DiffServ-compliant mode
 Drops packets according to their DSCP markings
WRED works best with TCP-based applications, like data
© 2006 Cisco Systems, Inc. All rights reserved.
22
Scheduling Tools
DSCP-Based WRED Operation
Drop
Probability
Drop All
AF13
Drop All
AF12
Drop All
AF11
100%
50%
0
Begin
Dropping
AF13
Begin
Dropping
AF12
Begin
Dropping
AF11
Average
Queue
Size
Max Queue
Length
(Tail Drop)
AF = (RFC 2597) Assured Forwarding
© 2006 Cisco Systems, Inc. All rights reserved.
23
Congestion Avoidance
RFC3168: IP Explicit Congestion Notification
ToS
Byte
Version
Length
Len
ID
Offset
TTL
Proto
FCS
IP SA
IP DA
Data
IPv4 Packet
7
6
5
4
3
2
DiffServ Code Point (DSCP)
1
0
ECT CE
ECT Bit:
ECN-Capable Transport
CE Bit:
Congestion Experienced
• IP header Type of Service (ToS) byte
• Explicit Congestion Notification (ECN) bits
© 2006 Cisco Systems, Inc. All rights reserved.
24
Traffic Shaping
Line
Rate
Without Traffic Shaping
With Traffic Shaping
Shaped
Rate
Traffic Shaping Limits the Transmit Rate to a Value Lower Than Line Rate
• Policers typically drop traffic
• Shapers typically delay excess traffic, smoothing
bursts and preventing unnecessary drops
• Very common on Non-Broadcast Multiple-Access
(NBMA) network topologies such as Frame Relay
and ATM
© 2006 Cisco Systems, Inc. All rights reserved.
25
Introduction
Why Is Call Admission Control (CAC) Needed?
Circuit-Switched
Networks
Packet-Switched
Networks
IP WAN
PSTN
Physical
Trunks
IP WAN
Link
Third Call
Rejected
PBX
STOP
© 2006 Cisco Systems, Inc. All rights reserved.
Router/
Gateway
IP WAN Link’s LLQ Is
Provisioned for Two
Calls (Equivalent to
Two “Virtual” Trunks)
No Physical Limitation
on IP Links; Third Call
Can Go Through, but
Call
Voice Quality of All Calls
Manager Degrades
 Call Admission
Control Blocks Third Call
26
Gatekeeper Zones
Basics
• Cisco IOS feature, based on
H.323 RAS protocol
• Can be used between Cisco
CallManager clusters, H.323
gateways and H.323 endpoints
• Provides CAC using concept of
zones and associated
bandwidth counters
• Static configuration approach
limits supported topologies
(mainly hub-and-spoke)
© 2006 Cisco Systems, Inc. All rights reserved.
GK
gatekeeper
zone local A abc.com 10.10.10.10
zone local B abc.com
zone remote C abc.com 10.10.20.20
zone remote D abc.com
bandwidth interzone zone A 384
bandwidth interzone zone B 256
bandwidth remote 512
27
Gatekeeper Zones
Zone Concept
Gatekeeper
Gatekeeper
A Physical Device
A Physical Device
GK
GK
GK 1
GK 2
.
Zones
A Logical
Representation of a
Physical Location
Zone A
Zone B
GK 1’s Local Zones
© 2006 Cisco Systems, Inc. All rights reserved.
Zone C
Zone D
GK 2’s Local Zones
28
Gatekeeper Zones
Bandwidth Configuration
bandwidth session zone xyz max-bw
This Is the Maximum Bandwidth Allowed per Session
Bandwidth
Remote
bandwidth remote
max-bw
The Total Bandwidth Allowed in/out
of the Physical GK
Zone A
GK
GK
GK 1
GK 2
Zone B
GK 1’s Local Zones
bandwidth total zone xyz max-bw
The Total Bandwidth Allowed Within a
Zone as Well as in/out of the Zone
© 2006 Cisco Systems, Inc. All rights reserved.
Zone C
Zone D
GK 2’s Local Zones
bandwidth interzone zone xyz max-bw
This Is the Total Bandwidth Allowed in/out of
the Zone
29
Gatekeeper Zones
Bandwidth Calculations
Assume Requested Bandwidth for Each Call Equals 16K
GK
GK
GK 1
GK 2
Zone A
Zone B
Zone C
GK 1’s Local Zones
GK1
Remote
Zone D
GK 2’s Local Zones
= 32K
16
In Use = 032
GK2
Remote
= 48K
16
In Use = 032
Zone A
InterZone = 32K
Total
= 48K
16
In Use = 032
32
In Use = 016
48
Zone C
InterZone = 32K
Total
= 32K
0
In Use = 016
0
In Use = 016
Zone B
InterZone = 48K
Total
= 48K
16
In Use = 032
16
In Use = 032
Zone D
InterZone = 32K
Total
= 32K
In Use = 016
In Use = 016
X
Session = 16K
© 2006 Cisco Systems, Inc. All rights reserved.
Blue Text
Represents
Configured
Bandwidth
Session = 16K
30
Gatekeeper Zones
Bandwidth Provisioning
Provision LLQ PQ
with These Values
L2 Bandwidth
Gatekeeper
L3 Bandwidth
G.711
Audio
128 Kbps
80 Kbps
81.6 Kbps
(64K x 2)
(64K + Header)
(80K + L2 Hdr)
G.729
Audio
16 Kbps
24 Kbps
25.6 Kbps
(8K x 2)
(8K + Header)
(24K + L2 Hdr)
384K
Video
768 Kbps
420 Kbps
(384K x 2)
(384K + est. L2/L3 Headers)
(Frame Relay)
For More Details, Refer to the QoS SRND and IP
Telephony SRND at: www.cisco.com/go/srnd
© 2006 Cisco Systems, Inc. All rights reserved.
31
NJEDGE AS21976
QoS Same as Link #1
MAGPI AS10466
Internet2 (I2) MBGP
Magpi Router
Halsey 6500- Router Halsey 6500-2 Router
EBGP/MBGP
Layer2 VLAN
EBGP/MBGP
1
S
STATU
WS-SVC-FWM-1
QoS Same as Link #1
DO NOT REMOVE CARD WHILE
STATUS LED IS GREEN OR
DISK CORRUPTION MAY OCCUR
FIREWALL SERVICES MODULE
NO QOS Tools
Except Trust
SHUTDOWN
2
S
WS-SVC-FWM-1
STATU
NJIT AS4246
Institution
Template2
NJEDGE AS21976
DO NOT REMOVE CARD WHILE
STATUS LED IS GREEN OR
DISK CORRUPTION MAY OCCUR
FIREWALL SERVICES MODULE
SHUTDOWN
WS-X6724-SFP
24 PORT GIGABIT ETHERNET SFP
3
STATUS
1
SES link #2
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
4
WS-SUP720-3BXL
DISK 0
PORT 2
CONSOLE
5
IVE
TEM
ACT
SYS
T
PWR
MGM
PORT 1
ET
DISK 1
EJECT
RES
S
STATU
1
TUS
STA
WS-SVC-FWM-1
EJECT
SUPERVISOR 720 WITH INTEGRATED SWITCH FABRIC/PFC3BXL
LINK
DO NOT REMOVE CARD WHILE
STATUS LED IS GREEN OR
DISK CORRUPTION MAY OCCUR
FIREWALL SERVICES MODULE
SHUTDOWN
LINK
LINK
WS-SUP720-3BXL
DISK 0
PORT 2
CONSOLE
6
INST.. AS65XXX
ACT
T
PWR
MGM
PORT 1
ET
DISK 1
EJECT
RES
1G Ethernet Trunk
S
STATU
IVE
TEM
SYS
EJECT
SUPERVISOR 720 WITH INTEGRATED SWITCH FABRIC/PFC3BXL
LINK
DO NOT REMOVE CARD WHILE
STATUS LED IS GREEN OR
DISK CORRUPTION MAY OCCUR
FIREWALL SERVICES MODULE
SHUTDOWN
LINK
LINK
WS-X6704-10GE
 I2 10,000 Routes 
 NJEDGEI1 Routes 
 NJEDGE-DC Routes 
Block Internet
Block DC to I1
PORT1
TUS
7
WS-X6724-SFP
24 PORT GIGABIT ETHERNET SFP
STA
TX
1
LINK
3
2
PORT2
RX
TX
PORT3
RX
TX
PORT4
RX
TX
RX
4
LINK3
LINK
LINK
4 PORT 10 GIGABIT ETHERNET
STATUS
1
SES link #1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
WS-SUP720-3BXL
DISK 0
PORT 2
CONSOLE
IVE
TEM
ACT
SYS
T
PWR
MGM
PORT 1
ET
DISK 1
EJECT
RES
EJECT
DISK 0
LINK
LINK
LINK
 I2 10,000 Routes 
 I1 240,000 NJEDGEI1 
 I1 Default NJEDGEI1 
** NJEDGE-CORE **
 NJEDGE-DC 
 NJEDGE-SEG 
Block I2 <-> I1
LINK
8
STATUS
PORT3
RX
TX
PORT4
RX
TX
1
TX
STATU
0
1
A/L
C/A
C/A
PORT2
RX
RX
STATU
LINK
0
4
LINK3
C/A
2
LINK
SPA-2XOC3-ATM
9
STATUS
1
0
A/L
A/L
C/A
C/A
S
STATU
STATU
0
A/L
C/A
C/A
WS-X6182-2PA
1
FLEXWAN MODULE
A/L
SPA-2XOC3-ATM
FAN
STATUS
Egress MAP DSCP to COS
Egress CBWFQ/Queueing and WRR
1
STATU
S
0
A/L
A/L
STATUS
SPA-2XOC3-ATM
SPA-2XOC3-ATM
-48 V TO -60 V
80 A
AL
N
RU
GP
-48 V TO -60 V
80 A
L
ST
IN
EB
INPUT
OK
AL
FAN OUTPUT
OK
FAIL
L
ST
IN
N
RU
INPUT
OK
FAN OUTPUT
OK
FAIL
Cisco Systems, Inc.
Switch must be in off "O" position to Install/Remove power supply.
Fastener must be fully enaged prior to operating power supply.
Cisco Systems, Inc.
Power Supply 1
Internet (I1) Verizon
Router
Switch must be in off "O" position to Install/Remove power supply.
Fastener must be fully enaged prior to operating power supply.
Power Supply 2
Catalyst 6500 SERIES
-48 V TO -60 V
80 A
AL
-48 V TO -60 V
80 A
L
ST
IN
EVC
Shaper CIR
EBGP/MBGP
N
RU
Cisco Systems, Inc.
INPUT
OK
AL
FAN OUTPUT
OK
FAIL
L
ST
IN
Switch must be in off "O" position to Install/Remove power supply.
Fastener must be fully enaged prior to operating power supply.
N
RU
Cisco Systems, Inc.
Power Supply 1
INPUT
OK
FAN OUTPUT
OK
FAIL
Switch must be in off "O" position to Install/Remove power supply.
Fastener must be fully enaged prior to operating power supply.
Power Supply 2
NO QOS Tools
Except Trust
Catalyst 6500 SERIES
Ingress CLASSIFY and MARK
Ingress Map IPPrec to DSCP
10G Etherchannel
MPLS LDP Path
EVC Shaper CIR
IBGP
SIP MODULE Gig Port….
Egress MAP DSCP to COS
Egress Queueing and WRR
Ingress Remap CHK DSCP
MCI
AS107
SPA-2XOC3-ATM
SPA-2XOC3-ATM
FLEXWAN MODULE
1G Etherchannel
MPLS LDP Path
WS-X6182-2PA
FLEXWAN MODULE
LINK
A/L
TX
1
LINK
A/L
PORT1
TUS
STA
4 PORT 10 GIGABIT ETHERNET
WS-X6182-2PA
LINK
FLEXWAN MODULE
9
RES
EJECT
WS-X6704-10GE
7
FAN
STATUS
PORT 1
ET
DISK 1
EJECT
C/A
T
PWR
MGM
S
ACT
A/L
IVE
TEM
SYS
SPA-2XOC3-ATM
SPA-2XOC3-ATM
PORT 2
CONSOLE
TUS
STA
SUPERVISOR 720 WITH INTEGRATED SWITCH FABRIC/PFC3BXL
S
TUS
STA
SUPERVISOR 720 WITH INTEGRATED SWITCH FABRIC/PFC3BXL
WS-SUP720-3BXL
6
S
5
IBGP/MBGP
STATUS
S
STATUS
8
STATU
4
C/A
24
C/A
23
S
22
STATU
21
1
20
0
19
A/L
18
A/L
17
C/A
16
C/A
15
S
14
STATU
13
1
12
0
11
A/L
10
A/L
9
C/A
8
1
7
0
6
A/L
5
A/L
4
C/A
3
C/A
2
24 PORT GIGABIT ETHERNET SFP
C/A
WS-X6182-2PA
1
WS-X6724-SFP
Institution
Template1
TUS
STA
WS-SVC-FWM-1
2
Ingress Classify IP DST
Ingress MAP to DSCP
Ingress No Trust
Ingress Dual Rate P Per Institution
Ingress Dual Rate Mark PIR Discard Elig.
Egress Single Rate P Per Institution
Egress Police per IP SRC
Ingress Classify IP L4
Ingress MAP IP DST to DSCP
Ingress No Trust
Ingress Single Rate P Agg SEGP
Egress Single Rate P Agg SEGP
Policer CIR
Policer CIR
Policer PIR
Policer CIR
Policer CIR
NJEDGE QoS INTERCONNECT
Full MPLS GRT DESIGN 2
Dual Rate Policer and
Traffic Shaping from Core to SES
SES EVC RATES and CLASSES TODAY
Purchased Class
Priority Data
Policed Rate
NJEDge
Video
Extranet
Other
EVC Full
Policed Rate
Class Marking
2,1
Purchased Rate
Policed Rate
·
·
·
CLASSES:
Real Time
Priority Data
Best Effort
Internet2
Purchased Class
Best Effort
Policed Rate
SES EVC VLAN
Internet
Class Marking 0,
Traffic Classes
Inherited SubRates
Based on Usage
Purchased Class
Priority Data
Policed Rate
NJEDge
Video
Extranet
Other
EVC Full
Policed Rate
Class Marking
2,1
Purchased Rate
Policed Rate
RATE
GROUPING:
1 Mbit
2 Mbit
3 Mbit
.
.
10 Mbit
20 Mbit
30 Mbit
.
.
.
100 Mbit
200 Mbit
300 Mbit
.
1000 Mbit
Internet2
Purchased Class
Best Effort
Policed Rate
SES EVC VLAN
Internet
Class Marking 0
Traffic Classes
Inherited SubRates
Based on Usage
© 2006 Cisco Systems, Inc. All rights reserved.
33
Classifying Traffic from
Internal Network
ip access-list extended njedge-allother-traffic
permit ip any any
ip access-list extended mc-control-acl
permit ip any 224.0.0.0 15.255.255.255
ip access-list extended njedge-VoIP
permit udp any any range 16384 32768
ip access-list extended njedge-h323-VC
permit tcp any any eq 1720
permit udp any any eq 1719
permit tcp any any eq 1719
permit udp any any eq 1718
permit ip host 155.246.1.10 any
permit tcp any any eq 1718
class-map match-any in-EF
match ip dscp ef
match ip precedence 5
match access-group name njedge-VoIP
class-map match-all in-CS4
match access-group name mc-control-acl
class-map match-any in-af41
match ip precedence 4
match access-group name njedge-h323-VC
class-map match-all in-best-effort
match access-group name njedge-allother-traffic
•Interface GigabitEthernet0/3
© 2006 Cisco Systems, Inc. All rights reserved.
Applying Classification
from Internal Network
policy-map in-SETDSCP
class in-EF
set ip dscp ef
class in-af41
set ip dscp af41
class in-CS4
set ip dscp cs4
class in-best-effort
set ip dscp default
!
interface GigabitEthernet0/3
ip address 155.246.1.1 255.255.255.0
ip pim sparse-mode
load-interval 30
duplex auto
speed auto
media-type rj45
no negotiation auto
service-policy input in-SETDSCP
IOS Router
Edge
•Interface GigabitEthernet0/0
34
Classifying Traffic out to SES
class-map match-all out-ROUTING
match ip dscp cs6
class-map match-all out-VOICE
match ip dscp ef
class-map match-any out-INTERACTIVE-VIDEO
match ip dscp af41 af42 af43
match precedence 4
class-map match-all out-STREAMING-VIDEO
match ip dscp cs4
class-map match-any out-DEFAULT-BEST-EFFORT
match ip dscp default
policy-map SCHOOL-EDGE-TWO-CLASS-SES
class out-ROUTING
bandwidth percent 1
set cos 2
class out-VOICE
priority percent 4
set cos 2
class out-INTERACTIVE-VIDEO
priority percent 12
set ip dscp cs4
set cos 2
class out-STREAMING-VIDEO
set cos 0
class out-DEFAULT-BEST-EFFORT
bandwidth percent 83
random-detect
set cos 0
•Interface GigabitEthernet0/3
© 2006 Cisco Systems, Inc. All rights reserved.
Applying Classification on
to SES Interface
policy-map SHAPE-PARENT
class class-default
shape average percent 4
service-policy SCHOOL-EDGE-TWO-CLASS-SES
Interface GigabitEthernet0/2
no ip address
load-interval 30
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/2.93
description to CORE (I1) NJEDGEI1 VRF
encapsulation dot1Q 93
ip address 130.156.250.94 255.255.255.252
ip pim sparse-mode
no snmp trap link-status
service-policy output SHAPE-PARENT
IOS Router
Edge
•Interface GigabitEthernet0/2.93
35
© 2006 Cisco Systems, Inc. All rights reserved.
36
DESIGN
Phase I
NJEDge
INSTITUTION EDGE
NJEDge II Applications and Network
Services
Network Services
Applications
Internet2
Internet
Video Conferencing
National Lambda Rail
National Research Foundation Apps
Weather Modelling
GRID Clustering
GRID HPC
Disaster Recovery
Storage
Video on Demand/Streaming Video
DVI HDTV /Very High Bandwidth Video
Multicast/Streaming Video
Community Medical Computing
VoIP
IP Telephony
VoIP Peering
1Mbps - 10Gbps and 40Gbps Access/Transport
Ability
Evolutional Growth
Tiered Classified Site Models/Modularity
Full Manageability/A-Z Provisioning
Ability to bring on any service
Rapid Enablement
Shared Secure Access
Any-to-Any Access
Separation Segmentation Virtualization
MPLS
Security
Scaling
IPv6
QoS
Redundancy/Resiliency/Multi-paths
Non-Stop Forwarding
NJEDge II Applications and Network
Services Next Gen Impact
ATM vs SES vs Fiber:
1.544Mbps -1GE - 10GE:
Segmentation Differentiation
T1 1.5Mbps
How
10Mbps,20Mbps,50Mbps
•PVC
•VLAN
OC-3,100Mbps,200Mbps
•MPLS
•QoS
1GE
QoS:
10 GE
Implementation
Dark Fiber, GE, WDM
How
•Classification
•Shaping
BGP:
•Policing
•Sharing
BGP or Not
Default Routing – General Routing
Full Routes - Specific routing
© 2006 Cisco Systems, Inc. All rights reserved.
39
NJEDge II Applications and Network
Services Next Gen Impact
Multicast:
MPLS at the Edge:
PIX 6.3 vs 7.0
Institutional Routing
FWSM 2.3 vs 3.1
Separation of I1 vs I2 vs DR vs Intra-campus bond
traffic
Traffic Control with RPs and QoS
IPv4 vs IPv6:
I2 Multicast Streams
VPN
RPs Inside and Out
Regulatory :
CLEA
SOX
HIPPA
Storage over IP :
High Speed Synchronous Replication
Moderate Asynchronous Replication
Jumbo Frames
Encryption
© 2006 Cisco Systems, Inc. All rights reserved.
40
NJEDge Connectivity
School Site CE Change
Internet ATM PVC
ATM
Managed Service today
Internet
Verizon
MPLS CORE
SchoolX
PE
CE
Internet ATM PVC
Intranet /Internet2
ATM PVC
Commodity
PE
Intranet/Internet 2 ATM PVC
PE
Internet 2
Receiver for
10.3.245.238
ATM
SchoolX
Internet VRF
Intranet /Internet2
VRF
Managed Service Tomorrow
Internet VRF under
singlePVC
Verizon ATM
CORE
CE
Intranet/Internet 2 VRF under single
PVC
Receiver for
10.3.245.238
Commodity
Internet
OR
MAGPI
Internet 2
165 Halsey St. Carrier Hotel
GK
© 2006 Cisco Systems, Inc. All rights reserved.
GK
41
NJEDge II
Connectivity
School Site CE Change
Internet VLAN VRF
Intranet /Internet2
VLAN VRF
GE Managed Service or Dark Fiber Tomorrow
SchoolX
Internet VRF under
singlePVC
OR
Commodity
Internet
Intranet/Internet 2 VRF under single
PVC
Receiver for
10.3.245.238
MAGPI
Internet 2
165 Halsey St. Carrier Hotel
GK
100Mbps and Multiple 100Mbps Rates
GK
1GE/10GE Access Method
SES or
CE
CE
100Mbps/1000Mbps Rate
3845NS, 7200 NPE-G1/2 or
7301/4 Router
100Mbps/1000/10000Mbps
Rate 3400 3750M 3750
6500/Sup32
Direct Fiber-Ethernet
Direct Fiber
CE
CE
© 2006 Cisco Systems, Inc. All rights reserved.
CWDM and/or
DWDM
42
NJEDge II Connectivity
Example
Internet and DMZ Design – De-aggregation
School DMZ Design
GK
SSL /IPSEC VPN
GUARD XT DDOS
IPS
Global
Loadbalancer
Institution/Internet
Edge Router
Firewall
SCE Service
Control Engine
IPS
Public Servers
Shown are de-aggregated
functions of combination
appliance as well appliance
functions– various switch and
firewall functions are virtual
Server
LoadBalancer
SSL Offload
Content Engine
WAAF
Application Servers
CS-MARS
NJEDgeNet
Core
Database Servers
© 2006 Cisco Systems, Inc. All rights reserved.
43
© 2006 Cisco Systems, Inc. All rights reserved.
44
© 2006 Cisco Systems, Inc. All rights reserved.
45
© 2006 Cisco Systems, Inc. All rights reserved.
46
© 2006 Cisco Systems, Inc. All rights reserved.
47
© 2006 Cisco Systems, Inc. All rights reserved.
48
© 2006 Cisco Systems, Inc. All rights reserved.
49
© 2006 Cisco Systems, Inc. All rights reserved.
50
© 2006 Cisco Systems, Inc. All rights reserved.
51