Optimizing Converged
Cisco Networks (ONT)
Module 4: Implement the DiffServ QoS Model
© 2006 Cisco Systems, Inc. All rights reserved.
Module 4: Implement
the DiffServ QoS
Model
Lesson 4.1: Introducing Classification and Marking
© 2006 Cisco Systems, Inc. All rights reserved.
Objectives
 Describe the classification and marking for QoS.
 Explain the relationship between IP Precedence and
DSCP.
 Describe the standard Per Hop Behavior (PHB) groups
and their characteristics.
 Explain how a service class is used to implement QoS
policies.
 Describe a trust boundary and the guidelines used to
establish this boundary.
© 2006 Cisco Systems, Inc. All rights reserved.
Classification
 Classification is the process of identifying and
categorizing traffic into classes, typically based upon:
Incoming interface
IP precedence
DSCP
Source or destination address
Application
 Without classification, all packets are treated the same.
 Classification should take place as close to the source
as possible.
© 2006 Cisco Systems, Inc. All rights reserved.
Marking
 Marking is the QoS feature component that “colors” a
packet (frame) so it can be identified and distinguished
from other packets (frames) in QoS treatment.
 Commonly used markers:
Link layer:
CoS (ISL, 802.1p)
MPLS EXP bits
Frame Relay
Network layer:
DSCP
IP precedence
© 2006 Cisco Systems, Inc. All rights reserved.
Classification and Marking in the LAN with
IEEE 802.1Q
 IEEE 802.1p user priority field is also
called CoS.
 IEEE 802.1p supports up to eight CoSs.
 IEEE 802.1p focuses on support for
QoS over LANs and 802.1Q ports.
 IEEE 802.1p is preserved through the
LAN, not end to end.
© 2006 Cisco Systems, Inc. All rights reserved.
Classification and Marking in the Enterprise
© 2006 Cisco Systems, Inc. All rights reserved.
DiffServ Model
 Describes services associated with traffic classes,
rather than traffic flows.
 Complex traffic classification and conditioning is
performed at the network edge.
 No per-flow state in the core.
 The goal of the DiffServ model is scalability.
 Interoperability with non-DiffServ-compliant nodes.
 Incremental deployment.
© 2006 Cisco Systems, Inc. All rights reserved.
Classification Tools
IP Precedence and DiffServ Code Points
ToS
Byte
Version
Length
Len
ID
Offset
TTL
Proto
FCS
IP SA
IP DA
Data
IPv4 Packet
7
6
5
4
IP Precedence
3
2
1
0
Standard IPv4
Unused
DiffServ Code Point (DSCP)
IP ECN
DiffServ Extensions
 IPv4: three most significant bits of ToS byte are called
IP Precedence (IPP)—other bits unused
 DiffServ: six most significant bits of ToS byte are called
DiffServ Code Point (DSCP)—remaining two bits used
for flow control
 DSCP is backward-compatible with IP precedence
© 2006 Cisco Systems, Inc. All rights reserved.
IP ToS Byte and DS Field Inside the IP Header
© 2006 Cisco Systems, Inc. All rights reserved.
IP Precedence and DSCP Compatibility
 Compatibility with current IP precedence usage (RFC 1812)
 Differentiates probability of timely forwarding:
(xyz000) >= (abc000) if xyz > abc
 That is, if a packet has DSCP value of 011000, it has a greater
probability of timely forwarding than a packet with DSCP value of
001000.
© 2006 Cisco Systems, Inc. All rights reserved.
Per-Hop Behaviors
 DSCP selects PHB throughout the network:
Default PHB (FIFO, tail drop)
Class-selector PHB (IP precedence)
EF PHB
AF PHB
© 2006 Cisco Systems, Inc. All rights reserved.
Standard PHB Groups
© 2006 Cisco Systems, Inc. All rights reserved.
Expedited Forwarding (EF) PHB
 EF PHB:
Ensures a minimum departure rate
Guarantees bandwidth—class guaranteed an amount of bandwidth with
prioritized forwarding
Polices bandwidth—class not allowed to exceed the guaranteed amount
(excess traffic is dropped)
 DSCP value of 101110: Looks like IP precedence 5 to non-DiffServcompliant devices:
Bits 5 to 7: 101 = 5 (same 3 bits are used for IP precedence)
Bits 3 and 4: 11 = No drop probability
Bit 2: Just 0
© 2006 Cisco Systems, Inc. All rights reserved.
Assured Forwarding (AF) PHB
 AF PHB:
Guarantees bandwidth
Allows access to extra bandwidth, if available
 Four standard classes: AF1, AF2, AF3, and AF4
 DSCP value range of aaadd0:
aaa is a binary value of the class
dd is drop probability
© 2006 Cisco Systems, Inc. All rights reserved.
AF PHB Values
 Each AF class uses three DSCP values.
 Each AF class is independently forwarded with its guaranteed
bandwidth.
 Congestion avoidance is used within each class to prevent
congestion within the class.
© 2006 Cisco Systems, Inc. All rights reserved.
Mapping CoS to Network Layer QoS
© 2006 Cisco Systems, Inc. All rights reserved.
QoS Service Class
 A QoS service class is a logical grouping of packets
that are to receive a similar level of applied quality.
 A QoS service class can be:
A single user (such as MAC address or IP address)
A department, customer (such as subnet or interface)
An application (such as port numbers or URL)
A network destination (such as tunnel interface or VPN)
© 2006 Cisco Systems, Inc. All rights reserved.
Implementing QoS Policy Using a QoS Service
Class
© 2006 Cisco Systems, Inc. All rights reserved.
QoS Service Class Guidelines
 Profile applications to their basic network requirements.
 Do not over engineer provisioning; use no more than four to five
traffic classes for data traffic:
Voice applications: VoIP
Mission-critical applications: Oracle, SAP, SNA
Interactive applications: Telnet, TN3270
Bulk applications: FTP, TFTP
Best-effort applications: E-mail, web
Scavenger applications: Nonorganizational streaming and video
applications (Kazaa, Yahoo)
 Do not assign more than three applications to mission-critical or
transactional classes.
 Use proactive policies before reactive (policing) policies.
 Seek executive endorsement of relative ranking of application
priority prior to rolling out QoS policies for data.
© 2006 Cisco Systems, Inc. All rights reserved.
Classification and Marking Design
QoS Baseline Marking Recommendations
Application
L3 Classification
L2
IPP
PHB
DSCP
CoS
Routing
6
CS6
48
6
Voice
5
EF
46
5
Video Conferencing
4
AF41
34
4
Streaming Video
4
CS4
32
4
Mission-Critical Data
3
AF31*
26
3
Call Signaling
3
CS3*
24
3
Transactional Data
2
AF21
18
2
Network Management
2
CS2
16
2
Bulk Data
1
AF11
10
1
Best Effort
0
0
0
0
Scavenger
1
CS1
8
1
© 2006 Cisco Systems, Inc. All rights reserved.
How Many Classes of Service Do I Need?
4/5 Class Model
8 Class Model
11 Class Model
Voice
Voice
Realtime
Call Signaling
Interactive-Video
Video
Streaming Video
Call Signaling
Call Signaling
IP Routing
Network Control
Critical Data
Critical Data
Network Management
Mission-Critical Data
Transactional Data
Bulk Data
Bulk Data
Best Effort
Best Effort
Best Effort
Scavenger
Time
Scavenger
Scavenger
© 2006 Cisco Systems, Inc. All rights reserved.
Trust Boundaries: Classify Where?
 For scalability, classification should be enabled as close to the
edge as possible, depending on the capabilities of the device at:
Endpoint or end system
Access layer
Distribution layer
© 2006 Cisco Systems, Inc. All rights reserved.
Trust Boundaries: Mark Where?
 For scalability, marking should be done as close to the source as possible.
© 2006 Cisco Systems, Inc. All rights reserved.
Self Check
1. Which PHB would be used for voice traffic?
2. How many bits are used for IP Precedence? For
DSCP?
3. Which PHB can allow access to extra bandwidth if it is
available?
4. How is CDP used to establish trust boundaries?
© 2006 Cisco Systems, Inc. All rights reserved.
Summary
 Classification, marking, and queuing are critical
functions of any successful QoS implementation.
 Classification allows network devices to identify traffic
as belonging to a specific class with the specific QoS
requirements determined by an administrative QoS
policy.
 The DiffServ model uses classes to describe services
offered to network traffic, rather than traffic flows.
 DiffServ uses DSCP to establish Per Hop Behaviors
(PHBs) to classify and service traffic.
© 2006 Cisco Systems, Inc. All rights reserved.
Resources
 DiffServ -- The Scalable End-to-End QoS Model
http://www.cisco.com/en/US/partner/products/ps6610/products_
white_paper09186a00800a3e2f.shtml
 Quality of Service - The Differentiated Services Model
http://www.cisco.com/en/US/partner/products/ps6610/products_
data_sheet0900aecd8031b36d.html
© 2006 Cisco Systems, Inc. All rights reserved.
Module 4: Implement
the DiffServ QoS
Model
Lesson 4.2: Using NBAR for Classification
© 2006 Cisco Systems, Inc. All rights reserved.
Network-Based Application Recognition
My application
is too slow!
 Used in conjunction with QoS classbased features, NBAR is an
intelligent classification engine that:
Classifies modern client-server and webbased applications
Discovers what traffic is running on the
network
Analyzes application traffic patterns in real
time
 NBAR functions:
Citrix
Netshow
Fasttrack
FTP
HTTP
25%
15%
10%
30%
20%
Sample Link Utilization
© 2006 Cisco Systems, Inc. All rights reserved.
Performs identification of applications and
protocols (Layer 4–7)
Performs protocol discovery
Provides traffic statistics
 New applications are easily
supported by loading a PDLM.
NBAR Functions & Features
 NBAR performs the following two functions:
Identification of applications and protocols (Layer 4 to Layer 7)
Protocol discovery
 Some examples of class-based QoS features that can
be used on traffic after the traffic is classified by NBAR
include:
Class-Based Marking (the set command)
Class-Based Weighted Fair Queueing (the bandwidth and
queue-limit commands)
Low Latency Queueing (the priority command)
Traffic Policing (the police command)
Traffic Shaping (the shape command)
© 2006 Cisco Systems, Inc. All rights reserved.
NBAR Application Support
 NBAR can classify applications that use:
Statically assigned TCP and UDP port numbers
Non-UDP and non-TCP IP protocols
Dynamically assigned TCP and UDP port numbers negotiated
during connection establishment (requires stateful inspection)
Subport and deep packet inspection classification
© 2006 Cisco Systems, Inc. All rights reserved.
Packet Description Language Module
 PDLMs allow NBAR to recognize new protocols
matching text patterns in data packets without requiring
a new Cisco IOS software image or a router reload.
 An external PDLM can be loaded at run time to extend
the NBAR list of recognized protocols.
 PDLMs can also be used to enhance an existing
protocol recognition capability.
 PDLMs must be produced by Cisco engineers.
© 2006 Cisco Systems, Inc. All rights reserved.
PDLM Command Syntax
router(config)#
ip nbar pdlm pdlm-name
 Used to enhance the list of protocols recognized by NBAR through
a PDLM.
 The filename is in the URL format (for example, flash://citrix.pdlm).
router(config)#
ip nbar port-map protocol-name [tcp | udp] port-number
 Configures NBAR to search for a protocol or protocol name using a
port number other than the well-known port.
 Up to 16 additional port numbers can be specified.
© 2006 Cisco Systems, Inc. All rights reserved.
NBAR Protocol-to-Port Maps
router#
show ip nbar port-map [protocol-name]
 Displays the current NBAR protocol-to-port mappings
router#show ip nbar port-map
port-map
port-map
port-map
port-map
port-map
port-map
port-map
port-map
bgp udp 179
bgp tcp 179
cuseeme udp
cuseeme tcp
dhcp udp 67
dhcp tcp 67
dns udp 53
dns tcp 53
© 2006 Cisco Systems, Inc. All rights reserved.
7648 7649
7648 7649
68
68
NBAR Protocol Discovery
 Analyzes application traffic patterns in real time and
discovers which traffic is running on the network
 Provides bidirectional, per-interface, and per-protocol
statistics
 Important monitoring tool supported by Cisco QoS
management tools:
Generates real-time application statistics
Provides traffic distribution information at key network locations
© 2006 Cisco Systems, Inc. All rights reserved.
Configuring and Monitoring NBAR Protocol
Discovery
router(config-if)#
ip nbar protocol-discovery
 Configures NBAR to discover traffic for all protocols known to
NBAR on a particular interface
 Requires that CEF be enabled before protocol discovery
 Can be applied with or without a service policy enabled
router#
show ip nbar protocol-discovery
 Displays the statistics for all interfaces on which protocol discovery
is enabled
© 2006 Cisco Systems, Inc. All rights reserved.
Configuring and Monitoring Protocol
Discovery Output
router#show ip nbar protocol-discovery
Ethernet0/0
Input
Protocol
Packet Count
Byte Count
5 minute bit rate (bps)
---------- -----------------------realaudio 2911
1678304
19000
http
19624
14050949
0
<output omitted>
© 2006 Cisco Systems, Inc. All rights reserved.
Output
Packet Count
Byte Count
5 minute bit rate (bps)
-----------------------3040
198406
1000
13506
2017293
0
Steps for Configuring NBAR for Static
Protocols
 Required steps:
Enable NBAR Protocol Discovery.
Configure a traffic class.
Configure a traffic policy.
Attach the traffic policy to an interface.
Enable PDLM if needed.
© 2006 Cisco Systems, Inc. All rights reserved.
Configuring NBAR for Static Protocols
Commands
router(config-cmap)#
match protocol protocol
 Configures the match criteria for a class map on the basis of the
specified protocol using the MQC configuration mode.
 Static protocols are recognized based on the well-known
destination port number.
 A match not command can be used to specify a QoS policy value
that is not used as a match criterion; in this case, all other values
of that QoS policy become successful match criteria.
© 2006 Cisco Systems, Inc. All rights reserved.
Configuring NBAR Example
 HTTP is a static protocol using a well-known port number 80. However,
other port numbers may also be in use.
 The ip nbar port-map command will inform the router that other ports are
also used for HTTP.
© 2006 Cisco Systems, Inc. All rights reserved.
Steps for Configuring Stateful NBAR for
Dynamic Protocols
 Required steps:
Configure a traffic class.
Configure a traffic policy.
Attach the traffic policy to an interface.
© 2006 Cisco Systems, Inc. All rights reserved.
Enhanced NBAR Classification for HTTP
router(config-cmap)#
match protocol http url url-string
 Recognizes the HTTP GET packets containing the URL, and then
matches all packets that are part of the HTTP GET request
 Include only the portion of the URL following the address or host
name in the match statement
router(config-cmap)#
match protocol http host hostname-string
 Performs a regular expression match on the host field content
inside an HTTP GET packet and classifies all packets from that
host
© 2006 Cisco Systems, Inc. All rights reserved.
Special NBAR Configuration for HTTP and
FastTrack
router(config-cmap)#
match protocol http mime MIME-type
 Matches a packet containing the MIME type and all subsequent packets
until the next HTTP transaction for stateful protocol.
router(config-cmap)#
match protocol fasttrack file-transfer
regular-expression
 Stateful mechanism to identify a group of peer-to-peer file-sharing
applications.
 Applications that use FastTrack peer-to-peer protocol include Kazaa,
Grokster, Gnutella, and Morpheus.
 A Cisco IOS regular expression is used to identify specific FastTrack
traffic.
 To specify that all FastTrack traffic will be identified by the traffic class, use
asterisk (*) as the regular expression.
© 2006 Cisco Systems, Inc. All rights reserved.
URL or HOST Specification String Options
Options Description
*
Match any zero or more characters in this position.
?
Match any one character in this position.
|
Match one of a choice of characters.
(|)
Match one of a choice of characters in a range. For
example, xyz.(gif | jpg) matches either xyz.gif or
xyz.jpg.
[ ]
Match any character in the range specified, or one of
the special characters. For example, [0-9] is all of
the digits; [*] is the "*" character, and [[] is the
"[" character.
© 2006 Cisco Systems, Inc. All rights reserved.
Configuring Stateful NBAR for RTP
router(config-cmap)#
match protocol rtp [audio | video | payload-type
payload-string]
 Identifies real-time audio and video traffic in the class-map
mode of MQC
 Differentiates on the basis of audio and video codecs
 The match protocol rtp command has these options:
audio: Match by payload type values 0 to 23, reserved for audio
traffic
video: Match by payload type values 24 to 33, reserved for video
traffic
payload-type: Match by a specific payload type value; provides
more granularity than the audio or video options
© 2006 Cisco Systems, Inc. All rights reserved.
Classification of RTP Session
© 2006 Cisco Systems, Inc. All rights reserved.
Resources
 Network-Based Application Recognition, Q&A
http://www.cisco.com/en/US/partner/products/ps6616/products_
qanda_item09186a00800a3ded.shtml
 Network-Based Application Recognition and Distributed
Network-Based Application Recognition
http://www.cisco.com/en/US/partner/products/ps6350/products_
configuration_guide_chapter09186a0080455985.html
© 2006 Cisco Systems, Inc. All rights reserved.
Module 4: Implement
the DiffServ QoS
Model
Lesson 4.3: Introducing Queuing Implementations
© 2006 Cisco Systems, Inc. All rights reserved.
Objectives
 Describe the common causes of congestion on a link.
 Compare and contrast various queuing methods used
to relieve congestion.
 Describe the purpose and functionality of software
queues.
 Describe the function and purpose of the hardware
queue.
© 2006 Cisco Systems, Inc. All rights reserved.
Congestion and Queuing
 Congestion can occur at any point in the network where there are
points of speed mismatches or aggregation.
 Queuing manages congestion to provide bandwidth and delay
guarantees.
© 2006 Cisco Systems, Inc. All rights reserved.
Speed Mismatch
• Speed mismatches are the most typical cause of congestion.
• Possibly persistent when going from LAN to WAN.
• Usually transient when going from LAN to LAN.
© 2006 Cisco Systems, Inc. All rights reserved.
Aggregation
© 2006 Cisco Systems, Inc. All rights reserved.
What is Queuing?
 Queuing is a congestion-management mechanism that
allows you to control congestion on interfaces.
 Queuing is designed to accommodate temporary
congestion on an interface of a network device by
storing excess packets in buffers until bandwidth
becomes available.
© 2006 Cisco Systems, Inc. All rights reserved.
Congestion and Queuing
.
© 2006 Cisco Systems, Inc. All rights reserved.
Queuing Algorithms
 First-in, first-out (FIFO)
 Priority queuing (PQ)
 Round robin
 Weighted round robin (WRR)
© 2006 Cisco Systems, Inc. All rights reserved.
FIFO
 First packet in is first packet out
 Simplest of all
 One queue
 All individual queues are FIFO
© 2006 Cisco Systems, Inc. All rights reserved.
Priority Queuing
 Uses multiple queues
 Allows prioritization
 Always empties first queue
before going to the next
queue:
 Empty queue number 1.
 If queue number 1 is empty,
then dispatch one packet from
queue number 2.
 If both queue number 1 and
queue number 2 are empty,
then dispatch one packet from
queue number 3.
 Queues number 2 and number
3 may “starve”
© 2006 Cisco Systems, Inc. All rights reserved.
Round Robin Queuing
 Uses multiple queues
 No prioritization
 Dispatches one packet from
each queue in each round:
One packet from
queue number 1
One packet from
queue number 2
One packet from
queue number 3
Then repeat
© 2006 Cisco Systems, Inc. All rights reserved.
Weighted Round Robin Queuing
 Allows prioritization
 Assign a weight to each queue
 Dispatches packets from each
queue proportionately to an
assigned weight:
 Dispatch up to four from
queue number 1.
 Dispatch up to two from
queue number 2.
 Dispatch 1 from
queue number 3.
 Go back to queue number 1.
© 2006 Cisco Systems, Inc. All rights reserved.
Problems with Weighted Round Robin Queuing
 Problem with WRR:
Some implementations of WRR dispatch a configurable number of bytes
(threshold) from each queue for each round—several packets can be sent
in each turn.
The router is allowed to send the entire packet even if the sum of all bytes
is more than the threshold.
© 2006 Cisco Systems, Inc. All rights reserved.
Router Queuing Components
 Each physical interface has a hardware and a software queuing
system.
© 2006 Cisco Systems, Inc. All rights reserved.
Hardware and Software Router Queuing
Components
 The hardware queuing system always uses FIFO queuing.
 The software queuing system can be selected and configured
depending on the platform and Cisco IOS version.
© 2006 Cisco Systems, Inc. All rights reserved.
The Software Queue
 Generally, a full hardware queue indicates interface congestion,
and software queuing is used to manage it.
 When a packet is being forwarded, the router will bypass
the software queue if the hardware queue has space in it
(no congestion).
© 2006 Cisco Systems, Inc. All rights reserved.
The Hardware Queue
 Routers determine the length of the hardware queue based on the
configured bandwidth of the interface.
 The length of the hardware queue can be adjusted with the txring-limit command.
 Reducing the size of the hardware queue has two benefits:
It reduces the maximum amount of time that packets wait in the FIFO
queue before being transmitted.
It accelerates the use of QoS in Cisco IOS software.
 Improper tuning of the hardware queue may produce undesirable
results:
A long transmit queue may result in poor performance of the software
queuing system.
A short transmit queue may result in a large number of interrupts,
which causes high CPU utilization and low link utilization.
© 2006 Cisco Systems, Inc. All rights reserved.
Monitoring Hardware Queue Transmit Queue
Length
 The show controllers serial 0/1/0 command shows the length of the
hardware queue.
R1#show controllers serial 0/1/0
Interface Serial0/1/0
Hardware is GT96K
DCE V.11 (X.21), clock rate 384000
<...part of the output omitted...>
1 sdma_rx_reserr, 0 sdma_tx_reserr
0 rx_bogus_pkts, rx_bogus_flag FALSE
0 sdma_tx_ur_processed
tx_limited = 1(2), errata19 count1 - 0, count2 - 0
Receive Ring
rxr head (27)(0x075BD090), rxr tail (0)(0x075BCEE0)
rmd(75BCEE0): nbd 75BCEF0 cmd_sts 80800000 buf_sz 06000000 buf_ptr
75CB8E0
rmd(75BCEF0): nbd 75BCF00 cmd_sts 80800000 buf_sz 06000000 buf_ptr
75CCC00
<...rest of the output omitted...>
© 2006 Cisco Systems, Inc. All rights reserved.
Congestion on Software Interfaces
 Subinterfaces and software interfaces (dialers, tunnels,
Frame Relay subinterfaces) do not have their own
separate transmit queue.
 Subinterfaces and software interfaces congest when
the transmit queue of their main hardware interface
congests.
 The tx-ring state (full, not-full) is an indication of
hardware interface congestion.
 The terms “TxQ” and “tx-ring” both describe the
hardware queue and are interchangeable.
© 2006 Cisco Systems, Inc. All rights reserved.
Self Check
1. When does the router use a software queue?
2. What are the typical causes of congestion?
3. When would FIFO queuing be appropriate in a
network?
4. What is the “worst case scenario” for Priority Queuing
(PQ)?
5. How does Weighted Round Robin (WRR) improve on
Round Robin queuing?
© 2006 Cisco Systems, Inc. All rights reserved.
Summary
 Speed mismatch and aggregation are the most
common causes of congestion on a network link.
 When network links experience congestion, queuing
methods can be used to sort the traffic and then
determine some method of prioritizing it onto an output
link. Each queuing algorithm was designed to solve a
specific network traffic problem and has a particular
effect on network performance.
 Software queuing is activated when the hardware
queue fills. If the hardware queue is not full, software
queuing is bypassed and packets are sent directly to
the hardware output queue.
© 2006 Cisco Systems, Inc. All rights reserved.
Q and A
© 2006 Cisco Systems, Inc. All rights reserved.
Resources
 Congestion Management Overview
http://www.cisco.com/en/US/partner/products/ps6350/products_
configuration_guide_chapter09186a00800b75a9.html
© 2006 Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved.