Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

ip mux policy

©
© 2010
2010 Cisco
Cisco and/or
and/or its
its affiliates.
affiliates. All
All rights
rights reserved.
reserved.
Cisco Confidential
1
• A number of the slides in this presentation are animated. When
viewing this presentation please run it in slideshow mode.
© 2010 Cisco and/or its affiliates. All rights reserved.
2
Bandwidth usage
100%
0%
Packets per second
0
%
100%
Satellite Modem
Satellite Modem
Remote Site
Main Site
IP Phones
IP Phones
VoIP Call
• Satellite modems can transmit a limited number of packets per second
•
Typically 1800 – 2000 pps
• VoIP generates a large number of small packets
•
•
•
Common rate is 100 pps for each call
Causes inefficient use of available bandwidth
Modem runs out of packet-per-second “slots” before all available bandwidth is utilized
© 2010 Cisco and/or its affiliates. All rights reserved.
3
Bandwidth usage
100%
0%
Packets per second
0
%
100%
IP MUX
Remote Site
Satellite Modem
Satellite Modem
IP MUX
Main Site
IP Phones
IP Phones
IP Multiplex
Tunnel
VoIP Call
• Cisco IP multiplexing combines many smaller packets into one larger packet
•
automatically engages when multiple packets are heading for the same destination
• Larger packets allow for increased packets-per-second efficiency
•
•
Connecting additional VoIP calls does not increase packets-per-second
Remaining packets-per-second makes bandwidth available for other applications
© 2010 Cisco and/or its affiliates. All rights reserved.
4
• New interface output feature, like ACLs or QoS
• Combine multiple packets into single, larger, packet
• Packets are multiplexed by wrapping a new IP/UDP header around combined
packets:
IP
UDP
IP
UDP
New IP/UDP header
RTP
DATA
IP
Data Packet 1
UDP
RTP
DATA
Data Packet 2
• Transparent to application, works at layer 3
• Can multiplex any IP packet
• Works in hub and spoke topology, IP multiplexing-enabled router is
required at each end
• Intermediate hops are supported
•
Multiplexed packets look just like regular IP packets to non ip multiplexing-enabled
devices
• Supports IPv4 and IPv6
© 2010 Cisco and/or its affiliates. All rights reserved.
5
• Operates as an interface output feature
Mux Hold-Queue
Egress
Interface
IP Mux
Feature
Mux
IP
/UDP
Packet
Packet
Packet
No Mux
Transmit
Packet
© 2010 Cisco and/or its affiliates. All rights reserved.
6
• Supported on:
• Cisco 892, 819, 29xx, and 39xx
• Cisco 5915ESR, 5940ESR
• Licensing
• Licensed using standard RTU (right-to-use) feature license
•
no license file to install, honor-based, paper license
• Must be licensed on each node performing IP multiplexing
• Status
• Available in 15.2(2)GC IOS Q1CY12
•
(29xx, 39xx, 59xx)
• Available in 15.2(4)M IOS Q3CY12
•
(819, 892, 29xx, 39xx)
© 2010 Cisco and/or its affiliates. All rights reserved.
7
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
WAN
LAN
Hub
Satellite connection
5mbps BW, 1800packets/sec
LAN
Spoke
• 18 VoIP calls, G.729 codec (20ms sample), consumes 1800pps
hub#show int g0/2 | inc rate
30 second input rate 535000 bits/sec, 903 packets/sec
30 second output rate 533000 bits/sec, 901 packets/sec
Hub Router, WAN-side interface
1800 packets/sec consumed
• VoIP is consuming 100% of the modem packets/sec capacity
• 4 mbps of remaining bandwidth is wasted, modem cannot transmit excess packets/sec
• Other applications cannot use extra bandwidth, no more calls possible
• Maximum calls possible, without degradation – 18
© 2010 Cisco and/or its affiliates. All rights reserved.
9
WAN
LAN
Hub
Satellite connection
5mbps BW, 1800packets/sec
LAN
Spoke
• 18 VoIP calls, G.729 codec (20ms sample), consumes just 100pps, 90% reduction
Without mux:
hub#show int g0/2 | inc rate
30 second input rate 535000 bits/sec, 903 packets/sec
30 second output rate 533000 bits/sec, 901 packets/sec
Hub Router, WAN-side interface
1800 packets/sec consumed
With mux:
hub#show int g0/2 | inc rate
30 second input rate 450000 bits/sec, 50 packets/sec
30 second output rate 449000 bits/sec, 50 packets/sec
Hub Router, WAN-side interface
100 packets/sec consumed
• Modem has 1700 packets/sec left over
• Remaining bandwidth, ~4mbps, is available to other applications, or additional voip
calls
© 2010 Cisco and/or its affiliates. All rights reserved.
10
WAN connection
5 mbps bandwidth
IPsec Tunnel
LAN
Hub
WAN
LAN
Spoke
• 18 VoIP calls, G.729 codec (20ms sample), uses 1.8 mbps
•
1 mbps for VoIP traffic
•
800 kbps for IPsec overhead
hub#show int g0/2 | inc rate
30 second input rate 969000 bits/sec, 904 packets/sec
30 second output rate 966000 bits/sec, 901 packets/sec
Hub Router, WAN-side interface
1.8 mbps consumed
hub#show int g0/1 | inc rate
30 second input rate 534000 bits/sec, 901 packets/sec
30 second output rate 535000 bits/sec, 904 packets/sec
Hub Router, LAN-side interface
1 mbps consumed
• IPsec increases bandwidth consumption of VoIP by ~80%
•
IPsec overhead consumes 17% overall link bandwidth
• Remaining bandwidth – 3 mbps
© 2010 Cisco and/or its affiliates. All rights reserved.
11
WAN connection
5 mbps bandwidth
IPsec Tunnel
LAN
Hub
WAN
LAN
Spoke
• 18 VoIP calls, G.729 codec (20ms sample), uses 1.8mbps
Without mux:
hub#show int g0/2 | inc rate
30 second input rate 969000 bits/sec, 904 packets/sec
30 second output rate 966000 bits/sec, 901 packets/sec
Hub Router, WAN-side interface
1.8 mbps consumed
With mux:
hub#show int g0/2 | inc rate
30 second input rate 470000 bits/sec, 50 packets/sec
30 second output rate 469000 bits/sec, 51 packets/sec
Hub Router, WAN-side interface
940 kbps consumed
• Mux reduced IPsec overhead by 94%
• Remaining bandwidth – 4 mbps, a 33% increase
© 2010 Cisco and/or its affiliates. All rights reserved.
12
• Single box solution
• No need to for additional piece of equipment
• IOS feature
•
Single CLI, no need for additional configuration, management, or training
•
Easily add IP mux to existing network via IOS software upgrade
• No manipulation of voice stream, codec quality is maintained
• No need to duplicate dial plans or deal with complex call routing
• IP mux does not interact with VoIP
• Ability to multiplex any IP packet, not just VoIP
• Other good targets include video and other small UDP streams
© 2010 Cisco and/or its affiliates. All rights reserved.
13
• IP multiplexing does not compress any packets (VoIP or otherwise)
• Method 1 - Tune the VoIP packetization rate
•
Increase number of voice samples per packet
•
Larger packets, but less overhead
•
Supported by CUCM, CME, IP phones, gateways, CUBE
•
Example, increase sample size from 20ms to 40ms:
10 calls, 20ms rate, with IP mux:
hub#show int g0/2 | inc rate
30 second input rate 257000 bits/sec, 50 packets/sec
30 second output rate 257000 bits/sec, 50 packets/sec
10 calls, 40ms rate, with IP mux:
hub#sho int g0/2 | inc rate
30 second input rate 169000 bits/sec, 25 packets/sec
30 second output rate 169000 bits/sec, 25 packets/sec
Hub Router, WAN-side interface
500 kbps consumed
Hub Router, WAN-side interface
330 kbps consumed
34% bandwidth reduction
• Method 2 - Leverage IP mux on data traffic to reduce IPsec overhead
• Saves 56 bytes per packet
•
cRTP only saves 36 bytes per packet and applies only to VoIP
© 2010 Cisco and/or its affiliates. All rights reserved.
14
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
15
• Create ACL to identify interesting traffic
• Create ip mux profile
• Attach ACL to profile
• Define source interface / address
• Define destination address
• Enable ip mux on egress interface
• Activate ip mux profile
• IP mux policies (optional)
• Additional commands (optional)
© 2010 Cisco and/or its affiliates. All rights reserved.
16
• Access lists are used to identify interesting traffic
• Numbered and named lists are supported
• Access list criteria is restricted, use only:
•
•
•
•
Destination IP address
Destination port (or port range)
Protocol
DSCP
• Do not create overlapping / ambiguous ACLs
• Any time changes are made to an ACL already attached to a
profile that profile MUST be reset with “shutdown / no shutdown”
• Console messages will remind you which profile to reset:
% You must shut/no shut profile profile-1 to use this ACL for IP Multiplexing.
© 2010 Cisco and/or its affiliates. All rights reserved.
17
• Creates a point-to-point IP mux
connection
• Profiles start in “shutdown” state
•
multiplex operation will not happen
when profile is shutdown
•
demultiplex operation will happen with
profile shutdown
•
Configure BOTH routers before issuing
“no shut” on the respective profiles
• Profiles have global scope
•
all profiles apply to all interfaces with “ip
mux” configured
• Mandatory items
•
source address
•
destination address
•
access-list
ip mux profile rtp
destination 20.1.1.2
source interface g0/0
access-list mux-rtp
no shutdown
!
ip mux profile sjc
destination 30.1.1.2
source interface g0/1
access-list mux-sjc
no shutdown
!
• Source / destination addresses must
match at each end
•
Incoming superframes will be ignored
otherwise
© 2010 Cisco and/or its affiliates. All rights reserved.
18
• Mux is enabled on a per interface basis
• All profiles are evaluated by any interface with mux enabled
• Supported interface types
•
•
•
•
•
Ethernet
GRE (IPv4 / IPv6)
VLAN
VMI over Ethernet
Virtual Template on VMI
© 2010 Cisco and/or its affiliates. All rights reserved.
interface GigabitEthernet0/0
ip mux
!
19
Spoke
Hub
LAN
Gig0/1
WAN
3945
Gig0/2.14
30.1.1.1/24
Fa0/0
30.1.1.2/24
5915
Fa0/1
10.1.1.x/24
10.1.3.x/24
Hub Configuration
Spoke Configuration
ip access-list extended profile-1-acl
permit udp any 10.1.3.0 0.0.0.255
!
ip mux profile profile-1
destination 30.1.1.2
source interface GigabitEthernet0/2.14
access-list profile-1-acl
!
interface GigabitEthernet0/2.14
description to 5915
ip address 30.1.1.1 255.255.255.0
ip mux
!
ip mux profile profile-1
no shutdown
!
ip access-list extended profile-2-acl
permit udp any 10.1.1.0 0.0.0.255
!
ip mux profile profile-2
destination 30.1.1.1
source interface FastEthernet0/0
access-list profile-2-acl
!
interface FastEthernet0/0
description to 3945
ip address 30.1.1.2 255.255.255.0
ip mux
!
ip mux profile profile-2
no shutdown
!
© 2010 Cisco and/or its affiliates. All rights reserved.
LAN
20
• maxlength (default: 1472 bytes)
spoke(config)#ip mux profile profile-1
spoke(config-ipmux-profile)#maxlength ?
<64-1472> IP total length value
•
How large of a packet should we multiplex with other packets?
•
The larger the packets, the lower the mux ratio
•
Cannot be set above the mtu
• mtu (default: 1500 bytes)
spoke(config)#ip mux profile profile-1
spoke(config-ipmux-profile)#mtu ?
<256-1500> Maximum super-frame length
•
How large of a multiplexed packet should we make?
•
Value includes IP mux overhead ( 28 bytes )
•
•
“mtu 1500” will mux a maximum of 1472 bytes
Interface MTU is NOT automatically calculated
•
Do not set mux MTU higher than interface MTU
© 2010 Cisco and/or its affiliates. All rights reserved.
21
• holdtime (default: 20 ms)
spoke(config)#ip mux profile profile-1
spoke(config-ipmux-profile)#holdtime ?
<20-250> Number of milliseconds
•
How long should we hold packets in the hold-queue?
•
The longer the holdtime the more (potential) delay IP mux will add
• ttl (default: 64)
spoke(config)#ip mux profile profile-1
spoke(config-ipmux-profile)#ttl ?
<1-255> TTL Value
•
Sets TTL value in IP header of superframe
•
Most customers should never need to adjust this
© 2010 Cisco and/or its affiliates. All rights reserved.
22
• shutdown (default: shutdown)
spoke(config)#ip mux profile profile-1
spoke(config-ipmux-profile)#[no] shutdown
•
Profiles default to “shutdown” state
•
Profile must be “shutdown” when making changes to the attached ACL
• ip mux udpport (default: 6682)
spoke(config)#ip mux udpport ?
<1024-49151> UDP port number
•
Specifies the source / destination port for IP mux operation
•
must be the same on all routers
© 2010 Cisco and/or its affiliates. All rights reserved.
23
• Similar to the “qos pre-classify” problem of IPsec
• Traffic classifiers see only the IP header of the superframe
•
By default the DSCP is 0
• QoS classification via DSCP is no longer accurate
ACL matching Packets
Outgoing Superframe
Mux Hold-Queue
DSCP 0
DSCP EF
DSCP
CS7
DSCP
EF
DSCP
0
IP/UDP
DSCP 0
DSCP CS7
Superframe header masks the DSCP values
of the packets contained therein
© 2010 Cisco and/or its affiliates. All rights reserved.
24
• IP multiplex policies
• Match DSCP values, assign DSCP value to IP multiplex header
policy QUEUE 1
ACL matching Packets
Outgoing Superframes
Match CS7, EF
Set EF
DSCP 0
policy QUEUE 2
DSCP CS7
DSCP EF
IP/UDP
DSCP EF
DSCP
AF31
DSCP
AF31
IP/UDP
DSCP
AF31
DSCP CS5
DSCP 0
IP/UDP
DSCP 0
DSCP EF
DSCP AF31
DSCP CS5
DSCP AF31
Match AF31
Set AF31
Default Queue
DSCP CS7
Match All
Set 0
© 2010 Cisco and/or its affiliates. All rights reserved.
25
• Each profile has at least one policy (default)
•
Sets DSCP 0 on outbound superframes
• Default policy is used if no match is found in
ip mux profile rtp
ip mux profile sjc
policy QUEUE one
policy QUEUE one
Match CS7, EF
Set EF
Match CS7, EF
Set EF
policy QUEUE two
policy QUEUE two
Match AF31
Set AF31
Match AF31
Set AF31
Default Policy Queue
Default Policy Queue
Match All
Set 0
Match All
Set 0
other policies (or no other policies exist)
• Each ip mux policy adds a new hold
queue to ALL configured profiles
ip mux policy one
matchdscp cs7
matchdscp ef
outdscp ef
!
ip mux policy two
matchdscp cs7
matchdscp ef
outdscp ef
!
© 2010 Cisco and/or its affiliates. All rights reserved.
26
• By default, IP multiplexing generates superframes containing a
single packet
• Packets will always be muxed, even if only one is in the queue
spoke(config)#ip mux profile profile-1
spoke(config-ipmux-profile)#[no] singlepacket
• Can be used to simplify firewall rule sets:
Spoke
Hub
IP Multiplex Tunnel
LAN
Gig0/1
3945
WAN
30.1.1.1/24
5915
LAN
Fa0/1
30.1.1.2/24
10.1.1.x/24
10.1.3.x/24
• Firewall only needs to permit udp traffic from 30.1.1.2:6682 to 30.1.1.1:6682
• IP phone media traffic will be obscured by the IP multiplex tunnel
•
End-to-end firewall configuration is not required
© 2010 Cisco and/or its affiliates. All rights reserved.
27
Related documents
10.2.1.2 Worksheet - Answer Security Policy
10.2.1.2 Worksheet - Answer Security Policy
7-Segment LED Display
7-Segment LED Display
Digital Tv and Digital Dividend in FYRo Macedonia
Digital Tv and Digital Dividend in FYRo Macedonia
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
Problem Set 1
Problem Set 1
Jewell Cunningham Math Analysis Week of January 10th, 2011
Jewell Cunningham Math Analysis Week of January 10th, 2011
Download