Professional Documents
Culture Documents
Overview
The module presents a thorough overview of quality of service models and
mechanisms as implemented in complex service provider and enterprise networks.
It includes the following topics:
n Introduction to IP Quality of Service
n Integrated Services Model
n Differentiated Services Model
n Building Blocks of IP QoS Mechanisms
n Enterprise Network Case Study
n Service Provider Case Study
Objectives
Upon completion of this module, you will be able to perform the following tasks:
n Describe the need for IP QoS
n Describe the Integrated Services model
n Describe the Differentiated Services model
n Describe the building blocks of IP QoS mechanisms (classification, marking,
metering, policing, shaping, dropping, forwarding, queuing)
n List the IP QoS mechanisms available in the Cisco IOS
n Describe what QoS features are supported by different IP QoS mechanisms
Introduction to IP Quality of Service
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe different types of applications and services that have special resource
requirements
n List the network components that affect the throughput, delay and jitter in IP
networks
n List the benefits of deploying QoS mechanisms in IP networks
n List QoS mechanisms available in Cisco IOS
n Describe typical enterprise and service provider networks and their QoS-related
requirements
• Application X is slow!
• Video broadcast occasionally stalls!
If the network is empty any application should get enough bandwidth, acceptable
low and fixed delay and not experience any drops. The reality, however, is that
there are multiple users or applications using the network at the same time.
IP IP IP IP
The example above illustrates an empty network with four hops between a server
and a client. Each hop is using different media with a different bandwidth. The
maximum available bandwidth is equal to the bandwidth of the slowest link.
The calculation of the available bandwidth, however, is much more complex in
cases where there are multiple flows traversing the network. The calculation of the
available bandwidth in the illustration is a rough approximation.
IP IP IP IP
Delay = P1 + Q1 + P2 + Q2 + P3 + Q3 + P4 = X ms
• End-to-end delay equals a sum of all propagation, processing
and queuing delays in the path
• Propagation delay is fixed, processing and queuing delays are
unpredictable in best-effort networks
The figure illustrates the impact a network has on the end-to-end delay of packets
going from one end to the other. Each hop in the network adds to the overall delay
because of the following two factors:
1. Propagation (serialization) delay of the media that, for the most part, depends
solely on the bandwidth.
2. Processing and queuing delays within a router, which can be caused by a wide
variety of conditions.
Ping (ICMP echoes and replies) can be used to measure the round-trip time of IP
packets in a network. There are other tools available to periodically measure
responsiveness of a network.
Forwarding
bandwidth
IP IP IP IP
• Processing Delay is the time it takes for a router to take the packet from an
input interface and put it into the output queue of the output interface.
• Queuing Delay is the time a packets resides in the output queue of a router.
• Propagation or Serialization Delay is the time it takes to transmit a packet.
n Processing Delay is the time it takes for a router to take the packet from an
input interface and put it into the output queue of the output interface. The
processing delay depends on various factors, such as:
– CPU speed
– CPU utilization
– IP switching mode
– Router architecture
– Configured features on both input and output interface
n Queuing Delay is the time a packet resides in the output queue of a router. It
depends on the number and sizes of packets already in the queue and on the
bandwidth of the interface. It also depends on the queuing mechanism.
n Propagation or Serialization Delay is the time it takes to transmit a packet. It
usually only depends on the bandwidth of the interface. CSMA/CD media may
add slightly more delay due to the increased probability of collisions when an
interface is nearing congestion.
Forwarding
IP IP IP IP IP
Tail-drop
• Tail-drops occur when the output queue is full. These are the most
common drops which happen when a link is congested.
• There are also many other types of drops that are not as common and
may require a hardware upgrade (input drop, ignore, overrun, no
buffer, ...). These drops are usually a result of router congestion.
The usual packet loss occurs when routers run out of buffer space for a
particular interface (output queue). The figure illustrates a full output queue of an
interface, which causes newly arriving packets to be dropped. The term used for
such drops is simply “output drop” or “tail-drop” (packets are dropped at the tail of
the queue).
Routers might also drop packets for other (less common) reasons, for example:
n Input queue drop - main CPU is congested and cannot process packets (the
input queue is full)
n Ignore - router ran out of buffer space
n Overrun - CPU is congested and cannot assign a free buffer to the new packet
n Frame errors (CRC, runt, giant)—hardware-detected error in a frame
cTCP data
Compress
the Headers
• Upgrade the link. The best solution but also the most expensive.
• Take some bandwidth from less important applications.
• Compress the payload of layer-2 frames.
• Compress the header of IP packets.
cRTP data
Compress
the Headers
• Upgrade the link. The best solution but also the most expensive.
• Guarantee enough bandwidth to sensitive packets.
• Prevent congestion by randomly dropping less important packets
before congestion occurs
Interactive Not
Low Low Low
(e.g. Telnet) Important
Batch (e.g. Not Not
High
High Low
FTP) Important Important
Fragile (e.g. Low Low None Not
SNA) Important
No No No
Silver
Silver Guaranteed Guarantee Guarantee Guarantee
Bronze Guaranteed No No No
Limitted Guarantee Guarantee Guarantee
Best Effort No No No No
Guarantee Guarantee Guarantee Guarantee
... . . .. . . .. . . .. . . ..
By investigating the history of the Internet it can be divided into three QoS-related
periods:
n Best-effort. The Internet was designed for best-effort, no-guarantee delivery
of packets. This behavior is still predominant in today’s Internet.
n Integrated Services model. Introduced to supplement the best-effort delivery
by setting aside some bandwidth for applications that require bandwidth and
delay guarantees. The Integrated Services model expects applications to signal
their requirements to the network. Resource Reservation Protocol (RSVP) is
used to signal QoS requirements to the network.
n Differentiated Services model. Added to provide more scalability in
providing QoS to IP packets. The main difference is that the network
recognizes packets (no signaling is needed) and provides the appropriate
services to them.
Today’s IP networks can use all three models at the same time.
Review Questions
Answer the following questions:
n What are the relevant parameters that define the quality of service?
n What can be done to give more bandwidth to an application?
n What can be done to reduce delay?
n What can be done to prevent packet loss?
n Name the three QoS models?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe the IntServ model
n List the key benefits and drawbacks of the IntServ model
n List some implementations that are based on the IntServ model
n Describe the need for Common Open Policy Service (COPS)
request
reply
Policy Decision
Point (PDP)
Following is a list of some of the IETF standards (RFCs) that describe RSVP,
COPS, the IntServ model and applications:
n Resource ReSerVation Protocol (RSVP), Version 1, Functional Specification
(http://www.ietf.org/rfc/rfc2205.txt)
n RSVP Management Information Base using SMIv2
(http://www.ietf.org/rfc/rfc2206.txt)
n RSVP Extensions for IPSEC Data Flows (http://www.ietf.org/rfc/rfc2207.txt)
n Resource ReSerVation Protocol (RSVP), Version 1, Applicability Statement,
Some Guidelines on Deployment (http://www.ietf.org/rfc/rfc2208.txt)
n Resource ReSerVation Protocol (RSVP), Version 1, Message Processing
Rules (http://www.ietf.org/rfc/rfc2209.txt)
n The Use of RSVP with IETF Integrated Services
(http://www.ietf.org/rfc/rfc2210.txt)
n Specification of the Controlled-Load Network Element Service
(http://www.ietf.org/rfc/rfc2211.txt)
n Specification of Guaranteed Quality of Service
(http://www.ietf.org/rfc/rfc2212.txt)
n Integrated Services Management Information Base using SMIv2
(http://www.ietf.org/rfc/rfc2213.txt)
n Integrated Services Management Information Base, Guaranteed Service
Extensions using SMIv2 (http://www.ietf.org/rfc/rfc2214.txt)
n General Characterization Parameters for Integrated Service Network Elements
(http://www.ietf.org/rfc/rfc2215.txt)
RSVP, as a resource reservation protocol, was designed for use by end devices in
networks (for example, personal computers and servers). It is a protocol that has
to be supported by an application that requires network resources and needs
guarantees.
n Typical examples of applications that would benefit from RSVP are voice
sessions that require a small amount of bandwidth with low-delay propagation.
n Cisco routers that act as voice gateways can use RSVP to request resources
(controlled-load and guaranteed-delay).
n Cisco routers that use Multiprotocol Label Switching (MPLS) Traffic
Engineering (MPLS/TE) use RSVP with extensions to reserve bandwidth and
set up MPLS/TE tunnels through MPLS and RSVP enabled networks.
n Cisco Soft Phone or Microsoft NetMeeting are Windows applications that use
RSVP to get resources for their VoIP sessions.
There are an increasing number of applications that use RSVP to request QoS
guarantees from a network.
RSVP
1) Explicit RSVP on each network node
Class of Service
or
Best Effort
2) RSVP ‘pass -through’ and CoS transport
- map RSVP to CoS at network edge
- pass -through RSVP request to egress
3) RSVP at network edges and ‘pass -through’ with
- best-effort forwarding in the core (if there is
enough bandwidth in the core)
The figure illustrates three options available when implementing QoS mechanisms
via RSVP in a network.
1. The first option is to simply enable RSVP on all interfaces of all the routers in
the network. This approach is mainly used in enterprise networks that have
more predictable RSVP flows (in terms of quantity and direction because they
typically use hub-and-spoke topology). Large service provider networks are
less inclined to use RSVP throughout their networks either because RSVP
would require too many concurrent reservations on a single interface or
because the routers are not capable of providing guarantees to individual flows
on high-bandwidth interfaces.
2. An alternative option is to use RSVP on network edges where there is
typically less bandwidth per interface and congestion is more likely. The edge-
to-core routers (for example, access or distribution layer routers) mark RSVP
flows with IP markers, which can then be used in a DiffServ enabled core—
the Differentiated Services model is covered in the next lesson).
3. Another option is to use RSVP on network edges and rely on best-effort
delivery in a non-congested core.
All Routers
• WFQ applied per flow
based on RSVP requests
In the first scenario, each router in the network processes RSVP messages and
keeps track of the special resource needs for each individual RSVP flow.
Weighted Fair Queuing (WFQ) can be used in the backbone to provide resource
allocation on a flow-by-flow basis.
One concern with this approach is that RSVP is resource intensive on backbone
routers - in terms of the amount of signaling and the amount of special information
that they need to keep on each RSVP flow.
A second issue is that WFQ is a very CPU-intensive algorithm and does not run at
high speed on today’s routers. In the backbone, high speed is a mandatory
requirement.
Precedence
Classifier
WRED
Premium Egress Router
Standard
• RSVP protocol
sent on to destination
Ingress Router • WFQ applied to
• RSVP protocol manage egress flow
Mapped to classes
Passed through to egress Backbone
• WRED applied based
on class
Both RSVP and WFQ have been available for some time and can be used on all
low-end platforms and on high-end platforms that are typically used to concentrate
customer networks.
Newer RSVP mechanisms include:
n Mapping of RSVP to DSCP (the Differentiated Services model with the details
of the DiffServ Code point is covered in the next lesson).
n Mapping of RSVP to ATM SVCs (this technology is covered in the “IP QoS -
IP over ATM” module).
+ RSVP benefits:
• Explicit resource admission control (end to end)
• Per-request policy admission control
(authorization object, policy object)
• Signaling of dynamic port numbers (for example,
H.323)
–RSVP drawbacks:
• Continuous signaling due to stateless architecture
• Not scalable
The Common Open Policy Service (COPS) is an add-on to RSVP. It can be used
to offload certain tasks from network devices to a central server. The result is that
the configuration of individual devices is more standardized (template-based) and
all individual parameters are managed from a centralized location. In addition,
COPS supports admission control of individual flows (the network device
determines the available resources and the central server authorizes the flow).
Review Questions
Answer the following questions:
n What are the two building blocks of the Integrated Services model?
n Which protocol is used to signal QoS requirements to the network?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe the DiffServ model
n List the key benefits of the DiffServ model compared to the IntServ model
n Describe the purpose of the DS field in IP headers
n Describe the interoperability between DSCP-based and IP-precedence-based
devices in a network
n Describe the Expedited Forwarding service
n Describe the Assured Forwarding service
The DiffServ model describes services and allows for more user-defined services
to be used in a DiffServ-enabled network.
Services are provided to classes. A class can be identified as a single application
or, as in most cases, it can be identified based on source or destination IP address.
The idea is for the network to recognize a class without having to receive any
request from applications. This allows the QoS mechanisms to be applied to other
applications that do not have the RSVP functionality, which is the case for 99% of
applications that use IP.
The introduction of the DiffServ Code Point (DSCP) replaces the IP precedence
but maintains interoperability with non-DS compliant devices (those that still use IP
precedence). Because of this backward-compatibility DiffServ can be gradually
deployed in large networks.
A traffic aggregate is a collection of all flows that require the same service. A
service is implemented using different QoS mechanisms (a QoS mechanism
implements a per-hop behavior).
The DiffServ field (DS fie ld) is the former 8-bit Type of Service field. The main
difference is that the DSCP supports more classes (64) than IP precedence (8).
The most important part of designing QoS is to provision services as explained on
the next page.
DS interior node
DS Egress
DS Ingress Boundary node
Boundary node
Boundary link
Upstream
DS domain Downstream
DS domain
DS region
The DiffServ model uses the DS field in the IP header to mark packets according
to their classification into Behavior Aggregates (BAs). The DS field occupies the
same eight bits of the IP header that were previously used for the Type of Service
(ToS) field.
There are three IETF standards describing the purpose of those eight bits:
n RFC 791 includes specification of the ToS field where the high-order three bits
are used for IP precedence. The other bits are used for delay, throughput,
reliability and cost.
n RFC 1812 modifies the meaning of the ToS field by removing any meaning
from the five low-order bits (those bits should all be zero).
n RFC 2474 replaces the ToS field with the DS field where the six high-order bits
are used for the DiffServ Code Point (DSCP). The remaining two bits are
currently not used.
Each DSCP value identifies a Behavior Aggregate (BA). Each BA is assigned a
per-hop behavior (PHB). Each PHB is implemented using the appropriate QoS
mechanism or a set of QoS mechanisms.
• Three pools:
– “xxxxx0” Standard Action
– “xxxx11” Experimental/Local Use
– “xxxx01” EXP/LU (possible std action)
• Default DSCP: “000000”
• Default PHB: FIFO, tail-drop
The history of the eight bits in question (ToS field alias DS field) can be divided
into three periods according to the RFCs describing the purpose of those bits:
RFC 791
RFC 791 defines the Type of Service field with the following components:
n Bits seven, six and five are used for IP precedence
n Bit four is used for delay (0 = Normal Delay, 1 = Low Delay)
n Bit three is used for throughput (0 = Normal Throughput, 1 = High
Throughput)
n Bit two is used for reliability (0 = Normal Reliability, 1 = High Reliability)
n Bits one and zero are not used and should be zero (bit one was later applied a
meaning of monetary-cost by RFC 1349; this RFC also replaces individual bits
with a four-bit ToS value to allow more types of services)
RFC 1812
RFC 1812 loosens the strict representation of the ToS field (obsole tes RFC 795).
RFC 2474
RFC 2474 replaces the ToS field with the DS field where a range of eight values
(Class Selector) is used for backward compatibility with IP precedence. There is
no compatibility with the delay, throughput, reliability and monetary-cost bits.
RFC 1812 simply prioritizes packets according to the precedence value. The PHB
is defined as the probability of timely forwarding. Packets with higher IP
precedence should (on the average) be forwarded in less time than packets with
lower IP precedence.
RFC 2474 adopts this set of PHBs and values by creating the Class Selector PHB
group. Class Selector can be identified by the low-order three bits of the DSCP or
low-order five bits of the DS field: all bits are zero.
• Priority Queuing
• IP RTP Prioritization
• Class-based Low-latency Queuing (CB-LLQ)
• Strict Priority queuing within Modified Deficit
Round Robin (MDRR) on GSR
AF4 100dd0
• Each AF class uses three DSCP values
• Each AF class is independently forwarded with its
guaranteed bandwidth
• Differentiated RED is used within each class to
prevent congestion within the class
© 2001, Cisco Systems, Inc. IP QoS Introduction-51
As the figure illustrates there are three DSCP values assigned to each of the four
AF classes.
Assured Forwarding class Drop Probability DSCP value
AF class 1 Low 001 01 0
Medium 001 10 0
High 001 11 0
AF class 2 Low 010 01 0
Medium 010 10 0
High 010 11 0
AF class 3 Low 011 01 0
Medium 011 10 0
High 011 11 0
AF class 4 Low 100 01 0
Medium 100 10 0
High 100 11 0
As with Expedited Forwarding there are multiple QoS mechanisms in the Cisco
IOS that can accommodate some or all of the requirements of Assured Forwarding
PHB:
n The preferred implementation is to use the Class-based Weighted Fair Queuing
(CB-WFQ) with four classes (four independent queues) and Weighted Random
Early Detection (WRED) within each queue.
n A similar solution can be provided on the Cisco 12000 series routers by using
the Modified Deficit Round Robin (MDRR) queuing with WRED in each
queue. The AF PHB can also be implemented using the old-fashioned IP
precedence. The only restriction is the number of available IP precedence
values.
n Example 1:
n Four classes but no differentiated dropping:
n AF1—IP precedence 1
n AF2—IP precedence 2
n AF3—IP precedence 3
n AF4—IP precedence 4
n Example 2:
n Two classes with differentiated dropping (two drop precedence values):
n AF1—IP precedence 1 for high-drop, IP precedence 2 for low-drop
n AF1—IP precedence 3 for high-drop, IP precedence 4 for low-drop
Review Questions
Answer the following questions:
n What are the benefits of the DiffServ model compared to the IntServ model?
n What is a DiffServ Code Point?
n Name the standard PHBs?
n How was backward compatibility with IP precedence achieved?
n Describe the PHB of Assured Forwarding.
n Describe the PHB of Expedited Forwarding.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe different classification options in IP networks
n Describe different marking options in IP networks
n List the mechanisms that are capable of measuring the rate of traffic
n List the mechanisms that are used for traffic conditioning, shaping and avoiding
congestion
n List the forwarding mechanisms available in Cisco IOS
n List the queuing mechanisms available in Cisco IOS
Input Output
Input I/O Forwarding Output I/O
Processing Processing
Process switching
Fast/optimum switching
Netflow switching
CEF switching
Basic router function takes packets received on the input interface, makes a
forwarding decision and transmits the packet out through the output interface.
Today’s routers, however, can do much more than that. The figure lists a small
subset of features that affect packet processing on input or output interfaces.
Following is a list of some of the features available with Cisco routers:
n Payload compression (Stacker, Predictor)
n Header compression (TCP and RTP header compression)
n BGP-policy marking (CEF-based marking or QoS Policy propagation through
BGP)
n Traffic Policing (CAR, CB Policing)
n Traffic Shaping (GTS, FRTS, CB-Shaping)
n Class-based marking
n Encryption (CET or IPsec)
n WRED
n Policy-based Routing
n Accounting (IP accounting, NetFlow accounting)
n Filtering (access lists)
n Reverse-path checking
n Address and port translation (NAT, PAT)
n Stateful filtering (firewalling)
n Web-cache redirection
IP QoS mechanisms can perform different types of actions. All QoS mechanisms
can be divided into the following QoS actions:
n Classification – most QoS mechanisms support multiple classes. There are
different classification tools available with different QoS mechanisms (for
example, access lists, route maps, class maps and rate-limit access lists). Some
QoS mechanisms have the capability to match directly on certain parameters.
For example:
– CAR (QoS group and DSCP)
– WRED (IP precedence)
– ToS-based dWFQ (IP precedence)
– QoS-group-based dWFQ (QoS group)
– WFQ (flow parameters)
– PQ and CQ (interface, packet size and protocol)
n Some mechanisms require the information about traffic rate of classes (for
example, CAR, GTS, FRTS, CB-Shaping, CB-Policing, CB-WFQ, CB-LLQ,
MDRR and IP RTP Prioritization).
n Some mechanisms are used for dropping purposes. They utilize a dropping
scheme different from the usual tail-drop. WRED is an example of such
mechanism.
n Some mechanisms are used to limit traffic rate by dropping excess traffic
(CAR and CB-Policing).
n Some mechanisms are used to limit traffic rate by delaying excess traffic (GTS,
FRTS and CB-Shaping).
n Some mechanisms have the capability to mark packets with different types of
markers (IP precedence, DSCP, QoS group, MPLS experimental bits, ATM
CLP bit, Frame Relay DE bit and 802.1q or ISL priority/cos bits)
n Some mechanisms are used for queuing on output interfaces (for example,
FIFO, PQ, CQ, WFQ, dWFQ, ToS-based dWFQ, QoS-group-based dWFQ,
CB-WFQ, IP RTP Prioritization and MDRR)
n Cisco IOS also has different types of forwarding mechanisms (Process
Switching, Fast Switching, Optimum Switching, Silicon Switching, Autonomous
Switching, NetFlow Switching, Cisco Express Forwarding and Policy-based
routing)
Meter
Meter
The figure lists QoS mechanisms in the Cisco IOS that have the capability to
measure the rate of traffic by using the Token Bucket model.
Meter
The figure lists markers that can be set using Cisco routers and the queuing
mechanisms that have marking capabilities.
The following table lists all the mechanisms that have marking capabilities and the
markers that are supported by those mechanisms.
QoS Mechanism Available markers
Committed Access Rate (CAR) IP precedence
DSCP
QoS group
MPLS experimental bits
QoS Policy Propagation through BGP IP precedence
(QPPB) QoS group
Policy-based Routing (PBR) IP precedence
QoS group
Class-based Marking IP precedence
DSCP
QoS group
MPLS experimental bits
ATM CLP bit
Frame Relay DE bit
802.1Q/ISL cos/priority
Marker
Marker Preservation Value range
QoS group
group Local to a router 100 values
(0 to 99)
Throughout an MPLS network
MPLS experimental
experimental bits
bits 8 values
(optionally throughout
throughout an
entire IP network)
Frame Relay DE bit Throughout a Frame Relay 2 values
network (0 or 1)
ATM CLP bit Throughout an ATM 2 values
network (0 or 1)
IEEE 802.1Q or
or ISL
ISL CoS
CoS Throughout a LAN 8 values
switched network (0 to 7)
Meter
• Shaping mechanisms:
– Generic Traffic Shaping (GTS)
– Frame Relay Traffic Shaping (FRTS)
– Class-based Shaping
– Hardware shaping on ATM VC
The figure lists four mechanisms that are used for traffic shaping purposes. All of
these mechanisms are implemented in software (Cisco IOS) except for ATM
shaping which is implemented in hardware.
Traffic shaping is used to limit the departure rate of packets, frames or cells by
delaying them if they exceed the contractual rate. A token bucket model is used to
measure the arrival rate and determine when packets can be forwarded.
Meter
• Dropping mechanisms
– Committed Access Rate (CAR) and Class-based
Policing can drop packets that exceed the
contractual rate
– Weighted Random Early Detection (WRED) can
randomly drop packets when an interface is
nearing congestion
© 2001, Cisco Systems, Inc. IP QoS Introduction-66
Another way of enforcing rate limits is to drop excess traffic. Committed Access
Rate (CAR) and Class-based Policing can be used for this purpose.
Weighted Random Early Detection (WRED) is a congestion-avoidance mechanism
that randomly drops packets when interfaces are nearing congestion.
Meter
Meter
The last mechanism that handles packets in the IOS is the queuing mechanism.
The figure lists most of the queuing mechanisms.
Meter
All queuing mechanisms include a drop policy. Most mechanisms use a simple tail-
drop scheme (the last packet to arrive is dropped if there is no room in the queue).
Weighted Fair Queuing (WFQ) uses a more intelligent dropping scheme, which
is discussed in the “IP QoS – Queuing mechanisms” module. Some queuing
mechanisms also include the Weighted Random Early Detection (WRED) to
prevent congestion in their queues.
Review Questions
Answer the following questions:
n Name the QoS building blocks.
n What is the purpose of classification?
n What is the purpose of marking?
n Which markers do you know?
n Which mechanisms can classify and mark packets?
n Which mechanisms have the ability to measure the rate of traffic?
n Which forwarding mechanisms do you know?
n Which queuing mechanisms do you know?
n How, when and where do routers drop packets?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe a typical structure of an enterprise network
n Describe the need for QoS in enterprise networks
n List typical QoS requirements in enterprise networks
n List the QoS mechanisms that are typically used in enterprise networks
Core
(central sites
and
data centres)
This lesson describes typical Enterprise Networks to show the topology and
technologies involved in such networks. Designing IP QoS networks largely
depends on the topology and QoS requirements.
The figure illustrates a three-layered network:
1. The core interconnects the data center(s) with the distribution-layer routers.
2. The distribution layer routers concentrate links towards a number of access-
layer routers.
3. The access-layer routers connect branch offices to the network.
Most traffic in enterprise networks goes between branches and the data center.
Core
(central sites
and
data centres)
MPLS/VPN (new)
Access
(branch offices)
Modern enterprise networks can use MPLS/VPN backbones to get a virtual full
mesh even though most traffic still goes between the data center and the branches.
Implementing QoS in such environments requires QoS guarantees from the service
provider and provisioning in the enterprise part of the network.
The figure shows a case study where relatively low bandwidths are used which
calls for QoS to manage bandwidth according to the needs of the enterprise.
• Core - Distribution
– Custom queuing
• Distribution - Branch
– Priority queuing or
– Custom Queuing with a priority queue
• Options
– Traffic shaping
– Adaptation to Frame Relay congestion notification
The figure lists mechanisms that could be used to accommodate the need of the
enterprise. This solution would normally be used in networks where an old IOS
version is being used and an upgrade is not an option (due to the cost of getting
newer IOS versions, memory upgrade, flash upgrade, etc.). The listed mechanisms
(Priority Queuing and Custom Queuing) have been available since Cisco IOS
version 10.0.
• Core - Distribution
– Class-based Weighted Fair Queuing (CB-WFQ)
– Class-based Low Latency Queuing (CB-LLQ)
• Distribution - Branch
– Class-based Weighted Fair Queuing (CB-WFQ)
– Class-based Low Latency Queuing (CB-LLQ)
• Options
– Class-based Shaping
– Adaptation to Frame Relay congestion notification
– Class-based Policing
– Weighted Random Early Detection (WRED)
© 2001, Cisco Systems, Inc. IP QoS Introduction-79
This figure shows a solution using advanced mechanisms to provide better control
of bandwidth usage. This solution requires newer Cisco IOS software versions
(12.1 or 12.2, depending on the details of the implementation).
Review Questions
Answer the following questions:
n What is the typical enterprise network topology?
n How is resilience achieved?
n Based on which information do typical enterprise networks apply QoS?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe a typical structure of a service provider network
n Describe the need for QoS in service provider networks
n List typical QoS requirements in service provider networks
n List the QoS mechanisms that can be used in service provider networks
Redundant connections
ATM, SONET/SDH, DPT, GE, ... Rings
Distribution
(regional POPs)
Single connections
Frame Relay, ATM, Leased line (analog, TDM), Optional redundant connections
dial-up (PSTN, ISDN, GSM), xDSL, (fast)ethernet, ... Dial backup
Access
(customers)
• Typical service provider networks use a high -speed partially-meshed core (backbone)
• Regional POPs use two or more connections to the core
• There may be another layer of smaller POPs connected to distribution-layer POPs
• Customers are usually connected to the service provide via a single point-to-point link (a
secondary link or a dial line can be used to improve resilience)
As the figure illustrates, Service Provider networks significantly differ from typical
enterprise networks. Enterprise Networks are used as a tool to support the
enterprise whereas with Service Providers the network is the business itself.
Enterprise networks are concerned with providing quality to business-critical
applications and Service Providers tend to broaden their service offering by
introducing QoS.
Service Providers want to offer customers more than plain connectivity. Service
Providers want to establish differentiated levels of service for customers with
incremental pricing and SLA agreements. The customer should not only shop
around among a number of service providers that offer connectivity to the Internet
or provide MPLS/VPNs, but also have a menu of services they can choose from.
Some customers are satisfied with the best-effort service; some want certain
service guarantees.
Service Provider networks would generally use newer Cisco IOS software and
can therefore deploy the latest available mechanisms. The case study is
implemented using CB-WFQ in combination with WRED and CB-LLQ at
networks edges (between access and distribution layer). WRED can be used on
high-speed links (on core links).
Review Questions
Answer the following questions:
n What is the typical topology of service provider networks?
n How is resilience achieved?
n Based on which information do typical service provider networks apply QoS?
Review Questions
Answer the following questions:
n Name the QoS building blocks.
Classification, marking, metering, dropping, policing, shaping and queuing.
n What is the purpose of classification?
Classification is used to assign packets to traffic classes with different
QoS requirements (behavior aggregates).
n What is the purpose of marking?
Marking is used to allow simplified classification on other devices in the
network.
n Which markers do you know?
IP precedence, DSCP, MPLS experimental bits, QoS group, Frame
Relay DE bit, ATM CLP bit, 802.1q CoS bits, ISL priority bits.
n Which mechanisms can classify and mark
packets?
Policy-based Routing (PBR)
Committed Access Rate (CAR)
QoS Policy Propagation through BGP (QPPB)
Class-based Policing
Class-based Marking
n Which mechanisms have the ability to measure
the rate of traffic?
Committed Access Rate (CAR)
Generic Traffic Shaping (GTS)
Frame Relay Traffic Shaping (FRTS)
Class-based Weighted Fair Queuing (CB-WFQ)
Class-based Low Latency Queuing (CB-LLQ)
Class-based Policing
Class-based Shaping
IP RTP Prioritization
n Which forwarding mechanisms do you know?
Process Switching, Fast Switching, Optimum Switching, NetFlow
Switching, CEF switching …
Review Questions
Answer the following questions:
n What is the typical enterprise network topology?
Enterprise networks typically use the hub-and-spoke topology.
n How is resilience achieved?
Resilience is achieved by using redundant links.
n Based on which information do typical enterprise
networks apply QoS?
Enterprise networks typically provide QoS to applications. Applications
are typically identified based on the TCP or UDP port numbers.
Review Questions
Answer the following questions:
n What is the typical topology of service provider
networks?
Typical service provider networks use a partially meshed core with a
redundant hub-and-spoke topology for the POPs.
n How is resilience achieved?
Resilience is achieved by using partial mesh (core) and redundant links
(distribution, access).
n Based on which information do typical service
provider networks apply QoS?
Service providers typically apply QoS to customer traffic. Customer
traffic is identified based on source or destination IP addresses.
Overview
This module describes the mechanisms that are used to classify and mark IP
packets. This module builds on the knowledge acquired from the introductory
module where classification and marking is discussed. Theoretical knowledge is
supplemented by detailing Policy-based routing (PBR) and QoS Policy Propagation
through BGP (QPPB) mechanisms.
Objectives
Upon completion of this module, you will be able to:
n Describe Policy-based routing and how it is used to classify and mark IP
packets
n Describe QoS Policy Propagation through BGP and how it is used to classify
and mark IP packets
n List other mechanisms that also support classification and marking capabilities
(Committed Access Rate, Class-based Policing and Class-based Marking)
Traffic Classification and Marking
Classification
• Most QoS mechanisms in the Cisco IOS
include some type of classification
• Some mechanisms classify packets
automatically, some require manual
configuration
Marking
• Only a small number of mechanisms also
include a marking capability
This module focuses on the QoS mechanisms that are used for classification and
marking purposes only. Most QoS mechanisms include some type of classification
but only a small number of mechanisms also include marking capability.
Classification is the term used for identifying a Behavior Aggregate to which a
packet belongs. A Behavior Aggregate is a collection of flows requiring the same
quality of service.
Marking is the term used for coloring packets by applying a class-identifying
value to one of the following markers: IP precedence, DSCP, QoS group (value is
local to a router), MPLS experimental bits (can be used only in MPLS-enabled
networks), ATM CLP bit (value can be used only within ATM networks), Frame
Relay DE bit (value can be used only within Frame Relay networks), IEEE 802.1q
or ISL cos/priority bits (value can be used on within LAN-switched networks).
2-2 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Traffic Classification and Marking
This module describes the two QoS mechanisms that are used purely for
classification and marking purposes:
n Policy-based Routing (PBR)
n QoS Policy Propagation through BGP (QPPB)
There are other QoS mechanisms that also support classification and marking:
n Committed Access Rate (CAR) – this mechanism is described in the “IP
QoS – Traffic Shaping and Policing” module
n Class-based Policing (CB-Policing) – this mechanism is described in the
“IP QoS – Modular QoS CLI (Chapter 2)” module
n Class-based Marking (CB-Marking) – this mechanism is described in the
“IP QoS – Modular QoS CLI (Chapter 2)” module
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-3
Policy-based Routing
Objectives
Upon completion of this lesson, you will be able to:
n Describe Policy Based Routing (PBR)
n Configure PBR on Cisco routers
n Monitor and troubleshoot PBR
2-4 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Policy-based Routing
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-5
PBR “match” and “set” Options
Set:
• Output interface (bypass the
Match on: routing table)
• Standard and extended access • Next-hop address (bypass the
lists routing table)
• Length of packets (min,max) • ToS field (QoS marking)
• IP precedence (QoS marking)
• QoS group (QoS marking)
IP
Input Output
interface interface
PBR classifies packets based on standard or extended access lists, the length of
packets and the incoming router interface (a route map is applied to an input
interface).
The route map sets the following parameters:
n Output interface: force the router to forward packets to an interface even if it
would not provide for optimal routing
n Next-hop address: to make a forwarding decision by using a different next-hop
address than the one determined by the routing table
n ToS value: the ToS value in this case applies to bits 4,3,2 and 1 of the ToS field
n IP precedence: three-bit field used to identify a class of service
n QoS group: the local parameter with an expanded value range
The first two parameters (output interface and next-hop address) are used to
bypass the default destination-based routing. The other three parameters are used
for QoS purposes (ToS value is less commonly used).
2-6 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
PBR Capabilities
Inbound Dropper
or
Classifier Marker
Locally-originated
Forwarding
Outbound
Meter
Shaper Queuing
Classifier Marker
Dropper
The figure illustrates the “full” QoS building-block scheme showing that PBR
works only on input and that it supports only classification and marking. The
“Forwarding” box could be colored as well since PBR can be used to make a
forwarding decision. PBR contains no mechanism for metering or dropping of data
packets.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-7
Configuring Classification and
Marking Using PBR
2-8 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Route Map Rules
Router(config)#
route-map <name> [permit | deny] [<sequence-number>]
match <condition>
set <parameter>
• Route maps are identified by a case sensitive name
• Route maps can have multiple statements (same name,
different sequence number)
• Packets are processed in the specified sequence
• Packets not matched by the route map are forwarded using the
default destination-based forwarding
• If packets are matched by the “match” condition but the route
map statement is using the “deny” option, the default
destination-based forwarding is applied to the packet
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-9
PBR Classification
Router(config-route-map)#
match ip address <#acl>
Route maps have a number of match options but only two can be used for policy-
based routing purposes:
n match ip address is used to examine the packet’s headers with a standard or
an extended access list
n match length is used to mach packets based on their length
2-10 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
PBR Marking
Router(config-route-map)#
set ip precedence <precedence>
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-11
Applying a Route Map
Router(config-if)#
ip policy-map <route-map-name>
Once a route map is configured it must be applied to either packets coming into the
router through an interface or to packets being generated by the router.
The first command (ip policy-map) is used for forwarded packets.
The second command (ip local policy-map) is used for packets generated by a
router and is typically used for tunneling packets (e.g. DLSw)
Note Policy-based routing is a mechanism that puts interfaces into Process Switching
mode. This will significantly degrade performance. PBR has been available in
the fast-switching path since Cisco IOS version 11.3. The ip route-cache policy
command can be used on an interface to enable caching for PBR. This
command has been available since Cisco IOS software version 12.0.
2-12 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Monitoring and Troubleshooting
PBR
Router#
show route-map <name>
The show route-map command is used to display the route map with its match
and set options.
The debug ip policy command is used to display all packets being processed by
PBR.
The show ip policy command is used to see a list of all interfaces that are enabled
for PBR. The output also displays the corresponding route maps.
The show ip local policy command is used to display the configured parameters
for local PBR with a number of packets and bytes that have been policy-routed by
the local PBR.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-13
Monitoring and Debugging
Policy Routing
Router#show
Router#show route-map
route-map CPE
CPE
route-map
route-map CPE,
CPE, permit,
permit, sequence
sequence 10
Match
Match clauses:
ip address
address (access-lists):
(access-lists): 199
Set clauses:
clauses:
ip precedence
precedence flash-override
flash-override
Policy routing matches: 3418 packets, 412108 bytes
route-map
route-map CPE,
CPE, permit,
permit, sequence
sequence 20
Match
Match clauses:
ip address
address (access-lists):
(access-lists): MatchPing
MatchPing
Set clauses:
clauses:
ip precedence
precedence priority
priority
Policy
Policy routing
routing matches:
matches: 8282 packets,
packets, 31045
31045 bytes
bytes
Router#show
Router#show access-list
access-list MatchPing
MatchPing
Extended
Extended IP
IP access
access list MatchPing
MatchPing
permit icmp any any echo (25 matches)
Router#
Router#
The figure shows a sample output of the show route-map and show access-list
commands.
2-14 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Monitoring and Debugging
Policy-based Routing
Router#debug
Router#debug ip
ip policy
policy
Policy
Policy routing
routing debugging
debugging is
is on
on
Router#ping
Router#ping 192.168.1.1
192.168.1.1
Type
Type escape
escape sequence
sequence to
to abort.
abort.
Sending
Sending 5,
5, 100-byte
100 -byte ICMP
ICMP Echos
Echos to
to 192.168.1.1,
192.168.1.1, timeout
timeout is
is 22 seconds:
seconds:
!!!!!
!!!!!
Success
Success rate
rate is
is 100
100 percent
percent (5/5),
(5/5), round-trip
round -trip min/avg/max
min/avg/max == 28/31/32
28/31/32 ms
ms
Router#
Router#
2d02h:
2d02h: IP:
IP: s=192.168.1.2
s=192.168.1.2 (local),
(local), d=192.168.1.1,
d=192.168.1.1, len
len 100,
100, policy
policy match
match
2d02h:
2d02h: IP:
IP: route
route map
map CPE,
CPE, item
item 20,
20, permit
permit
...
...
The debug ip policy command is similar to the debug ip packet except that the
debug ip policy only displays policy-routed packets. This command should be
used with caution as it may produce too much output.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-15
IP Precedence Marking
Case Study #1
The case study involves a bank branch office where a single router connects two
LANs to the corporate network via one serial interface. This case study focuses
on the classification and marking part of a larger QoS solution, which includes
other QoS mechanisms.
2-16 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Case #1- Solution
Policy-based routing can be used to mark packets with IP precedence values. All
packets from Ethernet 0 are marked with IP precedence 2. Since matching is
applied to all packets no “match” command is needed in the route map. The other
route map is applied to the other Ethernet interface and it marks packets with IP
precedence 0.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-17
IP Precedence Marking
Case Study #2
The second case study is more complicated because classification is not done
based on the input interface. Instead, classification if performed based on
application (TCP or UDP port numbers).
2-18 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Case #2 - Solution
WAN core
E0
interface
interface eth
eth 0
0 Core
ip
ip policy-map
policy-map set-prec
set-prec
Branch
Mark
Mark IP
IP precedence:
precedence: !!
office
route-map
route-map set-prec permit
set-prec permit 10
10
Telnet
Telnet = 22 match
match ip
ip address
address CorporateWebTraffic
CorporateWebTraffic
Corporate
Corporate Web
Web == 1 set
set ip precedence 11
everything
everything else
else == 0 route-map
route-map set-prec
set-prec permit
permit 20
20
match
match ip
ip address
address TN3270
TN3270
set
set ip precedence 22
route-map
route-map set-prec
set-prec permit
permit 30
30
set
set ip precedence 00
!!
ip
ip access-list
access-list extended
extended CorporateWebTraffic
CorporateWebTraffic
permit
permit tcp
tcp any
any 10.1.1.0
10.1.1.0 0.0.0.255
0.0.0.255 eq
eq www
www
ip
ip access-list
access-list extended
extended TN3270
TN3270
permit
permit tcp
tcp any
any any
any eq
eq telnet
telnet
A route map is created with three statements, one for each application:
n The first statement uses an access list to identify corporate web traffic
(destination port 80). IP precedence 1 is applied to these packets.
n The second statement uses another access list to identify outbound telnet
sessions. IP precedence 2 is applied to these packets.
n The last statement sets IP precedence 0 to all other packets.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-19
Route Map - Review
2-20 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Summary
Policy based routing is used for two purposes:
n Bypassing the traditional destination-based forwarding
n Marking of IP packets with Ip precedence or QoS group
Lesson Review
n What are the applications of Policy-based Routing?
n What configuration tool is used to implement PBR?
n How can PBR be applied to IP traffic?
n Describe the classification options with PBR.
n Describe the marking options with PBR.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-21
QoS Policy Propagation through BGP (QPPB)
Objectives
Upon completion of this lesson, you will be able to:
n Describe the QPPB mechanism
n Configure the QPPB mechanism on Cisco routers
n Monitor and troubleshoot QPPB
2-22 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
IP QoS Policy Propagation
Through BGP (QPPB)
QoS Policy Propagation through BGP is a mechanism that can be split into two
parts:
n Policy propagation via BGP, where a QoS policy is encoded into a BGP
attribute. BGP Communities are typically used to encode a QoS policy.
n Marking of packets with IP precedence or QoS group based on the QoS policy
learned via BGP.
BGP Policy is usually set on ingress routers (ingress for route propagation, egress
for packet forwarding) in an Autonomous System. BGP then carries the
information to other routers in the AS and translates (using a route map) this
information into IP precedence or QoS group. Marking is then enabled on per-
interface basis.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-23
QPPB Capabilities
Inbound Dropper
or
Classifier Marker
Locally-originated
Forwarding
Outbound
Meter
Shaper Queuing
Classifier Marker
Dropper
Similar to PBR, QPPB also supports classification and marking only on the input
interface.
2-24 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
BGP Marking
Meter
Inbound
traffic
stream
Classifier Marker Dropper
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-25
Cisco Express Forwarding
Review
2-26 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Review: Standard IP Switching
The figure illustrates how BGP routing information is used on routers that are
configured with the default switching operation:
n A BGP entry is inserted into the main routing table (the network points to the
BGP next-hop address.
n A recursive routing lookup is needed when the first packet arrives. After the
output interface is identified, a cache entry is generated. Multi-access media
requires additional information from the ARP cache.
n The subsequent packets are forwarded using the fast-switching cache.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-27
Review: CEF Switching
ARP cache
IP address Layer 2 header IP address MAC address
Adjacency
1.5.4.1 MAC header 1.5.4.1 0c.00.11.22.33.44
table
... ... ... ...
CEF switching is different from the default operation in the following ways:
n CEF switching cache (the FIB table and the adjacency table) reflects the
information from the main routing table. Changes in the FIB table are not
triggered by packets but by changes in the main routing table itself.
n The CEF switching cache is split into two tables:
n Forwarding Information Base (FIB) which contains all networks that
are taken from the routing table. Those entries point to directly accessible
next-hops. Adjacency pointers are used to get information about these
next-hops from the Adjacency table
n Adjacency table contains a list of directly connected neighboring IP
devices. A layer-2 header is created in advance to accelerate the
encapsulation process.
2-28 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
CEF Switching with QoS
Packet Marking
Address Prefix AS-Path Next hop Communities Other attr.
BGP table 10.0.0.0 /8 42 13 1.2.3.4 37:12
... ... ... ... ... BGP table...
map
ARP cache
IP address Layer 2 header IP address MAC address
Adjacency
1.5.4.1 MAC header 1.5.4.1 0c.00.11.22.33.44
table
... ... ... ...
When using CEF for packet marking a table map is used in the BGP configuration
mode to process routes inserted into the routing table. A route map (used as a table
map in BGP) can translate any BGP parameter or attribute into IP precedence or
QoS group. This information is then passed on to the FIB table.
Once packet marking is enabled the router will perform two CEF lookups:
n The first lookup is used to mark packets
n The second lookup is used to make a forwarding decision
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-29
QPPB Configuration Tasks
Before configuring routers to support QPPB, a QoS design, which must include the
following, is needed:
n BGP attribute used to encode class of service (BGP Communities are usually
used)
n Marker (when using QPPB only IP precedence or QoS group can be used)
The following configuration steps are necessary on routers that perform packet
marking:
n Enable CEF
n Create a route map that translates a BGP attribute into IP precedence or QoS
group
n Apply the route map to process BGP routes before they are entered into the
main routing table.
n Enable per interface marking.
2-30 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Setting IP Precedence or QoS
Group in the IP Routing Table
Router(config-router)#
table-map <route-map-name>
Router(config)#
route-map <name> permit <seq>
set ip precedence <precedence>
set ip qos-group <group>
Use the table -map command in the BGP configuration mode to populate the main
routing table with the class of service information.
A route map can “tag” networks with IP precedence, QoS group or both.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-31
Enable Per-interface Packet
Marking
Router(config-if)#
bgp-policy source ip-prec-map
Once the FIB table contains the class of service information (IP precedence or
QoS group), marking can be configured on input interfaces.
CEF-based marking is performed based on the following:
n Find the source address (taken from the packet being marked) in the FIB
table and mark it with the IP precedence value attached to the
address/network. Use the bgp-policy source ip-prec-map interface
command to mark the packet.
n Find the source address (taken from the packet being marked) in the FIB
table and mark it with the QoS group value attached to the address/network.
Use the bgp-policy source ip-qos-map interface command to mark the
packet.
2-32 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Enable Per-interface Packet
Marking
Router(config-if)#
bgp-policy destination ip-prec-map
n Find the destination address (taken from the packet being marked) in the
FIB table and mark it with the IP precedence value attached to the
address/network. Use the bgp-policy destination ip-qos-map interface
command to mark the packet.
n Find the destination address (taken from the packet being marked) in the
FIB table and mark it with the QoS group value attached to the
address/network. Use the bgp-policy destination ip-qos-map interface
command to mark the packet.
All four commands can be attached to the same interface (although not
recommended) and they are processed in the following order:
n Source-based IP precedence marking
n Source-based QoS group marking
n Destination-based IP precedence marking (overrides source-based marking)
n Destination-based QoS group marking (overrides source-based marking)
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-33
Case Study
WAN core
NAP router NAP router POP router
Customer
AS 24 AS 12 (AS 73)
This case study shows how customer networks can be marked with a BGP
community identifying a class of service, which is then propagated throughout the
Autonomous System 12 and used on edge routers to classify and mark packets
towards the customer networks with IP precedence flash (IP precedence 3).
Each IP precedence value is also identified by a name:
IP precedence IP precedence
value name
0 Routine
1 Priority
2 Immediate
3 Flash
4 Flash-override
5 Critical
6 Internet
7 Network
2-34 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Step #1
Distribute QoS functions
WAN core
NAP router NAP router POP router
Customer
AS 24 AS 12 (AS 73)
To achieve the same level of quality in both directions the packets going to and
coming from the customer network must first be classified and marked.
Classification and marking of packets coming from the customer network is trivial:
n PBR without a match statement is used on the interface connection from the
customer network to the ISP’s network.
n Another option is to use other mechanisms such as Committed Access Rate
(CAR), Class-based Policing or Class-based Marking.
Classifying and marking packets going to the customer network is a more difficult
task because:
n Classifying and marking must be performed on all edge routers.
n Classifying and marking requires the identification of the customer network.
Using PBR, CAR, CB-Policing or CB-Marking does not scale because it
involves the use of access lists (this is especially difficult if customer networks
are dynamically learned via BGP).
QPPB is the only scalable mechanism that can classify and mark packets based on
their source or destination IP address.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-35
Step #2
Select QoS mechanisms
WAN core
NAP router NAP router POP router
Customer
AS 24 AS 12 (AS 73)
CEF-based marking
The case study will employ PBR to do the marking of outbound packets (from the
customer perspective). QPPB will be used to mark inbound packets on remote
edge (border) routers.
2-36 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Step #3 - Design Individual QoS
Mechanisms
WAN core
NAP router NAP router POP router
Customer
AS 24 ASSet
12 FIB table (AS 73) on
based
BGP community
Customers networks are tagged with BGP Community 12:17 and sent to all internal
BGP neighbors.
Edge routers use a table map to translate BGP Community 12:17 into IP
precedence 3.
Destination-based precedence marking is enabled on interfaces connecting the AS
to other ASs.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-37
Mark Routes Coming From AS 73
WAN core
NAP router NAP router POP router
Customer
AS 24 AS 12 (AS 73)
router bgp 12
neighbor 1.2.3.4 remote-as 73
neighbor 1.2.3.4 route-map Premium in
!
route-map Premium permit 10
set community 12:17 additive
The figure illustrates how a route map is used to process inbound BGP routing
updates coming from the customer’s AS 73. The BGP community attribute 12:17 is
added to the routing updates.
2-38 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Configure Community
Propagation
WAN core
NAP router NAP router POP router
Customer
AS 24 AS 12 (AS 73)
router bgp 12
neighbor 2.3.4.5 remote-as 12
neighbor 2.3.4.5 send-community
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-39
Set FIB Table Based on BGP
Community
WAN core
NAP router NAP router POP router
router bgp 12 Customer
AS 24 AS 12
table-map PremiumCheck (AS 73)
!
route-map PremiumCheck permit 10
match community 17
set ip precedence flash
!
route-map PremiumCheck permit 20
set ip precedence 0
!
ip community-list 17 permit 12:17
The edge routers use route maps to translate BGP Community values into
appropriate IP precedence values. The figure illustrates how all routes carrying
BGP community 12:17 are tagged with IP precedence 3 in the routing table and the
FIB table. All other networks are tagged with IP precedence 0.
Note Setting IP precedence 0 on all packets not specifically matched by a table map is
also a security feature because it prevents IP precedence spoofing. Anyone
trying to use a high IP precedence value (e.g. 6 or 7) will be remarked with IP
precedence 0 and get the best-effort service.
2-40 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Configure CEF Packet Marking
WAN core
NAP router NAP router POP router
Customer
AS 24 AS 12 (AS 73)
ip cef
!
interface hssi 0/0
bgp-policy destination ip-prec-map
!
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-41
IP QoS and BGP Interaction
Review
2-42 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Summary
QPPB is a mechanism that is used to implement more scalable QoS solutions. It
uses BGP to propagate QoS policy information and CEF to mark packets with IP
precedence or QoS group.
Lesson Review
n Why is QPPB needed?
n How is QoS policy propagated through a network?
n How are QoS traffic classes defined by QPPB?
n Which IP forwarding mechanisms support QPPB?
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-43
Other QoS Mechanisms with Classification and
Marking Capability
Objectives
Upon completion of this lesson, you will be able to:
n Explain how most QoS mechanisms support some type of classification
n Name CAR, CB-Policing and CB-Marking as mechanisms that support
classification and marking
2-44 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Classification
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-45
Marking
2-46 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Committed Access Rate (CAR)
CAR is a mechanism used to limit the traffic rate of a class and optionally mark
packets with one of the following markers:
n IP precedence
n DSCP
n MPLS experimental bits
n QoS group
CAR can also mark packets with two different values depending on whether they:
n Conform to the policy (packet is within the contractual bit-rate)
n Exceed the policy (packet is over the contractual bit-rate)
Conforming and exceeding packets can be marked with different values.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-47
Class-based Policing
2-48 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Class-based Marking
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-49
Summary
The following mechanisms are used for classification and marking purposes:
n Policy-based Routing (PBR)
n QoS Policy Propagation through BGP (QPPB)
n Committed Access Rate (CAR)
n Class-based Policing
n Class-based Marking
PBR is a mechanism that was primarily intended for bypassing the destination-
based forwarding and marking packets with IP precedence or QoS group.
QPPB is a mechanism that can also be used to mark packets with IP precedence
or QoS group. Its main advantage is scalability.
Lesson Review
n Which mechanisms in IOS support classification and marking of packets?
n Which fields or parameters can be used to mark packets in Cisco IOS?
2-50 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Summary
After completing this module, you should be able to perform the following tasks:
n Describe Policy-based routing and how it is used to classify and mark IP
packets
n Describe QoS Policy Propagation through BGP and how it is used to classify
and mark IP packets
n List other mechanisms that also support classification and marking capabilities
(Committed Access Rate, Class-based Marking)
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-51
Review Questions and Answers
Policy-based Routing
Question: What are the applications of Policy-based Routing?
Answer: PBR is used to bypass the destination-based forwarding or to classify
and mark packets.
Question: What configuration tool is used to implement PBR?
Answer: Route maps are used to implement PBR.
Question: How can PBR be applied to IP traffic?
Answer: PBR can be applied to input packets or packets originated by the
router.
Question: Describe the classification options with PBR.
Answer: PBR’s classification options include standard and extended access lists
as well as packet size based classification. PBR can also classify based on the
input interface because it is used on per-interface basis.
Question: Describe the marking options with PBR.
Answer: PBR can set the next-hop address or output interface to bypass the
default destination based forwarding. PBR can also mark packets with the
following options: ToS bits, IP precedence or QoS group.
2-52 IP QoS Classification and Marking Copyright 2001, Cisco Systems, Inc.
Other QoS Mechanisms with Classification and Marking Capability
Question: Which mechanisms in IOS support classification and marking of
packets?
Answer:
Policy-based Routing (PBR)
Committed Access Rate (CAR)
QoS Policy Propagation through BGP (QPPB)
Class-based Policing
Class based Marking
Question: Which fields or parameters can be used to mark packets in Cisco IOS?
Answer: IP precedence, DSCP, MPLS experimental bits, QoS group, Frame Relay
DE bit, ATM CLP bit, 802.1q CoS bits, ISL priority bits.
Copyright 2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-53
Queuing Mechanisms
Overview
This module describes the queuing mechanisms that can be used on output
interfaces.
It includes the following topics:
n Queuing Overview
n FIFO Queuing
n Priority Queuing
n Custom Queuing
n Weighted Fair Queuing
n Distributed Weighted Fair Queuing
n Modified Deficit Round-robin
n IP RTP Prioritization
Objectives
Upon completion of this module, you will be able to perform the following tasks:
n Describe and configure FIFO Queuing (FQ)
n Describe and configure Priority Queuing (PQ)
n Describe and configure Custom Queuing (CQ)
n Describe and configure basic Weighted Fair Queuing (WFQ), distributed WFQ,
ToS-based distributed WFQ and QoS-group-based distributed WFQ
n Describe and configure Modified Weighted Round-robin (MDRR) queuing
n Describe and configure IP RTP Prioritization
Queuing Overview
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Understand how queuing works on Cisco routers
n List the most used queuing mechanisms
The lesson discusses how output queuing mechanisms are implemented on Cisco
routers running Cisco IOS. It discusses most of the queuing mechanisms in detail,
except Class-based Weighted Fair Queuing and Class-based Low-latency
Queuing, which are discussed in the “IP QoS – Modular QoS CLI (Chapter 2)”
module.
Software Hardware
Output
Forwarder Queuing Queue Interface
System (TxQ)
Hardware
Software Queue Yes Hardware Queue No
Empty? Full? Queue
(TxQ)
No Yes
Software
Queuing
System
The implementation of software queuing was optimized for periods when the
interface is not congested. The software queuing system is bypassed whenever
there is no packet in the software queue and there is room in the hardware queue.
The software queue is, therefore, only used when data must wait to be placed into
the hardware queue.
The double queuing strategy (software and hardware queue) has its impacts on the
result of overall queuing:
n Software queue is used for a certain reason. If the hardware queue is too long
it will contain a large number of packets scheduled in the FIFO fashion. This is
probably against the QoS design that required a certain complex software
queuing system (for example, Custom Queuing).
So why use the hardware queue at all? Or why not just set its length to one? That
would force all packets to go through the software queue and be scheduled one by
one to the interface for transmission. This approach has the following drawbacks:
n Each time a packet is transmitted, the interface driver interrupts the CPU and
requests more packets to be delivered into its hardware queue. Some queuing
mechanisms have complex scheduling that takes time to deliver more packets.
The interface does not send anything during that time (link utilization is
decreased) if the hardware queue is empty because its maximum size is one.
n The CPU schedules packets one by one instead of many at the same time (in
the same interrupt interval). This increases the CPU utilization.
Choosing the appropriate length of the hardware queue is very important. The
default TxQ size is determined by the IOS based on the bandwidth of the media
and should be fine for most queuing implementations. Faster interfaces have longer
hardware queues because they produce less delay. Slower interfaces have shorter
hardware queues to prevent too much delay in the worst-case scenario where the
entire hardware queue is full of MTU-sized packets.
Forwarded Packets
Hardware
Queuing System
Class 2? Add/Drop Queue 2
Hardware Q Interface
Scheduler
• Each queuing mechanism has three main components that define it:
– Classification (selecting the class)
– Insertion policy (determining whether a packet can be enqueued)
– Service policy (scheduling packets to be put into the hardware queue)
The figure illustrates the actions that have to be taken before a packet can be
transmitted:
n Most queuing mechanisms include classification of packets.
n Once a packet is classifie d, a router has to determine whether it can put the
packet into the queue or it has to drop the packet. Most queuing mechanisms
will drop a packet only if the corresponding queue is full (tail-drop). Some
mechanisms use a more intelligent dropping scheme (Weighted Fair Queuing)
or a random dropping scheme (Weighted Random Early Detection).
n If the packet is allowed to be enqueued it will be put into the FIFO queue for
that particular class.
n Packets are then taken from the individual per-class queues and put into the
hardware queue.
Queuing systems differ in the following ways:
n Classification options: some mechanisms classify packets automatically (for
example, WFQ), while other mechanisms require manual configuration of
classification (for example, PQ or CQ).
n Insertion policy: most queuing mechanisms use the tail-dropping scheme.
n Scheduling policy: this is the most important part of every queuing mechanism
because it determines the order in which the packets will leave the router.
Review Questions
Answer the following questions:
n Which queuing mechanisms do Cisco routers support?
n When is a software queuing mechanisms not used?
n How does TxQ length affect the software queuing system?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe FIFO queuing
n Describe the drawbacks of FIFO queuing
n Configure FIFO queuing on Cisco routers
n Monitor and troubleshoot FIFO queuing
Forwarded Packets
FIFO queuing has no classification because all packets belong to the same class.
Packets are dropped when the output queue is full (tail-drop). The scheduler
services packets in the order they arrived.
Software FIFO queue is basically an extension of the hardware FIFO queue.
+ Benefits
• Simple and fast (one single queue with a simple
scheduling mechanism)
• Supported on all platforms
• Supported in all switching paths
• Supported in all IOS versions
– Drawbacks
• Unfair allocation of bandwidth among multiple flows
• Causes starvation (aggressive flows can monopolize
links)
• Causes jitter (bursts or packet trains temporarily fill
the queue)
© 2001, Cisco Systems, Inc. Queuing Mechanisms-15
FIFO queuing might be regarded as the fairest queuing mechanism but it has a long
list of drawbacks:
n FIFO does not fairly allocate bandwidth among multiple flows. Some flows
receive more bandwidth because they use larger packets or send more packets.
n FIFO is extremely unfair when an aggressive flow is contesting with a fragile
flow. Aggressive flows send a large number of packets, many of which are
dropped. Fragile flows send a modest amount of packets and most of them are
dropped because the queue is always full due to the aggressive flow. This type
of behavior is called starvation.
n Short or long bursts cause a FIFO queue to fill. Packets entering an almost full
queue have to wait a long time before they can be transmitted. Another time,
the queue might be empty causing packets of the same flow to experience
almost no delay. Variation in delay is called jitter.
In spite of all the drawbacks FIFO is still the most used queuing mechanism
because of the following benefits:
n It is simple and fast. Most high-end routers with fast interfaces are not really
challenged by the drawbacks mentioned earlier. Furthermore, routers are not
capable of complex classification and scheduling when they have to process a
large number of packets per second. FIFO is, therefore, the most suitable
queuing mechanisms on these platforms.
n It is supported on all platforms.
n It is supported in all IOS versions.
Router(config-if)#
no fair-queue
fair-queue
Router(config-if)#
hold-queue <buffers>
<buffers> out
One of the considerations when using FIFO queuing is the maximum burst size.
Routers allow (by default) up to 40 packets to be in the output queue. Shortening
the queue causes more drops, especially for bursty sessions. Lengthening the
queue allows more packets to be enqueued. A long queue should be used to allow
bursts without drops.
The hold-queue command is used to set the maximum number of packets in the
output queue.
The example shows how FIFO can be enabled on an interface that uses WFQ by
default. The serial interface in question has the default bandwidth of 128 kbps
(below 2 Mbps). The ethernet interface has the default bandwidth of 10 Mbps
(above 2 Mbps) and requires no configuration.
The maximum output queue size was also slightly increased from the default 40 to
50.
FIFO queuing is not supported by a large arsenal of show and debug commands.
The show interface command can be used to determine the queuing strategy of
an interface and to display the following statistics:
n The current queue size (buffer usage)
n The maximum queue size (default 40 or whatever is configured with the
hold-queue out command)
Review Questions
Answer the following questions:
n Why is FIFO the fastest queuing mechanism?
n Describe the classification and scheduling of FIFO queuing.
n List the drawbacks of FIFO queuing.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe Priority Queuing
n Describe the benefits and drawbacks of Priority Queuing
n Configure Priority Queuing on Cisco routers
n Monitor and troubleshoot Priority Queuing
Forwarded Packets
Hardware
Medium? Tail-drop Queue 2 Queuing System
Pre-emptive
Scheduler Hardware Q Interface
Priority Queuing (PQ) is one of the first mechanisms that allowed classification of
packets into multiple classes. Scheduling is done in strict priority.
PQ can classify packets into one of the four queues:
n High queue
n Medium queue
n Normal queue (the default queue)
n Low queue
Scheduling prefers packets in the same order. Each class uses one FIFO queue,
where packets are dropped if a queue is full.
Priority Queuing is basically a collection of four parallel FIFO queues. Each queue
suffers from all FIFO problems isolated to the class (unfair, starvation, delay,
jitter). Each queue uses the tail-drop scheme when the queue is full.
Each of the four queues can be configured with the maximum number of packets
that it can hold.
Packet in No
HIGH
queue?
Packet in No
Yes
MEDIUM
queue?
Packet in No
Yes
NORMAL
queue?
Packet in No
Yes
LOW
queue?
Yes
Dispatch Packet
And start checking the Hardware Q
HIGH queue again
Priority Queuing uses strict priority scheduling. As long as there are packets in the
high queue no other queue will be served. If the high queue is empty the router
starts serving the medium queue.
Congestion in any of the queues, except the low queue, causes a different type of
starvation. A congested higher-priority queue causes all lower-priority queues to
starve (class starvation).
+ Benefits
• Provides low-delay propagation to high-priority
packets
• Supported on most platforms
• Supported in all IOS versions (above 10.0)
– Drawbacks
• All drawbacks of FIFO queuing within a single class
• Starvation of lower -priority classes when higher-
priority classes are congested
• Manual configuration of classification on every hop
The configuration of Priority Queuing can be split into the following four steps:
1. Classify data into four classes
2. Assign a queue to each class
3. Set the maximum queue size (if the default is not appropriate)
4. Apply the priority queuing system to one or more interfaces
Router(config)#
priority-list list-number
list-number protocol protocol-name
{high|medium|normal|low} queue-keyword keyword-value
The first three configuration steps are achieved using the priority-list command.
A Priority Queuing system is identified with a common number (list-number).
Priority Queuing supports the following direct classification options of IP packets:
1. Match fragments
2. Match packets based on their size
3. Match packets based on their source or destination TCP/UDP port number
A far more powerful classification tool is an access list (standard or extended).
Router(config)#
priority-list list-number interface intf {high|medium|normal|low}
{high|medium|normal|low}
Note The priority-list commands are evaluated in the order they were entered. This is
especially important when overlapping classification is configured for separate
queues.
For example:
Line 1: all IP traffic goes into the high priority queue
Line 2: all TCP traffic goes into the medium queue
The medium queue in this example would never g et any packets because it
appears second in the configuration and it is a subset of the first line.
Router(config-if)#
priority-group list
Priority Queuing uses the following default maximum queue sizes for the four
queues:
n High queue has a default queue limit of 20
n Medium queue has a default queue limit of 40
n Normal queue has a default queue limit of 60
n Low queue has a default queue limit of 80
The last configuration step is to apply a priority-list to an interface. Use the
priority-group command with a corresponding priority-list number to enable
Priority Queuing on an interface.
E0
WAN core
E1
Core
interface
interface serial0
serial0
Branch priority-group
priority-group 1
office
priority-list
priority-list 1 protocol
protocol ip high list 101
priority-list
priority-list 1 interface
interface ethernet
ethernet 00 medium
medium
priority-list
priority-list 1 default normal
priority-list
priority-list 1 queue-limit 20 40 60 80
access-list
access-list 101
101 permit
permit tcp
tcp any
any any
any eq 23
The figure illustrates a simple example where outbound traffic is classified into the
following three classes:
1. All outbound telnet sessions (access list 101) are using the high priority queue
2. All traffic coming into the router via interface Ethernet 0 is forwarded through
the medium queue
3. All other traffic is using the default normal queue
Router#
show interface
interface interface
Router#
show queue
queue interface
interface
The show interface command can be used to determine the queuing strategy of
an interface. If the queuing strategy is PQ some statistics are also displayed.
The show queueing priority command can be used to display all non-default
parameters of priority lists.
Note To use the show queueing command, you must enter at least the first six
characters to differentiate the command (show queuei vs. show queue).
Router#show
Router#show interface
interface serial
serial 1/0
1/0
Serial1/0
Serial1/0 isis up,
up, line
line protocol
protocol is
is up
up
Hardware
Hardware is
is M4T
M4T
Internet
Internet address
address is
is 20.0.0.1/8
20.0.0.1/8
MTU
MTU 1500
1500 bytes,
bytes, BW
BW 19
19 Kbit,
Kbit, DLY
DLY 20000
20000 usec,
usec, rely
rely 255/255,
255/255, load
load 93/255
93/255
Encapsulation
Encapsulation HDLC,
HDLC, crc
crc 16,
16, loopback
loopback not
not set
set
Keepalive
Keepalive set
set (10
(10 sec)
sec)
Last
Last input
input 00:00:00,
00:00:00, output
output 00:00:00,
00:00:00, output
output hang
hang never
never
Last
Last clearing
clearing ofof "show
"show interface"
interface" counters
counters never
never
Input
Input queue:
queue: 0/75/0
0/75/0 (size/max/drops);
(size/max/drops); Total
Total output
output drops:
drops: 00
Queueing
Queueing strategy:
strategy: priority-list
priority-list 11
Output
Output queue
queue (queue
(queue priority:
priority: size/max/drops):
size/max/drops):
high:
high: 0/20/0,
0/20/0, medium:
medium: 0/40/0,
0/40/0, normal:
normal: 0/60/0,
0/60/0, low:
low: 0/80/0
0/80/0
55 minute
minute input
input rate
rate 18000
18000 bits/sec,
bits/sec, 88 packets/sec
packets/sec
55 minute
minute output
output rate
rate 7000
7000 bits/sec,
bits/sec, 88 packets/sec
packets/sec
…… rest
rest ignored
ignored ...
...
The show interface command displays the parameters and the statistics of all four
priority queues. The first parameter is the current size of the queue, the second is
the maximum allowed size of the queue and the third parameter is the number of
drops since the last clearing of counters.
Router#show
Router#show queueing
queueing priority
Current
Current priority
priority queue
queue configuration:
configuration:
List
List Queue Args
Args
11 high
high protocol ip list 101
11 medium
medium interface
interface Ethernet6/0
Review Questions
Answer the following questions:
n When would you use priority queuing?
n What are the benefits and drawbacks of priority queuing?
n How many classes does priority queuing support?
n How does priority queuing schedule packets?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe Custom Queuing
n Describe the benefits and drawbacks of Custom Queuing
n Configure Custom Queuing on Cisco routers
n Monitor and troubleshoot Custom Queuing
Forwarded Packets
Hardware
Class 2? Tail-drop Queue 2 Queuing System
Round
Robin Hardware Q Interface
Scheduler
Custom Queuing (CQ) is similar to Priority Queuing in the way it is configured and
in the supported classification options. The scheduling, however, is completely
different.
CQ uses up to 16 queues that can be used for user-defined classes. The
classification options are identical to those of Priority Queuing.
The scheduling mechanism uses the round-robin service where each queue is
allowed to forward a certain number of bytes (not packets).
Tail-drop is still used within each individual queue.
Custom Queuing (similar to Priority Queuing) can classify IP packets with the
following tools:
n Direct matching on the source interface.
n Standard or extended IP Access list. Extended IP access lists support matching
on the following parameters:
– Source IP address
– Destination IP address
– Source TCP or UDP port number or port range
– Destination TCP or UDP port number or port range
– IP precedence (high-order three bits of the ToS field)
– DSCP (high-order six bits of the ToS field)
– ToS value (bits one through four of the ToS field)
– Fragments
– TCP flags (ACK, SYN, RST, URG, PSH)
n Direct matching of TCP or UDP source and destination port numbers.
n Direct matching of fragments.
n Direct matching of packets based on their size.
Once the packet is classified a router has to determine if the packet can be
enqueued. The packet is dropped if the queue is full.
Each queue, unless configured otherwise, can buffer up to 20 packets before the
first packet is dropped.
No
Is Queue N
Packet in No Next Queue Yes
over the
Queue N? (increase N)
threshold?
Yes
Dispatch
Packet Hardware Q
Custom Queuing uses round-robin scheduling, where each queue gets some
service (bandwidth). Each queue is configured with the number of bytes
(byte-count) it can send in one round. The last packet is always sent, even if the
total amount of bytes sent in one round is above the limit (byte-count). The router
then starts processing the next queue.
The figure illustrates the worst case scenario where the following parameters were
used to implement Custom Queuing on an interface:
n MTU of the interface is 1500 bytes
n Byte-count is 3000 (twice the MTU)
The example shows how the router first sent two packets with a total size of 2999
bytes. Since this is still within the limit (3000) the router can send the next packet
(MTU-sized). The result was that the queue received almost 50% more bandwidth
in this round than it should.
This is one of the drawbacks of Custom Queuing – it does not allocate bandwidth
accurately.
The limit or weight of the queue is configured in bytes. The accuracy of Custom
Queuing depends on the weight (byte-count) and the MTU.
If the ratio between the byte-count and the MTU is too small CQ will not allocate
bandwidth accurately.
If the ratio between the byte-count and the MTU is too large CQ will cause long
delays. This problem is discussed in detail on the next two pages.
Queue 1
5999 4500
Round
Queue 2 Robin 64 kbps
Scheduler
4499 3000 MTU=1500
Queue 3
2999 1500
BW
BW (Queue 1) == bc1/(bc1+bc2+bc3)
bc1/(bc1+bc2+bc3) == 4500/9000 == 50%
Delay
Delay (Queue
(Queue 1)
1) = (bc2+bc3)/Bandwidth = 562ms
Worst-case
Worst-case Delay
Delay (Queue
(Queue 1) = ((bc2+1499) +(bc3+1499))/Bandwidth
+(bc3+1499))/Bandwidth == 937ms
The figure shows several calculations where the worst-case maximum delay was
reduced by reducing both the MTU and the byte-counts.
Note The calculation merely shows the impact the MTU and the byte-count have on
the delay. Lowering the MTU is not a recommended solution because it
potentially increases the CPU utilization of the router due to fragmentation of
packets.
+ Benefits
• Guarantees throughput to traffic classes (prevents
starvation between traffic classes)
• Supported on most platforms
• Supported in all IOS versions (above 10.0)
– Drawbacks
• All drawbacks of FIFO queuing within a single class
• Manual configuration of classification on every hop
• Not accurate bandwidth allocation
• High jitter due to implementation of scheduling
In addition to all the benefits and drawbacks of Priority Queuing, Custom Queuing
can also guarantee bandwidth to up to 16 classes.
Custom Queuing can cause all queues to experience delay due to the
implementation of scheduling (one round can take a long time).
Router(config)#
queue-list list-number protocol protocol-name
protocol-name
queue-number
queue-number queue-keyword keyword-value
Router(config)#
queue-list list-number interface incoming-intf queue-number
queue-number
Custom queuing uses the same classification options as Priority Queuing. Instead
of using names queues are numbered (1 to 16).
Router(config)#
queue-list list-number default
default queue-number
Router(config)#
queue-list list queue
queue queue-number byte-count bc
n Use the byte-count option to change the default weight of a queue (default
equals MTU size)
n Use the limit option to change the number of packets that a queue can hold
(default is 20)
Forwarded Packets
Custom Queuing has
Custom Queuing System queue 0 for system and
link-level messages which
use pre-emptive scheduling
Class 0? Tail-drop Queue 0
Pre -emptive
Scheduler Hardware Q Intf
Class 2? Tail-drop Queue 2
Round
Robin
Scheduler
Custom queuing has another queue—Queue 0. This queue is used for system
packets (routing protocols, link-level messages).
This queue is not served by the round-robin scheduler. Instead, a strict priority
scheduler is used to prioritize packets from this queue.
Forwarded Packets
Pre -emptive
Scheduler Hardware Q Intf
Class 2? Tail-drop Queue 2
The strict priority scheduler can be extended to other queues that are normally
served by the round-robin scheduler.
The figure illustrates how Queue 1 was moved into the priority-scheduled part of
the Custom Queuing system. The delimiter can be set to any queue by specifying
the lowest custom queue (Queue 2 in this example). In fact, Custom Queuing can
be turned into Priority Queuing with 17 queues if Queue 16 is selected as the
lowest custom queue.
Router(config)#
queue-list list-number lowest-custom queue-number
queue-number
E0
WAN core
interface
interface serial 1/0
1/0
E1 custom-queue-list 5 Core
Branch !!
queue-list
queue-list 55 protocol
protocol ip
ip 11 list
list 101
101
office
queue-list
queue-list 5 queue 1 limit 40
queue-list
queue-list 5 lowest-custom
lowest-custom 22
queue-list
queue-list 5 interface
interface ethernet
ethernet 0/0
0/0 22
queue-list
queue-list 55 queue
queue 22 byte-count
byte-count 3000
queue-list
queue-list 5 protocol ip 3
queue-list
queue-list 55 queue
queue 33 byte-count
byte-count 5000
queue-list
queue-list 5 default
default 4
!!
access-list
access-list 101 permit
permit ip any any precedence
precedence 5
The figure shows a sample configuration where four queues are used:
n Queue 1 is used for delay-sensitive applications (marked with IP precedence
5). It uses the strict priority scheduler.
n Queue 2 is used for all packets coming from interface Ethernet0/0.
n Queue 3 is used for all IP packets that do not end in one of the first two
queues.
n Queue 4 is used for all other traffic.
Router#show
Router#show interface
interface serial
serial 1/0
1/0
Serial1/0
Serial1/0 isis up,
up, line
line protocol
protocol is
is up
up
Hardware
Hardware isis M4T
M4T
Internet
Internet address
address is
is 20.0.0.1/8
20.0.0.1/8
MTU
MTU 1500
1500 bytes,
bytes, BW
BW 19
19 Kbit,
Kbit, DLY
DLY 20000
20000 usec,
usec, rely
rely 255/255,
255/255, load
load 107/255
107/255
Encapsulation
Encapsulation HDLC,
HDLC, crc
crc 16,
16, loopback
loopback not
not set
set
Keepalive
Keepalive set
set (10
(10 sec)
sec)
Last
Last input
input 00:00:00,
00:00:00, output
output 00:00:00,
00:00:00, output
output hang
hang never
never
Last
Last clearing
clearing of
of "show
"show interface"
interface" counters
counters never
never
Input
Input queue:
queue: 0/75/0
0/75/0 (size/max/drops);
(size/max/drops); Total
Total output
output drops:
drops: 00
Queueing
Queueing strategy:
strategy: custom-list
custom-list 55
Output
Output queues:
queues: (queue
(queue #:
#: size/max/drops)
size/max/drops)
0:
0: 0/20/0
0/20/0 1:
1: 0/40/0
0/40/0 2:
2: 0/20/0
0/20/0 3:
3: 0/20/0
0/20/0 4:
4: 0/20/0
0/20/0
5:
5: 0/20/0
0/20/0 6:
6: 0/20/0
0/20/0 7:
7: 0/20/0
0/20/0 8:
8: 0/20/0
0/20/0 9:
9: 0/20/0
0/20/0
10:
10: 0/20/0
0/20/0 11:
11: 0/20/0
0/20/0 12:
12: 0/20/0
0/20/0 13:
13: 0/20/0
0/20/0 14:
14: 0/20/0
0/20/0
15:
15: 0/20/0
0/20/0 16:
16: 0/20/0
0/20/0
…… rest
rest ignored
ignored ...
...
Router#show
Router#show queueing
queueing custom
Current
Current custom
custom queue
queue configuration:
List
List Queue Args
Args
55 33 default
default
55 11 protocol
protocol ip
ip list 101
55 22 interface
interface Ethernet0/0
55 11 byte-count
byte-count 3000 limit 40
55 22 byte-count
byte-count 5000
The show queueing custom command can be used to display all non-default
parameters of Custom Queuing.
Review Questions
Answer the following questions:
n When would you use custom queuing?
n What are the benefits and drawbacks of custom queuing?
n How many classes does custom queuing support?
n How does custom queuing schedule packets?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe WFQ
n Describe the benefits and drawbacks of WFQ
n Configure WFQ on Cisco routers
n Monitor and troubleshoot WFQ
Weighted Fair Queuing (WFQ) was introduced as a solution to the problems of the
following queuing mechanisms:
n FIFO queuing causes starvation, delay and jitter
n PQ causes starvation of other lower-priority classes and suffers from all FIFO
problems within each of the four queues
n CQ causes long delays and also suffers from all FIFO problems within each of
the 16 queues
The idea of WFQ is to:
n Have a dedicated queue for each flow (no starvation, delay or jitter within the
queue)
n Fairly and accurately allocate bandwidth among all flows (minimum scheduling
delay, guaranteed service)
n Use IP precedence as weight when allocating bandwidth
Forwarded Packets
Hardware
Flow 2? WFQ-drop Queue 2 Queuing System
WFQ
Scheduler Hardware Q Interface
n WFQ uses automatic classification. Manually defined classes are not supported.
n WFQ dropping is not a simple tail-drop. WFQ drops packets of the most
aggressive flows.
n WFQ scheduler is a simulation of a TDM system (time-division multiplexer).
The bandwidth is equally distributed to all active flows.
• Implementation parameters
–Queuing platform: central CPU or VIP
–Classification mechanism
–Weighted fairness
• Modified Tail-Drop within each queue
WFQ classification has to identify individual flows (the term conversation is also
used to signify flows). A flow is identified based on the following information taken
from the IP header and the TCP or UDP headers:
n Source IP address
n Destination IP address
n Protocol number (identifying TCP or UDP)
n Type of Service Field
n Source TCP/UDP port number
n Destination TCP/UDP port number
All these parameters are usually fixed for a single flow, although there are some
exceptions:
n A QoS design could mark packets with different IP precedence values even if
they belong to the same flow. This kind of behavior should be avoided when
using WFQ.
n Some applications change port numbers (for example, TFTP).
If packets of the same flow do not have the same parameters (for example, a
different ToS field) the packets can end up in different queues and reordering can
occur.
The parameters are used as input for a hash algorithm that produces a fixed-length
number that is used as the index of the queue.
WFQ uses a fixed number of queues. The hash function is used to assign a queue
to a flow. There are eight additional queues for system packets and optionally up to
1000 queues for RSVP flows.
WFQ uses 256 queues by default. The number of queues can be configured in the
range between 16 and 4096 (the number must be a power of 2).
If there are a large number of concurrent flows it is very likely that two flows
could end up in the same queue. It is recommended to have several times as many
queues as there are flows (on the average). This may not be possible in larger
environments where the number of concurrent flows is in thousands.
The probability of two flows ending up in the same flow could be calculated using
the following formula:
Queues!
P =1−
Queues Flows
⋅ ( Queues − Flows)!
The following table lists the probability values for 3 sizes of the WFQ system (64,
128 and 256 queues), with the number of concurrent flows from 5 to 40.
Flows 64 queues 128 queues 256 queues
5 15% 8% 4%
10 52% 30% 16%
15 83% 57% 34%
20 96% 79% 53%
25 100% 92% 70%
30 100% 98% 83%
35 100% 99% 91%
40 100% 100% 96%
No No Enqueue
N-th packet N>HQO? N>CDT?
packet
Yes Yes
Worst Worst
Yes No
Finish Finish
Time? Time?
No Yes
Old
Drop the packet with
the worst finish time
(old) and enqueue the
N-th packet (new)
New
• HQO (hold-queue out limit) is the max . number of packets that the WFQ system can hold
• CDT (congestive discard threshold) is the threshold when WFQ starts dropping packets of
the most aggressive flow
• N is the number of packets in the WFQ system when the N -th packet arrives
The figure illustrates the dropping scheme of WFQ. The process can be split into
the following steps:
Step 1 Drop the new packet if the WFQ system is full (hold-queue limit reached) and the
new packet has the worst finish time (the last in the entire system).
Step 2 Drop the packet with the worst finish time in the WFQ system if the system is full.
Enqueue the new packet.
Step 3 Drop the new packet if the queue, where the packet should be enqueued, is the
longest (not in packets but in the finish time of the new packet) and there are more
packets in the WFQ system than the CDT.
Step 4 Otherwise enqueue the new packet.
The following case study is used to describe how packets are dropped in different
situations.
The WFQ system was reduced to a modest hold-queue limit of ten and a
congestive discard threshold of eight.
There are already ten packets in the WFQ system. The new packet would be the
eleventh and also the last in the entire WFQ system. The packet is dropped.
In this example there are also ten packets in the system when the eleventh packet
arrives. The new packet, if enqueued, would not be the last in the system. The
packet is therefore allowed to be enqueued and the last packet in the system is
deleted.
This example illustrates how WFQ can drop packets even if the WFQ system is
still within the hold-queue limit. The system, however, is above the CDT limit. In
this case a packet can be dropped if it is the last in the system.
This example is different from the previous one in that the new packet would not
be the last in the WFQ system. The packet can be enqueued and no other packet
is dropped.
There is an exception to the CDT rule —if the WFQ system is above the CDT
limit, and the new packet would be the last in the system, the packet is still
enqueued if the flow queue is empty.
The dropping strategy is not directly influenced by IP precedence.
The length of queues (for scheduling purposes) is not in packets but in the time it
would take to transmit all the packets in the queue. The following pages discuss the
WFQ scheduling issue in detail.
The end result is that WFQ adapts to the number of active flows (queues) and
allocates equal amounts of bandwidth to each flow (queue).
The side effect is that flows with small packets (usually interactive flows) get a
much better servic e because they do not need a lot of bandwidth. They, however,
need low-delay, which they get because small packets have a low finish time.
FT(B1)=50+300 A1[100]
B1[300]
FT(A2)=100+20 A2[20]
FT(B2)=350+300 FT(A3)=120+10 A3[10]
B2[300]
t
100 70 60 50 0
B2 B1 A3 A2 A1
© 2001, Cisco Systems, Inc. Queuing Mechanisms-78
The figure illustrates how two queues (Queue A and Queue B) are contesting for
link bandwidth. For this example, assume the time units are in milliseconds and time
T (value 0 is used in the figure) is the starting point.
Queue A is receiving packets in the following order and the following times:
n Packet A1 arrives at time T + 0ms and would require 100ms to be transmitted
n Packet A2 arrives at time T + 60ms (the input interface is obviously faster than
the output interface because the arrival time of packet A2 is before the finish
time of packet A1) and would require 20 ms to be transmitted
n Packet A3 arrives at time T + 60ms (the input interface is obviously much
faster than the output interface) and would require 10 ms to be transmitted
Queue B is receiving packets in the following order and the following times:
n Packet B1 arrives at time T + 50ms and would require 300ms to be transmitted
n Packet B2 arrives at time T + 100ms and would also require 300ms to be
transmitted
The finish time of packets in Queue A are:
n Packet A1 has a finish time which is the sum of the current time (because the
queue was empty at the time of arrival) and the time it takes to transmit this
packet (100ms): FTA1 = 0ms + 100ms = 100ms
n Packet A2 has a finish time which is the sum of the finish time of the last
packet in Queue A (Packet A1) and the time it would take to transmit this
packet (20ms): FTA2 = 100ms + 20ms = 120ms
Precedence-1
Virtual Packet Size = Real Packet Size / (IP precedence + 1)
packets appear
half the real size
This figure introduces the weight into the finish time calculation. The time it takes
to transmit the packet is divided by IP precedence increased by one (to prevent
division by zero).
The WFQ implementation in Cisco routers was optimized in the following way:
n The real time it takes to transmit the packet is not relevant. The packet size can
be used instead because it is proportional to the transmit time.
n The packet size is not divided by IP precedence (division is a CPU-intensive
operation). Instead, the size is multiplied by a fixed value (one multiplication
value for each IP precedence value).
Packets with IP precedence one appear half the size they really are. The result is
that these packets receive twice as much bandwidth as packets with IP
precedence zero.
The first formula in the figure is the first optimisation where the finish time is really
the sum of packet sizes divided by an increased IP precedence value.
The second formula shows further optimisation where, instead of dividing, the
packet size is multiplied by 4096/(IP precedence + 1). A value for each IP
precedence is stored in a table and it does not have to be calculated for each
packet.
Packets belonging to RSVP flows and system packets have special low weights
that guarantee them more bandwidth.
Note Cisco IOS versions after 12.0(5)T use a new formula where the weight is
calculated on the following formula: Weight = 32384 / (IP precedence +1)
IP Precednece Weight
0 4096
1 2048
2 1365
3 1024
4 819
5 682
6 585
7 512
32 (virtual IP precedence) 128 (PAC-Priority)
1024 (virtual IP precedence) 4 (RSVP)
The table above shows the mapping between IP precedence values and WFQ
weights.
Note According to the new formula for weight in Cisco IOS versions after 12.0(5)T the
following values are used:
The case study above is concerned with the propagation of voice packets across a
128 kbps link without using RSVP.
Assume that VoIP is using G.729 codec that uses approximately 30 kbps of
bandwidth (including RTP, UDP, IP and frame headers).
All voice packets are marked with IP precedence 5.
n The first calculation is where a voice session is contesting for available
bandwidth with 5 precedence-0 data sessions. WFQ would guarantee 69 kbps
to the voice session.
n The second calculation is where the same voice session is contesting for
available bandwidth with 20 precedence-0 data sessions. WFQ would now
guarantee only 29 kbps to the voice session.
The conclusion is that, although WFQ can give a much better service to flows with
small packets or high IP precedence value, it is not an exact tool that can
guarantee a fixed amount of bandwidth.
+ Benefits
• Simple configuration (classification does not have to be
configured)
• Guarantees throughput to all flows
• Drops packets of most aggressive flows
• Supported on most platforms
• Supported in all IOS versions (above 11.0)
– Drawbacks
• All drawbacks of FIFO queuing within a single queue
• Multiple flows can end up in one queue
• Does not support the configuration of classification
• Can not provide fixed bandwidth guarantees
• Performance limitations due to complex classification and
scheduling mechanisms
© 2001, Cisco Systems, Inc. Queuing Mechanisms-83
Router(config-intf)#
fair-queue [cdt [dynamic-queues [reservable-queues]]]
• congestive-discard-threshold (CDT)
–Number of messages allowed in the WFQ
system before the router starts dropping
new packets for the longest queue.
–The value can be in the range from 1 to
4096 (default is 64)
Router(config-intf)#
fair-queue [cdt [dynamic-queues [reservable-queues]]]
• dynamic-queues
– Number of dynamic queues used for best-effort
conversations (values are: 16, 32, 64, 128, 256,
512, 1024, 2048, and 4096 - the default is 256)
• reservable-queues
– Number of reservable queues used for reserved
conversations in the range 0 to 1000 (used for
interfaces configured for features such as RSVP -
the default is 0)
The number of dynamic queues can also be changed from the default number of
256 queues.
The maximum number of reservable queues should be set when RSVP requires
guarantees for the reserved bandwidth.
Router(config-if)#
hold-queue max-limit out
The same hold-queue command that can be used with FIFO queuing can also be
used with WFQ. The default hold-queue limit with WFQ is 1,000 packets.
The WFQ system will generally never reach the hold-queue limit because the CDT
limit starts dropping packets of aggressive flows. Under special circumstances it
would be possible to fill the WFQ system. For example, a denial-of-service attack
that floods the interface with a large number of packets (each different) could fill
all queues at the same rate.
The figure explains the default behavior of WFQ. As mentioned previously, WFQ
is automatically enable d on all interfaces slower than 2Mbps. WFQ is also required
on interfaces using Multilink PPP.
WFQ cannot be used if reordering of frames is not allowed due to sequence
numbering of Layer-2 frames or if the switching path does not support WFQ.
Router#
show queue interface
The same show commands can be used as with other queuing mechanisms:
n show interface
n show queue
n show queueing
Router#show
Router#show interface
interface serial
serial 1/0
1/0
Hardware
Hardware is
is M4T
M4T
Internet
Internet address
address isis 20.0.0.1/8
20.0.0.1/8
MTU
MTU 1500
1500 bytes,
bytes, BWBW 19
19 Kbit,
Kbit, DLY
DLY 20000
20000 usec,
usec, rely
rely 255/255,
255/255, load
load 147/255
147/255
Encapsulation
Encapsulation HDLC,
HDLC, crc
crc 16,
16, loopback
loopback not
not set
set
Keepalive
Keepalive set
set (10
(10 sec)
sec)
Last
Last input
input 00:00:00,
00:00:00, output
output 00:00:00,
00:00:00, output
output hang
hang never
never
Last
Last clearing
clearing of
of "show
"show interface"
interface" counters
counters never
never
Input
Input queue:
queue: 0/75/0
0/75/0 (size/max/drops);
(size/max/drops); Total
Total output
output drops:
drops: 00
Queueing
Queueing strategy:
strategy: weighted
weighted fair
fair
Output
Output queue:
queue: 0/1000/64/0
0/1000/64/0 (size/max
(size/max total/threshold/drops)
total/threshold/drops)
Conversations
Conversations 0/4/256
0/4/256 (active/max
(active/max active/max
active/max total)
total)
Reserved
Reserved Conversations
Conversations 0/0
0/0 (allocated/max
(allocated/max allocated)
allocated)
55 minute
minute input
input rate
rate 18000
18000 bits/sec,
bits/sec, 88 packets/sec
packets/sec
55 minute
minute output
output rate
rate 11000
11000 bits/sec,
bits/sec, 99 packets/sec
packets/sec
…… rest
rest deleted
deleted ...
...
The show interface command can be used to determine the queuing strategy. The
summary statistics are also displayed.
The sample output in the figure shows that there are currently no packets in the
WFQ system that allows up to 1,000 packets (hold-queue limit) with CDT 64.
WFQ is using 256 queues. The maximum number of concurrent conversations
(active queues) was 4.
Router#show
Router#show queue
queue serial
serial 1/0
1/0
Input
Input queue:
queue: 0/75/0
0/75/0 (size/max/drops);
(size/max/drops); Total
Total output
output drops:
drops: 00
Queueing
Queueing strategy:
strategy: weighted
weighted fair
fair
Output
Output queue:
queue: 2/1000/64/0
2/1000/64/0 (size/max
(size/max total/threshold/drops)
total/threshold/drops)
Conversations
Conversations 2/4/256
2/4/256 (active/max
(active/max active/max
active/max total)
total)
Reserved
Reserved Conversations
Conversations 0/0
0/0 (allocated/max
(allocated/max allocated)
allocated)
(depth/weight/discards/tail
(depth/weight/discards/tail drops/interleaves)
drops/interleaves) 1/4096/0/0/0
1/4096/0/0/0
Conversation
Conversation 124,
124, linktype:
linktype: ip,
ip, length:
length: 580
580
source:
source: 193.77.3.244,
193.77.3.244, destination:
destination: 20.0.0.2,
20.0.0.2, id:
id: 0x0166,
0x0166, ttl:
ttl: 254,
254,
TOS:
TOS: 00 prot:
prot: 6,
6, source
source port
port 23,
23, destination
destination port
port 11033
11033
(depth/weight/discards/tail
(depth/weight/discards/tail drops/interleaves)
drops/interleaves) 1/4096/0/0/0
1/4096/0/0/0
Conversation
Conversation 127,
127, linktype:
linktype: ip,
ip, length:
length: 585
585
source:
source: 193.77.4.111
193.77.4.111 destination:
destination: 40.0.0.2,
40.0.0.2, id:
id: 0x020D,
0x020D, ttl:
ttl: 252,
252,
TOS:
TOS: 00 prot:
prot: 6,
6, source
source port
port 23,
23, destination
destination port
port 11013
11013
The show queue command also displays the flow (conversation) statistics:
n Queue depth is the number of packets in the queue
n Weight is 4096/(IP precedence + 1) or 32384/(IP precedence + 1),
depending on the Cisco IOS version
n Discards is the number of drops due to the CDT limit
n Tail drops is the number of drops due to the hold-queue limit
The table shows the main differences between WFQ, PQ and CQ.
Review Questions
Answer the following questions:
n How does WFQ classify packets?
n When does WFQ drop packets?
n How does WFQ schedule packets?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe and configure dWFQ
n Describe and configure ToS-based dWFQ
n Describe and configure QoS-group-based dWFQ
n Monitor and troubleshoot WFQ
The distributed versions of Weighted Fair Queuing are implemented on Cisco 7x00
series routers with Versatile Interface Processors (VIPs). There are four different
versions of distributed WFQ, three of which are discussed in this module:
n Flow-based dWFQ or simply dWFQ
n ToS-based dWFQ
n QoS-group-based dWFQ or QoS-based dWFQ
VIP is basically a router within a router. It has its own processor and its own
(different) version of the IOS. Most features implemented on VIPs have different
functionality than those available on the Route Switch Processor (RSP).
Forwarded Packets
Hardware
Flow 2? WFQ-drop Queue 2 Queuing System
WFQ
Scheduler Hardware Q Interface
IP TCP Payload
WFQ Classification uses the
following parameters:
• source IP address
• destination IP address
• source TCP or UDP port
Src. Dst. Proto. Src. Dst. • destination TCP or UDP
Addr. Addr. Port Port port
• transport protocol
Classification identifies flows but it does not use the ToS field. It uses all the other
parameters that identify a flow (conversation):
n Source IP address
n Destination IP address
n Protocol number (identifying TCP or UDP)
n Source TCP/UDP port number
n Destination TCP/UDP port number
The number of queues is 512 and cannot be changed.
No No Enqueue
N-th packet M>QL? N>AQL?
packet
Yes Yes
No
M>IQL?
Yes
• QL (queue limit) is the maximum number of packets the selected que ue can hold
• AQL (aggregate queue limit) is the max. number of packets that the dWFQ system can hold
• IQL (individual queue limit) is the max. number of packets that an individual queue a
congested dWFQ system can hold
• N is the number of packets in the dWFQ system when the N -th packet arrives
• M is the number of packets in the queue to which the packet is cl assified
When a new packet is to be inserted into one of the queues the router follows
these rules:
1. Enqueue the packet if the WFQ system is within the aggregate queue limit
2. Enqueue the packet if the queue is within the individual queue limit
3. Otherwise, drop the packet
Hardware
Queue 2 Queuing System
dWFQ
Scheduler
(Calendar Calendar Queue Hardware Q Interface
Queuing)
Queue N
The scheduler uses the same finish time calculation except it does not include the
weight. It is a pure Fair Queuing mechanism.
The scheduler was also optimized for performance (Calendar Queuing).
Router(config-if)#
fair-queue
fair-queue
Router(config)#
fair-queue aggregate-limit
aggregate-limit aggregate-packets
Use these two commands to change the default limits that govern the dropping of
packets when individual queues and the WFQ system are congested.
interface
interface FastEthernet
FastEthernet 1/1/0
ip
ip address
address 80.0.2.70
80.0.2.70 255.255.255.0
255.255.255.0
fair-queue
fair-queue
fair-queue
fair-queue aggregate-limit
aggregate-limit 200
200
fair-queue
fair-queue individual-limit
individual-limit 30
30
!!
Router#show
Router#show interfaces
interfaces FastEthernet1/1/0
FastEthernet1/1/0
FastEthernet1/1/0
FastEthernet1/1/0 isis up,
up, line
line protocol
protocol is
is up
up
Hardware
Hardware is
is cyBus
cyBus FastEthernet
FastEthernet Interface,
Interface, address
address is
is 0007.f618.4448
0007.f618.4448
Description:
Description: pkt
pkt input
input i/f
i/f for
for WRL
WRL tests
tests (to
(to pagent)
pagent)
Internet
Internet address
address is
is 80.0.2.70/24
80.0.2.70/24
MTU
MTU 1500
1500 bytes,
bytes, BW
BW 100000
100000 Kbit,
Kbit, DLY
DLY 100
100 usec,
usec, rely
rely 255/255,
255/255, load
load 1/255
1/255
Encapsulation
Encapsulation ARPA,
ARPA, loopback
loopback not
not set,
set, keepalive
keepalive not
not set,
set, 100BaseTX/FX
100BaseTX/FX
ARP
ARP type:
type: ARPA,
ARPA, ARP
ARP Timeout
Timeout 04:00:00
04:00:00
Last
Last input
input never,
never, output
output 01:11:01,
01:11:01, output
output hang
hang never
never
Last
Last clearing
clearing of
of "show
"show interface"
interface" counters
counters 01:12:31
01:12:31
Queueing
Queueing strategy:
strategy: VIP-based
VIP-based fair
fair queuing
queuing
Output
Output queue
queue 0/40,
0/40, 00 drops;
drops; input
input queue
queue 0/75,
0/75, 00 drops
drops
30
30 second
second input
input rate
rate 00 bits/sec,
bits/sec, 00 packets/sec
packets/sec
30
30 second
second output
output rate
rate 00 bits/sec,
bits/sec, 00 packets/sec
packets/sec
…… rest
rest deleted
deleted ...
...
The usual show interface command reveals that VIP-based fair queuing is
enabled (dWFQ). Some other show commands used with other queuing
mechanisms do not display any valuable information (RSP regards this interface as
FIFO).
Router#show
Router#show interface
interface fastethernet
fastethernet 1/1/0 fair
fair
FastEthernet
FastEthernet 1/1/0
1/1/0 queue size 0
pkts
pkts output
output 0,
0, wfq drops 0, nobuffer
nobuffer drops
drops 0
WFQ:
WFQ: aggregate
aggregate queue
queue limit
limit 200 individual
individual queue
queue limit
limit 30
max available buffers 0
+ Benefits
• Automatic classification
• High performance
– Drawbacks
• Does not support the configuration of classification
• Does not use IP precedence as weight
• Only supported on Cisco 7x00 series routers with
VIP 2-40 or newer
The distributed version of WFQ has one advantage over normal WFQ: better
performance.
The main drawbacks include:
n Lack of tuning capability
n Not weighted
n Only supported on VIPs
Forwarded Packets
Hardware
Class 2? WFQ-drop Queue 2 Queuing System
dWFQ
Scheduler Hardware Q Interface
The ToS-based dWFQ differs from Flow-based dWFQ in the following ways:
n Classification is done based on the two low-order IP precedence bits
n Scheduling is configurable by setting weights manually
n Four queues are used
IP Payload
ToS -based dWFQ
IP Classification uses the two
Prec. low -order IP precedence bits
to classify packets
XXX 00000
IP precedence
Queue 1 0 and 4
#queue
(2-bit index of Queue 2 1 and 5
the queue)
Queue 3 2 and 6
Queue 4 3 and 7
The classification uses the two low-order IP precedence bits. The result of
classification is that:
n Packets with IP precedence values 0 and 4 are classified into Queue 0
n Packets with IP precedence values 1 and 5 are classified into Queue 1
n Packets with IP precedence values 2 and 6 are classified into Queue 2
n Packets with IP precedence values 3 and 7 are classified into Queue 3
Weights that determine how much bandwidth is guaranteed to each class are
configured in percentage points.
Weights can be assigned to Queues 1¸ 2 and 3. Queue 0 gets the rest of the
bandwidth.
Router(config-intf)#
fair-queue tos
Router(config-intf)#
fair-queue tos num
num weight weight
weight
tos number - 2 low order precedence bits (only classes 1, 2 and 3 can be configured
with weight; class 0 takes the remaining bandwidth)
weight - percentage of the output link bandwidth allocated to this class (the sum for all
classes cannot exceed 99)
Defaults:
unclassified traffic is assigned to class 0;
class 1 - 20, class 2 - 30, class 3 - 40
class 0 has the remaining weight (100%-W1-W2-W3); default 10
© 2001, Cisco Systems, Inc. Queuing Mechanisms -111
Router(config-if)#
fair-queue tos
tos num limit class-packets
• Configures maximum number of packets allowed in the selected queue
• If not configured, the default is individual-limit
• If queue limit is not configured it is set to the number of available buffers
multiplited by weight
Router(config-if)#
fair-queue
fair-queue individual-limit
individual-limit individual-packet
individual-packet
These three optional commands can be used to control individual queue sizes.
The default behavior is:
n Aggregate queue limit equals maximum available buffers
n Individual queue limit equals one quarter of maximum available buffers
n Per-queue limit equals maximum available buffers multiplied by weight
interface
interface Hssi0/0/0
Hssi0/0/0
ip address 188.1.3.70 255.255.255.0
fair-queue tos
tos
fair-queue tos
tos 1 weight
weight 20
fair-queue tos
tos 1 limit 27
fair-queue tos
tos 2 weight
weight 30
fair-queue tos
tos 2 limit 27
fair-queue tos
tos 3 weight
weight 40
fair-queue tos
tos 3 limit 27
!!
Class
Class 0:
0: weight
weight 10
10 limit
limit 20 qsize
qsize 00 pkts
pkts output
output 947
947 drops
drops 00
Class
Class 1:
1: weight
weight 20
20 limit
limit 27 qsize
qsize 00 pkts
pkts output
output 00 drops
drops 00
Class
Class 2:
2: weight
weight 30
30 limit
limit 27 qsize
qsize 00 pkts
pkts output
output 00 drops
drops 00
Class
Class 3:
3: weight
weight 40
40 limit
limit 27 qsize
qsize 00 pkts
pkts output
output 00 drops
drops 00
+ Benefits
• Automatic classification
• Guarantees throughput to all classes
• High performance
– Drawbacks
• All drawbacks of FIFO queuing within a single class
• Does not support the configuration of classification
• Only four classes are supported
• Unusual interpretation of IP precedence (high-priority packets
with IP precedence 6 and 7 share queues with lower-priority
packets with IP precedence 2 and 3)
• Only supported on Cisco 7x00 series routers with VIP 2-40 or
newer
© 2001, Cisco Systems, Inc. Queuing Mechanisms -115
Forwarded Packets
Hardware
Class 2? WFQ-drop Queue 2 Queuing System
dWFQ
Scheduler Hardware Q Interface
QoS
group
Classification is performed using the QoS group parameter to select one of the 100
queues. The QoS group parameter is local to the router so it has to be set on every
hop using one of the QoS mechanisms that supports marking:
n Policy-based Routing (PBR)
n QoS Policy Propagation through BGP(QPPB)
n Committed Access Rate (CAR)
n Class-based Policing
n Class-based Marking
Router(config-intf)#
fair-queue qos-group
qos-group
Router(config-intf)#
fair-queue qos-group
qos-group num weight weight
qos-group number - classes 1 through 99 can be configured with weight; class 0 takes
the remaining bandwidth
weight - percentage of the output link bandwidth allocated to this class (the sum for all
classes cannot exceed 99)
Defaults:
unclassified traffic is assigned to class 0;
class 1 - 20, class 2 - 30, class 3 - 40
class 0 has the remaining weight (100%-W1-W2-W3); default 10
© 2001, Cisco Systems, Inc. Queuing Mechanisms -119
Note Replacing ToS-based dWFQ with QoS-group-based dWFQ causes all packets
to go into Queue 0 because classification is no longer perform ed based on IP
precedence value. Some additional configuration steps are necessary.
interface
interface FastEthernet1/0/0
FastEthernet1/0/0
bgp-policy
bgp-policy destination
destination ip-qos-map
ip-qos-map
!!
...
...
!!
interface
interface Hssi0/0/0
Hssi0/0/0
ip
ip address
address 188.1.3.70
188.1.3.70 255.255.255.0
255.255.255.0
bgp-policy
bgp-policy destination
destination ip-prec-map
ip-prec-map
fair-queue
fair-queue qos-group
qos-group
fair-queue
fair-queue aggregate-limit
aggregate-limit 60
fair-queue
fair-queue qos-group
qos-group 1 weight
weight 10
fair-queue
fair-queue qos-group
qos-group 2 weight
weight 30
fair-queue
fair-queue qos-group
qos-group 2 limit
limit 27
27
!!
Router#show
Router#show interfaces
interfaces fair-queue
fair-queue
Hssi0/0/0
Hssi0/0/0 queue
queue size
size 00
pkts
pkts output
output 4,
4, wfq
wfq drops
drops 0,
0, nobuffer
nobuffer drops
drops 00
WFQ:
WFQ: aggregate
aggregate queue
queue limit
limit 60
60 individual
individual queue
queue limit
limit 96
96
max
max available
available buffers
buffers 386
386
Class
Class 0:
0: weight
weight 60
60 limit
limit 231
231 qsize
qsize 00 pkts
pkts output
output 44 drops
drops 00
Class
Class 1:
1: weight
weight 10
10 limit
limit 38
38 qsize
qsize 00 pkts
pkts output
output 00 drops
drops 00
Class
Class 2:
2: weight
weight 30
30 limit
limit 27
27 qsize
qsize 00 pkts
pkts output
output 00 drops
drops 00
The show interface fair-queue command only displays information for queues
with a weight higher than zero.
+ Benefits
• Guarantees throughput to all classes
• A large number of classes (100)
• High performance
– Drawbacks
• All drawbacks of FIFO queuing within a single class
• Requires other QoS mechanisms to set QoS group
• Only supported on Cisco 7x00 series routers with
VIP 2-40 or newer
IP
ToS dWFQ precedence 4 Manual VIP
The figure illustrates the comparison of all versions of Weighted Fair Queuing.
n Traditional WFQ is only available on low-end (LE) routers and the Route
Switch Processor (RSP) of Cisco 7x00 series routers
n All three distributed versions are only available on VIP-based interfaces of
Cisco 7x00 series routers
Class-based WFQ is now available on low-end routers, the RSP and on the VIP
(distributed)
Review Questions
Answer the following questions:
n Which distributed Weighted Fair Queuing mechanisms do you know?
n What are the main differences between dWFQ versions?
n What platforms support dWFQ?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe MDRR queuing
n Describe the benefits and drawbacks of MDRR queuing
n Configure MDRR queuing on Cisco GSR routers
n Monitor and troubleshoot MDRR
Forwarded Packets
Tail -drop
Class 1? VOQ 1
WRED
Hardware
Tail -drop
Class 2? VOQ 2 Queuing System
WRED
or
MDRR
Crossbar Interface
Scheduler
Switching Fabric
Tail -drop
Class 8? VOQ 8
WRED
DRR was the first implementation that was later improved by allowing one queue
to be high priority.
IP
precedence
0
VOQ 0
IP
precedence VOQ 1
1
VOQ 2
IP VOQ 7
precedence
7
Classification is done using IP precedence to put packets into one of the eight
Virtual Output Queues (VOQ). One of these queues can be configured as high
priority.
Tail-drop
or Virtual Output Queue
WRED
Each queue uses the tail-drop scheme unless it is configured with WRED.
Round
VOQ 1
Robin
Scheduler
VOQ 7
Round
VOQ 1
Robin
Scheduler
VOQ 7
MDRR can schedule one queue ahead of all the others if it is configured as a Strict
Priority queue. This queue can be used for delay-sensitive applications (for
example, voice).
The problem of this solution is that it can cause other queues to starve if the high
priority queue is congested.
Round
VOQ 1
Robin
Scheduler
VOQ 7
The high priority queue can be set to Alternate Priority mode where all other
queues still get service, even if the high-priority queue is congested.
The high priority queue, however, experiences slightly more delay because it has to
wait for the currently served queue to reach its threshold or be emptied.
+ Benefits
• Accurate bandwidth allocation (takes into account the deficit
from the previous round as opposed to Custom Queuing)
• Prevents head-of-line blocking in front of the crossbar
switching fabric
• Supports low-latency queuing (strict priority and alternate
priority)
• High performance
– Drawbacks
• Limited classification tools (only IP precedence)
• Limited number of classes (only 8)
• Only supported on Cisco 12000 series routers (GSR)
MDRR is a high performance queuing mechanism that supports eight classes and
allocates bandwidth according to configured weights. It also supports one queue
for low-delay propagation of packets.
Router(config)#
cos-queue-group cos-queue-group-name
cos-queue-group-name
Router(config-cos-que)#
queue queue-number weight
Router(config-cos-que)#
queue low-latency {alternate-priority weight|strict-priority}
Router(config-if)#
tx-cos cos-queue-group-name
One of the queues can be turned into a high priority queue. The type of queue is
determined by the alternate-priority or strict-priority keywords.
The last step is to apply the cos-queue-group to an output interface.
Router(config)#
slot-table-cos slot-table-name
• Define a slot table name and enter slot table configuration mode
Router(config-slot-cos)#
destination slot
slot {slot-number|all}
{slot-number|all} cos-queue-group-name
Router(config)#
rx-cos-slot line-card-number cos-queue-group-name
MDRR can also be applied to traffic leaving the line card through the Crossbar
Switching Matrix.
A slot-table -cos has to be configured where the destination line cards are
specified using the destination slot command.
The slot table is then applied to one or more line cards using the rx-cos-slot
command.
interface
interface POS3/0
POS3/0
ip address 1.0.0.1 255.0.0.0
tx-cos
tx-cos C4template
C4template
!!
cos-queue-group
cos-queue-group C4template
precedence 0 queue 0
precedence 1 queue 1
precedence 2 queue 1
precedence 3 queue 2
precedence 4 queue 2
precedence 5 queue low-latency
precedence 6 queue 3
precedence 7 queue 3
queue 0 10
10
queue 1 20
20
queue 2 40
40
queue
queue low-latency
low-latency alternate-priority
alternate-priority 80
80
exit
exit
!!
To
To Fabric
Fabric Queues
Queues (DRR
(DRR configured)
configured) C7template
Queue
Queue Average
Average High
High Water
Water Mark
Mark Weight
Weight
00 712.000
712.000 5562.000
5562.000 10
10
11 702.000
702.000 7716.000
7716.000 10
10
22 702.000
702.000 11540.000
11540.000 10
10
33 753.000
753.000 14368.000
14368.000 10
10
44 0.000
0.000 0.000
0.000 10
10
55 0.000
0.000 0.000
0.000 10
10
66 0.000
0.000 0.000
0.000 10
10
Low latency
Low latency 0.000
0.000 0.000
0.000 10
10
...
...
Review Questions
Answer the following questions:
n Describe the scheduling mechanism of MDRR.
n Which two types of low-latency queuing does MDRR support?
n What are the benefits and drawbacks of MDRR?
n Where can MDRR be applied?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe IP RTP prioritization
n Describe the benefits and drawbacks of IP RTP prioritization
n Configure IP RTP prioritization on Cisco routers
n Monitor and troubleshoot IP RTP Prioritization
Forwarded Packets
High
Priority?
RTP
Flow 2? WFQ-drop Queue 2 Hardware Q Interface
WFQ
Scheduler
Scheduler
IP RTP Prioritization supports one high priority queue. Packets from this queue are
scheduled ahead of other packets as long as they are within the configured rate.
Excess packets are dropped.
Forwarded Packets
IP UDP Payload
UDP
Destination port
No WFQ
Queuing
System
Packet
Token Yes
within RTP Queue
Bucket Contract?
No
Packets that exceed the policy are dropped. A token Bucket model is used to
measure the arrival rate of packets into this queue.
+ Benefits
• Adds low-latency queuing to WFQ and CB-
WFQ
• Prevents starvation of other traffic
– Drawbacks
• Poor classification options
• Obsoleted by Class-based Low-latency
Queuing
Router(config-if)#
ip rtp priority
priority starting-port port-range
port-range bandwidth
bandwidth
interface
interface Serial0/0
Serial0/0
bandwidth
bandwidth 128
ip
ip address
address 10.0.0.1
10.0.0.1 255.255.255.252
encapsulation ppp
ppp
fair-queue
fair-queue Up to 75% of configured bandwidth is
ip
ip rtp priority 16384 16383 50
50 reservable.
!!
BWavail = BW * 0.75 - BWRTP
Router#show
Router#show queue
queue serial0/0
serial0/0
Input
Input queue:
queue: 0/75/0/0
0/75/0/0 (size/max/drops/flushes);
(size/max/drops/flushes); Total
Total output
output dr
drops:
ops: 00
Queueing
Queueing strategy:
strategy: weighted
weighted fair
fair
Output
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations
Conversations 0/1/256
0/1/256 (active/max
(active/max active/max
active/max total)
total)
Reserved
Reserved Conversations
Conversations 0/0
0/0 (allocated/max
(allocated/max allocated)
allocated)
Available
Available Bandwidth
Bandwidth 46
46 kilobits/sec
kilobits/sec
Router#
Router#
The sample configuration shows how 50 kbps of bandwidth is guaranteed for RTP
traffic. The show queue command shows there is only 46 kbps of bandwidth (128
kbps • 75% -50 kbps = 46 kbps) remaining for WFQ.
Review Questions
Answer the following questions:
n When would you use IP RTP prioritization?
n What are the drawbacks of IP RTP prioritization?
n How many high-priority queues does IP RTP prioritization support?
FIFO Queuing
Question: Why is FIFO the fastest queuing mechanism?
Answer: It has no classification and the simplest scheduling mechanism.
Question: Describe the classification and scheduling of FIFO queuing.
Answer: FIFO has only one queue and all packets are enqueued into this queue.
Scheduling takes packets out of the queue in the order they arrived (first come
first serve).
Question: List the drawbacks of FIFO queuing.
Answer: FIFO queuing can cause starvation and jitter.
Priority Queuing
Question: When would you use priority queuing?
Answer: To provide minimum-delay forwarding for delay-sensitive packets.
Question: What are the benefits and drawbacks of priority queuing?
Answer: PQ has all the drawbacks of FIFO queuing within each class and in
addition it can cause starvation of lower-priority classes.
Question: How many classes does priority queuing support?
Answer: PQ supports four classes.
Question: How does priority queuing schedule packets?
Custom Queuing
Question: When would you use custom queuing?
Answer: CQ is used to guarantee bandwidth to traffic classes.
Question: What are the benefits and drawbacks of custom queuing?
Answer: CQ has all the drawbacks of FIFO queuing within each class. In
addition CQ can cause jitter due to the implementation of scheduling.
Question: How many classes does custom queuing support?
Answer: CQ supports up to 16 classes.
Question: How does custom queuing schedule packets?
Answer: CQ uses weighted round robin scheduling to ensure that each class is
serviced.
IP RTP Prioritization
Question: When would you use IP RTP prioritization?
Answer: To provide low-latency queuing with IOS versions that do not support
CB-LLQ.
Question: What are the drawbacks of IP RTP prioritization?
Answer: Limited classification options (only one UDP port range is supported).
Question: How many high-priority queues does IP RTP prioritization support?
Answer: One per interface.
Overview
This module describes for the QoS mechanisms that are used to limit the available
bandwidth to traffic classes. It discusses two options—traffic policing and traffic
shaping. Committed Access Rate (CAR) is discussed as a mechanism to provide
traffic policing. Generic Traffic Shaping (GTS) and Frame Relay Traffic Shaping
(FRTS) are discussed as traffic shaping mechanisms.
It includes the following topics:
n Traffic Shaping and Policing
n Generic Traffic Shaping
n Frame Relay Traffic Shaping
n Committed Access Rate
Objectives
Upon completion of this module, you will be able to perform the following tasks:
n Describe and configure Generic Traffic Shaping (GTS)
n Describe and configure Frame Relay Traffic Shaping (FRTS)
n Describe and configure Committed Access Rate (CAR)
n Identify other mechanisms that support traffic shaping and policing (Class-
based Policing and Class-based Shaping)
Traffic Shaping and Policing
Overview
The lesson introduces mechanisms for traffic policing and traffic shaping.
Committed Access Rate (CAR), Generic Traffic Shaping (GTS) and Frame Relay
Traffic Shaping (FRTS) are introduced in this section.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe the need for implementing traffic policing and shaping mechanisms
n List traffic policing and shaping mechanisms available in Cisco IOS
n Describe the benefits and drawbacks of traffic shaping and policing
mechanisms
4-2 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Traffic Shaping and Policing
Meter
Both shaping and policing mechanisms are used in a network to control the rate at
which traffic is admitted into the network. Both mechanisms use classification, so
they can differentiate traffic. They also use metering to measure the rate of traffic
and compare it to the configured shaping or policing polic y.
The difference between shaping and policing can be described in terms of their
rate-limiting implementation:
n Shaping meters the traffic rate and delays excessive traffic so that it stays
within the desired rate limit. With shaping, traffic bursts are smoothed out
producing a steadier flow of data. Reducing traffic bursts helps reduce
congestion in the core of the network.
n Policing drops excess traffic in order to control traffic flow within specified
limits. Policing does not introduce any delay to traffic that conforms to traffic
policies. It can however, cause more TCP retransmissions, because traffic in
excess of specified limits is dropped.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-3
Why Use Rate Limiting
4-4 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Typical Traffic Shaping or
Policing Applications
High-speed Low-speed
link link
WAN
FastEthernet
64 kbps single physical link
on one side
128 kbps
Server
Farm Internet
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-5
Shaping vs. Policing
• Benefits of Shaping
– Shaping does not drop packets
– Shaping supports interaction with Frame Relay
congestion indication
• Benefits of Policing
– Policing supports marking
– Less buffer usage (shaping requires an additional
queuing system)
4-6 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
How do Routers Measure Traffic
Rate
Bandwidth
Link bandwidth
Exceeding traffic
Rate limit
Conforming Traffic
Time
• Routers use the Token Bucket mathematical model to keep
track of packet arrival rate
• The Token Bucket model is used whenever a new packet is
processed
• The return value is conform or exceed
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing-9
In order to perform rate limiting, routers must meter (or measure) traffic rates
through their interfaces. To enforce a rate limit, metered traffic is said to:
n Conform to the rate limit, if the rate of traffic is below or equal to the
configured rate limit
n Exceed the rate limit, if the rate of traffic is above the configured rate limit
The metering is usually performed with an abstract model called a token bucket,
which is used when processing each packet. The token bucket can calculate
whether the current packet conforms or exceeds the configured rate limit on an
interface.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-7
Token Bucket
200
700
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -10
The token bucket is a mathematical model used in a device that regulates the data
flow. The mode has two basic components:
n Tokens: where each token represents the permission to send a fixed number of
bits into the network
n The bucket: which has the capacity to hold a specified amount of tokens
Tokens are put into the bucket at a certain rate by the operating system. Each
incoming packet, if forwarded, takes tokens from the bucket, representing the
packet’s size.
If the bucket fills to capacity, newly arriving tokens are discarded. Discarded
tokens are not available to future packets.
If there are not enough tokens in the bucket to send the packet, the regulator may:
n Wait for enough tokens to accumulate in the bucket (traffic shaping)
n Discard the packet (policing)
The figure shows a token bucket, with the current capacity of 700 bytes. When a
500-byte packet arrives at the interface, its size is compared to the bucket capacity
(in bytes). The packet conforms to the rate limit (500 bytes < 700 bytes), and the
packet is forwarded. 500 tokens are taken out of the token bucket leaving 200
tokens for the next packet.
4-8 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Token Bucket
200
300
byte
s
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -11
When the next packet arrives immediately after the first packet, and no new
tokens have been added to the bucket (which is done periodically), the packet
exceeds the rate limit. The packet size is greater than the current capacity of the
bucket, and the exceed action is performed (drop in the case of pure policing, delay
in the case of shaping).
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-9
Token Bucket
Be
Link BW
Bc of tokens is added Link
Utilization
every Tc [ms]
Bc Bc Bc Bc Bc Bc Average BW
Tc = Bc / CIR (CIR)
Bc + B e
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -12
Token bucket implementations usually rely on three parameters: CIR, Bc and Be.
CIR is the Committed Information Rate (also called the committed rate, or the
shaped rate). Bc is known as the burst capacity. Be is known as the excess burst
capacity. Tc is an interval constant that represents time. A Bc of tokens are
forwarded without constraint in every Tc interval.
In the token bucket metaphor, tokens are put into the bucket at a certain rate,
which is Bc tokens every Tc seconds. The bucket itself has a specified capacity. If
the bucket fills to capacity (Bc + Be), it will overflow and therefore newly arriving
tokens are discarded. Each token grants permission for a source to send a certain
number of bits into the network. To send a packet, the regulator must remove,
from the bucket, the number of tokens equal in representation to the packet size.
For example, if 8000 bytes worth of tokens are placed in the bucket every 125
milliseconds, the router can steadily transmit 8000 bytes every 125 milliseconds, if
traffic constantly arrives at the router.
If there is no traffic at all, 8000 bytes per 125 milliseconds get accumulated in the
bucket, up to the maximum size (Bc+Be). One second’s accumulation therefore
collects 64000 bytes worth of tokens, which can be transmitted immediately in the
case of a burst. The upper limit, Bc+Be, defines the maximum amount of data,
which can be transmitted in a single burst, at the line rate.
Note Again, note that the token bucket mechanism used for traffic shaping has both a
token bucket and a queue used to delay packets. If the token bucket did not have
a data buffer, it would be a policer. For traffic shaping, packets that arrive that
cannot be sent immediately (because there are not enough tokens in the bucket)
are delayed in the data buffer.
4-10 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Although token bucket permits burstiness, traffic bursts are bound. This guarantee
is made so that traffic flow will never send faster than the token bucket's capacity.
In the long-term, this means that the transmission rate will not exceed the
established rate at which tokens are placed in the bucket (the committed rate).
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-11
Traffic Shaping and Policing
Mechanisms
• Shaping Mechanisms:
– Generic Traffic Shaping (GTS)
– Frame Relay Traffic Shaping (FRTS)
– Class-based Shaping
• Policing Mechanisms:
– Committed Access Rate (CAR)
– Class-based Policing
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -13
There are five token-bucket based rate-limiting methods available in Cisco IOS.
Three methods are shaping mechanisms:
n Generic traffic shaping
n Frame Relay traffic shaping
n Class-based shaping
Two methods are policing mechanisms:
n Committed access rate
n Class-based policing
All these methods are discussed next in specific sections.
4-12 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Summary
After completing this lesson, you should be able to perform the following tasks:
n Describe the need for implementing traffic policing and shaping mechanisms
n List traffic policing and shaping mechanisms available in Cisco IOS
n Describe the benefits and drawbacks of traffic shaping and policing
mechanisms
Lesson Review
Answer the following questions:
1. How do shaping and policing mechanisms keep track of the traffic rate?
2. Which shaping mechanisms are available with the Cisco IOS software?
3. Which policing mechanisms are available with the Cisco IOS software?
4. What are the main differences between shaping and policing?
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-13
Generic Traffic Shaping
Overview
This lesson describes the Generic Traffic Shaping (GTS) mechanism.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe the GTS mechanism
n Describe the benefits and drawbacks of GTS
n Configure GTS on Cisco routers
n Monitor and troubleshoot GTS
4-14 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Generic Traffic Shaping
Meter
Shaper
Classifier Marker
Dropper
Traffic
stream
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -18
Generic Traffic Shaping (GTS) shapes traffic by reducing the outbound traffic flow
to avoid congestion. This is achieved by constraining traffic to a particular bit rate
using the token bucket mechanism. GTS is applied on a per-interface basis and can
use access lists to select the traffic to shape. It works with a variety of Layer-2
technologies, including Frame Relay, ATM, Switched Multi-megabit Data Service
(SMDS) and Ethernet.
As shown in the block diagram, GTS performs three basic functions:
n Classification of traffic, so that different traffic classes can have different
policies applied to them
n Metering, using a token-bucket mechanism, to distinguish between conforming
and exceeding traffic
n Shaping, using buffering, to delay exceeding traffic and shape it to the
configured rate limit
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-15
GTS Building Blocks
Shaping
Forwarder Classifier Yes No
WFQ
No
No Shaping
Classifier Yes Yes WFQ
No
Yes
Shaping
Classifier Yes No
WFQ
Yes
No
Physical Interface
queue(s)
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -19
4-16 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
GTS Overview
• GTS is multiprotocol
• GTS uses WFQ as the shaping queue
• GTS can be implemented in combination with
any queuing mechanisms:
– FIFO Queuing
– Priority Queuing (PQ)
– Custom Queuing (CQ)
– Weighted Fair Queuing (WFQ)
• GTS works on output only
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -20
The GTS implementation in Cisco IOS supports multiple protocols and works on a
variety of interface types. WFQ is used as the shaping delay queue, providing fair
scheduling within a traffic class. Other queuing strategies (FIFO, PQ, CQ and
WFQ) may be employed after GTS to provide traffic scheduling on the shaped
traffic. Also, GTS only works at the output of an interface.
GTS can be used to shape all outbound traffic on an interface or it can separately
shape multiple classes. Classification is performed using any type of access list
including all non-ip access lists.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-17
GTS Implementation
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -21
Packet flow through GTS is implemented using three queues. The first, the shaping
queue, is WFQ-based and shapes traffic according to the specified rate using a
token bucket model. This queue dispatches packets to the software queue, which
may be configured with other queuing mechanisms (PQ, CQ, WFQ or FIFO). If
the software queue is empty, traffic is forwarded directly to the output hardware
queue.
GTS supports distributed implementation on VIP adapters. This offloads traffic
shaping from the route switch processor (RSP) to the Versatile Interface
Processor (VIP), and constructs all of the queues in VIP packet memory. Only IP
traffic can be shaped with dWFQ. Another requirement is that dCEF switching
must be enabled.
4-18 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Configuring GTS
Router(config-if)#
traffic-shape rate bit-rate [burst-size [excess-
burst-size]]
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -22
To enable traffic shaping for outbound traffic on an interface, use the traffic-
shape rate interface configuration command. Of the parameters to be specified,
bit-rate is the only mandatory one. The burst-size and excess-burst-size are
optional.
Generic traffic shaping can be used in all switching paths. Older Cisco IOS
versions may use slower switching paths when GTS is in effect.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-19
Configuring GTS
Router(config-if)#
traffic-shape rate bit-rate [burst-size [excess-
burst-size]]
Bit rate (in bits per second) is configured as the average traffic rate to which the
traffic should be shaped on the output of the interface.
Burst size (in bits) can be configured to allow for varying levels of allowed
burstiness. That is, traffic, which bursts over the average traffic rate, also
conforms if it falls within the burst rate in an interval. By default, this is set to one
eighth of the average traffic rate, which sets the Tc at one eighth of a second. This
parameter is equivalent to the Frame Relay Bc parameter.
4-20 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Configuring GTS
Router(config-if)#
traffic-shape rate bit-rate [burst-size [excess-
burst-size]]
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-21
Configuring GTS
Router(config-if)#
traffic-shape group access-list bit-rate [burst
[excess-burst]]
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -25
4-22 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
GTS
Example #1
In the first GTS example, an ISP wants to control the amount of traffic injected
into the Frame Relay WAN by the customer. The SP service uses an E1 line as
the access line, limits the customer to 256 Kbps on the average, but also permits
bursts of up to thirty seconds at the E1 line rate.
The parameters are calculated based on the service requirements. CIR (the
average bit rate) is set at the specified average rate, the burst size is set to one
eighth of the CIR (32000 bits), and the excess burst size reflects the allowed thirty-
second burst at full E1 line rate.
The excess burst size was calculated using the following formula:
1. Each second of transmission at line-speed requires 2 Mbits
2. Thirty second burst therefore requires 30 x 2 Mbits
3. The excess burst size is 30 x 2048000 = 61440000
It takes thirty seconds to empty the token bucket. How long does it take to fill it up
again?
The token bucket is emptied at 2Mbps but it is replenished at 256kbps. It takes
eight times as long to fill it as it does to empty it. Every thirty second burst would,
therefore, require a four-minute silence on the line to accumulate tokens.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-23
GTS
Example #1
WAN
Core
Customer
interface
interface ethernet
ethernet0/0
0/0
traffic-shape
traffic-shape rate
rate 256000
256000 32000
32000 61440000
61440000
!!
interface
interface serial1/0
serial 1/0
traffic-shape
traffic-shape rate
rate 256000
256000 32000
32000 61440000
61440000
The figure shows the router configuration required to implement this service. All
the output traffic is shaped, and the shaping needs to be configured on all customer
edge sites, which will perform admission control using GTS.
4-24 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
GTS
Example #2
WAN
Core
Customer
interface
interface ethernet
ethernet 0/0
0/0
traffic-shape
traffic-shape group
group 101
101 64000
64000
interface
interface serial
serial 1/0
1/0
traffic-shape
traffic-shape group
group 101
101 64000
64000
!!
access-list
access -list 101
101 permit
permit tcp
tcp any
any any
any eq
eq www
www
In the second example, a customer wants to limit web usage, so that web traffic
never uses more than 64 Kbps on the access link. The router configuration is
shown in the figure, using default parameters for traffic bursts. An access list
defines web traffic as the only shaped traffic. All other traffic bypasses GTS and
can use the full access line bandwidth.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-25
Monitoring GTS
Router(config)#
show traffic-shape
Router#show traffic-shape
access Target Byte Sustain Excess Interval Increment Adapt
I/F list Rate Limit bits/int bits/int (ms) (bytes) Active
Se3/3 100000 2000 8000 8000 80 1000 -
The figure shows the results of the show traffic-shape command issued on a
router that shapes traffic to 100kbps with Bc and Be set to 8000.
To display the current traffic-shaping configuration, use the show traffic-shape
command. To display the current traffic -shaping statistics, use the show traffic-
shape statistics command. Output of both the commands is detailed in the
ensuing figures.
Information displayed includes:
n The rate that traffic is shaped to
n The maximum number of bytes transmitted per internal interval
n Configured sustained bits per interval
n Configured excess bits in the first interval
n Interval being used internally (may be smaller than the committed burst divided
by the CIR)
n Number of bytes that will be sustained per internal interval
n If Frame Relay has FECN/BECN adaptation configured
4-26 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Monitoring GTS
Router(config)#
show traffic-shape statistic
Router#show traffic-shape
traffic-shape statistic
statistic
Access
Access Queue
Queue Packets
Packets Bytes
Bytes Packets
Packets Bytes
Bytes Shaping
Shaping
I/F List
List Depth
Depth Delayed Delayed Active
Active
Se3/3 77 16091
16091 3733112
3733112 414
414 96048
96048 yes
yes
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-27
If the number of delayed packets is very high (compared to the total number of
packets) then there are probably non-responsive aggressive flows being shaped
and the queue depth could show high buffer utilization.
If the number of delayed packets is zero then it is very likely that the access list
does not match any traffic.
4-28 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Monitoring GTS
Router(config)#
show traffic-shape queue
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -31
The show traffic-shape queue command displays the contents of the shaping
queue associated with an interface.
This command can be used to determine the types of flows that are congesting the
shaping queue. The command displays the parameters that are used for
classification within WFQ:
n Source IP address
n Destination IP address
n Time to live (TTL)
n Type of Service (ToS) field
n Protocol ID
n Source port number
n Destination port number
The example shows that there is a non-responsive UDP flow (protocol 17)
congesting the shaping queue.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-29
GTS on Frame Relay Interfaces
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -32
GTS applies on a per-interface basis, can use access lists to select the traffic to
shape, and works with a variety of Layer-2 technologies, including:
n Frame Relay
n ATM
n Switched Multi-megabit Data Service (SMDS)
n Ethernet
On a Frame Relay subinterface, GTS can be set up to shape to a specified rate
and to adapt dynamically to available bandwidth by integrating Frame Relay
congestion signaling with GTS.
4-30 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Frame Relay Refresher
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -33
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-31
Frame Relay FECN/BECN
Congestion Control
Switch
Switch monitors
monitors all
all
transmit
transmit queues
queues for
for
congestion
congestion
R
S
e
e
Frame 1 FECN c
n Frame 11
Frame
Frame e
d No Congestion this Side Congestion this Side
Relay i
e Relay
v
r Switch
Frame
Frame 22 BECN Frame 2 e
r
Same Virtual Circuit (VC)
• FR Switch detects congestion on output queue and informs:
– The receiver by setting the FECN bit on forwarded frames
– The source by setting the BECN bit on frames going in the opposite
direction
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -34
A Frame Relay switch can explicitly report congestion in two directions: Forward
and Backward. When a frame queue inside a switch is congested, the switch will
generate congestion signals based on the FECN and BECN bits. If congestion
occurs in a queue towards the main receiver of traffic, FECN signals are sent to
the receiving Layer-2 endpoint and BECN signals are sent to the sending Layer-2
endpoint. FECN and BECN bits are not sent as separate frames, but are
piggybacked inside data frames.
4-32 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
GTS Frame Relay Congestion
Adaptability
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -35
BECN is the flag that the sending DTE (router as a Frame Relay endpoint) is able
to integrate to determine the congestion status of the Layer-2 WAN.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-33
GTS Frame Relay Congestion
Adaptability Mechanisms
• Bit-rate adaptation
– Traffic shaping bit-rate is reduced when a packet
with BECN bit is received in the Tc
– Traffic shaping bit-rate is increased if no BECN
bits were received in the Tc
• FECN to BECN propagation
– A test packet with BECN bit set is sent to the
sender if a packet with FECN bit set is received
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -36
4-34 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
An Example of BECN Integration
becn
9000
BECN Integration
becn
7000
6000
5000
Inc
4000
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -37
The figure shows the shaped rate of a token bucket-based GTS responding to
BECN packets it received. As mentioned, the rate is reduced to three-quarters of
the previous rate for every Tc interval, which saw at least one BECN message
received at the router. When no BECN messages are received in a Tc period, the
shaped rate is brought up slowly, up one-sixteenth of the current rate.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-35
FECN to BECN Propagation
R
S e
FECN
e c
n Frame e
Congestion
d Relay i
e v
Switch
Switch
r BECN in e
Q.922Test r
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -38
4-36 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Configuring Bit-rate Adaptation
Router(config-if)#
traffic-shape adaptive [bit-rate]
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -39
Frame Relay bit rate adaptation is configured using the traffic-shape adaptive
command, which specifies the lower limit to which the shaped rate should be
reduced in presence of incoming BECN signals. By default, this is half the
configured sustained (committed) rate in GTS. The bit rate is configured in bits per
second.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-37
Configuring FECN to BECN
propagation
Router(config-if)#
traffic-shape
traffic-shape fecn-adapt
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -40
4-38 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
GTS Frame Relay
Adaptation Design
Conservative scenario
• Set shaping rate to CIR
• Set minimum rate to MIR (or 1/2 CIR)
Optimistic scenario
• Set shaping rate to EIR
• Set minimum rate to CIR
Realistic scenario
• Set shaping rate to EIR
• Set minimum rate to MIR (or 1/2 CIR)
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -41
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-39
GTS Frame Relay Adaptation
Example
WAN
Core
Customer interface
interface serial 0/0
0/0
traffic-shape
traffic-shape rate
rate 64000 8000 8000
traffic-shape
traffic-shape adaptive
adaptive 48000
48000
• EIR = 64 kbps
• CIR = 48 kbps
• Assumption: Frame Relay network is usually not
congested
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -42
This GTS shape rate adaptation example shows a configuration of GTS, where
traffic is shaped to the EIR of 64 Kbps, with the adaptive floor being equal to CIR,
which is contracted at 48 Kbps. No FECN-to-BECN propagation is configured.
This example would work optimally only if the Frame Relay network is unlikely to
get congested because setting the adaptive floor to the CIR cannot lower the
shaping rate below the CIR. Lowering the rate below the contracted CIR may be
necessary in most commercial Frame Relay networks.
4-40 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Summary
n GTS can be applied only on output interfaces
n GTS performs traffic shaping or smoothing
n GTS cannot mark or drop packets
n GTS supports BECN and FECN in Frame Relay environments
n GTS does not support cascaded policies
n GTS does not provide managed discard
n GTS cannot run in distributed mode
n GTS supports only extended IP access lists
n GTS supports RSVP as it uses WFQ
Lesson Review
Answer the following questions:
1. What software queuing mechanisms are supported in combination with GTS?
2. Which queuing structure does GTS use?
3. What features does GTS include when used on Frame Relay interfaces?
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-41
Frame Relay Traffic Shaping
Overview
The section describes the Frame Relay Traffic Shaping (FRTS) mechanism.
Objectives
Upon completion of this section, you will be able to perform the following tasks:
n Describe the FRTS mechanism
n Describe the benefits and drawbacks of FRTS
n Compare the GTS and FRTS mechanisms
n Configure FRTS on Cisco routers
n Monitor and troubleshoot FRTS
4-42 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Frame Relay
Traffic Shaping
Meter
Shaper
Classifier Marker
Dropper
Traffic
stream
Cisco has long provided support for FECN for DECnet and OSI, and BECN for
SNA traffic using LLC2 encapsulation and DE bit support. FRTS builds upon this
existing Frame Relay support with additional capabilities that improve the scalability
and performance of a Frame Relay network, thereby increasing the density of VCs
and improving response time.
Frame Relay Traffic Shaping (FRTS) can eliminate bottlenecks in Frame Relay
networks that have high-speed connections at the central site and low-speed
connections at branch sites. Rate enforcement can be configured to limit the rate
at which data is sent on the VC at the central site.
Using FRTS, rate enforcement can be configured to either the CIR or some other
defined value such as the excess information rate on a per-VC basis. The ability
to allow the transmission speed used by the router to be controlled by criteria other
than line speed (that is, by the CIR or the excess information rate) provides a
mechanism for sharing media by multiple VCs. Bandwidth can be allocated per
VC, creating a virtual time-division multiplexing (TDM) network.
PQ, CQ and WFQ can also be defined at the VC or subinterface level. Using
these queuing methods allows for finer granularity in prioritising and queuing of
traffic, thus providing more control over the traffic flow on an individual VC. If CQ
is combined with the per-VC queuing and rate enforcement capabilities, Frame
Relay VCs are enabled to carry multiple traffic types, such as IP, SNA and IPX,
with guaranteed bandwidth for each traffic type.
Using information contained in the BECN-tagged packets received from the
network, FRTS can also dynamically throttle traffic. With BECN-based throttling,
packets are held in the buffers of the router to reduce the data flow from the
router into the Frame Relay network. The throttling is done on a per-VC basis and
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-43
the transmission rate is adjusted based on the number of BECN-tagged packets
received.
With the Cisco FRTS feature, ATM ForeSight closed loop congestion control can
be integrated to actively adapt to downstream congestion conditions.
4-44 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
FRTS Building Blocks
Enough
No classifier, shaping Shaping
Tokens? No
performed on individual VC Queue
Enough No Shaping
Forwarder Tokens? Yes
+ Queue
Frame Relay maps
Yes
Enough Shaping
Tokens? No
Queue
Yes
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-45
FRTS Overview
• FRTS is multiprotocol
• FRTS can use one of the following queuing
mechanisms as the shaping queue:
– Priority Queuing (PQ)
– Custom Queuing (CQ)
– Weighted Fair Queuing (WFQ)
• FRTS can only be implemented in
combination with WFQ on the interface
• FRTS works on output only
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -50
4-46 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
GTS vs. FRTS
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -51
The figure compares GTS to FRTS, based on their main differences. Generic
Traffic Shaping:
n Works on any (sub) interface type
n Shapes traffic on that (sub)interface basis
n Can use any physical interface queuing (FIFO, PQ, CQ or WFQ)
n Only uses WFQ as the shaping queue (that is, on the input of the shaper)
In contrast, Frame Relay Traffic Shaping:
n Works only on Frame Relay (sub) interfaces
n Shapes traffic inside individual FR Virtual Circuits
n Only permits WFQ as the physical interface queuing method
n Can use any queuing method as the shaping queue (that is, on the input of the
shaper)
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-47
Configuring FRTS
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -52
Enabling FRTS on an interface enables both traffic shaping and per-VC queuing on
all the interface's PVCs and SVCs. Traffic shaping enables the router to control
the circuit's output rate and, if configured, to react to congestion notification
information. Queuing enables per-VC scheduling of traffic to be shaped.
Configuring FRTS involves:
Step 1 Defining the shaping parameters with the map-class command
Step 2 Enabling FRTS on the physical interface
Step 3 Applying the shaping parameters to all, or selected, VCs on that interface
4-48 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Creating a Map Class
Router(config)#
map-class frame-relay name
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -53
The map-class frame -relay command defines the per-VC shaping and queuing
parameters. A case-sensitive name must be assigned to each map class.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-49
Define Map-class Shaping Queue
Router(config-map-class)#
frame-relay priority-group number
4-50 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Define Traffic Shaping
Parameters
Router(config-map-class)#
frame-relay [in|out]
[in|out] cir
cir bit-rate
frame-relay [in|out]
[in|out] bc bits
frame-relay [in|out] be bits
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -55
Per-VC traffic shaping parameters specify shaping behavior for the configured
map class. Two configuration mechanisms are available:
n Specification of CIR, Bc and Be parameters of the per-VC token bucket
n Specification of per-VC average rate and peak rate, where Bc and Be are
computed from the default Tc, average rate and peak rate
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-51
Define Congestion Adaptation
Mechanism
Router(config-map-class)#
frame-relay adaptive-shaping
adaptive-shaping becn|foresight
becn|foresight
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -56
As part of the map class definition, either BECN or ForeSight are used as the
congestion backward notification mechanism to which traffic shaping will adapt.
The BECN adaptation feature is the same as with GTS, thus the router reacts to
received BECN signals by reducing its shaping rate.
The ForeSight adaptation feature uses the network traffic control software used in
Cisco Frame Relay switches. When the ForeSight feature is enabled on the switch,
the switch will periodically send out a ForeSight message based on the time value
configured. The time interval can range from 40 to 5000 milliseconds. The
ForeSight feature allows Cisco Frame Relay routers to process and react to
ForeSight messages and adjust VC-level traffic shaping in a timely manner.
Note The ForeSight feature is only available in combination with Cisco WAN switches.
The difference between the BECN and ForeSight congestion notification methods
is that BECN requires a user packet to be sent in the direction of the congested
DLCI to convey the signal. The sending of user packets is not predictable and,
therefore, is not reliable as a notification mechanism. Rather than wait for user
packets to provide the congestion notification, timed periodic ForeSight messages
guarantee that the router receives notification before congestion becomes a
problem. Traffic can be slowed down in the direction of the congested DLCI.
4-52 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Define Dedicated Queue for VoFR
Packets
Router(config-map-class)#
frame-relay voice bandwidth bps queue depth
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -57
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-53
Enable FRTS on an Interface
Router(config-if)#
frame-relay traffic-shaping
After the map class is configured, traffic shaping must be applied to the physical
interface. As mentioned, WFQ is the only supported mechanism on the physical
interface running FRTS.
4-54 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Apply FRTS to a VC
Router(config-if)#
frame-relay class map-class-name
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -59
Map class settings are then applied to all or specific VCs on an interface or
subinterface. All VCs without shaping information are not shaped and only use the
physical interface queuing discipline (WFQ).
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-55
Frame Relay Traffic Shaping
Example
interface Serial1/1
frame-relay
frame -relay traffic-shaping
!
interface Serial1/1.1 point-to-point
point-to-point
frame-relay
WAN interface-dlci 101
frame -relay 101
class
class slow_vcs
slow_vcs
!
interface Serial1/1.2 Core
point-to-point
point-to-point
frame-relay
frame -relay interface-dlci 102
102
class
class fast_vcs
fast_vcs
Customer !
map-class
map-class frame-relay
frame-relay fast_vcs
fast_vcs
frame-relay
frame -relay custom-queue-list
custom-queue-list 11
frame-relay
frame -relay traffic-rate 32000 64000
!
map-class
map-class frame-relay
frame-relay slow_vcs
slow_vcs
frame-relay
frame -relay priority-group 1
frame-relay
frame -relay traffic-rate 9600
9600 16000
16000
The figure shows an FRTS configuration example, where two VCs are individually
shaped with two map class parameter sets. In this example, two generic map
classes are defined, one for generic fast VCs and the other for slow VCs. The fast
VC map class uses custom queuing to allocate bandwidth within the shaped rate.
The slow VC map class uses priority queuing to always forward mission-critical
traffic, and then shape it to the required rate.
4-56 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Frame Relay QoS Autosense
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -61
When used in conjunction with traffic shaping, the router can respond to changes in
the network dynamically. This optional feature allows the router to learn QoS
parameters from the Cisco switch and use them for traffic shaping, configuration,
or management purposes.
Enhanced Local Management Interface (ELMI) also simplifies traffic shaping
configuration on the router. Previously, users needed to configure traffic shaping
rate enforcement values, possibly for every VC. Enabling ELMI reduces the
chance of specifying inconsistent or incorrect values when configuring the router.
It is not necessary to configure traffic shaping on the interface to enable ELMI.
One option is to enable it to learn what values being used by the switch. If the
router is required to respond to the QoS information received from the switch by
adjusting the output rate, traffic shaping must be configured on the interface using
the frame-relay traffic-shaping command in interface configuration mode.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-57
Configuring QoS Autosense
Router(config-if)#
frame-relay qos-autosense
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -62
4-58 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Monitoring Frame Relay Traffic
Shaping
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -63
The listed show commands enable monitoring of per-VC QoS and general GTS
parameters.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-59
Display PVC Information
Router#
show frame-relay pvc
• Displays VC QoS and shaping parameters
Router#show
Router#show frame-relay
frame-relay pvc
pvc 2020
PVC
PVC Statistics
Statistics for
for interface
interface Serial4/0
Serial4/0 (Frame
(Frame Relay
Relay DCE)
DCE)
DLCI
DLCI == 20,
20, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial4/0.1Serial4/0.1
input
input pkts
pkts 16963
16963 output
output pkts
pkts 33632
33632 in
in bytes
bytes 4669839
4669839
out
out bytes
bytes 12442428
12442428 dropped pkts
pkts 00 in
in FECN
FECN pkts
pkts 00
in
in BECN
BECN pkts
pkts 00 out
out FECN
FECN pkts
pkts 00 out
out BECN
BECN pkts
pkts 00
in DE pkts
in DE pkts 0 0 out DE pkts
out DE pkts 0 0
out
out bcast
bcast pkts
pkts 31361
31361 out
out bcast
bcast bytes
bytes 9095644
9095644
Shaping
Shaping adapts
adapts toto BECN
BECN
pvc
pvc create
create time
time 1w3d,
1w3d, last
last time
time pvc
pvc status
status changed
changed 1w3d
1w3d
cir
cir 64000
64000 bc
bc 64000
64000 be
be 00 limit
limit 1000
1000 interval
interval 125
125
mincir 32000
mincir 32000 byte increment 1000 BECN response
byte increment 1000 BECN response yes yes
pkts
pkts 1103
1103 bytes
bytes 1632516
1632516 pkts
pkts delayed
delayed 1091
1091 bytes
bytes delayed
delayed 16287
16287
shaping
shaping active
active
traffic
traffic shaping
shaping drops 1136
Current
Current fair
fair queue
queue configuration:
configuration:
Discard
Discard Dynamic
Dynamic Reserved
Reserved
threshold
threshold queue
queue count
count queue
queue count
count
64
64 16
16 00
Output
Output queue
queue size
size 46/max
46/max total 50/drops 1136
The show frame -relay pvc command displays information about individual FR
PVC status and provides information about:
n Configured CIR
n Shaping
n Queuing
n Congestion adaptation
4-60 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Display Shaping Statistics
Router#
show traffic-shape statistics
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -65
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-61
If the number of delayed packets is very high (compared to the total number of
packets) then there are probably non-responsive aggressive flows being shaped
and the queue depth could show high buffer utilization.
If the number of delayed packets is zero then it is very likely that the access list
does not match any traffic.
4-62 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Display Shaping Queue
Information
Router#
show traffic-shape queue
(depth/weight/discards/tail
(depth/weight/discards/tail drops/interleaves)
drops/interleaves) 46/32384/1377/0/0
46/32384/1377/0 /0
Conversation
Conversation 5,
5, linktype:
linktype: ip,
ip, length:
length: 1504
1504
source:
source: 193.77.3.1,
193.77.3.1, destination:
destination: 193.77.3.1,
193.77.3.1, id:
id: 0x00F4,
0x00F4, ttl:
ttl: 255,
255, prot:
prot: 1
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -66
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-63
Display Shaping Queue
Information
PE_2#show
PE_2#show traffic-shape
traffic-shape queue
queue
Traffic
Traffic queued
queued in
in shaping
shaping queue
queue on
on Serial4/0.1
Serial4/0.1 dlci
dlci 20
20
Queueing
Queueing strategy:
strategy: priority-group
priority-group 11
Queueing
Queueing Stats:
Stats: high 16/20/19 (queue/size/max total/drops)
Packet
Packet 1,
1, linktype:
linktype: ip,
ip, length:
length: 1504,
1504, flags:
flags: 0x10000048
source:
source: 193.77.3.1,
193.77.3.1, destination:
destination: 193.77.3.1,
193.77.3.1, id:
id: 0x0141,
0x0141, ttl:
ttl: 255,
255, prot:
prot: 11
data:
data: 0x0800
0x0800 0x9105
0x9105 0x2659
0x2659 0x1F89
0x1F89 0x0000
0x0000 0x0000
0x0000 0x3819
0x3819
0x223C
0x223C 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD
Packet
Packet 2,
2, linktype:
linktype: ip,
ip, length:
length: 1504,
1504, flags:
flags: 0x10000048
source:
source: 193.77.3.1,
193.77.3.1, destination:
destination: 193.77.3.1,
193.77.3.1, id:
id: 0x0141,
0x0141, ttl:
ttl: 255, prot:
prot: 11
data:
data: 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD
0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -67
The show traffic-shape queue command also displays the contents of the shaping
queue associated with an interface.
The example shows the contents of the high queue in the Priority Queuing system
used as the shaping queue.
4-64 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Summary
n FRTS enables granular, per-VC queuing and shaping definition
n FRTS can be applied only on output interfaces
n FRTS enables per-VC queuing, which is performed before shaping
n FRTS performs traffic shaping or smoothing within a VC
n FRTS supports the same congestion adaptation mechanisms as GTS
Lesson Review
Answer the following questions:
1. What are the main differences between GTS and FRTS?
2. Where can FRTS be used?
3. What classification options does FRTS have?
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-65
Committed Access Rate
Overview
The lesson describes the Committed Access Rate (CAR) mechanism.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe the CAR mechanism
n Describe the benefits and drawbacks of CAR
n Describe the differences between CAR, GTS and FRTS
n Configure CAR on Cisco routers
n Monitor and troubleshoot CAR
4-66 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Committed Access Rate
Meter
Inbound
or
Outbound
Classifier Marker Dropper
Committed Access Rate (CAR) provides the capability to allow the service
provider to rate-limit traffic in and out of router interfaces, thereby enabling various
forms of ingress and egress rate-limiting in a network. CAR is a policing
mechanism, not a queuing mechanism. Therefore it does not buffer or delay
packets, which do or do not conform to the policy, but simply rate-limits them
according to a simple “forward or drop” policy, according to the configuration.
CAR also uses a token-bucket metering mechanism, similar to GTS, but without a
delay queue.
The CAR rate-limiting feature manages a network's access bandwidth policy by
ensuring that traffic falling within specified rate parameters is sent, while dropping
packets that exceed the acceptable amount of traffic or sending them with a
different priority. CAR is often configured on interfaces at the edge of a network
to limit traffic into or out of the network.
CAR can also be used for packet marking. The operator can specify a policy that
determines which packets should be assigned to which traffic class, and use CAR
to implement the marking. The IP header already provides a mechanism to do this,
namely the three precedence bits in the ‘type of service’ field in the IP header.
CAR allows the setting of policies, based on information in the IP or TCP header
such as IP address, application port, physical port or sub-interface, IP protocol,
etc., to decide how the precedence bits should be marked or “colored.” Once
marked, appropriate treatment can be given in the backbone to ensure that
premium packets receive premium service in terms of bandwidth allocation, delay
control, etc.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-67
Note CAR can also be used to police (or “recolor”) precedence bits set externally to
the network either by the customer or by a downstream service provider. Thus
the network can decide to either accept or override external decisions.
4-68 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
CAR on Input and Output
Meter
Forwarding
Outbound
Meter
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-69
CAR Implementation
Software Hardware
CAR Queue Queue
(FIFO, PQ,
(FIFO)
CQ, WFQ, ...)
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -74
4-70 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Interface-wide CAR Diagram
drop
transmit
Class
Class 1?
1? CAR
CAR
continue
drop
transmit Output Queue
Class
Class 2?
2? CAR
CAR or
Forward
continue
drop
transmit
Class n? CAR
CAR
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-71
CAR Diagram
Meter
Meter
Yes Forward
Yes / No
Conforms?
Conforms? Transmit?
Transmit? or
Enqueue
No
Go to
Mark?
Mark? Yes
Continue?
Continue? Next
CAR command
Yes No
Set
Set IP
IP prec?
prec? Set
SetIP
IPPrecedence
Precedence
Yes
Yes Drop?
Drop?
Set
Set DSCP?
DSCP? Set
Set DSCP
DSCP
Yes
Set
Set MPLS
MPLS exp?
exp? Set
Set MPLS
MPLS Experimental
Yes
Set
Set QoS
QoS grp?
grp? Set
Set QoS
QoS Group
Group
As mentioned previously, CAR can also be used to mark or remark traffic as well
as performing rate limiting. Depending on traffic conformance, the following
marking/remarking actions can be performed within CAR processing:
n Set precedence (or DSCP value) and transmit—the IP Precedence (ToS) or
DSCP bits in the packet header are rewritten. The packet is then sent. This
action can be used to either color (set precedence) or recolor (modify existing
packet precedence) the packet.
n Set MPLS experimental bits and transmit – the MPLS experimental bits can
be set. These are usually used to signal QoS parameters in a MPLS cloud.
n Set QoS group and transmit—the QoS group can be set. It is only used locally
within the router. The QoS group can be used in later QoS mechanisms and
performed in the same router, such as CB-WFQ.
4-72 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Configuring CAR
Router(config-if)#
rate-limit {input | output}
[access-group [rate-limit] #acl | qos-group number | dscpdscp dscp]
mean-rate B cc Bee
conform-action { drop || transmit
transmit || continue
continue ||
set-prec-transmit value | set-prec-continue
set-prec-continue value
value |
set-qos-transmit value | set-qos-continue value
set-dscp-transmit value | set-dscp-continue
set-dscp-continue value
value |
set-mpls-transmit value | set-mpls-continue value
value }
exceed-action {{ drop | transmit | continue |
set-prec-transmit value | set-prec-continue
set-prec-continue value
value |
set-qos-transmit value | set-qos-continue value
set-dscp-transmit value | set-dscp-continue
set-dscp-continue value
value |
set-mpls-transmit value | set-mpls-continue value
value }
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -77
To configure CAR and Distributed CAR (dCAR) policies, use the rate-limit
interface configuration command. The figure illustrates all the command options
which are discussed in detail on the following pages.
A single CAR rate policy includes information about the rate limit, conform actions
and exceed actions. Each interface can have multiple CAR rate policies
corresponding to different types of traffic. For example, low priority traffic may be
limited to a lower rate than high priority traffic. When there are multiple rate
policies, the router examines each policy in the order entered until the packet
matches. If no match is found, the default action is to transmit.
Rate policies can be independent: each rate policy deals with a different type of
traffic. Alternatively, rate policies can be cascading: a packet may be compared to
multiple different rate policies in succession. Cascading of rate policies allows a
series of rate limits to be applied to packets to specify more granular policies. For
example, the total traffic on an access link can be rate limited to a specified
subrate bandwidth, and then the World Wide Web traffic on the same link can be
limited to a given proportion of the subrate limit. CAR can be configured to match
packets against an ordered sequence of policies until an applicable rate limit is
encountered—that is, rate limiting several MAC addresses with different
bandwidth allocations at an exchange point. Up to a 100 rate polic ies can be
configured on a subinterface.
The CAR action may be one of the following:
n Continue: evaluate the next rate-limit command
n Drop: drop the packet
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-73
n Set-prec-continue new-prec: set the IP Precedence and evaluate the next
rate-limit command
n Set-prec-transmit new-prec: set the IP Precedence and send the packet
n Set-dscp-continue new-prec: set the DSCP value and evaluate the next rate-
limit command
n Set-dscp-transmit new-prec: set the DSCP value and send the packet
n Set-mpls-continue new-prec: set the MPLS experimental bits and evaluate the
next rate-limit command
n Set-mpls-transmit new-prec: set the MPLS experimental bits and send the
packet
n Transmit: send the packet
4-74 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
CAR Classification
Router(config-if)#
rate-limit {input | output}
[access-group [rate-limit]
[access-group [rate-limit] #acl | qos-group number
number |
dscp dscp]
...
CAR classifies traffic using many IOS-based classification mechanisms. The most
basic classification is to first specify whether inbound or outbound traffic on the
interface is being policed. Then, additional more granular specification can further
classify traffic that needs to be policed separately.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-75
Null CAR Classifier
Router(config-if)#
rate-limit {input | output} ...
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -78
The null CAR classifier is in effect when no additional classifiers are present, apart
from the input or output application of the rate-limiting rule. This can be used either
as a default rate-limiting class (used as the last rate-limit command on the
interface to classify packets, not classified by any previous rules), or, if only global
policy is applied to an interface, classifying all traffic into one group (that is,
policing to a specified aggregate input rate).
4-76 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
CAR Classifier
Based on IP Access List
Router(config-if)#
rate-limit {input | output} access-group number ...
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-77
CAR Classifier Based on
IP Precedence
Router(config-if)#
rate-limit {input | output} access-group rate-limit
number ...
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -81
4-78 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
IP Precedence-based
Rate-limit Access List
Router(config)#
access-list rate-limit
rate-limit acl-index precedence
precedence
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-79
CAR Classifier Based on
Upstream MAC Address
Router(config-if)#
rate-limit {input | output} access-group rate-limit
number ...
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -83
Rate-limit access lists are also used to classify traffic based on the upstream MAC
address. That is, for output-based CAR, traffic is classified on the destination
MAC address, and for input-based CAR, traffic is classified using the source
MAC address.
MAC-based classification is particularly useful at ISP peering points, where a
multi-access LAN network connects ISP border routers. MAC-based
classification can classify traffic based on their upstream neighbor (another ISP
border router) and on their QoS peering policy with other providers.
4-80 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
MAC Address Rate-limit Access
List
Router(config)#
access-list rate-limit acl-index mac-address
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -84
To configure classification rules on the upstream MAC value, use the access-list
rate-limit global configuration command. The CAR process then treats packets
with different upstream (source or destination) MAC addresses differently. The
ACL indices for precedence-based classification range from 100 to 199.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-81
QoS-group CAR classifier
Router(config-if)#
rate-limit {input | output} qos-group number ...
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -85
The operator may also classify traffic based on their QoS group value. The QoS
group is a tag, which may be assigned to each packet during the forwarding
process, and is local to the router. The QoS group may be set:
n By some marking mechanism in the same router, such as policy routing,
inbound rate-limiting on another interface, or inbound class-based marking on
another interface.
n By QPPB (QoS Policy Propagation through BGP), which distributes centrally
administered QoS group values to routers over BGP sessions. The routers
automatically mark traffic based on the QPPB-learned policy during the CEF
forwarding process.
The QoS-group-based classification and marking is generally available only on
high-end router platforms.
4-82 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
DSCP-based CAR Classifier
Router(config-if)#
rate-limit {input | output} dscp dscp ...
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -86
In a DiffServ-based model, the whole DSCP value can be used as the packet
classifier. The marking of the DSCP value is accomplished through class-based
marking or rate limiting on another interface or router.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-83
CAR Meter
Router(config-if)#
rate-limit {input | output}
[access-group
[access-group [rate-limit]
[rate-limit] number | qos-group number |
dscp dscp]
mean-rate Bc Bee
...
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -87
The CAR metering mechanism uses a modified token bucket scheme, which
decides whether a packet conforms or exceeds the contracted rate. CAR is
configured with three parameters:
n Mean rate specifies the average traffic rate which traffic should be policed to
(analogous to committed rate with GTS). This is the long-term sustained
throughput through the CAR policing mechanism.
n Bc specifies the normal burst size, which is the amount of tokens added
periodically to the token bucket.
n Be specifies the excess burst size, which equals the size of the bucket in the
CAR implementation. This is the maximum burst size that can be sent by the
token bucket at one time, at the access line rate.
If CAR is used as a pure policer, packets exceeding the contracted rate are
dropped.
4-84 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
CAR Actions
CAR actions can be divided into marking and processing actions. The marking
actions support the setting of QoS signaling values inside the packet header
(precedence, DSCP, MPLS experimental) or locally to the router (QoS group).
The processing actions define the basic action of a single CAR rule. Those actions
may be to transmit (forward) the packet immediately, drop the packet, or continue
with the evaluation of the next CAR rule.
Each CAR rate limit statement is checked sequentially for a match. When a match
is found, the CAR meter (the token bucket), if there is one, is evaluated.
If the action is a “continue” action, the policer will go to the next rate-limit on the
list to find a subsequent match. If a match is found the traffic is subjected to the
next applicable rate-limit. If an end of rate-limit list is encountered without finding a
match or “continue” action, the default behavior is to transmit.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-85
CAR Actions
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -89
The three processing actions can be used stand-alone to enforce a pure rate-
limiting functionality. Alternatively, the “transmit” and “continue” actions can be,
and often are, combined with marking actions, whic h enable further differentiation
of the traffic.
4-86 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
CAR Actions
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -90
Based on the “conform” or “exceed” results of the CAR meter, three CAR
configuration philosophies are usually used:
n Use only the “transmit” and “drop” actions—effectively enabling only local
rate limiting on an interface.
n Use all processing actions, and additionally mark traffic based on its
conformance of exceeding the configured rate limit. For example, conforming
traffic may be colored with one marker value (precedence, DSCP, QoS, etc.),
and exceeding traffic with another value. This differentiation may be used
locally or elsewhere in the network to differentiate between in-contract
(conforming) traffic and out-of-contract (exceeding) traffic.
n Transmit all traffic and use only the marking actions to color traffic with a
marker value.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-87
Displaying CAR Parameters and
Statistics
Router#
show interfaces intf rate-limit
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -91
To display information about the Committed Access Rate (CAR) for an interface,
use the show interfaces rate-limit EXEC command.
Information retrieved by the show interface rate limit command includes:
n Packets that match this rate limit
n Parameters for this rate limit (as configured by the rate-limit command)
n Average rate
n Normal burst size
n Excess burst size
n Number of packets that have conformed to the rate limit
n Conform action
n Number of packets that have exceeded the rate limit
n Exceed action
n Time since the last packet
n Instantaneous burst size at the current time
n Time since the burst counter was reset
n Rate of conforming traffic
n Rate of exceeding traffic
n Rate limits applicable to packets sent out by the interface
4-88 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Display Rate-limit
Access Lists
Router(config)#
show access-lists rate-limit
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -92
To display information about rate-limit access lists, use the show access-lists
rate-limit EXEC command. Information displayed includes:
n Whether the access list is precedence-based or MAC address-based
n What the IP precedence and IP precedence mask for packets in this rate-limit
access list are or what the MAC address for packets in this rate-limit access
list are
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-89
CAR – Limiting
Example #1
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -92
The first CAR case study shows a service provider, which uses a unified
infrastructure to connect all customers to an IP backbone. 2 Mbps leased lines or
ADSL links are used to connect customers to a POP. CAR is used to limit the
actual traffic rate to a lower value, as specified by the customer contract.
CAR can be used to offer differentiated, easy to upgrade services in this scenario,
as throughput is not limited by physical infrastructure, but rather by the traffic
policing by the ISP.
4-90 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
CAR – Limiting
Example #1
2M
bps
Customer
2 Mbps
Internet
NAP
Customer ISP
bps
2M
Customer
In the configuration example, CAR is applied on the input and output of a customer
interface on the provider edge router. Traffic is policed to 256 Kbps on input and
output, with some bursting allowed. All exceeding traffic is dropped at the provider
edge.
The result of the configuration is that traffic to and from the customer is limited to
the average rate of approximately 256kbps (256000 in the configuration) with
sustained bursts of approximately 32kbps (4kBps or 4000 in the configuration).
Initial bursts at line speed can last up to 3 seconds because the token bucket can
hold up to 96000 tokens (bytes) which equals 768000 bits (3 x 256000 bits).
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-91
CAR – Limiting and Marking
Example #2
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -94
The second case study provides a differentiated service for a customer, where
web traffic needs to be given more bandwidth compared to other traffic types.
Web traffic is limited to 512 Kbps, and a higher precedence is set. Web traffic
exceeding the configured rate limit is reclassified as regular traffic.
Regular traffic is limited to 256 Kbps, and colored with a precedence value of 0.
The same burst values are configured for web and all other traffic.
4-92 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
CAR – Limiting and Marking
Example #2
2 Mbps
Internet
Customer NAP
ISP
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -95
The configuration implements the policy outlined in the previous case study. Traffic
is classified with extended access lists (to differentiate web traffic from other
traffic), and CAR uses the access list to apply the correct policing to the traffic.
Precedence values of 0 and 1 are set to signal preferential treatment of the web-
traffic to other QoS mechanisms, such as queuing and WRED.
The access list 101 identifies HTTP traffic using the default well-known port
number 80 (“www” in the configuration) either as the source or destination port
number in TCP segments. The conforming part of the class (up to 512 kbps) is
marked with IP precedence 1. The exceeding part of the class is further evaluated
by the next rate-limit command where it is limited together with the rest of the
traffic (non-HTTP) to 256 kbps. The total throughput, therefore, will never exceed
768 kbps (512 kbps of conforming HTTP traffic + 256 kbps of exceeding HTTP
traffic and all other traffic). WRED can be used in combination with CAR to
provide differentiated congestion avoidance anywhere in the network.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-93
CAR – Limiting
Example #3
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -96
In the third case study, an ISP’s customer can exchange up to 128 Kbps of
premium traffic with the world. Premium traffic is marked with precedence 1 by
the customer, and the ISP polices the traffic to 128 Kbps using CAR. Other traffic
is not rate-limited.
4-94 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
CAR – Limiting
Example #3
2M
bps
Customer
2 Mbps Internet
NAP
Customer ISP
bps
2M
Customer
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -97
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-95
CAR – Precedence Spoofing
Example #4
interface serial 0/0
rate-limit input
access-group rate-limit 1 64000 8000 8000
2M
bps conform-action drop
Customer exceed-action drop
!
2 Mbps access-list rate-limit 1 mask FE
Internet
NAP
Customer ISP
bps
2M
Customer
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -98
This case study shows a possible solution for preventing precedence spoofing for
best-effort customers. The customer may only send traffic with the precedence
value of 0. The CAR policing rule matches all non-zero-precedence traffic and
drops it unconditionally. The CAR metering parameters can be arbitrarily set to
any value.
The rate-limit access list in this example is using the mask option to match multiple
IP precedence values. Each bit in the mask corresponds to one IP precedence
value. The mask FE (11111110 binary) in the example matches all packets with IP
precedence values between 1 and 7. The rate-limit command drops all packets that
do not have IP precedence 0.
4-96 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
CAR – Limiting
Example #5
© 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing -99
The fifth case study application uses web hosting as the example of QoS
application. The SP hosts a web-farm and wants to police traffic going to and from
specific servers. CAR is used, with MAC-based classification, to differentiate
traffic to or from different servers. A default policing statement allows some
traffic through to allow management protocols to run to yet unprovisioned servers.
This application can also be used to manage traffic flows to centralized servers in
enterprise networks.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-97
CAR – Limiting
Example #5
Server
Core network
LAN switch Distribution
Server Router
The figure shows the configuration used to police traffic going to a specific server.
MAC-based rate-limit ACLs are used, which filter based on the upstream server
MAC address.
The special rate-limit access list is used to identify traffic from a web server which
may have multiple IP addresses. The traffic is limited to Ethernet speed even if the
underlying interface is using another type of media (for example: FastEthernet).
In the event that a customer changes the interface card (MAC address changes)
on the server, he can still get limited access to the server (64kbps) for
administrative purposes. The MAC-based rate-limit access list has to be modified
to reflect the new MAC address being used by the server.
4-98 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
CAR – Marking
Example #6
WAN
Core
Customer
interface ethernet 0/0
rate-limit input 10000000 8000 8000
conform-action set-prec-transmit 2 exceed-action drop
!
interface ethernet 0/1
rate-limit input 10000000 8000 8000
conform-action set-prec-transmit 0 exceed-action drop
!
In this example, CAR is used purely for marking purposes. All traffic from one
customer (attached to the ethernet0/0 interface) is rate-limited to the line rate and
CAR marks all incoming packets with a configured precedence. Another customer
is connected to the same router, also rate-limited to the line rate, and marked with
a lower precedence.
The bit rate in the rate-limit command should be higher or equal to the physical
bandwidth of the interface to implement marking without any rate limiting. Another
option is to use the same action for both conforming and exceeding traffic.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-99
CAR – Marking
Example #7
Customer
WAN
Core
Note There is no true policed rate limiting in this example, as traffic is rate -limited to
the line rate.
The first rate-limit command identifies inbound telnet sessions (access list 101) and
marks them with IP precedence 2 without limiting it.
The second rate-limit command identifies inbound HTTP sessions (access list 102)
and marks them with IP precedence 1 without limiting it.
The third rate-limit command marks all other packets (no access list is used) with
IP precedence 0 without limiting it.
4-100 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Summary
n CAR can be applied on input and output interfaces
n CAR performs no buffering or shaping
n CAR can mark packets
n In Frame Relay, CAR has no support for BECN or FECN
n Cascaded policies can be applied
n CAR provides managed discard between the normal burst and extended burst
parameters
n CAR can run in distributed mode (on 7500 VIP)
n CAR can apply access lists based on ToS bits/MAC address and IP extended
access lists
n CAR is not RSVP aware
Lesson Review
Answer the following questions:
1. What classification options does CAR support?
2. What are the main differences between CAR and traffic shaping?
3. Where can CAR be implemented?
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-101
Summary
n GTS/FRTS perform traffic shaping or smoothing
n GTS/FRTS cannot mark or drop packets
n GTS/FRTS can intelligently adapt to Layer-2 congestion
n GTS/FRTS do not support cascaded policies
n GTS/FRTS do not provide managed discard
n CAR performs no buffering or shaping
n CAR can mark packets
n In Frame Relay, CAR has no support for BECN or FECN
n Cascaded policies can be applied in CAR
n Both GTS and CAR can run in distributed mode
n CAR is not RSVP aware, while GTS is
4-102 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
Review Questions and Answers
Traffic Shaping and Policing
Question: How do shaping and policing mechanisms keep track of the traffic
rate?
Answer: Both mechanisms use a token bucket as a rate measurement method.
Question: Which shaping mechanisms are available with the Cisco IOS software?
Answer: Cisco IOS supports Generic Traffic Shaping, Frame Relay Traffic
Shaping, and Class-based Shaping.
Question: Which policing mechanisms are available with the Cisco IOS
software?
Answer: Cisco IOS supports Committed Access Rate (CAR) and Class-based
Policing.
Question: What are the main differences between shaping and policing?
Answer: To stay within the configured rate, shaping delays excessive traffic while
policing drops excessive traffic.
Copyright 2001, Cisco Systems, Inc. IP QoS Traffic Shaping and Policing 4-103
Question: Where can FRTS be used?
Answer: FRTS can only be used on Frame Relay interfaces.
Question: What classification options does FRTS have?
Answer: None, FRTS shapes all traffic on a Frame Relay VC.
4-104 IP QoS Traffic Shaping and Policing Copyright 2001, Cisco Systems, Inc.
5
Congestion Avoidance
Overview
This module describes the problems of congested networks. It introduces Random
Early Detection (RED), WRED, and Flow-based WRED as mechanisms to
prevent congestion on router interfaces.
Objectives
Upon completion of this module, you will be able to perform the following tasks:
n Describe Random Early Detection (RED)
n Describe and configure Weighted Random Early Detection (WRED)
n Describe and configure Flow-based WRED
Random Early Detection
Overview
The section describes the need for congestion avoidance in nearly-congested
networks and explains the benefits of using RED on congested links.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Explain the need for congestion avoidance mechanisms.
n Explain how RED works and how it can prevent congestion.
n Describe the benefits and drawbacks of RED.
The simple tail-dropping scheme unfortunately does not work very well in
environments with a large number of TCP flows or in environments in which
selective dropping is deserved. Understanding of the interaction between TCP
stack intelligence and dropping in the network is required to implement a more
efficient and fair dropping scheme, especially in SP environments.
Tail drop has the following shortcomings:
n When congestion occurs, dropping affects most of the TCP sessions, which
simultaneously back-off and then restart again. This causes inefficient link
utilization at the congestion point (TCP global synchronization)
n TCP starvation, where all buffers are temporarily seized by aggressive flows,
and normal TCP flows experience buffer starvation.
n Buffering at the point of congestion can introduce delay and jitter, as packets
are stuck waiting in queues.
n There is no differentiated drop mechanism, and therefore premium traffic is
dropped in the same way as best-effort traffic.
n Even in the event of a single TCP stream across an interface, the presence of
other non-TCP traffic can congest the interface and TCP traffic will also be
dropped. In this scenario, the feedback to the TCP protocol is very poor and
therefore it cannot adapt properly to a congested network.
Flow C
A router can handle multiple concurrent TCP sessions. There is a high probability
that when traffic exceeds the queue limit at all, it vastly exceeds the limit due to the
bursty nature of packet networks. However, there is also a high probability that
excessive traffic depth caused by packet bursts is temporary and that traffic does
not stay excessively deep except at points where traffic flows merge, or at edge
routers.
If the receiving router drops all traffic that exceeds the queue limit, as is done by
default (with tail drop), many TCP sessions then simultaneously go into slow start.
Consequently, traffic temporarily slows down to the extreme and then all flows
slow-start again. This activity creates a condition called global synchronization.
Global synchronization occurs as waves of congestion crest only to be followed by
troughs during which the transmission link is not fully utilized. Global
synchronization of Transmission Control Protocol (TCP) hosts, for example, can
occur because packets are dropped all at once. Global synchronization manifests
when multiple TCP hosts reduce their transmission rates in response to packet
dropping, then increase their transmission rates once again when the congestion is
reduced. The most important point is that the waves of transmission known as
global synchronization result in significant link under-utilization.
Packets of
Packets of aggressive
starving flows flows
Delay
TCP does not
react well if Tail-drop does
multiple Packets experience long delay if
not look at IP
packets are interface is constantly congested
precedence
dropped
Maximum
Drop
Probability
10%
20 40 Average
Queue
Size
Minimum Maximum
Threshold Threshold
As seen in the previous figure, RED has three dropping modes, based on the
average queue size:
n When the average queue size is between 0 and the configured minimum
threshold, no drops occur and all packets are queued.
n When the average queue size is between the configured minimum threshold,
and the configured maximum threshold, random drop occurs, which is linearly
proportional to the average queue length. The maximum probability of drop
(when the queue is almost completely full) is 15% in Cisco IOS software.
n When the average queue size is at or higher than the maximum threshold, RED
performs full (tail) drop in the queue. This event is unlikely, as RED should
slow down TCP traffic ahead of congestion. If a lot of non-TCP traffic is
present, RED cannot effectively drop traffic to reduce congestion, and tail-
drops are likely to occur.
Flow C
Average link
utilization
Flow A
Flow B
Flow C
Lesson Review
1. What are the main drawbacks of using tail-drop as a means of congestion
control?
2. What does RED do to prevent TCP synchronization?
3. What are the three modes of RED?
Overview
The section describes the WRED mechanism available in Cisco IOS.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe the Weighted Random Early Detection (WRED) mechanism
n Configure WRED on Cisco routers
n Monitor and troubleshoot WRED on Cisco routers
Drop
Probability
100%
10%
10 20 40 Average
Queue
Size
• WRED profiles can be manually set
• WRED has 8 default value sets for IP precedence based WRED
• WRED has 64 default value sets for DSCP based WRED
The figure shows two WRED profiles, used for traffic of different QoS classes.
The RED class has a much lower minimum and maximum threshold. Traffic of
that class will be dropped much earlier and more aggressively. When heavy
congestion occurs, the RED class will ultimately be tail dropped. The BLUE class
has a higher minimum and maximum thresholds, therefore dropping occurs later
and is less likely, compared to the RED class. This maintains differentiated levels
of service in the event of congestion.
To avoid the need of setting all WRED parameters in a router, 8 default values are
already defined for precedence-based WRED, and 64 DiffServ-aligned values are
defined for DSCP-based WRED. Therefore, the default settings should suffice in
the vast majority of deployments.
100%
10%
100%
10% EF
Average
20 36 40 Queue
Size
100%
AF Low Drop
AF Medium Drop
AF High Drop
10%
Average
20 24 28 32 40 Queue
Size
Calculate Average
Queue Size Current
Queue
Size
Queue No
IP packet WRED FIFO Queue
Full?
IP precedence
Yes
or
DSCP
Select
WRED
Min. threshold
Profile Random Drop Tail Drop
Max. threshold
Max prob. denom.
The figure shows how WRED is implemented, and the parameters that influence
WRED dropping decisions. The WRED algorithm is constantly updated with the
calculated average queue size, which is based on the recent history of queue sizes.
The configured WRED profiles define the dropping thresholds (and therefore the
WRED probability slopes). When a packet arrives at the output queue, the IP
precedence of DSCP-value is used to select the correct WRED profile for the
packet. The packet is then passed to WRED to perform a drop/enqueue decision.
Based on the profile and the average queue size, WRED calculates the probability
for dropping the current packet and either drops it or passes it to the output queue.
If the queue is already full, the packet is tail-dropped. Otherwise, it is eventually
transmitted out onto the interface.
Router(config-if)#
random-detect
random-detect
Router(config-if)#
random-detect precedence
precedence precedence
precedence min-threshold max-threshold
mark-prob-denominator
mark-prob-denominator
In this example, WRED is enabled with default values, and then the values are
changed for each IP Precedence level. The configured values, which are
described above under Random Early Detection, are repeated here for
convenience:
n Minimum threshold - When the average queue depth is above the minimum
threshold, RED starts dropping packets. The rate of packet drop increases
linearly as the average queue size increases, until the average queue size
reaches the maximum threshold.
n Maximum threshold - When the average queue size is above the maximum
threshold, all packets are dropped. If the difference between the maximum
threshold and the minimum threshold is too small, many packets might be
dropped at once, resulting in global synchronization.
n Mark probability denominator - This is the fraction of packets dropped when
the average queue depth is at the maximum threshold. For example, if the
denominator is 512, one out of every 512 packets is dropped when the average
queue is at the maximum threshold.
It is interesting to note, that the maximum probability of drop at the maximum
threshold can be expressed as 1/mark-prob-denominator. The maximum drop
probability is 10%, if default settings are used.
If required, RED can be configured as a special case of WRED, by assigning the
same profile to all eight precedence values.
Router(config-if)#
random-detect exponential-weighting-constant n
Qavg ( t + 1) = Qavg (t ) ⋅ (1 − 2 − n ) + Qt ⋅ 2 − n
As mentioned previously, WRED does not calculate the drop probability using the
current queue length, but rather uses the average queue length. The average queue
length is constantly recalculated, using two terms: the previously calculated
average queue size and the current queue size. An exponential weighting constant
N influences the calculation by weighing the two terms, therefore influencing how
the average queue size follows the current queue size, in the following way:
n A low value of N makes the current queue size more significant in the new
average size calculation, therefore allowing larger bursts
n A high value of N makes the previous average queue size more significant in
the new average seize calculation, so that bursts influence the new value to a
smaller degree.
The default value is 9 and should suffice for most scenarios, except perhaps those
involving extremely high-speed interfaces (like OC12), where it can be increased
slightly (to about 12) to allow more bursts.
Router(config-if)#
random-detect
random-detect {prec-based
{prec-based || dscp-based}
dscp-based}
Router(config-if)#
random-detect dscp
dscp dscp
dscp min-threshold max-threshold mark-prob-
denominator
denominator
The DSCP-weighted WRED profiles can be changed, again using the known three
WRED parameters. The mask-prob-denominator defines the packet drop
probability at the WRED maximum threshold. The maximum drop probability is
10%, if default settings are used. Normally, the DSCP-weighed profiles should be
left at their default settings, as those settings are appropriate for most situations, if
traffic is classified according to the DiffServ service specification.
3 Premium
Premium traffic
traffic in
in the
the contract
contract
4 Unused
5 Voice-
Voice-over-
over -IP
This WRED case study presents a network carrying traffic with eight different
service levels, each assigned a precedence value, with which packets are marked.
The figure shows the precedence to traffic -type mapping, where higher
precedence values are assigned to more important traffic. Voice traffic, for
example, is ranked just below essential routing protocol traffic, whereas other IP
traffic is divided into premium and best-effort levels, also depending on drop-
sensitivity. Traffic is classified at the edge of the network, and WRED provides
differentiated handling of traffic in the core, if core interfaces are nearing
congestion.
This information is used to build a custom WRED profile, based on the above
policy. When congestion is about to occur, WRED will drop packets, preferring
lower-precedence traffic, which is either drop-resistant or part of a best-effort
service. Premium traffic should experience few drops, and voice and routing
protocol traffic are unlikely to get dropped, because they are assigned a very high
minimum dropping threshold.
While it is not recommended to use WRED with voice traffic, this example
aggregates many types of traffic, including voice, on a single access line. WRED is
configured so that voice is unlikely to be dropped, and other aggressive flows are
dropped first. Ideally, there would also be a separate voice queue configured, and
voice traffic priority scheduled against other traffic.
The WRED dropping strategy for different traffic classes can be outlined as
n Best-effort traffic should be dropped before premium traffic.
n Out-of-contract or high-drop best-effort traffic should be dropped very
aggressively.
n Voice traffic should be dropped only under extreme congestion.
n Routing protocol traffic should be less drop-resistant than VoIP (depends on
the routing protocol and control over amount of VoIP traffic).
To implement this dropping policy, WRED is configured with default parameters
and then tuned to comply with the above policy.
Packet Discard
Probability
VoIP
Precedence 3
Routing
Precedence 1
0.1
Precedence 2
Precedence 0
Average
Queue Size RSVP
10
15
20
25
30
35
37
© 2001, Cisco Systems, Inc. Congestion Avoidance -32
The figure presents the values chosen to tune WRED dropping according to the
case study policy. Different precedence traffic will be assigned different minimum
and maximum threshold values to reflect the relative dropping strategies outlined in
the requirements. Note that the maximum drop probability is 10% (default) and the
same for all precedence levels. This setting should not be changed in most
implementations.
interface
interface Serial
Serial 0/1/0
0/1/0
ip address
address 200.200.14.250
200.200.14.250 255.255.255.252
255.255.255.252
random-detect
random-detect precedence 0 10 10 25
25 10
10
random-detect precedence 1 20 20 35
35 10
10
random-detect precedence 2 15 15 25
25 10
10
random-detect precedence 3 25 25 35
35 10
10
random-detect precedence
precedence 44 11 2 11
random-detect precedence 5 35 35 40
40 10
10
random-detect precedence 6 30 30 40
40 10
10
random-detect precedence 7 30 30 40
40 10
10
• Show interface
– displays the queuing/dropping mechanism in use
displays WRED parameters (VIP only)
• Show queueing
– displays the RED profile for each interface
• Show queue
– displays the interface output queue
• Show interface random-detect
– displays RED statistics (VIP only)
Router#
show interface intf
The show interface command will display whether or not WRED is the preferred
congestion avoidance mechanism on the interface.
Router#
show queueing random-detect
Class
Class Random Tail Minimum Maximum Mark
drop
drop drop
drop threshold
threshold threshold
threshold probability
probability
00 174 34 20 40 1/10
11 00 00 22
22 40
40 1/10
1/10
22 00 00 24
24 40
40 1/10
1/10
33 0 0 26 40 1/10
44 0 0 28 40 1/10
55 0 0 31 40 1/10
66 6 3 33 40 1/10
77 00 00 35
35 40
40 1/10
1/10
rsvp
rsvp 00 00 37
37 40
40 1/10
1/10
© 2001, Cisco Systems, Inc. Congestion Avoidance -36
The show queuing command shows the configuration and statistics for configured
WRED profiles.
Router#show
Router#show interfaces
interfaces random-detect
random-detect
FastEthernet1/0/0
FastEthernet1/0/0 queue
queue size
size 00
packets
packets output
output 29692,
29692, drops
drops 00
WRED:
WRED: queue
queue average
average 00
weight
weight 1/512
Precedence
Precedence 0:0: 109
109 min
min threshold,
threshold, 218
218 max
max threshold,
threshold, 1/10
1/10 ma
mark
rk weight
weight
11 packets
packets output,
output, drops:
drops: 00 random,
random, 00 threshold
threshold
Precedence
Precedence 1:1: 122
122 min
min threshold,
threshold, 218
218 max
max threshold,
threshold, 1/10
1/10 ma
mark
rk weight
weight
(no
(no traffic)
traffic)
Precedence
Precedence 2:2: 135
135 min
min threshold,
threshold, 218
218 max
max threshold,
threshold, 1/10
1/10 ma
mark
rk weight
weight
14845
14845 packets
packets output,
output, drops:
drops: 0 random,
random, 0 threshold
threshold
Precedence
Precedence 3:3: 148
148 min
min threshold,
threshold, 218
218 max
max threshold,
threshold, 1/10
1/10 ma
mark
rk weight
weight
(no
(no traffic)
traffic)
Precedence
Precedence 4:4: 161
161 min
min threshold,
threshold, 218
218 max
max threshold,
threshold, 1/10
1/10 ma
mark
rk weight
weight
(no
(no traffic)
traffic)
Precedence
Precedence 5:5: 174
174 min
min threshold,
threshold, 218
218 max
max threshold,
threshold, 1/10
1/10 ma
mark
rk weight
weight
(no
(no traffic)
traffic)
Precedence
Precedence 6:6: 187
187 min
min threshold,
threshold, 218
218 max
max threshold,
threshold, 1/10
1/10 ma
mark
rk weight
weight
14846
14846 packets
packets output,
output, drops:
drops: 0 random,
random, 0 threshold
threshold
Precedence
Precedence 7:7: 200
200 min
min threshold,
threshold, 218
218 max
max threshold,
threshold, 1/10
1/10 ma
mark
rk weight
weight
(no
(no traffic)
traffic)
Router#
show queue
queue intf
• Displays queue contents
Router#show
Router#show queue
queue serial
serial 1/0
1/0
Output
Output queue
queue for
for Serial1/0
Serial1/0 is
is 65/0
65/0
Packet
Packet 1,
1, linktype:
linktype: ip,
ip, length:
length: 1504,
1504, flags:
flags: 0x48
0x48
source:
source: 192.168.1.2,
192.168.1.2, destination:
destination: 192.168.1.2,
192.168.1.2, id:
id: 0x001A,
0x001A, ttl:
ttl: 255,
255, prot:
prot: 11
data:
data: 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD
0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD
Packet
Packet 2,
2, linktype:
linktype: ip,
ip, length:
length: 1504,
1504, flags:
flags: 0x48
0x48
source:
source: 192.168.1.2,
192.168.1.2, destination:
destination: 192.168.1.2,
192.168.1.2, id:
id: 0x001A,
0x001A, ttl:
ttl: 255,
255, prot:
prot: 11
data:
data: 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD
0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD
Packet
Packet 3,
3, linktype:
linktype: ip,
ip, length:
length: 1504,
1504, flags:
flags: 0x48
0x48
source:
source: 192.168.1.2,
192.168.1.2, destination:
destination: 192.168.1.2,
192.168.1.2, id:
id: 0x001A,
0x001A, ttl:
ttl: 255,
255, prot:
prot: 11
data:
data: 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD
0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD 0xABCD
0xABCD
...
... rest
rest deleted
deleted ...
...
© 2001, Cisco Systems, Inc. Congestion Avoidance -38
The show queue command will display the output queue contents.
WRED is very effective in achieving congestion avoidance, but only when at least
80% of traffic is based on the TCP protocol, which can quickly react to selective
random drops in some of the sessions. If non-adaptive flows, using for example the
UDP protocols, arrive at the interface, those flows do not react to WRED
dropping, but can instead monopolize the interface (and its buffers). Such traffic
should be rate-limited to enforce a steady traffic mix.
Also, WRED cannot be used together with fancy queuing with centralized
switching. dWRED and dWFQ can coexist, however, on most distributed
applications, sometimes even implemented in interface (line card) hardware.
Lesson Review
1. What are the key differences between RED and WRED?
2. What can be used as weight in WRED?
3. Which dropping modes does WRED have?
Overview
The section describes the Flow-based WRED mechanism available in Cisco IOS.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe the Flow-based WRED mechanism.
n Describe the benefits of Flow-based RED over normal WRED.
n Configure Flow-based WRED on Cisco routers.
n Monitor and troubleshoot Flow-based WRED on Cisco routers.
Before you consider the advantages that flow-based WRED offers, it helps to
think about how WRED (without flow-based WRED configured) affects different
kinds of packet flows. Even before flow-based WRED classifies packet flows,
flows can be thought of as belonging to one of these categories:
n Nonadaptive flows, which are flows that do not respond to congestion.
n Robust flows, which on average have a uniform data rate and slow down in
response to congestion.
n Fragile flows, which, though congestion-aware, have fewer packets buffered
at a gateway than do robust flows.
Because of its packet-drop behavior − that is, that all flows, even those with
relatively fewer packets in the output queue, are susceptible to packet drop during
periods of congestion − WRED tends toward a bias against fragile flows. Though
fragile flows have fewer buffered packets, they are dropped at the same rate as
packets of other flows.
Calculate Average
WFQ Per-flow Queue Size
Classifier
(hash) Scaling
Factor
Queue No
IP packet WRED FIFO Queue
Full?
IP precedence
Yes
or
DSCP
Select
WRED
Min. threshold
Profile Random Drop Tail Drop
Max. Threshold
Max prob. Denom.
This block diagram shows how FRED performs its dropping calculations based on
the flow classification and queue sizes. An incoming packet is first classified into
an active flow. A default WRED profile is chosen for the packet based on the
precedence/DSCP value. FRED then determines the characteristics of the flow,
by calculating the average per-flow buffer usage (average per-flow queue size) in
the system, and based on it, the maximum per-flow queue size, using a scaling
factor.
By default, FRED computes the maximum per-flow queue size directly from the
average queue per-flow queue size (the average size of queue used by flows in the
router, calculated as the number of used buffers divided by the number of active
flows), using a multiplicative factor of 4. If a flow uses more buffers than the
maximum per-flow queue size, Cisco IOS deems the flow non-adaptive, and
chooses a more aggressive RED profile for that flow, lowering the maximum
threshold by half the difference between the current maximum and minimum
threshold difference.
In short, a flow is considered non-adaptive when its flow-depth is larger than the
expected maximum due to burstiness, which depends on the scaling factor:
average-flow-depth * (scaling factor) < flow-depth
Router(config-if)#
random-detect
random-detect flow
flow IOS
IOS 12.0(3)T
Router(config-if)#
random-detect flow average-depth-factor scaling-factor
scaling-factor
Router#
show queueing random-detect
Class
Class Random
Random Tail
Tail Minimum
Minimum Maximum
Maximum Mark
Mark
drop
drop drop
drop threshold
threshold threshold
threshold probability
probability
00 00 00 20
20 40
40 1/10
1/10
11 00 00 22
22 40
40 1/10
1/10
22 00 00 24
24 40
40 1/10
1/10
33 00 00 26
26 40
40 1/10
1/10
44 00 00 28
28 40
40 1/10
1/10
55 00 00 31
31 40
40 1/10
1/10
66 00 00 33
33 40
40 1/10
1/10
77 00 00 35
35 40
40 1/10
1/10
rsvp
rsvp 00 00 37
37 40
40 1/10
1/10
The show queuing command shows the configuration and statistics for configured
WRED profiles, together with FRED parameters, such as the number of active
flows in the queue, and the depth scaling factor.
Since FRED does not yet run in a distributed mode, and only works in combination
with FIFO queuing, its applications are limited. FRED is also not predictable in its
operation, and somewhat depends on the behavior of endpoints, which must
properly adapt their sending rate based on loss signals from the network.
Lesson Review
1. What is the difference between WRED and Flow-based WRED?
2. How many queues does Flow-based WRED have?
3. What are the benefits and drawbacks of Flow-based WRED?
Link Efficiency
Mechanisms
Overview
The module describes one approach to handling congested links; compression. It
discusses link efficiency mechanisms that either compress the payload of packets
(Stacker and Predictor) or reduce packet overhead by compressing their headers
(TCP and RTP header compression). It also discusses two different layer-2 link
fragmentation mechanisms (PPP Multilink and Frame Relay Fragmentation).
Objectives
Upon completion of this module, you will be able to perform the following tasks:
n Describe and configure Stacker payload compression
n Describe and configure Predictor payload compression
n Describe and configure TCP header compression
n Describe and configure RTP header compression
n Describe and configure PPP Multilink with interleaving
n Describe and configure Frame Relay Fragmentation
Payload Compression
Overview
This lesson describes two payload compression mechanisms. It describes the
Stacker and Predictor mechanisms that can be used to reduce the size of data in
packets or frames.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe and configure Stacker compression
n Describe and configure Predictor compression
n Monitor and troubleshoot compression
6-2 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Payload Compression
While many mechanisms exist for optimizing throughput and reducing delay in
network traffic within the QoS portfolio, QoS does not create bandwidth. QoS
optimizes the use of existing resources, and enables the differentiation of traffic
according to the operator policy.
Payload compression does create additional bandwidth, because it squeezes packet
payloads, and therefore increases the amount of data that can be sent through a
transmission resource in a given time period. Payload compression is mostly
performed on layer-2 frames and therefore compresses the entire layer-3 packet.
Note that IP PCP (Payload Compression Protocol) is a fairly new technique for
compressing payloads on layer 3, and can handle out-of-order data. The IP PCP
compression method is not discusses in this lesson.
As compression squeezes payloads, it both increases the perceived throughput, and
decreases perceived latency in transmission, because smaller, packets (with
compressed payloads) take less time to transmit (than the larger, uncompressed
packets).
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-3
Compression Building Blocks
Compression Output
Forwarder Algorithm Queue
FH IP FH cIP
Compression is a
CPU-intensive task Packets reduced in
It adds to the size take less time
overall delay to transmit.
experienced by IP More packets can
packets. be transmitted.
The figure shows a basic block diagram of a compression method. When a router
forwards a packet, it is subjected to the layer-2 compression method after it has
been encapsulated at the output. The compression method squeezes the payload of
the layer-2 frame (the entire layer-3 packet), and transmits the packet on the
interface. Layer-2 compression requires serialization of packet delivery, which
means that packets must be received by the remote layer-2 station in the same
order as they were sent.
Compression is a CPU-intensive task and can add per-packet delay due to the
application of the compression method to each frame. The transmission
(serialization) delay, however, is reduced, because the resulting frame is smaller.
Depending on the complexity of the payload compression algorithm, overall latency
might be reduced, especially on low-speed links.
6-4 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Compression Results
COMPRESSION
COMPRESSION Link bandwidth
256 kbps Throughput
500 kbps
Delay=10 ms Delay=4 ms Total Delay=14 ms
HARDWARE
HARDWARE COMPRESSION
COMPRESSION Link bandwidth
256 kbps Throughput
500 kbps
Delay=2 ms Delay=4 ms Total Delay=6 ms
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-5
Compression Algorithms
6-6 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Stacker and MPPC Compression
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-7
Predictor Compression
The predictor is a simple, very fast, and CPU-friendly algorithm, but this algorithm
yields a lower compression ratio. It is based on predicting the next byte-sequence
in the stream based on a simple dictionary, which is rebuilt from the source or the
compressed data without the need to exchange a dictionary between the peers.
6-8 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Stacker/MPPC vs. Predictor
The STAC, MPPC, and predictor algorithms are usually used to perform layer-2
payload compression on point-to-point links between Cisco IOS routers. The
STAC and MPPC methods are CPU-intensive. However these methods yield very
good compression rates on the average, produce more compression/decompression
delay in the router, and should be used on slower links if software compression is
used.
Predictor is a leaner and simpler algorithm, which can be deployed on faster links
with software compression, and which introduces less delay in the packet path.
However, predictor yields considerably lower compression ratios compared to the
STAC algorithm.
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-9
Compression and Layer-2
Encapsulation
PPP ü* ü ü
Frame Relay ü* O O
HDLC ü O O
LAPB ü ü O
X.25 ü O O
6-10 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Performance
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-11
Configuring Stacker
6-12 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Configuring Stacker with PPP
Encapsulation
Router(config-if)#
compress stac
stac
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-13
Configuring Stacker with Frame
Relay Encapsulation
Router(config-if)#
frame-relay payload-compression
payload-compression FRF9
FRF9 stac
stac
Cisco IOS supports the native Frame Relay compression protocol according to the
FRF.9 standard. The compression method used is equivalent to STAC
compression. Also, the commands required to configure Frame Relay STAC
compression are analogous to the command used to configure STAC with other
supported encapsulations. This command should be used when using the default
Frame Relay encapsulation over Frame Relay networks.
6-14 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Configuring Predictor or MPPC
Router(config-if)#
compress predictor
predictor
Router(config-if)#
compress mppc
mppc [ignore-pfc]
[ignore-pfc]
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-15
Hardware Compression
6-16 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Configuration Example
interface
interface Serial1/0
Serial1/0 Software compression using the
encapsulation
encapsulation ppp
ppp STAC algorithm
compress
compress stac
!! Hardware compression using the
interface
interface Serial1/1
Serial1/1 STAC algorithm on the CAIM
encapsulation
encapsulation ppp
ppp module (Cisco 2600 routers)
compress
compress stac
stac caim
caim 00
!! Software compression using the
interface
interface Serial1/2
Serial1/2 Predictor algorithm
encapsulation
encapsulation ppp
ppp
compress
compress predictor
predictor
!!
interface
interface Serial1/2
Serial1/2
encapsulation
encapsulation frame -relay
frame-relay
frame-relay
frame-relay map
map ip
ip 1.1.1.1
1.1.1.1 102
102 broadcast
broadcast ietf
ietf payload-compress
payload-compress frf9 stac
stac
!!
interface
interface Serial1/2.1
Serial1/2.1 point-to-point
point-to-point Software compression using
frame-relay
frame-relay interface-dlci
interface-dlci 101 ietf the STAC algorithm
frame-relay
frame-relay payload-comp
payload-comp FRF9
FRF9 stac
stac
!!
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-17
Monitoring Compression
Router#
show compression
compression
6-18 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Summary
n Stacker and MPPC payload compression methods yield better compression
ratios, is more CPU-intensive, and may introduce additional delay
n The predictor payload compression method is faster, can be used in higher-
bandwidth scenarios, but generally yields lower average compression ratios
Lesson Review
1. What is the purpose of using payload compression?
2. List the payload compression algorithms than can be used.
3. What are some of the benefits and drawbacks of Stacker?
4. What are some of the benefits and drawbacks of Predictor?
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-19
Header Compression
Overview
This lesson describes the mechanisms that are used to reduce overhead on slow
links by compressing IP and TCP headers in TCP header compression, or IP,
UDP and RTP headers in RTP header compression.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe and configure TCP header compression
n Monitor and troubleshoot TCP header compression
n Describe and configure RTP header compression
n Monitor and troubleshoot RTP header compression
6-20 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Header Compression
All compression methods are based on eliminating redundancy when sending the
same or similar data over a transmission medium. One piece of data, which is often
repeated, is the protocol header. In a flow, the header information of packets in the
same flow does not change much over the lifetime of that flow. Therefore, most of
header information could be sent only at the beginning of the session, stored in a
dictionary, and then referenced in later packets by a short dictionary index.
Two methods were standardized by the IETF (Internet Engineering Task Force)
for use with IP protocols:
n TCP header compression (also known as the Van Jacobson or VJ header
compression) is used to compress the packet TCP headers over slow links,
thus considerably improving the interactive application performance.
n RTP header compression is used to compress UDP and RTP headers, thus
lowering the delay for transporting real-time data, such as voice and video over
slower links.
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-21
Header Compression Basics
6-22 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Header Compression
Building Blocks
Header
Output
Forwarder Compression
Queue
Algorithm
The header
compression IP and higher-layer
algorithm keeps headers are
track of flows and compressed
static parameters
in headers
The figure shows a block diagram of a header compression method. The header
compression algorithm tracks active transport-layer connections over an interface.
After the packet has been forwarded, the header compression algorithm
compresses the layer-3 and layer-4 headers within the frame, and replaces them
with a session index from the session dictionary (table). The packet is then sent to
the output queue, and transmitted to the remote peer. When the remote peer
receives the packet, the header is decompressed using the local session table, and
passed to the forwarding process.
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-23
Header Compression Results
NO COMPRESSION Throughput
Link bandwidth 64 kbps
64 kbps
Delay=8 ms
Delay=1 ms
COMPRESSION
COMPRESSION Throughput
Link bandwidth
100 kbps
64 kbps
Delay=4 ms
Delay=2 ms
By compressing the header, the layer-2 frame gets smaller and therefore more
data is sent through a channel in a given time period. Also, the packet transmission
time is smaller; therefore header compression both increases the throughput and
reduces the overall delay of a transmission line.
6-24 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Header Compression Algorithms
The two header compression methods available in Cisco IOS are the TCP header
compression (standardized by RFC 1144), and the RTP header compression
(standardized by RFC 1889). TCP header compression is usually used to improve
the interactive session response over low-speed links, where layer-3 and layer-4
headers represent a significant portion of the layer-2 frame. RTP header
compression is used mostly on slow links, to reduce delay and increase throughput
of an RTP-based application (usually voice traffic).
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-25
TCP Header Compression
With TCP header compression, the IP and TCP headers, which normally use 20
bytes each, is reduced to a session index, and the changing part of the header.
With all optimizations, the combined header length of 40 bytes can be reduced to a
3 to 5-byte compressed header.
6-26 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
TCP Header Compression
Case Study
This case study illustrates the benefits of TCP header compression on slow links.
A 64 kbps link is used to transport a TCP-based application using PPP as the
layer-2 framing protocol. For the case study application (telnet), the average
packet payload size is 5 bytes. Since PPP has 6 bytes of frame header, the total
header overhead is 6+20+20=46 bytes, counting the PPP, IP, and TCP headers.
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-27
TCP Header Compression
Case Study
6 20 20 5 6 4 5
PPP IP TCP Telnet PPP cT Telnet
46 5 10 5
Overhead = 46/(46+5) Overhead = 10/(10+5)
Overhead = 90% Overhead = 67%
Delay = (46+5) / 64 kbps Delay = (10+5) / 64kbps
Delay = 6 ms Delay = 2 ms
The figure shows the packet size before and after header compression. The IP and
TCP headers are reduced to 4 bytes, resulting in 10 bytes of overall headers. The
overhead is reduced from 90% to 67%, when small packets are used. Because of
size reduction, the transmission delay decreases from 6 ms to 2 ms on the same
link.
The table in the figure shows how header compression impacts performance when
different packet sizes are used. Header compression is most effective on small
packets, used on slow links.
6-28 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Configuring TCP Header
Compression
Router(config-if)#
ip tcp header-compression [passive]
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-29
TCP Header Compression
Example
interface Serial0/0
interface Dialer1
ip address 10.2.1.2 255.255.255.252
ip address negotiated
encapsulation frame-relay
ip tcp header-compression
frame-relay ip tcp header -compress
!
!
RouterA RouterC
RouterB
interface Serial0
ip address 10.2.1.1 255.255.255.252
encapsulation frame-relay
frame-relay ip tcp header -compression
!
interface Virtual-template1
ip address 10.1.1.1 255.255.0.0
ip tcp header-compression passive
!
The figure shows an example configuration of three peers using TCP header
compression.
RouterC uses header compression on a dialer interface, connecting to the central
access server (RouterB).
The access server (RouterB) is configured to perform header compression only if
the remote peer (RouterC) initiates it, and therefore supports peers using header-
compression, and peers using plain layer-2 transmission.
The access server (RouterB) connects to a remote site (RouterA) over frame-
relay. Both frame-relay endpoints (RouterA and RouterB) are configured to
perform TCP header compression over the frame-relay link.
6-30 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Monitoring
TCP Header Compression
Router#
show ip
ip tcp
tcp header-compression
header-compression [interface]
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-31
Monitoring
TCP Header Compression
Router#
show frame-relay ip
ip tcp
tcp header-compression
header-compression [interface]
6-32 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
RTP Header Compression
Real-Time Protocol (RTP) is the Internet Standard (RFC 1889) protocol for the
transport of real-time data. It is intended to provide end-to-end network transport
functions for applications that support audio, video, or simulation data over
multicast or unicast network services. RTP is used in most Voice over IP
applications to transport packetized voice.
RTP includes a data portion and a header portion. The data portion of RTP is a
thin protocol that provides support for the real-time properties of applications, such
as continuous media, and includes timing reconstruction, loss detection, and content
identification.
RTP contains a relatively large sized header. The 12 bytes of the RTP header,
combined with 20 bytes of IP header (IPH) and 8 bytes of the User Datagram
Protocol (UDP) header, create a 40-byte IP/UDP/RTP header.
For compressed-payload audio applications, the RTP packet typically has a 20-byte
to 160-byte payload. Given the size of the IP/UDP/RTP header combinations, it is
inefficient to send the IP/UDP/RTP header without compressing it.
To avoid the unnecessary consumption of available bandwidth, the RTP header
compression feature (CRTP) is used on a link-by-link basis. CRTP can reduce the
header from 40 bytes to a 3 to 5-byte header, which significantly reduces delay on
slow links.
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-33
RTP Header Compression
Case Study
This case study illustrates the benefits of RTP header compression on slow links.
A 64 kbps link is used to transport Voice over IP using PPP as the layer-2 framing
protocol.
For the case study application (voice using the G.729 audio compression codec),
the average payload size is 20 bytes. Since PPP has 6 bytes of frame header, the
total header overhead is 6+20+20=46 bytes, counting the PPP, IP, UDP, and RTP
headers.
6-34 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
RTP Header Compression
Case Study
6 20 8 12 20 6 4 20
PPP IP UDP RTP Voice PPP cR Voice
46 20 10 20
The figure shows the packet size before and after header compression. The IP,
UDP, and RTP headers are reduced to 4 bytes, resulting in 10 bytes of overall
headers. The overhead is reduced from 70% to 33%, when small packets are
used. Because of size reduction, the transmission delay decreases from 8 ms to 4
ms, and the bandwidth used to transport a single voice call (using the G.729 codec)
is reduced from 26 to 12 kbps.
The table in the figure shows how header compression impacts performance when
a different audio codec is used. For the traditional G.711 voice codec, CRTP still
optimizes its transmission over slow links. However, the difference is more obvious
when using advanced, low-bandwidth codecs are used.
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-35
Configuring RTP Header
Compression
Router(config-if)#
ip rtp header-compression [passive]
6-36 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
RTP Header Compression
Example
RouterB RouterC
Frame Relay TDM
(leased line)
RouterA
ip cef distributed
!
interface Serial5/1/0
ip address 10.2.1.1 255.255.255.252
encapsulation frame-relay
frame-relay ip rtp header-compression
!
interface Serial5/1/1
ip address 10.1.1.1 255.255.0.0
encapsulation ppp
ip rtp header-compression
!
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-37
Monitoring
RTP Header Compression
Router#
show ip
ip rtp
rtp header-compression
header-compression [interface]
6-38 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Monitoring
RTP Header Compression
Router#
show frame-relay ip
ip tcp
tcp header-compression
header-compression [interface]
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-39
Summary
n TCP header compression optimizes performance of interactive TCP-based
applications on slow links, by shrinking IP and TCP headers to 3-5 byte indices
n RTP header compression optimizes performance of delay-sensitive RTP-based
applications, such as voice, on slow links, by shrinking IP, UDP, and RTP
headers to 3-5 byte indices
n TCP and RTP header compression methods can be implemented with Cisco
IOS software
Lesson Review
1. List the different header compression methods than can be used.
2. Where are header compression mechanisms most effective?
3. What type of traffic benefits most by using TCP Header Compression?
4. What type of traffic benefits most by using RTP Header Compression?
6-40 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Link Fragmentation and Interleaving
Objectives
This lesson describes the mechanism used to reduce the maximum size of PPP or
Frame Relay frames. It also explains the interleaving of multiple frames of large
packets with frames of small packets.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe Link Fragmentation and Interleaving (LFI)
n Describe and configure Multilink PPP
n Monitor and troubleshoot Multilink PPP
n Describe and configure Frame Relay Fragmentation
n Monitor and troubleshoot Frame Relay Fragmentation
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-41
Queuing and Serialization Delay
8ms 8ms
Empty
Network
64 kbps
Delay
Variation
Queuing Delay
Problems:
• Large delay due to slow link and MTU-sized packets
• Jitter (variable delay) due to variable link utilization
© 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms-49
When considering delay between two hops in a network, queuing delay in a router
must be considered, because it may be comparable to, or even exceed the
transmission delay on a line. In an empty network, an interactive or voice session
experiences low or no queuing delay, because it does not compete with other
applications on an interface output queue. Also, the small delay does not vary
enough to produce considerable jitter on the receiving side.
In a congested network, interactive data and voice applications compete in the
router queue with other applications. Queuing mechanisms may prioritize voice
traffic in the software queue, but the hardware queue (Tx ring) always uses a
FIFO scheduling mechanism. Therefore, after packets of different applic ations
leave the software queue, they will mix with other packets in the hardware queue,
even if their software queue processing was expedited. Thus, a voice packet may
be immediately sent to the hardware queue, where two large FTP packets may still
be waiting for transmission. The voice packet must wait until the FTP packets are
transmitted, thus producing a delay in the voice path.
Because links are variably utilized, this delay varies with time and may produce
unacceptable jitter in jitter-sensitive applications such as voice.
6-42 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Voice Reassembly
Probability of
Less delay
arrival
More loss More delay
Less loss
Usable Jitter
packets
Unusable
packets
Jitter can always be offset by more buffering on the receive side. However, more
buffering produces more overall delay. This delay must not cross certain
thresholds in delay-sensitive applications, such as packetized voice. The voice
delay threshold (usually around 150 ms of one-way delay) represents the limit at
which the quality of packetized voice telephony is still regarded as acceptable by
end users.
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-43
Voice Reassembly
Probability of
Less delay
arrival
More loss More delay
Less loss
Usable Jitter
packets
Unusable
packets
A better solution than adding additional buffering is to reduce the average delay
along the packet path. This allows for more jitter before packets are deemed
unusable by the voice reassembly on the receiving endpoint (IP telephone).
Reduced average delay can be provided through link fragmentation and
interleaving, by reducing delays on critical links in the packet path.
6-44 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Link Fragmentation and
Interleaving
Delay to large
B2 A3 B1 A2 A1 TxQ
Fragmentation Interleaving
A3 A3 A3 A3 A2 B3 A2 A2 A2 B2 A1 A1 A1 B1 A1 TxQ
Acceptable
Delay
Reduce delay and jitter by fragmenting large
frames and prioritizing small frames
Link fragmentation and interleaving (LFI) is a layer-2 technique, where all layer-2
frames are broken into small, equal-size fragments, and transmitted over the link in
an interleaved fashion. The figure shows the interface hardware output queue,
populated by frames of differing sizes; large and small.
When fragmentation and interleaving is in effect, all frames waiting in the queuing
system are fragmented, smaller frames are prioritized, and a mixture of fragments
is sent over the link. Small frames may be scheduled behind larger frames in the
WFQ system. LFI fragments all frames, and this reduces the queuing delay of
small frames, as they are sent almost immediately. Link fragmentation therefore
reduces delay and jitter by expediting transfer of smaller frames through the
hardware queue.
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-45
LFI with WFQ
MTU=1500
WFQ TxQ
TxQ is sized in
the number of
packets
WFQ TxQ
The longest delay, used with the WFQ scheduling algorithm, is the product of the
number of packets in the queue and the size of the maximum packet (to calculate
the worst-case delay at any instant).
Before LFI, the maximum possible size of a packet was limited by the interface
MTU, which might be set to a value up to 1500 bytes on a serial line. LFI MTU is
considerably smaller, because it reflects the maximum size of a fragment in a LFI
implementation. For example, an LFI MTU of 160 bytes (which is commonly used)
reduces the worst-case maximum delay to one tenth of the delay of a normal non-
LFI-enabled link, because the next scheduled fragment now has to wait only until
the previous fragment has been transmitted. Before using LFI, any packet had to
wait until the whole previous frame has been transmitted, which might be up to the
full MTU in size.
6-46 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Fragmentation Options
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-47
Configuring MLP with Interleaving
Configuration steps:
• Enable Multilink PPP on an interface (using a
Multilink Group interface)
• Enable PPP Multilink interleaving on the
Multilink interface
• Specify maximum fragment size by setting
the maximum delay on the Multilink interface
6-48 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Configuring MLP with Interleaving
Router(config-if)#
ppp multilink
The ppp multilink command enables PPP multilink on an interface. This requires
either Weighted Fair Queuing (WFQ) or CB-WFQ (Class-Based Weighted Fair
Queuing) to be enabled on the same interface.
The ppp multilink interleave command enables interleaving of fragments within
the multilink connection.
The ppp multilink fragment delay command specifies the maximum desired
fragment delay for the interleaved multilink connection. The maximum fragment
size is calculated from the interface bandwidth and the specified maximum delay.
The default is set at 30 milliseconds.
If dCEF is configured on a VIP interface, MLP with interleaving runs distributed
on the VIP.
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-49
MLP with Interleaving
Example
interface
interface Multilink1
Multilink1
ip
ip address 10.1.1.1
10.1.1.1 255.255.255.252
255.255.255.252
fair-queue
fair-queue
ppp
ppp multilink
multilink
multilink-group
multilink-group 1
ppp
ppp multilink
multilink fragment-delay 20
ppp
ppp multilink
multilink interleave
interleave
!!
interface
interface Serial0/0
Serial0/0
no
no ip address
address
encapsulation
encapsulation ppp
ppp
ppp multilink
multilink
multilink-group
multilink-group 1
!!
6-50 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Monitoring and Troubleshooting
MLP Interleaving
Router#
show interface
interface [intf]
[intf]
• Displays statistics including the number of interleaved frames
Router #show interfaces
Router#show interfaces multilink
multilink 11
Multilink1
Multilink1 isis up,
up, line
line protocol
protocol is
is up
up
Hardware
Hardware is multilink group
is multilink group interface
interface
Internet
Internet address
address isis 172.22.130.1/30
172.22.130.1/30
MTU
MTU 1500
1500 bytes,
bytes, BW
BW 6464 Kbit,
Kbit, DLY
DLY 100000
100000 usec,
usec,
reliability
reliability 255/255,
255/255, txload
txload 27/255,
27/255, rxload
rxload 1/255
1/255
Encapsulation
Encapsulation PPP, loopback
loopback not
not set
set
Keepalive set (10 sec)
Keepalive set (10 sec)
DTR
DTR is
is pulsed
pulsed for 2 seconds on reset
LCP
LCP Open,
Open, multilink
multilink Open
Open
Open:
Open: IPCP
IPCP
Last
Last input
input 00:00:03,
00:00:03, output
output never,
never, output
output hang
hang never
never
Last
Last clearing
clearing of "show interface" counters 6d00h
Input
Input queue:
queue: 0/75/0/0
0/75/0/0 (size/max/drops/flushes);
(size/max/drops/flushes); Total
Total output
output drops:
drops: 00
Queueing
Queueing strategy:
strategy: weighted
weighted fair
fair
Output
Output queue:
queue: 0/1000/64/0/2441
0/1000/64/0/2441 (size/max
(size/max total/threshold/drops/interleaves)
total/threshold/drops/interleaves)
Conversations
Conversations 0/7/16
0/7/16 (active/max
(active/max active/max
active/max total)
total)
Reserved
Reserved Conversations 0/0 (allocated/max allocated)
Conversations 0/0 (allocated/max allocated)
55 minute
minute input
input rate
rate 00 bits/sec,
bits/sec, 00 packets/sec
packets/sec
55 minute
minute output
output rate
rate 7000
7000 bits/sec,
bits/sec, 66 packets/sec
packets/sec
The show interface command output includes MLP statistics information and
indicates whether MLP Interleaving is enabled on the interface.
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-51
Monitoring and Troubleshooting
MLP Interleaving
Router#
debug ppp multilink
multilink fragments
• Displays information about individual multilink fragments and
interleaving events
Router#debug
Router#debug ppp
ppp multilink
multilink fragments
fragments
Multilink
Multilink fragments
fragments debugging
debugging is
is on
on
Mar
Mar 17
17 20:03:08.995:
20:03:08.995: Se0/0
Se0/0 MLP -FS: II
MLP-FS: seq
seq C0004264
C0004264 size
size 70
70
Mar
Mar 17
17 20:03:09.015:
20:03:09.015: Se0/0
Se0/0 MLP -FS: II
MLP-FS: seq
seq 80004265
80004265 size
size 160
160
Mar
Mar 17
17 20:03:09.035:
20:03:09.035: Se0/0
Se0/0 MLP -FS: II
MLP-FS: seq
seq 4266
4266 size
size 160
160
Mar
Mar 17
17 20:03:09.075: Se0/0 MLP -FS: II
20:03:09.075: Se0/0 MLP-FS: seq 4267 size 160
seq 4267 size 160
Mar
Mar 17
17 20:03:09.079: Se0/0 MLP -FS: II
20:03:09.079: Se0/0 MLP-FS: seq
seq 40004268
40004268 size
size 54
54
Mar
Mar 17
17 20:03:09.091:
20:03:09.091: Se0/0
Se0/0 MLP -FS: II
MLP-FS: seq
seq C0004269
C0004269 size
size 70
70
Mar
Mar 17
17 20:03:09.099:
20:03:09.099: Se0/0
Se0/0 MLP -FS: II
MLP-FS: seq
seq C000426A
C000426A size
size 70
70
Mar
Mar 17
17 20:03:09.103:
20:03:09.103: Mu1
Mu1 MLP:
MLP: Packet
Packet interleaved
interleaved from queue 24
Mar
Mar 17
17 20:03:09.107: Se0/0 MLP -FS: II
20:03:09.107: Se0/0 MLP-FS: seq C000426B size
seq C000426B size 7070
Mar
Mar 17
17 20:03:09.119:
20:03:09.119: Se0/0 MLP-FS: II
Se0/0 MLP -FS: seq
seq C000426C
C000426C size
size 70
70
Mar
Mar 17
17 20:03:09.123:
20:03:09.123: Mu1
Mu1 MLP:
MLP: Packet
Packet interleaved
interleaved from queue 24
Mar
Mar 17
17 20:03:09.131:
20:03:09.131: Mu1
Mu1 MLP:
MLP: Packet
Packet interleaved
interleaved from
from queue 24
queue 24
Mar
Mar 17
17 20:03:09.135:
20:03:09.135: Se0/0
Se0/0 MLP -FS: II
MLP-FS: seq
seq C000426D
C000426D size
size 70
70
Mar
Mar 17
17 20:03:09.155:
20:03:09.155: Se0/0 MLP-FS: II
Se0/0 MLP -FS: seq C000426E size
seq C000426E size 7070
6-52 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Frame Relay
Fragmentation
FRF.11 Annex C specifies fragmentation of
voice frames (VoFR):
• Only frames with data payload type are
fragmented
• Voice bypasses the fragmentation engine
regardless of frame size
FRF.12 specifies fragmentation of data frames:
• Data frames that exceed the specified
fragmentation size are fragmented
• Smaller time -sensitive packets can be interleaved
• VoIP packets do not get a special treatment
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-53
FRF.12 versus FRF.11 Annex-C
Fragmentation
If a PVC is not configured for VoFR, it uses normal Frame Relay (FRF.3.1) data
encapsulation. If fragmentation is turned on for this DLCI, it uses FRF.12 for the
fragmentation headers. PVCs carrying VoIP use FRF.12 fragmentation because
VoIP is a layer 3 technology that is transparent to layer 2 Frame Relay. VoIP and
VoFR can be supported on different PVCs on the same interface, but not on the
same PVC.
FRF.12 fragments voice packets if the fragmentation size parameter is set to a
value smaller than the voice packet size. FRF.11 Annex-C (VoFR) does not
fragment voice packets regardless of what fragmentation size is configured.
FRF.11 Annex-C needs only to be supported by platforms that support VoFR.
Because FRF.12 is predominantly used for VoIP, it is important to use FRF.12 as a
general feature on Cisco IOS platforms that transport VoIP over slow speed
WAN links.
6-54 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Implementation Notes
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-55
Configuring Frame Relay
Fragmentation (FRF.11 C)
Router(config)#
map-class frame-relay name
Router(config-map-class)#
frame-relay fragment size
Router(config-map-class)#
frame-relay voice
voice bandwidth
bandwidth bps
FRF.11 Annex C fragmentation is configured within the Frame Relay map class.
The frame-relay fragment command sets the maximum fragment size. The
frame-relay voice bandwidth command reserves an amount of bandwidth used
only for FRF.11-encapsulated VoFR traffic.
6-56 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Configuring Frame Relay
Fragmentation (FRF.11 C)
Router(config-map-class)#
service-policy output name
On an interface, the frame-relay class command applies the map class to the
interface, subinterface, or a DLCI. The vofr interface command changes the
encapsulation on a DLCI to support only FRF.11 VoFR traffic.
The service-policy output command, used within a map class, applies a QoS
policy to the frame relay traffic class. Low Latency Queuing (configured within
CB-WFQ) is recommended on a VoFR circuit.
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-57
Configuring Frame Relay
Fragmentation (FRF.12)
Router(config)#
map-class frame-relay name
Router(config-map-class)#
frame-relay fragment size
FRF.11 Annex C fragmentation is also configured within the Frame Relay map
class. The frame-relay fragment command sets the maximum fragment size. On
an interface, the frame-relay class command applies the map class to the
interface, sub-interface, or a DLCI.
6-58 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Frame Relay Fragmentation
FRF.11 C Example
interface
interface serial
serial 0/0
0/0
encapsulation frame-relay
frame-relay
frame-relay traffic shaping
!!
interface
interface serial
serial 0/0.1
0/0.1 point-to-point
point-to-point
frame-relay
frame-relay interface-dlci
interface-dlci 100
100
vofr
class
class FRF11
FRF11
!!
map-class
map-class frame-relay
frame-relay FRF11
FRF11
frame-relay
frame-relay fragment
fragment 160
160
frame-relay
frame-relay cir
cir 65536
65536
frame-relay
frame-relay bc
bc 2600
2600
frame-relay
frame-relay fair-queue
fair-queue
!!
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-59
Frame Relay Fragmentation
FRF.12 Example
interface
interface serial
serial 0/0
0/0
encapsulation frame-relay
frame-relay
frame-relay traffic shaping
!!
interface
interface serial
serial 0/0.1
0/0.1 point-to-point
point-to-point
frame-relay
frame-relay interface-dlci
interface-dlci 100
100
class
class FRF12
FRF12
!!
map-class
map-class frame-relay FRF12
frame-relay
frame-relay fragment
fragment 160
160
frame-relay
frame-relay cir
cir 65536
65536
frame-relay
frame-relay bc
bc 2600
2600
frame-relay
frame-relay fair-queue
fair-queue
!!
6-60 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Monitoring and Troubleshooting
Frame Relay Fragmentation
Router#
show frame-relay pvc
pvc [interface intf] [dlci]
The show frame -relay pvc command output includes settings related to either
FRF.11 Annex C or FRF.12 fragmentation. The output shows the fragment size
used on the Frame Relay PVC.
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-61
Monitoring and Troubleshooting
Frame Relay Fragmentation
Router#
show frame-relay fragment
fragment [interface intf] [dlci]
Router#show
Router#show frame-relay
frame-relay fragment
fragment interface
interface Serial1/0
Serial1/0
fragment-size
fragment-size 4545 fragment
fragment type
type end-to-end
end-to-end
in
in fragmented
fragmented pkts
pkts 00 out
out fragmented
fragmented pkts
pkts 00
in
in fragmented
fragmented bytes
bytes 00 out
out fragmented
fragmented bytes
bytes 00
in
in un-fragmented
un-fragmented pkts
pkts 00 out
out un -fragmented pkts
un-fragmented pkts 00
in un-fragmented bytes
in un-fragmented bytes 0 0 out
out un-fragmented bytes
un -fragmented bytes 00
in
in assembled
assembled pkts
pkts 00 out
out pre-fragmented
pre-fragmented pkts
pkts 00
in
in assembled
assembled bytes 0 out
out pre-fragmented
pre-fragmented bytes
bytes
in
in dropped reassembling pktspkts 00 out
out dropped
dropped fragmenting
fragmenting pkts
pkts 00
in
in timeouts
timeouts 0
in out-of-sequence fragments
in out -of-sequence fragments 0 0
in
in fragments
fragments with
with unexpected
unexpected BB bit
bit set
set 00
out
out interleaved
interleaved packets
packets 00
The show frame -relay fragment command displays statistics of Frame Relay
fragmentation methods. This output shows whether Frame Relay fragmentation is
in effect and working as configured. The output also shows possible fragmentation
timeouts, indicating that some fragments were lost in the Frame Relay network and
could not be reassembled. If the number of timeouts is significant, this may indicate
significant frame loss in the Frame Relay network.
6-62 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Summary
n Link fragmentation and interleaving methods reduce the average delay on a
transmission line by fragmenting frames into small fragments and scheduling
their transfer in an interleaved fashion
n Multilink PPP with Interleaving is the preferred LFI method, used with the
PPP protocol
n FRF.11 C and FRF.12 are the preferred LFI methods, used in a Frame Relay
environment
n Multilink PPP with Interleaving, FRF.11 C, and FRF.12 methods are available
in Cisco IOS
Lesson Review
1. List the different link fragmentation methods that can be used.
2. What mechanism is needed to implement link fragmentation with PPP
encapsulation?
3. What are the differences between different Frame Relay link fragmentation
mechanisms?
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-63
Summary
n Stacker and MPPC payload compression methods yield better compression
ratios, is more CPU-intensive, and may introduce additional delay
n The Predictor payload compression is faster, can be used in higher-bandwidth
scenarios, but generally yields lower average compression ratios
n TCP header compression optimizes performance of interactive TCP-based
applications on slow links, by shrinking IP and TCP headers to 3-5 byte indices
n RTP header compression optimizes performance of delay-sensitive RTP-based
applications, such as voice, on slow links, by shrinking IP, UDP, and RTP
headers to 3-5 byte indices
n Multilink PPP with Interleaving is the preferred LFI method, used with the
PPP protocol
n FRF.11 C and FRF.12 are the preferred LFI methods, used in a Frame Relay
environment
6-64 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
Review Questions and Answers
Payload Compression
Question: What is the purpose of using payload compression?
Answer: The purpose of payload compression is primarily to increase throughput
of a link, and secondarily, to decrease propagation delay on a link.
Question: List the payload compression algorithms than can be used.
Answer: Cisco IOS supports Stacker, predictor, and MPPC algorithms to
compress Layer-2 link data.
Question: What are some of the benefits and drawbacks of Stacker?
Answer: Stacker provides good compression ratios with most types of traffic and
works on most Layer-2 encapsulations. On the downside, Stacker is very CPU
intensive and may have throughput limitations and increase processing delay.
Question: What are some of the benefits and drawbacks of Predictor?
Answer: Predictor is very fast and works well on text-type traffic. Predictor does
not yield very good compression ratios with all types of traffic, and supports only
select encapsulations.
Header Compression
List the different header compression methods than can be used.
Where are header compression mechanisms most effective?
What type of traffic benefits most by using TCP Header Compression?
What type of traffic benefits most by using RTP Header Compression?
Copyright 2001, Cisco Systems, Inc. IP QoS Link Efficiency Mechanisms 6-65
Answer: The FRF.11 Annex C method is used only to fragment Voice over
Frame Relay (VoFR). The FRF.12 method is used only to fragment data over
Frame Relay, including Voice over IP.
6-66 IP QoS Link Efficiency Mechanisms Copyright 2001, Cisco Systems, Inc.
7
Signaling Mechanism
Overview
The module describes RSVP as the signaling mechanism used in QoS enabled
networks. The module builds on knowledge about the IntServ model with the
addition of Common Open Policy Service (COPS) discussed in the introductory
module.
Objectives
Upon completion of this module, you will be able to perform the following tasks:
n Describe Resource Reservation Protocol (RSVP).
n Configure RSVP.
n Describe and configure RSVP on shared media using Subnet Bandwidth
Management (SBM).
n Monitor and troubleshoot RSVP.
Resource Reservation Protocol (RSVP)
Overview
The section introduces Resource Reservation Protocol (RSVP) as the signaling
mechanism in QoS-enabled networks using the Integrated Services model.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe Resource Reservation Protocol (RSVP).
n Configure RSVP.
n Monitor and troubleshoot RSVP.
Local Local
Local
Admission Admission
Admission
Control Control
Control request
Best-effort
forwarding
When a part of the network does not support RSVP, that is, when the RSVP
messages are not processed by every intermediate hop between the two
application endpoints, some other mechanism may be employed to try to meet the
application requirements in the non-RSVP-enabled part of the network. One such
possibility may be to perform only best-effort delivery between RSVP-enabled
networks using an undersubscribed network in between. The PATH messages
discover all RSVP-aware routers, and are forwarded as plain IP packets on non-
RSVP-enabled hops. The RESV messages are then interpreted only by the RSVP-
aware hops, discovered via the PATH message.
RSVP allows end systems to request QoS guarantees from the network. The need
for network resource reservations differs for data traffic versus real-time traffic,
as described in the following paragraphs:
n Data traffic seldom needs reserved bandwidth because internetworks provide
datagram services for data traffic. This asynchronous packet switching may
not need guarantees of service quality. End-to-end controls between data
traffic senders and receivers help ensure adequate transmission of bursts of
information.
n Real-time traffic (that is, voice or video information) experiences problems
when using datagram services. Because real-time traffic sends an almost
constant flow of information, the network “pipes” must be consistent. Some
guarantee must be provided that service between real-time hosts will not vary.
Routers operating on a first-in, first-out (FIFO) basis risk unrecoverable
disruption of the real-time information that is being sent.
Many network-aware applications today use RSVP for signaling. Some well-
known examples include Cisco IP telephones, Microsoft NetMeeting, and MPLS
Traffic Engineering.
Router(config-if)#
ip rsvp
rsvp bandwidth
bandwidth [total-BW [per-flow-BW]]
The bandwidth interface command sets the interface bandwidth and is used by
routing protocols (to calculate costs) and by a variety of QoS mechanisms. With
RSVP, this is used as the configured bandwidth parameter, referenced by the limits
in the ip rsvp bandwidth command.
Router(config)#
ip
ip rsvp
rsvp sender
sender session-IP sender-IP
sender-IP protocol
protocol dport
dport sport
sport src-hop-
src-hop-
IP
IP src-intf bandwidth burst
Router(config)#
ip
ip rsvp reservation
reservation session-IP sender-IP protocol dport sport
next-hop-IP next-hop-intf {ff
{ff | se | wf} {rate | load} bw burst
RSVP typically requires both host and network implementations, although Cisco
IOS software provides an RSVP command line interface that allows you to
statically set up RSVP reservations without host involvement.
Use the ip rsvp sender command to make the router simulate that it is receiving
RSVP PATH messages from an upstream host. The command can be used to
proxy RSVP PATH messages for non-RSVP-capable senders. By including a
local (loopback) previous hop address and previous hop interface, you can also use
this command to proxy RSVP for the router you are configuring.
To enable a router to simulate receiving and forwarding Resource Reservation
Protocol (RSVP) RESV messages, use the ip rsvp reservation global
configuration command. To disable this feature, use the no form of this command.
Use this command to make the router simulate receiving RSVP RESV messages
from a downstream host. This command can be used to proxy RSVP RESV
messages for non-RSVP-capable receivers. By giving a local (loopback) next hop
address and next hop interface, you can also use this command to proxy RSVP for
the router you are configuring. Several different reservation types can be specified.
For detailed reservation settings, consult the Cisco IOS documentation.
request
reply
Policy Decision
Point (PDP)
Default
Yes Local Yes
Local
Override?
Policy?
No No
No No
Process
Message
Default Yes Yes
Default
Remote
Reject?
Policy?
No
No
The figure shows the flowchart used to consult either the local policy settings, or
the COPS service. Both the local policy and the COPS service can be used
simultaneously on the same router. Individual COPS commands are also presented
in the flowchart, next to the functions they enable.
The admission process in policy networking proceeds as follows for locally
processed messages:
n The router receives a PATH or RESV message and first tries to adjudicate it
locally (that is, without referring to the policy server). If the router has been
configured to adjudicate specific access control lists (ACLs) locally and the
message matches one of those lists, the policy module of the router applies the
operators with which it had been configured. Otherwise, policy processing
continues.
n For each message rejected by the operators, the router sends an error
message to the sender and removes the PATH or RESV message from the
database. If the message is not rejected, policy processing continues.
n If the local override flag is set for this entry, the message is immediately
accepted with the specified policy operators. Otherwise, policy processing
continues.
Default
Yes Local Yes
Local
Override?
Policy?
No No
ip rsvp policy cops acl servers
No No
ip rsvp policy cops servers
Process
Message
Default Yes Yes
Default
Remote
Reject?
Policy?
ip rsvp policy default-reject
No
No
interface Serial0/0
bandwidth 128
ip address 10.10.3.33 255.255.255.252
encapsulation ppp
fair-queue 64 256 10
ip rtp header-compression
ip rsvp bandwidth 80
interface Serial0/0
bandwidth 256
ip address 10.5.8.65 255.255.255.252
encapsulation ppp
fair-queue 64 256 20
ip rtp header-compression
ip rsvp bandwidth 160
The figure shows a basic example of RSVP configuration in Cisco IOS routers.
The two routers in the figure are both configured for RSVP, and both utilize WFQ
to guarantee bandwidth to RSVP flows in RSVP-reserved queues. Different
maximum reservable bandwidths are allocated, based on the real bandwidth of the
link.
COPS
COPS (PDP)
(PEP)
interface Serial0/0
bandwidth 2048
ip address 10.1.1.1 255.255.255.252
encapsulation ppp
fair-queue 64 256 100
ip rsvp bandwidth 512
!
ip rsvp policy cops 100 servers 10.100.1.1 10.101.1.1
ip rsvp policy default-reject
ip rsvp policy cops minimal
ip rsvp policy cops timeout 600
ip rsvp policy cops report-all
!
access-list 100 permit udp any any
The show ip rsvp installed command shows all active conversations over an
RSVP-enabled path, which has resource reservations installed. The actual
reserved bandwidth is shown, along with the session parameters (endpoints and
applications).
The show ip rsvp installed detail command shows detailed information about
active conversations currently installe d in the RSVP reservation table. Detailed
timing and accounting for every conversation is displayed, together with the QoS
mechanism used to provide service guarantees.
Router(config)#
show ip rsvp request [detail]
The show ip rsvp reservation command lists all existing RSVP reservations over
an interface. The show ip rsvp request command shows all pending RSVP
requests that have no fixed reservation in place.
COPS/RSVP
COPS/RSVP entry.
entry. ACLs:
ACLs: 101
101
PDPs:
PDPs: 10.102.1.1
10.102.1.1
Current
Current state:
state: In
In reconnect
reconnect loop
loop wait
wait
Reconnect
Reconnect timer
timer is
is 960
960 seconds
seconds
The show ip rsvp policy command shows the policy settings, whether the policy
is locally defined or policy decisions are offloaded to the COPS server. The output
shows associations between flow specifications and associated COPS servers,
which perform admission control for those flows. This command is used to verify
connectivity to COPS services and the associations between the local device and a
COPS server.
COPS
COPS CLIENT:
CLIENT: Client
Client type:
type: 1.
1. State:
State: 0.
0.
The show cops servers command displays the state of all configured COPS
servers.
Lesson Review
1. What is RSVP used for?
2. Does RSVP provide QoS guarantees?
3. What QoS mechanism should be used to provide QoS guarantees to RSVP
reservations?
4. What are the benefits of using COPS with RSVP?
Overview
This section describes a mechanism that is used on shared media where more
complex reservation is required. SBM protocol is used between RSVP devices
reachable over the same subnet.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe Subnet Bandwidth Management (SBM).
n Configure SBM.
n Monitor and troubleshoot RSVP with SBM.
Ethernet
Reserv
e 7 Mb
ps
Reserve 7 Mbps
7 Mbps booked
0
7.5 Mbps
512 kbps free
Reserve 6 Mbps
bps
e 6M
erv
Reserve 6 Mbps Res
6 Mbps booked
0
7.5 Mbps free
1.5
Re
6 Mbps booked
0 ser
ve
7.5 Mbps free
1.5 6 Mb
ps
Erro
One of the routers on the r Reserve 7 Mbps
segment is elected to be the
Designated Subnet 7 Mbps booked
0
Bandwidth Manager (DSBM) 7.5 Mbps
512 kbps free
The shared media is
effectively transformed into a
star of point-to-point links
Router(config-if)#
ip rsvp dsbm candidate priority
Router(config)#
ip rsvp
rsvp dsbm
dsbm non-resv-send-limit {burst | max-unit | min-
unit | peak | rate} value
interface
interface Ethernet0/0
Ethernet0/0
ip
ip address
address 10.1.1.1
10.1.1.1 255.255.255.0
255.255.255.0
ip
ip rsvp
rsvp bandwidth
bandwidth 7500
7500 7500
7500
ip
ip rsvp
rsvp dsbm
dsbm candidate 100
ip
ip rsvp
rsvp dsbm
dsbm non-resv-send-limit rate 100
ip
ip rsvp
rsvp dsbm
dsbm non-resv-send-limit
non-resv-send-limit burst
burst 1000
1000
ip
ip rsvp
rsvp dsbm
dsbm non-resv-send-limit peak 100
!!
The figure shows an interface configuration example, where SBM is used to signal
RSVP across a shared LAN segment. The local router is configured as a DSBM
candidate, and RSVP with SBM is enabled using the ip rsvp bandwidth
command. In this example, non-reserved traffic is limited to a mere 100 Kbps, with
one-megabyte bursts allowed. Such an example configuration could be used in a
fully RSVP-enabled network, where some bandwidth needs to be provisioned for
network control (routing protocols, time management, and so forth).
Lesson Review
1. What is the purpose of Subnet Bandwidth Management?
2. How do routers on a common subnet communicate reservation requests?
3. What is a DSBM?
4. How do routers elect a DSBM?
Overview
This chapter focuses on the classification element of the modular QoS command-
line interface.
It includes the following topics:
n Introduction to Modular QoS CLI
n Classification Options
n Network Based Application Recognition (NBAR)
Objectives
Upon completion of this module, you will be able to perform the following tasks:
n Describe the classification element of the Modular QoS CLI
n Describe and configure all currently supported classification options within the
MQC
n Understand Network-based Application Recognition (NBAR)
n Monitor and troubleshoot class maps
Introduction to Modular QoS CLI
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe the MQC concepts and structure
n Configure class maps
n Monitor and troubleshoot class maps
8-2 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Modular QoS CLI
The Quality of Service mechanisms that have been added to the Cisco IOS all had
their own set of classification options. For example:
n Committed Access Rate (CAR) can classify packets by using:
– Access lists
– QoS group
– DSCP
– Rate limit access list
n Traffic Shaping (GTS) can classify packets by using access lists
n Priority Queuing (PQ) and Custom Queuing (CQ) can classify packets by
using:
– Access lists
– Packets size
– Fragment
– TCP or UDP port number
The Modular Quality of Service Command Line Interface (MQC) was introduced
to allow any supported classification to be used with any QoS mechanism.
The separation of classification from the QoS mechanism allows new IOS versions
to introduce new QoS mechanisms and reuse all available classification options. On
the other hand, old QoS mechanisms can benefit from new classification options.
Another important benefit of the MQC is the reusability of configuration. MQC
allows the same QoS policy to be applied to multiple interfaces. CAR, for example,
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-3
required entire configurations to be copy-pasted between interfaces and modifying
configurations was tiresome.
The Modular QoS CLI, therefore, is a consolidation of all the QoS mechanisms
that have so far only been available as standalone mechanisms.
This module focuses on the classification element of the Modular QoS CLI.
8-4 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Separation of Classification
Class N? CB-Policing
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-5
Class Maps
A class map is created using the class-map global configuration command. Class
maps are identified by case-sensitive names. Each class map contains one or more
conditions that determine if the packet belongs to the class.
There are two ways of processing conditions when there is more than one
condition in a class map:
n Match all—all conditions have to be met to bind a packet to the class
n Match any—at least one condition has to be met to bind the packet to the
class
The default match strategy of class maps is “Match all”.
8-6 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Classification using Class Maps
Match all No
Match at
No
least one No Match
condition?
The figure illustrates the full process of determining if a packet belongs to a class
(match) or not (no match).
The process goes through the list of conditions and:
n Returns a “match” result if one of the conditions is met and the match-any
strategy is used
n Returns a “match” result if all conditions are met and the match-all strategy is
used
n Otherwise it returns “no match”
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-7
Classification Using Match All
Strategy
Class Map Yes More No
Conditions? Match
name
Match Yes
Condition?
No
No Match
8-8 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Classification Using Match Any
Strategy
Class Map
Match
name
Match Yes
Condition?
No More No
Conditions? No Match
Yes
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-9
Classification Options
Class maps can classify packets by using the following classification tools:
n Access lists for any protocol can be used within the class-map configuration
mode. The Modular QoS CLI can be used for other protocols, not only IP.
n IP packets can be classified directly by specifying IP precedence values.
n IP packets can also be classified directly by specifying IP DSCP
(differentiated services code point) values. DiffServ enabled networks can
have up to 64 classes if DSCP is used to mark packets.
n A QoS group parameter can be used to classify packets in situations where up
to 100 classes are needed or the QoS group parameter is used as an
intermediary marker (for example, MPLS to QoS group translation on input
and QoS group to class translation on output).
n Packets can also be matched based on the value in the experimental bits of the
MPLS header of labeled packets.
n Classification can be performed by identifying a Layer-3 or Layer-4 protocol.
Advanced classification is also available by using the Network-based
Application Recognition (NBAR) tool where dynamic protocols are identified
by inspecting higher-layer information.
8-10 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Other Classification Options
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-11
Configuring Class Maps
router(config)#
class-map [{match-all | match-any}] name
name
Use the class-map global configuration command to create a class map and enter
the class map configuration mode. A class map is identified by a case-sensitive
name; therefore, all subsequent references to the class map must use exactly the
same name.
At least one match command should be used within the class-map configuration
mode (match none is the default).
The description command is used for documenting a comment about the
class-map.
8-12 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Configuring Class Maps
router(config-cmap)#
rename new-name
Large implementations may use a number of class maps and there are many
references to the class maps. Renaming a class map would normally require a
change to all references to the class map as well. The rename command can be
used to rename class maps and all references to it.
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-13
Class Map Example
class-map
class-map match-any
match-any Test1
Test1
match
match access-group
access-group 101
match
match access-group
access-group 102
class-map
class-map match-all
match-all Test2
Test2
match
match access-group
access-group 101
match
match access-group
access-group 102
8-14 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Monitoring and Troubleshooting
Class Maps
router#
show class-map [class-map]
Class
Class Map
Map match-any
match-any Test1 (id 1)
Match access-group
access-group 101
101
Match access-group
access-group 102
102
Router#
Router#
n The show class-map command lists all class maps with their match
statements
n The show class-map command with a name of a class map displays the
configuration of the selected class map
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-15
Summary
The Modular QoS CLI (MQC) is used to separate the classification from the QoS
service policy. A unified classification tool can be used by multiple different QoS
mechanisms.
The classification is configured using class maps, which are used within policy
maps to apply QoS mechanisms to classes.
Review Questions
Answer the following questions:
n What are the benefits of the Modular QoS CLI?
n Which two matching strategies do class maps support?
n Which classification options do class maps support?
8-16 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Classification Options
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe and configure classification using access lists
n Describe and configure classification using the IP precedence
n Describe and configure classification using the DSCP
n Describe and configure classification using the QoS group
n Describe and configure classification using the MPLS experimental bits
n Describe and configure classification based on the input interface
n Describe and configure classification based on the source MAC address
n Describe and configure classification based on the destination MAC address
n Describe and configure classification based on IEEE 802.1Q/ISL CoS
n Describe and configure classification using another class map, negation or any
keyword
n Describe and configure classification based on the Frame Relay DE bit
n Describe and configure classification based on RTP port
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-17
Classification Using
Access Lists
Access lists were originally used for filtering of inbound or outbound packets on
interfaces. They were later reused for filtering of routing updates and also for
classification with early QoS tools (for example, Priority Queuing, Custom Queuing
and Traffic Shaping).
Access lists are still one of the most powerful classification tools. Class maps can
use any type of access list (not only IP access lists).
Access lists, on the other hand, also have a drawback. Compared to other
classification tools they are one of the most CPU-intensive. For this reason it is not
recommended that access lists for classification be used on high-speed links where
they could severely impact performance of routers. Access lists are typically used
on low-speed links at network edges where packets are classified and marked (for
example, with IP precedence). Classification in the core is done based on the IP
precedence value.
8-18 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Configuring Classification Using
Access Lists
Router(config-cmap)#
match access-group {number | name
name name}
class-map
class-map Telnet
Telnet
match
match access-group
access-group 100
!!
class-map
class-map IPX_Printers
IPX_Printers
match
match access-group
access-group IPX
!!
access-list
access-list 100
100 permit
permit tcp
tcp any
any any
any eq 23
access-list
access-list 100
100 permit
permit tcp
tcp any
any eq
eq 23
23 any
any
!!
ipx
ipx access-list extended IPX
permit
permit netbios any
any
!!
Keep All Graphics Inside This Box
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-19
Configuring Classification Using
IP Precedence
router(config-cmap)#
match ip precedence precedence [prec [prec [prec]]]
8-20 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Configuring Classification Using
DSCP
router(config-cmap)#
match ip dscp dscp [dscp ...]
IP packets can also be classified based on the IP DSCP field. A QoS design can
be based on IP precedence marking or DSCP marking. DSCP marking can include
backward compatibility with IP precedence by using the Class Selector (CS)
values (most significant three bits of the DSCP value).
A sample design that includes backward compatibility would use the following
values to mark packets belonging to class Gold, which is guaranteed Assured
Forwarding (AF) Per-hop Behavior (PHB):
n af11 marks low-drop packets
n af12 marks medium-drop packets
n af13 marks high-drop packets
n cs4 marks low-drop packets (for backward compatibility with IP precedence
4)
n cs3 marks high-drop packets (for backward compatibility with IP precedence
5)
A sample configuration on the next page shows implementation of a similar design.
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-21
Configuring Classification Using
DSCP
class-map
class-map Voice
Voice
match ip dscp ef
!!
class-map
class-map Gold
Gold
match
match ip
ip dscp
dscp af11
af11 af12
af12 af13
af13 cs3
cs3 cs4
cs4
!!
class-map
class-map Silver
Silver
match
match ip
ip dscp
dscp af21
af21 af22
af22 af23
af23 cs1
cs1 cs2
cs2
!!
class-map
class-map Bronze
Bronze
match ip dscp af31 af32 af33
!!
class-map
class-map Best-effort
Best-effort
match ip
ip dscp
dscp default
default
!!
8-22 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
n AF2 (010xx0) looks like IP precedence 2. Therefore, class Silver correctly
appears as class Silver in a non-DSCP compliant device.
n AF3 (011xx0) looks like IP precedence 3. Therefore, class Bronze appears as
class Gold in a non-DSCP compliant device.
n EF (101110) looks like IP precedence 5, which is also used for voice in a non-
DSCP compliant device.
As can be seen from the example it is very important to understand the impact of
DSCP on non-DSCP compliant devices. A DiffServ-based QoS design should
include the impact of DSCP on parts of the networks where all routers are not
DSCP compliant.
The example shows that a network core, if upgraded to support DSCP, can
correctly handle packets classified by edge devices that have not yet been
upgraded.
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-23
Configuring Classification Using
QoS Group
router(config-cmap)#
match ip qos-group
qos-group qos-group
qos-group
A QoS group is another marker with support for a large number of classes. Up to
100 classes can be configured by using the QoS group parameter. The main
drawback of QoS-group marking is that it has to be performed on every hop since
this parameter is not part of any header. The QoS group is an internal parameter in
the router and it is lost the moment a packet is sent.
The QoS group parameter can be used in situations where one parameter can be
seen on input, but not on output where another parameter has to be set. For
example:
n Match MPLS experimental bits on input and set QoS group based on the value
n Match QoS group on output and set IP DSCP based on the value
Matching on QoS group can also be used in combination with QoS Policy
Propagation through BGP (QPPB) where up to 100 classes are propagated by
BGP and marked by QoS group values on all BGP-enabled routers. Class maps
are then used to match on QoS group values.
8-24 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Configuring Classification Using
MPLS experimental bits
router(config-cmap)#
match mpls experimental exp [exp ...]
Class maps can also be used in MPLS-enabled networks where all packets are
labeled. There are three experimental bits in the label header that are currently
being used for IP precedence. When an IP packet is labeled, the IP precedence
value is copied into MPLS experimental bits.
A transparent design can be created where class maps can match on both the IP
precedence value and the MPLS experimental bits:
class-map match-any Voice
match ip precedence 5
match mpls experimental 5
!
class-map match-any Gold
match ip precedence 3 4
match mpls experimental 3 4
!
class-map match-any Silver
match ip precedence 1 2
match mpls experimental 1 2
!
class-map Best-effort
match ip precedence 0
match mpls experimental 0
!
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-25
Configuring Classification Using
Input Interface
router(config-cmap)#
match input-interface intf
8-26 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Configuring Classification Using
MAC Addresses
router(config-cmap)#
match source-address mac mac-address
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-27
Configuring Classification Using
802.1q or ISL CoS/Priority bits
router(config-cmap)#
match cos
cos cos [cos [cos [cos ]]]
Routers can also match on the three Class of Service bits in 802.1Q header or
Priority bits in the ISL header. These bits can be used in a LAN-switched
environment to provide differentiated quality of service.
8-28 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Configuring Classification Using
Special Options
router(config-cmap)#
match not condition
• One class map can use another class map for classification
• Nested class maps allow generic template class maps to be
used in other class maps
router(config-cmap)#
match any
There are some additional options that give extra power to class maps:
n Any condition can be negated by inserting the keyword not
n A class map can use another class map to match packets
n The any keyword can be used to match all packets.
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-29
Configuring Classification Using
Special Options
class-map
class-map Well-known-services
Well-known-services
match
match access-group
access-group 100
!!
Class-map
Class-map Unknown-services
Unknown-services
match
match not
not class-map
class-map Well-known-services
!!
Class-map
Class-map All-services
All-services
match
match any
any
!!
access-list
access-list 100
100 permit
permit tcp
tcp any
any any
any lt
lt 1024
access-list
access-list 100
100 permit
permit tcp
tcp any
any lt
lt 1024
1024 any
8-30 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Configuring Classification Using
Frame Relay DE Bit
router(config-cmap)#
match fr-de
Class maps used on Frame Relay interfaces can classify packets based on the
setting of the Discard Eligibility (DE) bit.
The example illustrates how to classify packets that have the DE bit se (match
fr-de) and those that do not (match not fr-de).
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-31
Configuring Classification Using
a UDP Port Range
router(config-cmap)#
match ip rtp starting-port port-range
class-map
class-map RTP
match
match ip
ip rtp
rtp 16384
16384 16383
!
8-32 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Summary
Class maps are used within service policies to classify packets. Class maps support
the following classification options:
n Access lists
n IP precedence
n DSCP
n QoS group
n MPLS experimental bits
n Input interface
n Source MAC address
n Destination MAC address
n IEEE 802.1Q/ISL CoS or Priority bits
n Frame Relay DE bit
n RTP port
Review Questions
Answer the following questions:
n Which classification options are available using class maps?
n What command is used to configure classification?
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-33
Network Based
Application Recognition (NBAR)
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe and configure NBAR
n Describe and configure classification of FTP and TFTP
n Describe and configure complex classification of HTTP sessions
n Monitor and troubleshoot class maps
8-34 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Network-based Application
Recognition (NBAR)
The two IETF standards that describe guidelines and protocols used to implement
quality of service in IP networks are:
n Integrated Services model
n Differentiated Services model
The Integrated Services model uses the Resource Reservation Protocol
(RSVP), which signals the network with the QoS requirements for a specific flow.
Part of the request contains information that helps network devices recognize
packets belonging to the flow.
The Differentiated Services model, however, relies on the network to be able to
recognize packets belonging to traffic classes that require the same quality of
service. If there is a need to classify a certain protocol it is usually done by using
an access list where packets are matched based on the source or destination TCP
or UDP port numbers.
A problem arises when trying to classify packets belonging to applications that use
multiple sessions and dynamically negotiate TCP or UDP port numbers.
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-35
8-36 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
NBAR Capabilities
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-37
8-38 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
NBAR Support for Static
Protocols
Although access lists can also be used for this purpose, NBAR is easier to
configure and can provide classification statistics that are not available when using
access lists.
The following table contains the static IP protocols supported by NBAR:
Protocol Transport TCP or Description
protocol UDP port
BGP TCP/UDP 179 Border Gateway Protocol
CU-SeeMe TCP/UDP 7648, Desktop videoconferencing
7649
CU-SeeMe UDP 24032 Desktop video conferencing
DHCP/ BOOTP UDP 67, 68 Dynamic Host Configuration Protocol/
Bootstrap Protocol
DNS TCP/UDP 53 Domain Name System
Finger TCP 79 Finger user information protocol
Gopher TCP/UDP 70 Internet Gopher Protocol
HTTP TCP 80 Hypertext Transfer Protocol
HTTPS TCP 443 Secured HTTP
IMAP TCP/UDP 143, 220 Internet Message Access Protocol
IRC TCP/UDP 194 Internet Relay Chat
Kerberos TCP/UDP 88, 749 Kerberos Network Authentication Service
L2TP UDP 1701 L2F/L2TP tunnel
LDAP TCP/UDP 389 Lightweight Directory Access Protocol
MS-PPTP TCP 1723 Microsoft Point-to-Point Tunneling
Protocol for VPN
MS- SQLServer TCP 1433 Microsoft SQL Server Desktop
Videoconferencing
NetBIOS TCP 137, 139 NetBIOS over IP (MS Windows)
NetBIOS UDP 137, 138 NetBIOS over IP (MS Windows)
NFS TCP/UDP 2049 Network File System
NNTP TCP/UDP 119 Network News Transfer Protocol
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-39
Protocol Transport TCP or Description
protocol UDP port
Notes TCP/UDP 1352 Lotus Notes
Novadigm TCP/UDP 3460- Novadigm Enterprise Desktop
3465 Manager (EDM)
NTP TCP/UDP 123 Network Time Protocol
PCAnywhere TCP 5631, Symantec PCAnywhere
65301
PCAnywhere UDP 22, 5632 Symantec PCAnywhere
POP3 TCP/UDP 110 Post Office Protocol
Printer TCP/UDP 515 Printer
RIP UDP 520 Routing Information Protocol
RSVP UDP 1698,17 Resource Reservation Protocol
SFTP TCP 990 Secure FTP
SHTTP TCP 443 Secure HTTP
SIMAP TCP/UDP 585, 993 Secure IMAP
SIRC TCP/UDP 994 Secure IRC
SLDAP TCP/UDP 636 Secure LDAP
SNNTP TCP/UDP 563 Secure NNTP
SMTP TCP 25 Simple Mail Transfer Protocol
SNMP TCP/UDP 161, 162 Simple Network Management Protocol
SOCKS TCP 1080 Firewall security protocol
SPOP3 TCP/UDP 995 Secure POP3
SSH TCP 22 Secured Shell
STELNET TCP 992 Secure Telnet
Syslog UDP 514 System Logging Utility
Telnet TCP 23 Telnet Protocol
X Windows TCP 6000- X11, X Windows
6003
8-40 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
NBAR Support for Dynamic
Protocols
The following table lists the dynamic (or stateful) protocols supported by NBAR:
Stateful protocol Transport Description
protocol
FTP TCP File Transfer Protocol
Exchange TCP MS-RPC for Exchange
HTTP TCP HTTP with URL, MIME, or Host classification
Netshow TCP/UDP Microsoft Netshow
Realaudio TCP/UDP RealAudio Streaming Protocol
r-commands TCP rsh, rlogin, rexec
StreamWorks UDP Xing Technology Stream Works audio and video
SQL*NET TCP/UDP SQL*NET for Oracle
SunRPC TCP/UDP Sun Remote Procedure Call
TFTP UDP Trivial File Transfer Protocol
VDOLive TCP/UDP VDOLive Streaming Video
Use the match protocol ? command to display the list of supported protocols with
the Cisco IOS version you are using.
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-41
Packet Description Language
Module
New features are usually added to new versions of the Cisco IOS software.
NBAR is the first mechanism that supports dynamic upgrades without having to
change the IOS version or restart a router.
Packet Description Language Modules (PDLMs) contain the rules used by NBAR
to recognize an application and can be used to bring new or changed functionality
to NBAR.
8-42 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Configuring NBAR
router(config-cmap)#
match protocol protocol
When configuring NBAR the administrator does not need to understand the way a
certain protocol works. The configuration simply requires the administrator to enter
the name of the protocol (static or stateful).
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-43
Configuring NBAR
router(config)#
ip nbar pdlm pdlm-file
pdlm-file
Use the ip nbar pdlm command to configure the routers with the new
functionality brought by the PDLM file. The pdlm-file parameter should be in the
URL format and can point to the flash where the IOS is stored (for example,
flash://nbar.pdlm). The file can also be located on a TFTP server (for example,
tftp://10.1.1.1/nbar.pdlm).
Some protocols (static or stateful) can use additional TCP or UDP ports. Use the
ip nbar port-map command to extend the NBAR functionality for well-known
protocols to new port numbers.
8-44 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Configuring NBAR for HTTP
router(config-cmap)#
match protocol http url url
• Recognizes the HTTP GET packets containing the URL, and then
matches all packets that are part of the HTTP GET request
• Include only the portion of the URL following the address or hostname
in the match statement
router(config-cmap)#
match protocol http host hostname
• Performs a regular expression match on the host field contents inside
an HTTP GET packet and classifies all packets from that host
router(config-cmap)#
match protocol
protocol http
http mime
mime mime-type
• Select the mime-type to be matched
• Matches a packet containing the MIME-type and all subsequent
packets until the next HTTP transaction
© 2001, Cisco Systems, Inc. IP QoS - Modular QoS CLI Classification-45
NBAR has enhanced classification capabilities for HTTP. It can classify packets
belonging to HTTP flows based on:
n URL portion after the hostname which appears in the GET request of the
HTTP session
n Hostname specified in the GET request
n MIME type specifying the type of object in the HTTP response
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-45
NBAR for FTP
Case Study
class-map FTP
class-map FTP
match protocol ftp
match protocol ftp
The figure illustrates the process of a file download using FTP. FTP sessions use
the well-known TCP port number 21 to open a control session. A new session is
opened to transfer a file. The client in the example tells the server to open a data
session to TCP port 1050. Although the server should use the well-known source
port 20 for the data session, which would simplify classification of FTP, many
implementations of FTP use random source port numbers.
NBAR inspects the communication between the client and the server to learn
about dynamically negotiated port numbers (1050 in the example). NBAR is then
able to classify all packets (control and data) as FTP packets.
8-46 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
NBAR for TFTP
Case Study
class-map FTP
class-map FTP
match protocol tftp
match protocol tftp
TFTP is another file transfer protocol (a trivial one), which is not trivial to classify.
TFTP uses UDP to transfer files.
Step 1 The first TFPT packet (sent from the client to the server) uses a random source
port number and the well-known destination port number 69. This is the only
information that can be used to recognize TFTP.
Step 2 A router configured for NBAR recognizes port 69 but remembers the source port
(1060 in the example).
Step 3 The server responds by sending a packet to the client where its source port
number is also random (1035 in the example). The router can, however,
recognize this as part of a TFTP session because it previously recorded the
client’s source port number (now the destination port number 1060).
Step 4 All subsequent packets use this pair of port numbers (1060<->1035).
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-47
NBAR for HTTP
Case Study #1
ip nbar port-map http tcp 80 8080 ip nbar port-map http tcp 80 8080
! !
class-map HTTP class-map HTTP
match protocol http match protocol http
8-48 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
NBAR for HTTP
Case Study #2
ip nbar port-map http tcp 80 8080
!
class-map HTTP
match protocol http url *xxx.(jpg|gif)
• The class map matches all HTTP requests that contain either
xxx.gif or xxx.jpg
• It does so on both ports: 80 and 8080
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-49
NBAR for HTTP
Case Study #3
ip nbar port-map http tcp 80 8080
!
class-map HTTP
match protocol http mime *jpeg
This example shows how HTTP sessions can also be filtered based on the MIME
type.
8-50 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Summary
Network-based Application Recognition (NBAR) is a tool used primarily to
classify packets belonging to applications using dynamically assigned TCP or UDP
port numbers. Additionally, NBAR can classify packets (or flows) on application
layer information (for example, HTTP can be classified based on URL, hostname
or MIME contents).
Review Questions
Answer the following questions:
n What is NBAR used for?
n What types of applications can NBAR recognize?
n How can support for recognizing new applications be included into existing
IOS versions?
n What additional classification options are available for HTTP?
n Which special characters are available with regular expressions for matching
HTTP flows?
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-51
Summary
After completing this module, you should be able to perform the following tasks:
n Describe the classification part of the Modular QoS CLI
n Describe and configure all currently supported classification options within the
MQC
n Understand Network-based Application Recognition (NBAR)
n Monitor and troubleshoot class maps
8-52 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
Review Questions and Answers
Introduction to Modular QoS CLI
Question: What are the benefits of the Modular QoS CLI?
Answer: Template-based configuration; new classification options can be used
with any MQC-based QoS mechanism.
Question: Which two matching strategies do class maps support?
Answer: When using multiple match commands in one class map a logical “or” is
configured using the match-any keyword and a logical “and” is configured using
the match-all keyword.
Question: Which classification options do class maps support?
Answer: Class maps support classification using: access lists, IP Precedence
value, IP DSCP value, QoS group number, MPLS experimental bits, protocol
(including NBAR) etc.
Classification Options
Question: Which classification options are available using class maps?
Answer: Class maps support classification using: access lists, IP Precedence
value, IP DSCP value, QoS group number, MPLS experimental bits, protocol
(including NBAR) etc.
Question: What command is used to configure classification?
Answer: The match command is used in the class-map configuration mode to
specify the classification parameters.
Copyright 2001, Cisco Systems, Inc. IP QoS—Modular QoS CLI Classification 8-53
Question: What additional classification options are available for HTTP?
Answer: Classification based on URL, hostname or MIME type.
Question: Which special characters are available with regular
expressions for matching HTTP flows?
Answer: The special characters include:
– “*” to match any sequence of characters
– “?” to match any single character
– “|” to match the expression on the left or
the expression on the right
– “[]” to match a character from the
specified range
– “()” to group a number of characters
8-54 IP QoS—Modular QoS CLI Classification Copyright 2001, Cisco Systems, Inc.
9
Overview
This module describes the policy part of the Modular QoS CLI (MQC). The
module describes all the mechanisms that are currently supported by the MQC. As
well, the module describes the class-based approach to the marking, shaping,
policing, dropping and/or scheduling of IP packets using the modular QoS CLI.
Objectives
Upon completion of this module, you will be able to perform the following tasks:
n Describe the policy part of the Modular QoS CLI
n Configure packet marking with modular CLI
n Configure policing and shaping with modular CLI
n Configure class-based WFQ with modular CLI
n Configure congestion avoidance mechanisms (WRED) with modular CLI
n Configure low-latency queuing
n Monitor and troubleshoot policy maps
Service Policy
Overview
This lesson introduces the part of the MQC that is used to enable QoS mechanisms
for classified traffic.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe and configure policy maps.
n List all the QoS mechanisms currently available in the MQC.
n Monitor and troubleshoot policy maps.
9-2 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Service Policy
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-5
The Cisco IOS Modular QoS CLI (MQC) is the new, unified method of QoS
mechanism configuration in Cisco IOS. MQC separates classification and QoS
mechanism configuration by separating the configuration tasks into:
n Configuration of class-maps, which define the classification of traffic
n Configuration of service policies, which define how QoS mechanisms are
applied to traffic classes
This creates a flexible environment for the modular configuration of many QoS
features, and significantly reduces overhead and the possibility of errors because
configuration information is not unnecessarily duplicated.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-3
Modular QoS CLI
Supported mechanisms:
Class 2? CB-LLQ
• CB-WFQ
• CB-LLQ
• CB-Policing
Class N? CB-Policing
• CB-Shaping
• CB-Marking
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-6
The service policy is used to configure QoS mechanisms, which may be applied to
classes. The QoS mechanisms implement local per-hop behaviors (PHBs) for
attached traffic classes. The QoS system, which implements PHB configured via
the MQC, is the Class-Based Weighted Fair Queuing system, which integrates
many QoS features in a single system, configured via a common (MQC) interface.
A service policy can have up to 256 classes used within it and attached to an
interface. Class-based Weighted Fair Queuing and Class-based Low-latency
Queuing are an exception – only 64 classes can be used with one service policy.
9-4 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
PHB Mechanisms
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy -7
The MQC configures the CB-WFQ system, which in turn implements the following
QoS functions:
n Class-based Weighted Fair Queuing, which is used to guarantee bandwidth
within the CB-WFQ system
n Class-based Low-latency Queuing, which is used to guarantee bandwidth and
provide low latency to time-critical traffic
n Class-based Policing, which performs rate limiting by traffic policing
n Class-based Shaping, which performs rate limiting by traffic shaping
n Class-based Marking, which performs packet and frame marking
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-5
Configuring Policy Maps
Router(config)#
policy-map name
• Enter policy-map configuration mode
• Policy maps are identified by a case-sensitive name
Router(config-pmap)#
class class-map
• Enter the per-class policy configuration mode by using the name of a
previously configured class-map
• Use the name “class-default” to configure the policy for the default class
Router(config-pmap)#
class class-map condition
• Optionally you can define a new class-map by entering the condition
after the name of the new class map
• Class map will use the match-any strategy
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy -8
Service policies are configured using the policy-map command. Up to 256 classes
can be used within one policy-map using the class command with the name of a
preconfigured class-map.
A non-existent class can also be used within the policy-map configuration mode if
the match condition is specified after the name of the class. The running
configuration will reflect such a configuration by using the match any strategy and
inserting a full class-map configuration.
The following table shows starting and resulting configuration modes for the class-
map, policy-map and class commands:
Starting configuration Command Configuration mode
mode
Router(config)# class-map Router(config-cmap)#
All traffic that is not classified by any of the class-maps used within the policy map
is part of the default class class-default. This class has no QoS guarantees by
default. The default cla ss, when used on output, can use one FIFO queue of
flow-based WFQ. The default class is part of every policy-map even if not
configured.
9-6 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Configuring Policy Maps
Router(config-pmap)#
description description
• It is recommended to use descriptions in large and complex
configurations
• The description has no operational meaning
Router(config-pmap)#
rename policy-map
• Complex policy-maps can be renamed by using the rename policy-map
command
• All references to the policy map are also renamed
Router(config-pmap-c)#
<PHB mechanism>
• Per-class service policies are configured within the per-class policy-
map configuration mode
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy -9
Policy maps, like class maps, should use descriptions in large QoS implementations
where a large number of different policy maps are used.
Renaming a policy map would normally require the renaming of all the references
to the policy map. Using the rename command simplifies the renaming process by
automatically renaming all references.
The remainder of this module focuses on the various QoS mechanisms that are
configured per-class within the policy-map configuration mode (config-pmap-c).
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-7
Configuring Policy Maps
Router(config-if)#
service-policy {input | output} policy-map
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-10
The last configuration step when configuring QoS mechanisms using the Modular
QoS CLI, is to attach a policy map to the inbound or outbound packets, using the
service-policy command.
The router immediately verifies the correctness of parameters used in the policy
map. If there is a mistake in the policy-map configuration, the router will display a
message explaining what is wrong with the policy map.
The sample configuration shows how a policy map is used to separate HTTP from
other traffic. HTTP is guaranteed 2Mbps. All other traffic belongs to the default
class and is guaranteed 6Mbps.
9-8 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Attaching Policy Maps to ATM
PVCs
Router(config-subif)#
service-policy {input | output} policy-map
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-9
Attaching Policy Maps to Frame
Relay Interfaces
Router(config-subif)#
service-policy {input | output} policy-map
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-12
9-10 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Attaching Policy Maps to Frame
Relay PVCs
Router(config-map-class)#
service-policy {input | output} policy-map
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-13
A Frame Relay map class is needed when attaching a policy map to an individual
virtual circuit.
The sample configuration illustrates how per-VC Low-latency queuing can be
configured on Frame Relay virtual circuits.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-11
Policy Map
Example
class-map
class-map match-all
match-all Test1
Test1
match protocol
protocol http
match
match access-group
access-group 100
100
class-map
class-map match-any
match-any Test2
Test2
match
match protocol
protocol http
match
match access-group
access-group 101
101
!!
policy-map
policy-map Test
class Test1
bandwidth 100
100
class Test2
bandwidth 200
200
class Test3 access-group 100
bandwidth 300
300
!!
access-list
access-list 100 permit
permit tcp
tcp any
any host
host 10.1.1.1
10.1.1.1
access-list
access-list 101 permit
permit tcp
tcp any
any host
host 10.1.1.2
10.1.1.2
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-14
The example shows the configuration of a policy map using three classes. The first
two classes were separately configured using the class-map command. The third
class was configured “on the fly” by specifying the match condition after the name
of the class.
Class Test1 has two match conditions evaluated in the match-all strategy.
Classes Test2 and Test3 use the match-any strategy.
9-12 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Monitoring and Troubleshooting
Policy Maps
Router#
show policy-map [policy-map]
Router#show
Router#show policy-map
policy-map
Policy Map Test
Class Test1
Test1
Weighted Fair Queueing
Queueing
Bandwidth
Bandwidth 100
100 (kbps)
(kbps) Max
Max Threshold
Threshold 64
64 (packets)
(packets)
Class Test2
Test2
Weighted Fair Queueing
Queueing
Bandwidth
Bandwidth 200
200 (kbps)
(kbps) Max
Max Threshold
Threshold 64
64 (packets)
(packets)
Class Test3
Test3
Weighted Fair Queueing
Queueing
Bandwidth
Bandwidth 300
300 (kbps)
(kbps) Max
Max Threshold
Threshold 64
64 (packets)
(packets)
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-15
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-13
Monitoring and Troubleshooting
Policy Maps
Router#
show policy-map interface [intf] {input | output}
Router #show policy
Router#show -map interface
policy-map interface FastEthernet0/0
FastEthernet0/0 output
output
FastEthernet0/0
FastEthernet0/0
Service-policy
Service-policy output:
output: Test
Test (1101)
(1101)
Class-map:
Class-map: Test1
Test1 (match-all)
(match-all) (1103/3)
(1103/3)
00 packets,
packets, 00 bytes
bytes
55 minute offered rate
minute offered rate 0 bps,
bps, drop rate 0 bps
Match:
Match: access-group
access-group 101
101 (1107)
(1107)
Match:
Match: access-group
access-group 102
102 (1111)
(1111)
Match:
Match: protocol
protocol http
http (1115)
(1115)
Weighted
Weighted Fair
Fair Queueing
Queueing
Output
Output Queue:
Queue: Conversation 265
Bandwidth
Bandwidth 100 (kbps)
100 (kbps) Max
Max Threshold
Threshold 64
64 (packets)
(packets)
(pkts
(pkts matched/bytes
matched/bytes matched)
matched) 0/0
0/0
(depth/total
(depth/total drops/no-buffer
drops/no-buffer drops)
drops) 0/0/0
0/0/0
...
...
Class-map:
Class-map: class-default
class -default (match-any)
(match-any) (1143/0)
(1143/0)
25
25 packets,
packets, 19310
19310 bytes
bytes
55 minute
minute offered
offered rate
rate 1000
1000 bps,
bps, drop
drop rate
rate 00 bps
bps
Match:
Match: any
any (1147)
(1147)
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-16
The show policy-map command also displays live information if the interface
keyword is used. The sample output shows the parameters and statistics of the
policy map attached to outbound traffic on interface FastEthernet0/0.
9-14 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Summary
All QoS mechanisms using the Modular QoS CLI (MQC) are configured using the
following three commands:
n Class-map global configuration command to configure classification
n Policy-map global configuration command to create a service policy
n Class command in the policy-map configuration mode to attach QoS
mechanisms to a class
The MQC supports the following QoS mechanisms:
n Class-based Weighted Fair Queuing
n Class-based Low-latency Queuing
n Class-based Weighted Random Early Detection
n Class-based Policing
n Class-based Shaping
n Class-based Marking
Lesson Review
1. What are the benefits of using MQC?
2. How many classes can be used for one service policy?
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-15
Class-based Weighted Fair Queuing
Overview
This lesson describes the enhanced queuing mechanism in Cisco IOS using the
Modular QoS CLI.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe Class-based Weighted Fair Queuing (CB-WFQ)
n Configure CB-WFQ
n Monitor and troubleshoot CB-WFQ
9-16 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Class-based Weighted Fair
Queuing
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-21
CBWFQ extends the standard WFQ functionality to provide support for user-
defined traffic classes. For CBWFQ, the user defines the traffic classes based on
match criteria including protocols, access control lists (ACLs), and input interfaces.
Packets satisfying the match criteria for a class constitute the traffic for that class.
A queue is reserved for each class, and traffic belonging to a class is directed to
that class's queue.
Once a class has been defined according to its match criteria, you can assign it
characteristics. To characterize a class, you assign it bandwidth, weight, and
maximum packet limit. The bandwidth assigned to a class is the minimum
bandwidth delivered to the class during congestion.
To characterize a class, you also specify the queue limit for that class, which is the
maximum number of packets allowed to accumulate in the class's queue. Packets
belonging to a class are subject to the bandwidth and queue limits that characterize
the class. After a queue has reached its configured queue limit, enqueuing of
additional packets to the class causes tail drop or packet drop to take effect,
depending on how the class policy is configured.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-17
CB-WFQ
Forwarded Packets
CB-WFQ
Hardware
Class 2? Tail-drop Queue 2 Queuing System
CB-WFQ
Scheduler Hardware Q Interface
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-22
CB-WFQ uses up to 64 class maps to classify traffic into their corresponding FIFO
queues. Tail-drop is the default dropping scheme of CB-WFQ although it can be
combined with WRED.
The CB-WFQ scheduler is used to guarantee bandwidth based on the configured
weights.
9-18 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
CB-WFQ Classification
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-23
Any classification option can be used depending on the availability in the Cisco IOS
version and the support on the selected interface and encapsulation.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-19
CB-WFQ
Insertion Policy
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-24
CB-WFQ reserves 64 FIFO queues in the WFQ system. The default queue limit is
64 (tail-drop) and can be configured with WRED (random drop).
9-20 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
CB-WFQ Scheduling
The configuration of bandwidth guarantees can be done using one of the following
commands:
n The bandwidth command allocates a fixed amount of bandwidth by specifying
the amount in kilobits per second (kbps). The reserved bandwidth is subtracted
from the available bandwidth of the interface where the service policy is used.
The allocated bandwidth must also be within the default or configured
reservable limit (75% by default).
n The bandwidth percent command can be used to allocate a percentage of
the default or configured bandwidth of an interface. The default bandwidth
usually equals the maximum speed of an interface. Sometimes it actually
reflects the real speed of an interface (for example: Ethernet or FastEthernet).
The default value can be replaced by using the bandwidth interface
command. It is recommended that the bandwidth reflect the real speed of the
link. The allocated bandwidth is subtracted from the available bandwidth of the
interface where the service policy is used.
n The bandwidth remaining percent command can be used to allocate a
portion of the available bandwidth. The allocated bandwidth is not subtracted
from the available bandwidth of the interface where the service policy is used.
A single service policy cannot mix different bandwidth commands.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-21
Available Bandwidth
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-26
9-22 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Available Bandwidth
Example 1
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-27
The figure illustrates a situation where there are no fixed guarantees on the
interface. The show interface command confirms that there are 7.5 Mbps of
bandwidth available (only 75% of 10Mbps is reservable by default).
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-23
Available Bandwidth
Example 2
• Ethernet interface uses default bandwidth 10000 (kbps) with
WFQ
• Maximum Reservable bandwidth is set to 50%
• IP RTP Prioritization is used to guarantee 1 Mbps to VoIP
BWavail = BW * MaxReservable – SUM(all fixed guarantees)
BWavail = 10000 kbps * 50% – 1000 kbps = 4000 kbps
interface Ethernet0/0
ip address 192.168.20.1 255.255.255.0
half-duplex
max-reserved-bandwidth 50
fair-queue
ip rtp priority 16384 16383 1000
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-28
9-24 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Available Bandwidth
Example 2
Router#show
Router#show interface
interface Ethernet0/0
Ethernet0/0
Ethernet0/0
Ethernet0/0 is up, line
line protocol
protocol is up
up
Hardware
Hardware is
is AmdP2,
AmdP2, address
address is
is 00b0.64e2.2860
00b0.64e2.2860 (bia
(bia 00b0.64e2.2860)
00b0.64e2.2860)
Internet
Internet address
address isis 192.168.20.1
192.168.20.1 255.255.255.0
255.255.255.0
MTU
MTU 1500
1500 bytes,
bytes, BW
BW 10000
10000 Kbit,
Kbit, DLY
DLY 1000
1000 usec,
usec,
reliability
reliability 255/255,
255/255, txload
txload 1/255,
1/255, rxload
rxload 1/255
1/255
Encapsulation
Encapsulation ARPA,
ARPA, loopback
loopback not
not set
set
Keepalive
Keepalive set
set (10
(10 sec)
sec)
ARP
ARP type:
type: ARPA,
ARPA, ARP
ARP Timeout
Timeout 04:00:00
04:00:00
Last
Last input 00:00:04, output
input 00:00:04, output 00:00:06,
00:00:06, output
output hang
hang never
never
Last
Last clearing
clearing of
of "show
"show interface"
interface" counters
counters never
never
Input
Input queue:
queue: 0/75/0/0
0/75/0/0 (size/max/drops/flushes);
(size/max/drops/flushes); Total output drops:
d rops: 0
Queueing
Queueing strategy:
strategy: weighted
weighted fair
fair
Output
Output queue:
queue: 0/1000/64/0
0/1000/64/0 (size/max
(size/max total/threshold/drops)
total/threshold/drops)
Conversations
Conversations 0/1/256
0/1/256 (active/max
(active/max active/max
active/max total)
total)
Reserved
Reserved Conversations
Conversations 0/0
0/0 (allocated/max
(allocated/max allocated)
allocated)
Available
Available Bandwidth
Bandwidth 4000
4000 kilobits/sec
kilobits/sec
...
...
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-29
The show interface command confirms the calculation of available bandwidth for
Example 2.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-25
Configuring CB-WFQ
Router(config-pmap-c)#
bandwidth bandwidth
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-30
9-26 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Configuring CB-WFQ
Router(config-pmap-c)#
queue-limit queue-limit
Router(config-pmap-c)#
fair-queue [dynamic-queues]
• The “class-default” class can be configured to use flow-based
WFQ
• WFQ can be configured with 16 to 4096 dynamic queues
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-31
The default queue limit of 64 packets can be changed using the queue-limit
command. It is recommended not to change the default value.
The default class can be selected by specifying the class-default name of the
class. The default class supports two types of queuing: one FIFO queue (Default)
or a Flow-based WFQ system. Both types can be combined with WRED. FIFO
queue can also get a bandwidth guarantee.
The following example shows the configuration of FIFO queuing within the default
class. The default class is also guaranteed 1 Mbps of bandwidth and the maximum
queue size is limited to 40 packets.
policy-map A
class A
bandwidth 1000
class class-default
bandwidth 1000
queue-limit 40
This next example shows the configuration of WFQ queuing within the default
class. The number of dynamic queues is set to 1024 and the discard threshold is set
to 50.
policy-map A
class A
bandwidth 1000
class class-default
fair-queue 1024
queue-limit 50
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-27
9-28 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
CB-WFQ
Example 1
policy-map
policy-map Policy1
Policy1
class
class Class1
Class1
bandwidth 2000
2000
class
class Class2
Class2
bandwidth 2000
2000
!
interface FastEthernet0/0
ip
ip address
address 10.1.1.1
10.1.1.1 255.255.255.0
duplex
duplex auto
speed
speed 10
10
max-reserved-bandwidth
max-reserved-bandwidth 8080
service-policy
service-policy output Policy1
ip
ip rtp
rtp priority
priority 16384
16384 16383
16383 1000
1000
!
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-32
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-29
CB-WFQ
Example 2
policy-map
policy-map Policy1
Policy1
class
class Class1
Class1
bandwidth percent
percent 20
20
class
class Class2
Class2
bandwidth percent
percent 20
20
!
interface FastEthernet0/0
ip
ip address
address 10.1.1.1
10.1.1.1 255.255.255.0
duplex
duplex auto
speed
speed 10
10
max-reserved-bandwidth
max-reserved-bandwidth 8080
service-policy
service-policy output Policy1
ip
ip rtp
rtp priority
priority 16384
16384 16383
16383 1000
1000
!
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-33
This implementation is equal to CB-WFQ Example 1. The main benefit of using the
percentage keyword is that this policy map can easily be used on another interface
with a different link speed (bandwidth).
9-30 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
CB-WFQ
Examples 1 and 2
Router#show
Router#show interface
interface fastethernet
fastethernet 0/0
0/0
FastEthernet0/0
FastEthernet0/0 is up, lineline protocol
protocol isis up
up
Hardware
Hardware isis AmdFE,
AmdFE, address
address is
is 0030.8546.aa00
0030.8546.aa00 (bia(bia 0030.8546.aa00)
0030.8546.aa00)
Internet
Internet address
address is
is 10.1.1.1
10.1.1.1/24
/24
MTU
MTU 1500
1500 bytes, BWBW 10000
10000 Kbit,
Kbit, DLY
DLY 1000
1000 usec,
usec,
reliability
reliability 255/255,
255/255, txload
txload 1/255,
1/255, rxload
rxload 1/255
1/255
Encapsulation
Encapsulation ARPA,
ARPA, loopback
loopback not
not set
set
Keepalive
Keepalive set
set (10
(10 sec)
sec)
Half-duplex,
Half-duplex, 10Mb/s,
10Mb/s, 100BaseTX/FX
100BaseTX/FX
ARP
ARP type: ARPA, ARP Timeout
type: ARPA, ARP Timeout 04:00:00
04:00:00
Last
Last input
input 00:00:00,
00:00:00, output
output 00:00:09,
00:00:09, output
output hang
hang never
never
Last
Last clearing
clearing of
of "show
"show interface"
interface" counters
counters never
never
Input
Input queue:
queue: 0/75/0/0
0/75/0/0 (size/max/drops/flushes);
(size/max/drops/flushes); Total output drops:d rops: 0
Queueing
Queueing strategy:
strategy: weighted
weighted fair
fair
Output
Output queue:
queue: 0/1000/64/0
0/1000/64/0 (size/max
(size/max total/threshold/drops)
total/threshold/drops)
Conversations
Conversations 0/1/256
0/1/256 (active/max
(active/max active/max
active/max total)
total)
Reserved
Reserved Conversations
Conversations 2/2
2/2 (allocated/max
(allocated/max allocated)
allocated)
Available
Available Bandwidth
Bandwidth 3000
3000 kilobits/sec
kilobits/sec
...
...
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-34
The show interface command confirms the calc ulation of available bandwidth on
the previous CB-WFQ examples.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-31
CB-WFQ
Example 3
policy-map
policy-map Policy1
Policy1
class
class Class1
Class1
bandwidth remaining
remaining percent 20
20
class
class Class2
Class2
bandwidth remaining
remaining percent 20
20
!
interface FastEthernet0/0
ip
ip address
address 10.1.1.1
10.1.1.1 255.255.255.0
duplex
duplex auto
speed
speed 10
10
max-reserved-bandwidth
max-reserved-bandwidth 80
80
service-policy
service-policy output Policy1
ip
ip rtp
rtp priority
priority 16384
16384 16383
16383 1000
1000
!
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-35
Example 3 shows how the available bandwidth can be distributed among the
classes configured with the bandwidth remaining percent command. The
reservation does not affect the calculation of available bandwidth (it is not a fixed
guarantee).
9-32 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
CB-WFQ
Example 3
Router#show
Router#show interface
interface fastethernet
fastethernet 0/0
0/0
FastEthernet0/0
FastEthernet0/0 is up, lineline protocol
protocol isis up
up
Hardware
Hardware isis AmdFE,
AmdFE, address
address is
is 0030.8546.aa00
0030.8546.aa00 (bia(bia 0030.8546.aa00)
0030.8546.aa00)
Internet
Internet address
address is
is 10.1.1.1
10.1.1.1/24
/24
MTU
MTU 1500
1500 bytes,
bytes, BW
BW 10000
10000 Kbit,
Kbit, DLY
DLY 1000
1000 usec,
usec,
reliability
reliability 255/255,
255/255, txload
txload 1/255,
1/255, rxload
rxload 1/255
1/255
Encapsulation
Encapsulation ARPA,
ARPA, loopback
loopback not
not set
set
Keepalive
Keepalive set
set (10
(10 sec)
sec)
Half-duplex,
Half-duplex, 10Mb/s,
10Mb/s, 100BaseTX/FX
100BaseTX/FX
ARP
ARP type: ARPA, ARP Timeout
type: ARPA, ARP Timeout 04:00:00
04:00:00
Last
Last input
input 00:00:00,
00:00:00, output
output 00:00:03,
00:00:03, output
output hang
hang never
never
Last
Last clearing
clearing of
of "show
"show interface"
interface" counters
counters never
never
Input
Input queue:
queue: 0/75/0/0
0/75/0/0 (size/max/drops/flushes);
(size/max/drops/flushes); Total output drops:d rops: 0
Queueing
Queueing strategy:
strategy: weighted
weighted fair
fair
Output
Output queue:
queue: 0/1000/64/0
0/1000/64/0 (size/max
(size/max total/threshold/drops)
total/threshold/drops)
Conversations
Conversations 0/1/256
0/1/256 (active/max
(active/max active/max
active/max total)
total)
Reserved
Reserved Conversations
Conversations 2/2
2/2 (allocated/max
(allocated/max allocated)
allocated)
Available
Available Bandwidth
Bandwidth 7000
7000 kilobits/sec
kilobits/sec
...
...
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-36
The show interface command confirms the calculation of available bandwidth for
Example 3.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-33
Monitoring and Troubleshooting
CB-WFQ
Router#
show policy-map interface [intf]
Service-policy
Service-policy output: Policy1
Class-map:
Class-map: Class1
Class1 (match-any)
(match-any)
00 packets,
packets, 00 bytes
bytes
55 minute
minute offered
offered rate
rate 0 bps,
bps, drop rate 0 bps
Match:
Match: any
any
Weighted
Weighted Fair
Fair Queueing
Queueing
Output
Output Queue:
Queue: Conversation 265
Bandwidth
Bandwidth remaining
remaining 2020 (%)
(%) Max
Max Threshold
Threshold 64
64 (packets)
(packets)
(pkts
(pkts matched/bytes
matched/bytes matched)
matched) 0/0
0/0
(depth/total
(depth/total drops/no-buffer
drops/no-buffer drops)
drops) 0/0/0
0/0/0
Class-map:
Class-map: class-default
class -default (match-any)
(match-any)
42 packets, 4439 bytes
42 packets, 4439 bytes
55 minute
minute offered
offered rate
rate 00 bps,
bps, drop
drop rate
rate 0
0 bps
bps
Match:
Match: any
any
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-37
The show policy-map interface command displays all service policies applied to
the interface. Among the settings, policing parameters and statistics are displayed.
9-34 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Monitoring and Troubleshooting
CB-WFQ
Router#
show queueing fair
Interface
Interface Discard
Discard Dynamic
Dynamic Reserved
Reserved Link
Link Prio
Priority
rity
threshold
threshold queues
queues queues
queues queues
queues queues
queu es
FastEthernet0/0
FastEthernet0/0 64
64 256
256 64
64 88 11
Serial0/0
Serial0/0 64
64 32
32 00 88 11
Serial0/1
Serial0/1 64
64 32
32 00 88 11
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-38
The show queueing fair command displays all interfaces using Weighted Fair
Queuing. The FastEthernet interface show there are 64 reserved queues (for
CB-WFQ). One queue is used for IP RTP prioritization.
The discard threshold is the number of packets than have to be in the queuing
system to start dropping packets in the longest queue.
The number of dynamic queues specifies how many queues are used in the default
class if flow-based WFQ is used.
WFQ reserves 8 queues (link queues) for PAK_Priority packets (link-level
messages and keepalives, routing protocol hello messages and keepalives etc.).
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-35
Monitoring and Troubleshooting
CB-dWFQ
Router#
show queueing interface [intf]
Class
Class 0:
0: weight
weight 50
50 limit
limit 250
250 qsize
qsize 00 pkts
pkts output
output 00 drops
drops 00
Class
Class 23:
23: weight
weight 30
30 limit
limit 150
150 qsize
qsize 00 pkts
pkts output
output 00 drops
drops 00
Class
Class 24:
24: weight
weight 20
20 limit
limit 100
100 qsize
qsize 00 pkts
pkts output
output 00 drops
drops 00
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-39
The show queueing interface command can be used to display the parameters
and statistics of distributed Weighted Fair Queuing (dWFQ) on Cisco 7x00 series
routers using Versatile Interface Processors (VIPs).
9-36 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Summary
Class-based Weighted Fair Queuing (CB-WFQ) is a queuing mechanism that can
provide bandwidth guarantees for up to 64 classes on one interface.
Bandwidth guarantees can be configured by specifying:
n A fixed guarantee in kbps
n A fixed guarantee in a percentage of interface bandwidth
n A dynamic guarantee by specifying a percentage of available bandwidth
Lesson Review
1. What type of guarantee does CB-WFQ provide?
2. Which DiffServ PHB can be implemented using CB-WFQ?
3. What configuration steps are needed to configure CB-WFQ?
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-37
Class-based WRED
Overview
This lesson describes the WRED feature and shows how and where it can be used
in the MQC.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe Class-based Weighted Random Early Detection (CB-WRED)
n Configure CB-WRED
n Monitor and troubleshoot CB-WRED
9-38 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Class-based WRED
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-44
Note The combination of CB-WFQ with WRED on a single device is currently the only
way to implement the DiffServ’s Assured Forwarding Per-Hop Behavior (AF PFB)
using Cisco IOS software.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-39
RED Profile
Maximum
Drop
Probability
10%
20 40 Average
Queue
Size
Minimum Maximum
Threshold Threshold
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-45
9-40 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
linearly as the average queue size increases, until the average queue size
reaches the maximum threshold.
n Maximum threshold: When the average queue size is above the maximum
threshold, all packets are dropped. If the difference between the maximum
threshold and the minimum threshold is too small, many packets might be
dropped at once, resulting in global synchronization.
n Mark probability denominator: This is the fraction of packets dropped
when the average queue depth is at the maximum threshold. For example, if
the denominator is 512, one out of every 512 packets is dropped when the
average queue is at the maximum threshold.
These parameters define the RED profile, which implements the packet dropping
strategy, which is based on the average queue length.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-41
RED Modes
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-46
RED has three dropping modes, based on the average queue size:
n When the average queue size is between 0 and the configured minimum
threshold, no drops occur and all packets are queued.
n When the average queue size is between the configured minimum threshold,
and the configured maximum threshold, random drop occurs. Random drop is
linearly proportional to the average queue length. The maximum probability of
drop (when the queue is almost completely full) is 10% in Cisco IOS software
if the default settings are used.
n When the average queue size is at maximum or higher than the maximum
threshold, RED performs full (tail) drop in the queue. This event is unlikely,
because RED should slow down TCP traffic ahead of the congestion. If a lot
of non-TCP traffic is present, RED cannot effectively drop traffic to reduce
congestion, and tail-drops are likely to occur.
9-42 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
WRED Building Blocks
Calculate Average
Queue Size Current
Queue
Size
Queue No
IP packet WRED FIFO Queue
Full?
IP precedence
Yes
or
DSCP
Select
WRED
Min. threshold
Profile Random Drop Tail Drop
Max. threshold
Max prob. denom.
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-47
The figure shows how WRED is implemented, and what parameters influence
WRED dropping decisions. The WRED algorithm is constantly updated with the
calculated average queue size, which is based on the recent history of queue sizes.
The configured WRED profiles define the dropping thresholds (and therefore the
WRED probability slopes). When a packet arrives at the output queue, the IP
precedence or the DSCP-value is used to select the correct WRED profile for the
packet, and the packet is passed to WRED to perform a drop/enqueue decision.
Based on the profile and the average queue size, WRED calculates the probability
for dropping the current packet and then either drops it or passes it to the output
queue. If the queue is already full, the packet is tail-dropped. Otherwise, it is
eventually transmitted out on the interface.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-43
Weighted Random Early
Detection
9-44 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
WRED Profiles
Drop
Probability
100%
10%
10 20 40 Average
Queue
Size
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-49
The figure shows two WRED profiles, used with traffic of different QoS classes.
One class has a much lower minimum and maximum threshold, and traffic of that
class will be dropped much earlier and more aggressively, and will ultimately be tail
dropped early, when heavy congestion occurs. The other class has a higher
minimum and maximum threshold. Therefore dropping occurs later and is less
likely to occur. These two classes maintain differentiated levels of service in the
event of congestion.
To avoid the need for setting all WRED parameters in a router, 8 default values
are already defined for precedence-based WRED, and 64 DiffServ-aligned values
are defined for DSCP-based WRED. Therefore, the default settings should suffice
in the vast majority of deployments.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-45
IP Precedence and Class Selector
Profiles
Drop
Probability
100%
10%
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-50
The Class selector range of DSCP values is used for backward compatibility with
IP precedence. The same WRED profiles are applied to equal IP precedence and
Class selector values:
IP precedence DSCP (Class selector) Default minimum
threshold
(three bits) (six bits)
0 Default (0) 20
1 cs1 (8) 22
2 cs2 (16) 24
3 cs3 (24) 26
4 cs4 (32) 28
5 cs5 (40) 31
6 cs6 (48) 33
7 cs7 (56) 35
RSVP RSVP 37
9-46 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
DSCP-based WRED
(Expedited Forwarding)
Drop
Probability
100%
10% EF
Average
20 36 40 Queue
Size
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-51
For the Expedited Forwarding DiffServ traffic class, WRED configures itself by
default so that the minimum threshold is very high, thus increasing the probability of
no drops being applied to that traffic class. EF-traffic is therefore expected to be
dropped very late, compared to other traffic classes, and is therefore prioritized in
the event of congestion.
DSCP Default minimum
threshold
(six bits)
EF (101110) 36
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-47
DSCP-based WRED
(Assured Forwarding)
Drop
Probability
100%
AF Low Drop
AF Medium Drop
AF High Drop
10%
Average
20 24 28 32 40 Queue
Size
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-52
For the Assured Forwarding DiffServ traffic class, WRED configures itself by
default, for three different profiles, depending on the Drop Preference DSCP
marking bits. AF-traffic should therefore be classified into the three possible
classes based on the application sensitivity to dropping. WRED implements a
congestion avoidance PHB in agreement with the initial classification.
DROP Class #1 Class #2 Class #3 Class #4
Precedence
9-48 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Configuring WRED
Router(config-pmap-c)#
random-detect
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-53
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-49
Changing WRED Profile
Router(config-pmap-c)#
random-detect precedence precedence min-threshold
max-threshold mark-prob-denominator
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-54
In the example in the figure, WRED is enabled with default values, and then the
values are changed for each IP Precedence level. The configured values are the
same as for Random Early Detection, and are:
n Minimum threshold - When the average queue depth is above the minimum
threshold, RED starts dropping packets. The rate of packet drop increases
linearly as the average queue size increases, until the average queue size
reaches the maximum threshold.
n Maximum threshold - When the average queue size is above the maximum
threshold, all packets are dropped. If the difference between the maximum
threshold and the minimum threshold is too small, many packets might be
dropped at once, resulting in global synchronization.
n Mark probability denominator - This is the fraction of packets dropped
when the average queue depth is at the maximum threshold. For example, if
the denominator is 512, one out of every 512 packets is dropped when the
average queue is at the maximum threshold.
It is interesting to note, that the maximum probability of drop at the maximum
threshold can be expressed as 1/mark-prob-denominator. The maximum drop
probability is 10%, if default settings are used which have a mark probability
denominator value of 10.
If required, RED can be configured as a special case of WRED, by assigning the
same profile to all eight IP precedence values.
9-50 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Changing WRED Sensitivity
to Bursts
Router(config-pmap-c)#
random-detect exponential-weighting-constant n
Qavg ( t + 1) = Qavg (t ) ⋅ (1 − 2 − n ) + Qt ⋅ 2 − n
WRED does not calculate the drop probability using the current queue length, but
rather uses the average queue length. The average queue length is constantly
recalculated using two terms: the previously calculated average queue size and the
current queue size. An exponential weighting constant N influences the calculation
by weighing the two terms, therefore influencing how the average queue size
follows the current queue size, in the following way:
n A low value of N makes the current queue size more significant in the new
average size calculation, therefore more sensitive to bursts
n A high value of N makes the previous average queue size more significant in
the new average seize calculation, so that bursts influence the new value to a
smaller degree.
The default value is 9 and should suffice for most scenarios, except perhaps those
involving extremely high-speed interfaces (e.g. OC12), where it can be increased
slightly (to about 12) to allow more bursts.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-51
Configuring DSCP-based WRED
Router(config-pmap-c)#
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-56
9-52 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Changing the WRED Profile
Router(config-pmap-c)#
random-detect precedence precedence min-threshold
max-threshold mark-prob-denominator
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-54
The DSCP-weighted WRED profiles can be changed, using the known three
WRED parameters. The mask-prob-denominator defines the packet drop
probability at the WRED maximum threshold. The maximum drop probability is
10%, if default settings are used which have a mark probability denominator value
of 10. Normally, the DSCP-weighed profiles should be left at their default settings,
because those settings are appropriate for most situations, if the traffic is classified
according to the DiffServ service specification.
IP prcecdence Default minimum
threshold
0 20
1 22
2 24
3 26
4 28
5 31
6 33
7 35
RSVP 37
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-53
9-54 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
CB-WFQ with WRED
Example 1
The first CB-WFQ with WRED example focuses on a network, which provides
three different service levels for three traffic classes
n The Gold class, marked with IP precedence values of 3 and 4 (3 is used for
high drop, and 4 is used for low drop within the service class) should get 30%
of an interface bandwidth
n The Silver class, marked with IP precedence values of 1 and 2 (1 being high-
drop, and 2 being low-drop service) should get 20% of the interface bandwidth.
n Best effort traffic should get the remaining bandwidth share, and should be
fair-queued.
To enforce this service policy, a router will use CB-WFQ to perform bandwidth
sharing, and WRED within service classes to perform differentiated drop.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-55
CB-WFQ with WRED
Example 1
class-map
class-map Gold
Gold
match
match ip
ip precedence
precedence 33 4
4
!!
class-map
class-map Silver
Silver
match
match ip precedence 1 2
!!
policy-map
policy-map Policy1
Policy1
class
class Gold
Gold
bandwidth
bandwidth percent
percent 30
30
random-detect
random-detect
random-detect
random-detect precedence
precedence 3 20 40 10
random-detect
random-detect precedence
precedence 4 30 40 10
class
class Silver
Silver
bandwidth
bandwidth percent
percent 20
20
random-detect
random-detect
random-detect
random-detect precedence
precedence 1 15 35 10
random-detect
random-detect precedence
precedence 2 20 35 10
class
class class-default
class-default
fair-queue
fair-queue
random-detect
random-detect
!!
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-59
The figure shows a configuration implementing the example service policie s. The
traffic is classified based on the precedence bits, and all non-contract traffic is
classified into the default class.
n The Gold class is guaranteed at least 30 percent of bandwidth, with a custom
WRED profile, which establishes a low-drop and a high-drop per-hop behavior.
n The Silver class is guaranteed at least 20 percent of bandwidth, is configured
with somewhat lower WRED drop thresholds, and is therefore more likely to
be dropped than the Gold class in the event of interface congestion.
n All other traffic is part of the default class, is fair-queued, with default WRED
parameters.
9-56 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
CB-WFQ with WRED
Example 2
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-60
CB-WFQ with WRED Example 1 was implemented using a CoS based on the
precedence bit. In this example, the same policy is configured, but DSCP-based
CoS classification and QoS services are used. Remember that the DiffServ model
itself provides defined traffic classes and their associated PHB. DiffServ-based
classification is used in this example.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-57
CB-WFQ with WRED
Example 2
class-map
class-map Gold
Gold class
class Silver
Silver
match
match ip
ip dscp
dscp af11
af11 af12
af12 af13
af13 cs3
cs3 cs4
cs4 bandwidth
bandwidth percent
percent 20
20
!! random-detect
random-detect dscp -based
dscp-based
class-map
class-map Silver
Silver random-detect
random-detect dscp
dscp af11
af11 25
25 35
35 10
10
match
match ip dscp
dscp af21
af21 af22
af22 af23
af23 cs1
cs1 cs2
cs2 random-detect
random-detect dscp
dscp af12
af12 20
20 35
35 10
10
!! random-detect
random-detect dscp
dscp af13
af13 15
15 35
35 10
10
policy-map
policy-map Policy1
Policy1 random-detect
random-detect dscp
dscp cs3
cs3 15
15 35
35 10
10
class
class Gold
Gold random-detect
random-detect dscp
dscp cs4
cs4 25
25 35
35 10
10
bandwidth
bandwidth percent
percent 30
30 class
class class-default
class-default
random-detect
random-detect dscp -based
dscp-based fair-queue
fair-queue
random-detect
random-detect dscp
dscp af11
af11 30
30 40
40 10
10 random-detect
random-detect dscp -based
dscp-based
random-detect
random-detect dscp
dscp af12
af12 25
25 40
40 10
10 !!
random-detect
random-detect dscp
dscp af13
af13 20
20 40
40 10
10
random-detect
random-detect dscp
dscp cs3
cs3 20
20 40
40 10
10
random-detect
random-detect dscp cs4 30 40 10
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-61
9-58 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Monitoring and Troubleshooting
CB-WRED
Router#show
Router#show policy -map interface
policy-map interface fastEthernet
fastEthernet 0/0
0/0
FastEthernet0/0
FastEthernet0/0
Service-policy
Service-policy output: Policy1
Class-map:
Class-map: Gold (match-all)
(match -all)
00 packets,
packets, 00 bytes
bytes
55 minute
minute offered rate
offered rate 0 bps,
bps, drop rate 0 bps
Match:
Match: ip
ip precedence
precedence 33 44
Match:
Match: ip
ip dscp
dscp 10
10 12
12 14 14 24
24 32
32
Weighted
Weighted Fair
Fair Queueing
Queueing
Output
Output Queue:
Queue: Conversation
Conversation 265
265
Bandwidth
Bandwidth 30
30 (%)
(%)
Bandwidth 3000 (kbps)
Bandwidth 3000 (kbps)
(pkts
(pkts matched/bytes
matched/bytes matched)
matched) 0/0
0/0
(depth/total
(depth/total drops/no-buffer
drops/no-buffer drops)
drops) 0/0/0
0/0/0
exponential
exponential weight:
weight: 99
mean queue depth:
mean queue depth: 0 0
Dscp
Dscp Random
Random drop
drop Tail drop Minimum Maximum Mark
(Prec)
(Prec) pkts/bytes
pkts/bytes pkts/bytes
pkts/bytes threshold
threshold threshold
threshold probability
probability
0(0)
0(0) 0/0
0/0 0/0
0/0 20
20 40
40 1/10
1/10
11 0/0
0/0 0/0
0/0 22
22 40
40 1/10
1/10
22 0/0
0/0 0/0
0/0 24
24 40
40 1/10
1/10
33 0/0
0/0 0/0
0/0 26
26 40
40 1/10
1/10
...
...
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-62
The show policy-map interface command shows the service policy applied to an
interface, including all WRED parameters implementing the dropping policy on that
interface.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-59
Summary
n WRED can be used inside the Cisco IOS CB-WFQ, configured via the MQC
n WRED can be applied per-service policy
n All WRED parameters are inherited from the traditional Cisco IOS WRED
implementation
Lesson Review
1. How does WRED supplement CB-WFQ?
2. Can WRED be combined with flow-based WFQ in the default class?
3. Which two operational modes does WRED support?
4. How many profiles does WRED support?
9-60 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Class-based Low-latency Queuing
Overview
This lesson describes the Low-latency Queueing (LLQ) feature within the CB-
WFQ system.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe Class-based Low-latency Queuing (CB-LLQ)
n Configure CB-LLQ
n Monitor and troubleshoot CB-LLQ
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-61
Class-based Low-latency Queuing
While Weighed Fair Queuing (WFQ) provides a fair share of bandwidth to every
flow, and provides fair scheduling of its queues, it cannot provide guaranteed
bandwidth and low delay to select applications. Voice traffic, for example, may still
compete with other aggressive flows in the WFQ queuing system, which lacks
priority scheduling for time-critical traffic classes.
IP RTP Prioritization is one Cisco IOS feature designed to guarantee priority of
voice traffic. However, because it only can only prioritize pure RTP traffic (IP
RTP Prioritization uses a UDP port range heuristic to distinguish RTP from the
rest of the traffic), and lacks flexibility in policing, it does not present a via ble
solution when multiple non-RTP time-critical applications are deployed in the
network.
Class-based Low-latency Queueing (CB-LLQ) is a method, used within the CB-
WFQ framework, which can prioritize traffic flows with the flexibility of the Cisco
IOS MQC interface.
9-62 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Low-Latency Queueing
Queuing and Scheduling
Class BW Priority
Forwarder Priority Yes Policing Yes
queue
(FIFO)
No
Class BW
Priority Yes Policing
No
WFQ
Class
Yes
Flow queue Scheduling
N? (FIFO)
No
Class
Default?
WFQ/FIFO
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy -68
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-63
CB-LLQ Scheduling
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-69
9-64 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Configuring CB-LLQ
Router(config-pmap-c)#
priority bandwidth
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-70
Configured by the priority command, LLQ enables the use of a single priority
queue within CBWFQ at the class level, allowing the user to direct traffic
belonging to a class to the CBWFQ priority queue. To enqueue class traffic to the
priority queue, configure the priority command for the class after the named class
is specified within a policy map. Classes to which the priority command is applied
are considered priority classes. One or more classes can be given priority status
within a policy map. When multiple classes within a single policy map are
configured as priority classes, all traffic from these classes is enqueued to the
same, single, priority queue.
The bandwidth and percent options allocate a fixed amount of bandwidth (in
kbps) to the priority class, using absolute or relative bandwidth respectively. The
priority queue is policed using this bandwidth parameter and all exceeding packets
are dropped.
Keep the following guidelines in mind when using the priority command:
n Layer 2 encapsulations are accounted for in the amount of bandwidth specified
with the priority command. However, ensure a bandwidth is configured that
has room for cell-tax overhead and possible jitter introduced by the routers in
the voice path.
n Use the priority command for VoIP on serial links and ATM PVCs. It does
not support VoIP over Frame Relay links.
n Use the priority command in conjunction with the set command. You cannot
use the priority command in conjunction with any other command, including
the random-detect, queue-limit, and bandwidth commands.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-65
n You can configure the priority command in multiple classes, but you should
only use it for voice-like, constant bit rate (CBR) traffic. If the traffic is not
CBR, you must configure a large enough bandwidth parameter to absorb the
data bursts.
9-66 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
CB-LLQ
Example
class-map
class-map VoIP
VoIP
match
match ip
ip precedence
precedence 55
!!
class-map
class-map Gold
Gold
match
match ip precedence 3 4
!!
class-map
class-map Silver
Silver
match
match ip
ip precedence
precedence 11 22
!!
policy-map
policy-map Policy1
Policy1
class
class VoIP
priority
priority percent
percent 10
10
class
class Gold
Gold
bandwidth
bandwidth percent
percent 30
30
random-detect
random-detect
class
class Silver
bandwidth
bandwidth percent
percent 20
20
random-detect
random-detect
class
class class-default
class-default
fair-queue
fair-queue
random-detect
random-detect
!!
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-71
This figure shows a configuration example, where the VoIP traffic class, classified
by the IP precedence of 1, is queued in a priority queue within the CB-WFQ
system. The priority class received priority scheduling compared to other classes’
queues, and is guaranteed, but limited to 10 percent of bandwidth.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-67
Monitoring and Troubleshooting
CB-LLQ
Router#show
Router#show policy-map
policy-map interface
interface fastethernet
fastethernet 0/0
0/0
FastEthernet0/0
FastEthernet0/0
Service-policy
Service-policy output:
output: LLQ
LLQ
Class-map:
Class-map: LLQ
LLQ (match -any)
(match-any)
00 packets,
packets, 00 bytes
bytes
55 minute
minute offered
offered rate
rate 00 bps,
bps, drop
drop rate
rate 0 bps
0 bps
Match:
Match: any
Weighted
Weighted Fair
Fair Queueing
Queueing
Strict
Strict Priority
Priority
Output
Output Queue: Conversation 264
Bandwidth
Bandwidth 1000
1000 (kbps)
(kbps) Burst
Burst 25000
25000 (Bytes)
(Bytes)
(pkts
(pkts matched/bytes
matched/bytes matched)
matched) 0/0
0/0
(total
(total drops/bytes
drops/bytes drops)
drops) 0/0
0/0
Class-map:
Class-map: class -default (match
class-default -any)
(match-any)
00 packets,
packets, 0 bytes
55 minute
minute offered
offered rate
rate 0
0 bps,
bps, drop
drop rate
rate 0 bps
0 bps
Match:
Match: any
any
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-72
The show policy-map interface command shows the service policy settings on an
interface. The priority scheduling method is listed, if enabled.
9-68 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Summary
n CB-LLQ guarantees priority scheduling with guaranteed bandwidth on an
interface
n CB-LLQ is integrated with CB-WFQ and configured via the Cisco IOS MQC
n CB-LLQ is more flexible than IP RTP Prioritization
Lesson Review
1. What advantages does CB-LLQ have over IP RTP Prioritization?
2. What guarantees does CB-LLQ provide?
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-69
Class-based Policing
Overview
This lesson section describes the Class-based Policing mechanism used within the
CB-WFQ system. The lesson also compares Class-based Policing implementation
with the standalone CAR mechanism.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe Class-based Policing
n Configure CB-Policing
n Monitor and troubleshoot CB-Policing
9-70 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Class-based Policing
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-77
Class-based Policing allows the servic e provider to rate-limit traffic in and out of
the router interfaces to a configured bit rate, thereby enabling various forms of
ingress and egress rate-limiting in a network. Class-based policing is implemented
within the CB-WFQ queueing method, and configured via the Cisco IOS MQC.
Like Committed Access Rate (CAR), Class-based Policing simply rate-limits
traffic according to a simple “forward or drop” policy, according to the
configuration. Class-based policing also uses a token-bucket metering mechanism,
similar to CAR, but with some modification and added flexibility.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-71
How do Routers Measure Traffic
Rate
Bandwidth
Link bandwidth
Exceeding traffic
Rate limit
Conforming Traffic
Time
• Routers use the Token Bucket mathematical model to keep
track of packet arrival rate
• The Token Bucket model is used whenever a new packet is
processed
• The return value is conform or exceed
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-78
In order to perform rate limiting, routers must meter (or measure) traffic rates
through its interfaces. To enforce a rate limit, metered traffic is said to:
n Conform to the rate limit, if the rate of traffic is below the configured rate limit
n Exceed the rate limit, if the rate of traffic is above the configured rate limit
The metering is usually performed with an abstract mathematical model called a
token bucket, which is used when processing each packet. The token bucket can
calculate whether the current packet conforms or exceeds the configured rate limit
on an interface.
9-72 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Token Bucket
700
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-79
The token bucket is a mathematical model used in a device that regulates the data
flow. The model has two basic ingredients:
n Tokens, where each token represents the permission to send a fixed number of
bits into the network
n The bucket, which has the capacity to hold a specified amount of tokens
Tokens are put into the bucket at a certain rate by the operating system. Each
incoming packet, if forwarded, takes tokens from the bucket, representing the
packet’s size. If not enough tokens are available in the bucket to send the packet,
the policer discards the packet. If the bucket fills to capacity, newly arriving tokens
are discarded, and discarded tokens are not available to future packets.
The figure shows a token bucket, with the current capacity of 700 bytes. When a
500-byte packet arrives at the interface, its size is compared to the bucket capacity
(in bytes). The packet conforms to the rate limit (500 bytes < 700 bytes), the
packet is forwarded, and 500 bytes worth of tokens are removed from the bucket.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-73
Token Bucket
200
300
byte
s
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-80
When the next packet arrives immediately after the first packet, and because no
new tokens have been added to the bucket (which is done periodically), there are
not enough tokens in the bucket to represent the current packet. The current
packet therefore exceeds the rate limit and is dropped.
9-74 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Token Bucket
Be
Link BW
Bc of tokens is added Link
Utilization
every Tc [ms]
Bc Bc Bc Bc Bc Bc Average BW
Tc = Bc / CIR (CIR)
Be
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-81
Token bucket implementations usually rely on three parameters: CIR, Bc and Be.
CIR is the Committed Information Rate (also called the committed rate), which
represents the long-term average rate of traffic. Bc is known as the burst capacity.
Be is known as the excess burst capacity. Tc is a time interval constant.
In the token bucket metaphor, tokens are put into the bucket at a certain rate,
which is Bc tokens every Tc seconds. The bucket itself has a specified capacity. If
the bucket fills to capacity (Bc + Be), newly arriving tokens are discarded. Each
token is permission for the source to send a certain number of bits into the
network. To send a packet, the regulator must remove, from the bucket, the
number of tokens equal in representation to the packet size.
For example, if 8000 bytes worth of tokens are placed in the bucket every 125
milliseconds, the router can steadily transmit 8000 bytes every 125 milliseconds, if
traffic constantly arrives at the router.
If there is no traffic at all, 8000 bytes per 125 milliseconds get accumulated in the
bucket, up to the maximum size (Bc+Be). One second’s accumulation therefore
collects 64000 bytes worth of tokens, which can be transmitted immediately in the
case of a burst. The upper limit, Bc+Be, defines the maximum amount of data,
which can be transmitted in a single burst, at the line rate.
A token bucket permits burstiness but bounds it. It guarantees that the burstiness is
bounded so that the flow will never send faster than the token bucket's capacity.
This means, that in the long-term, the transmission rate will not exceed the
established rate at which tokens are placed in the bucket (the committed rate).
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-75
Class-based Policing
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-82
When CAR is in effect, its metering code uses a single token bucket, and is able to
determine whether incoming traffic conforms or exceeds the configured rate-limit.
Class-based Policing introduces a two-token-bucket scheme in the policer. Using
two token buckets, traffic can:
n Conform to the rate limit, when it is within the average bit rate
n Exceed the rate limit, when it exceeds the average bit rate, but does not
exceed the allowed excess burst
n Violate the rate limit, when it exceeds both the average rate and the excess
bursts.
The double token bucket method is explained later in the lesson.
9-76 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Class-based Policing Actions
Based on the current packet conforming, exceeding, or violating the rate limit, an
action can be taken by the policer. The CB-WFQ policer supports the following
actions:
n Transmit—the packet is transmitted
n Drop—the packet is dropped
n Set precedence (or DSCP value) and transmit: the IP Precedence (ToS)
or DSCP bits in the packet header are rewritten. The packet is then
transmitted. This action can be used to either color (set precedence) or
recolor (modify existing packet precedence) the packet.
n Set QoS group and transmit: the QoS group can be set and then used only
locally within the router. The QoS group can be used in later QoS mechanisms
and performed in the same router, such as CB-WFQ. The packet is then
transmitted.
n Set MPLS experimental bits and transmit: the MPLS experimental bits
can be set. The packet is then transmitted. These are usually used to signal
QoS parameters in a MPLS cloud.
n Set Frame Relay DE bit and transmit: the Frame Relay Discard Eligibility
(DE) bit is set in the Layer-2 (Frame Relay) header and the packet is
transmitted. This setting can be used to mark excessive or violating traffic
(which should be dropped with preference on Layer-2 switches) at the edge of
a Frame Relay network.
n Set ATM CLP bit and transmit: the ATM Cell Loss Priority (CLP) bit is
set in the Layer-2 (ATM) header and the packet is transmitted. This setting
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-77
can be used to mark excessive or violating traffic (which should be dropped
with preference on Layer-2 switches) at the edge of an ATM network.
9-78 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Single Token Bucket with
Class-based Policing
700 BE
Class-based Policing can use a single or double token bucket method as the
metering mechanism. The one token bucket algorithm is used when the violate-
action option is not specified in the police MQC command.
If one token bucket is used, the meter can only differentiate between conforming
and exceeding traffic. Therefore, in a simple single token bucket algorithm, a
packet conforms to the line rate, if the size of the packet is less or equal to the
number of tokens in the token bucket.
The actual metering algorithm used by CB-Policing is somewhat different from a
pure token bucket, described above, and used by CAR. With CAR, the token
bucket is refilled at periodic intervals (Tc) with a fixed number of tokens (Bc).
Class-based policing employs a different method, which calculates the bucket size
and adds tokens on every processed packet. The Class-based policing works in the
following manner:
n The token bucket is initially set to the full size (the full size is the number of
bytes specified as the normal burst size or Bc)
n When a packet of size B bytes arrives at time t the following actions occur:
– Tokens are updated in the conform bucket. If the previous arrival of
the packet was at t1 and the current time is t, the bucket is updated
with (t-t1) worth of bits based on the token arrival rate. The per-
packet token arrival rate is calculated as:
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-79
– If the number of bytes in the conform bucket - B is greater than or
equal to 0, the packet conforms and the conform action is taken on the
packet. If the packet conforms, B bytes are removed from the
conform bucket and the conform action is completed for the packet.
– If the number of bytes in the conform bucket - B is less than 0, the
exceed action is taken.
9-80 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Single Token Bucket with
Class-based Policing
200 BE
When a packet size is more than the available number of tokens in a TB, the
packet exceeds the rate limit. Again, this is a simplified algorithm for a pure token
bucket. Class-based policing uses a slightly different algorithm, which was
described previously.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-81
Double Token Bucket with
Class-based Policing
700 BC 400 BE
Cisco IOS Class-based policing uses a double token bucket metering method, when
the violate action is specified in the police MQC command. One bucket is used to
meter conforming traffic (the conform bucket), and is of size BC. The other bucket
is used to meter exceeding traffic, and is of size BE.
The conform bucket is initially full (the full size is the number of bytes specified as
the normal burst size, BC). The exceed bucket is also initially full (the full exceed
bucket size is the number of bytes specified in the maximum burst size, BE). The
tokens for both the conform and exceed token buckets are updated based on the
token arrival rate (or CIR).
In simple terms, with the double token bucket system, an incoming packet
conforms to the rate limit, if the conform bucket has enough tokens for the size of
the packet.
Looking into the details of the algorithm, the actual processing which occurs is as
follows:
n A packet of size B bytes arrives at time t
n Tokens are updated in the conform bucket. If the previous arrival of the packet
was at t1 and the current arrival of the packet is at t, the bucket is updated
with t-t1 worth of bits based on the token arrival rate. The refill tokens are
placed in the conform bucket. If the tokens overflow the conform bucket, the
overflow tokens are placed in the exceed bucket.
The token arrival rate is calculated as follows:
9-82 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
n If the number of bytes in the conform bucket - B is greater than or equal to 0,
the packet conforms and the conform action is taken on the packet. If the
packet conforms, B bytes are removed from the conform bucket and the
conform action is taken. The exceed bucket is unaffected in this scenario.
n If the number of bytes in the conform bucket - B is less than 0, the excess
token bucket is checked for bytes by the packet. If the number of bytes in the
exceed bucket - B is greater than or equal to 0, the exceed action is taken and
B bytes are removed from the exceed token bucket. No bytes are removed
from the conform bucket.
n If the number of bytes in the exceed bucket - B is less than 0, the packet
violates and the violate action is taken. The action is complete for the packet.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-83
Double Token Bucket with
Class-based Policing
200 BC 400 BE
If looking at the double token bucket in a simplified way, an incoming packet would
exceed the rate limit, if the conform bucket does not have enough tokens for the
size of the packet, but the exceed bucket does.
For a detailed insight, consult the previously laid-out algorithm.
9-84 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Double Token Bucket with
Class-based Policing
200 BC 100 BE
In simple terms, the double token bucket system means that an incoming packet
violates the rate limit, if neither the conform nor the exceed buckets have enough
tokens for the size of the packet.
For a detailed insight, consult the previously laid-out algorithm
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-85
Refilling the Token Buckets
BC TB1
TB2 BE
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy -89
The detailed token bucket algorithms are somewhat different from the classic
token bucket algorithms used by CAR and GTS. Token refilling is done per packet,
which can considerably smooth out rate limiting, because there is no fixed interval
(Tc) for bucket refills.
Instead, the calculation
TB1_after = min(BC, TB1_before + (Tnow -TLastPacket ) * BitRate / 8)
where TB1 is the token bucket size, BC is the maximum conform token bucket
size, Tnow is the current time, TLastPacket is the time of arrival of the previous packet,
and the BitRate is the CIR of the rate limit, defines the new size of the conform
bucket, and is calculated for each incoming packet. If the number of tokens
exceeds the size of the conform bucket (BC), excess tokens spill over and fill the
second (exceed) bucket. If the exceed bucket overflows with tokens, those tokens
are lost.
The new token bucket size, therefore, equals to the BC (Conform Bucket Size) or
the “Previous bucket size + added tokens since the last packet was transmitted”,
which ever is smaller.
9-86 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Configuring Class-based Policing
Router(config-pmap-c)#
police avg-rate [BCC [BEE]] [conform-action [action]
[exceed-action [action] [violate-action [action]]]]
• avg-rate – traffic rate in bps (8.000 to 200.000.000)
• BC – normal burst sets the size of the first token bucket in bytes
(default is 1500 or avg-rate/32; whatever is higher)
• BE – excess burst sets the size of the second token bucket in
bytes (equals BC if not configured)
• action – can be:
• transmit (default conform action)
• drop (default exceed and violate action)
• set-prec-transmit ip-precedence
• set-dscp-transmit dscp
• set-qos-transmit qos-group
• set-mpls-exp-transmit mple-exp
• set frde-transmit
• set-clp-transmit
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-90
The police MQC command defines policing parameters for a traffic class. The
avg-rate parameter defines the policed average traffic rate (CIR), the BC and
BE define the double token bucket sizes, and the action defines an action for
conforming, exceeding, and optionally violating traffic.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-87
Class-based Policing Example
9-88 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Class-based Policing Example
class-map
class-map www.acme.com
www.acme.com
match
match source-address
source-address mac
mac 000d.dddf.0480
000d.dddf.0480
!!
class-map
class-map www.void.com
www.void.com
match
match source-address
source-address mac
mac 000d.dddc.ad21
000d.dddc.ad21
!!
policy-map
policy-map ServerFarm
class www.acme.com
police
police 128000
128000 conform-action
conform-action transmit
transmit exceed-action
exceed-action drop
class www.void.com
police
police 256000
256000 conform-action
conform-action transmit
transmit exceed-action
exceed-action drop
class class-default
police 64000
!!
interface
interface FastEthernet
FastEthernet 0/0
service-policy input ServerFarm
!!
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-92
The configuration example shows three configured traffic classes, two based on
upstream MAC addresses, and one on the default traffic class. Traffic from
particular servers is policed to a fixed bandwidth, and exceeding traffic is dropped.
If Bc and Be are not specified within the police command, the default value will
be used.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-89
Monitoring and Troubleshooting
CB-Policing
Router #show policy
Router#show policy interface
interface fastethernet
fastethernet 0/0
0/0
FastEthernet0/0
FastEthernet0/0
Service-policy input: ServerFarm (1207)
Service-policy input: ServerFarm (1207)
Class-map:
Class-map: www.acme.com
www.acme.com (match-all)
(match-all) (1209/6)
(1209/6)
00 packets,
packets, 00 bytes
bytes
55 minute
minute offered
offered rate
rate 0 bps,
bps, drop rate 0 bps
Match:
Match: ip
ip precedence
precedence 44 (1213)
(1213)
Match:
Match: source-address
source-address macmac 000D.DDDF.0480
000D.DDDF.0480 (1217)
(1217)
police:
police:
128000
128000 bps,
bps, 4000
4000 limit,
limit, 4000
4000 extended
extended limit
limit
conformed
conformed 00 packets,
packets, 00 bytes;
bytes; action:
action: transmit
transmit
exceeded
exceeded 00 packets,
packets, 00 bytes;
bytes; action:
action: drop
drop
conformed
conformed 0 bps, exceed 0 bps violate 0 bps
0 bps, exceed 0 bps violate 0 bps
...
...
Class-map:
Class-map: class-default
class -default (match-any)
(match-any) (1229/0)
(1229/0)
00 packets,
packets, 00 bytes
bytes
55 minute offered rate
minute offered rate 0 bps,
bps, drop rate 0 bps
Match:
Match: any
any (1233)
(1233)
police:
police:
64000
64000 bps,
bps, 2000 limit, 2000 extended limit
conformed
conformed 00 packets,
packets, 00 bytes;
bytes; action:
action: transmit
transmit
exceeded
exceeded 00 packets,
packets, 00 bytes;
bytes; action:
action: drop
drop
conformed
conformed 0 bps, exceed 0 bps violate 0 bps
0 bps, exceed 0 bps violate 0 bps
...
...
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-93
The show policy-map interface command displays all service policies applied to
the interface. Among the settings, policing parameters and statistics are displayed.
For the www.acme.com class, the CIR was set to 128000 bps, the BC defaults to
128000/32 or 4000 bytes and BE defaults to BC or 4000 bytes also.
9-90 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Summary
n Like CAR, Class-based Policing provides rate limiting of traffic
n Class-based policing is integrated with CB-WFQ
n Class-based policing uses a modified double token bucket mechanism for
metering
Lesson Review
1. What do CAR and Class-based Policing do?
2. What are the main differences between CAR and Class-based Policing?
3. What marking options does Class-based Policing support?
4. What actions does do Class-based Policing support?
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-91
Class-based Shaping
Overview
This lesson describes the Class-based Shaping mechanism. The lesson also
compares the Class-based Shaping implementation with the standalone GTS
mechanism.
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe Class-based Shaping
n Configure CB-Shaping
n Monitor and troubleshoot CB-Shaping
9-92 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Class-based Shaping
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-98
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-93
CB-Shaping
CB-Shaping
Check
Add tokens shaping
queue N
Token
BC+BE Bucket Enough
Do nothing
Tokens? No
Tokens Yes
Packet
size
Shaping Queue N packet Forward Queue N
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-99
CB-Shaping uses the basic token bucket mechanism, where BC tokens are added
at every TC time interval. If enough tokens are present in the bucket when a
packet arrives, the packet is immediately forwarded. Otherwise, the packet is
delayed in the shaping queue, until enough tokens are available.
The router periodically checks the shaping queue by doing the following:
1. Add BC of tokens to the token bucket.
2. Check if there are enough tokens to forward a packet from the shaping
queue to the main class queue. The size of the first packet in the shaping
queue must be smaller or equal to the number of tokens in the token
bucket. Repeat this step until there is no longer enough tokens to forward a
packet or the shaping queue is empty.
3. If there are not enough tokens the router stops processing the shaping
queue for another period of TC.
9-94 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Refilling the Token Bucket
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-95
Configuring CB-Shaping
Router(config-pmap-c)#
shape {average | peak} bit-rate [BCC [BEE]]
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-101
The shape average and shape peak commands configure average and peak
shaping respectively within the CB-WFQ system.
The shape max-buffers command specifies the maximum size of the shaping
queue. The shaping queue delays packets until they conform to the shaping rate. If
the shaping queue is full, packets are tail-dropped.
9-96 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
CB-Shaping Frame Relay
Adaptation
Router(config-pmap-c)#
shape adaptive mir-rate
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-97
CB-Shaping
Example
class-map
class-map Shape
Shape
match
match access-group
access-group 123123
!!
policy-map
policy-map ShapeAvg
S hapeAvg
class Shape
Shape
shape
shape average 16000
16000 1024
1024 2048
!!
policy-map
policy-map ShapePeak
S hapePeak
class Shape
Shape
shape
shape peak
peak 16000
16000 1024 2048
!!
interface
interface Serial0/0
Serial0/0
service-policy
service-policy output ShapeAvg
!!
interface
interface Serial0/1
Serial0/1
service-policy
service-policy output ShapePeak
!!
access-list
access-list 123 permit udp any any
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-103
This figure shows an example configuration for Class-based Shaping. All UDP
traffic is classified into one class, which is shaped differently on two interfaces. On
the Serial0/0 interface, all UDP traffic is shaped to the average rate, while on the
Serial0/1 interface, all UDP traffic is shaped to the peak rate.
9-98 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Monitoring and Troubleshooting
CB-Shaping
Router#show
Router#show policy -map interface
policy-map interface
Serial0/0
Serial0/0
Service-policy
Service-policy output:
output: ShapeAvg
Class-map:
Class-map: Shape
Shape (match-all)
(match-all)
782
782 packets,
packets, 728824
728824 bytes
bytes
55 minute
minute offered rate
offered rate 24000
24000 bps,
bps, drop
drop rate
rate 22000
22000 bps
bps
Match:
Match: access-group
access -group 123
123
Traffic
Traffic Shaping
Target
Target Byte
Byte Sustain Excess Interval Increment
Increment Adapt
Adapt
Rate
Rate Limit bits/int
bits/int bits/int
bits/int (ms)
(ms) (bytes)
(bytes) Active
Active
16000
16000 384
384 1024
1024 2048
2048 64
64 128
128 --
Queue
Queue Packets
Packets Bytes
Bytes Packets
Packets Bytes
Bytes Shapin
Shapingg
Depth
Depth Delayed
Delayed Delayed
Delayed Active
Active
64
64 135
135 125820
125820 134
134 124888
124888 yes
yes
Class-map:
Class-map: class -default (match
class-default -any)
(match-any)
99 packets,
packets, 3234
3234 bytes
bytes
55 minute
minute offered
offered rate
rate 0 bps, drop rate 0 bps
Match:
Match: any
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-104
The show policy-map interface command displays all service policies applied to
the interface. Among the settings, shaping parameters and statistics are displayed.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-99
Summary
n Class-based Shaping rate-limits traffic by delaying it in a shaping queue
n Class-based Shaping meters traffic like GTS, using a single token bucket
n Class-based Shaping is integrated into the CB-WFQ queuing system,
configured via the Cisco IOS MQC
Lesson Review
1. What are the main differences between CB-Policing and CB-Shaping?
2. What two shaping methods does CB-Shaping support?
9-100 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Class-based Marking
Overview
This lesson describes the Class-based Marking capability of the Cisco IOS
Modular QoS CLI (MQC).
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe Class-based Marking
n Configure CB-Marking
n Monitor and troubleshoot CB-Marking
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-101
Class-based Marking
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-109
Marking packets or frames lets you set information in the Layer 2, 3, or 4 headers,
or even set information within the payload of a packet, so the packet or frame can
be identified and distinguished from other packets or frames.
The CB-WFQ queuing system provides packet marking capabilities, using Class-
based Marking, which is configured within the Cisco IOS MQC feature. It is
perhaps the most flexible IOS marking tool, extending the marking functionality of
CAR and policy routing.
Class-based Marking can be used on input or output of interfaces, as a part of an
input or an output service policy. On input, Class-based Marking can be combined
with Class-based Policing, and on output, with any other CB-WFQ QoS feature.
9-102 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Class-based Marking
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-110
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-103
Configuring IP Precedence
Marking
Router(config-pmap-c)#
set ip precedence ip-precedence
• Mark IP packets with the specified IP precedence value
• IP precedence can be set using a value (0 to 7) or a
corresponding name (e.g. routine, priority, immediate)
policy-map
policy-map SetPrec
SetPrec
class
class Class1
Class1
set ip precedence priority
class
class Class2
Class2
set
set ip
ip precedence
precedence flash
flash
class
class Class3
Class3
set ip precedence 5
!!
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-111
IP precedence is encoded into the three high-order bits of the ToS field in the IP
header. It supports eight classes of which two are reserved and should not be used
for user-defined classes (IP precedence 6 and 7). IP precedence 0 is the default
value and is usually used for the best-effort class. The set ip precedence
command marks packets of a class with the specified precedence value.
9-104 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Configuring IP DSCP Marking
Router(config-pmap-c)#
set ip dscp dscp
• Mark IP packets with the specified DSCP value
• DSCP can be set using a value (0 to 63) or a corresponding
name (e.g af11, af12, af13, af21, ef, cs1, default)
policy-map
policy-map SetDSCP
SetDSCP
class
class Class1
Class1
set ip dscp af11
class
class Class2
Class2
set ip dscp af21
class
class Class3
Class3
set ip dscp ef
!!
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-112
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-105
Configuring QoS Group Marking
Router(config-pmap-c)#
set qos-group qos-group
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-113
Class-based Marking can mark packets with the QoS group value. The QoS
group is a parameter that is local to the router where it is set. It is not part of any
header. It is usually set on an input interface and later examined (matched) on
output interfaces. Once the packet is transmitted, the QoS-group information is
lost, and the next router must reclassify and mark the packet. QoS group supports
up to 100 distinct values (classes). The set qos-group command is used to set
the QoS group value to a packet inside a router. Values from 0 to 99 can be used
to mark packets.
9-106 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Configuring MPLS Marking
Router(config-pmap-c)#
set mpls experimental exp-bits
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-114
Cisco IOS also supports marking of MPLS frames, which is used to set MPLS
CoS parameters. The three EXP(erimetal) bits inside the MPLS label are used,
and the set mpls experimental command is used within the MQS to mark MPLS
frames with CoS information. Values from 0 to 7 can be used to mark MPLS
frames.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-107
Configuring LAN Marking
Router(config-pmap-c)#
set cos cos
• Mark frames with the specified value (0 to 7)
• The value applies to the Class of Service bits with the IEEE
802.1Q encapsulation or Priority bits with the ISL encapsulation
• The command can only be used on output LAN interfaces that
are using one of the two mentioned encapsulations
policy-map
policy-map SetCoS
SetCoS
class
class Class1
Class1
set cos 1
class
class Class2
Class2
set cos 2
class
class Class3
Class3
set cos 3
!!
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-115
The IEEE 802.1p standard specifies a standard for delivering QoS in local area
networks (LANs). Packets are marked with three CoS bits, where CoS values
range from zero for low-priority to seven for high-priority. CoS can only be applied
on trunks, because only there is an encapsulation available with space for the bits:
n Inter-Switch Link (ISL) frame headers have a 1-byte User field that carries
the CoS value in the three least significant bits.
n IEEE 802.1p and 802.1q frame headers have a 2-byte Tag Control Information
field that carries the CoS value in the three most significant bits, which are
called the User Priority bits.
Other frame types cannot carry CoS values.
In general, Layer 2 switches can examine, use, or alter MAC layer markings, not
IP precedence or DSCP settings, since those are Layer 3. Layer 2 markings are
generally applied on egress trunk ports.
9-108 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Configuring Frame Relay DE
Marking
Router(config-pmap-c)#
set fr-de
• Mark packets with the Frame Relay Discard Eligibility (DE) bit
value 1
• Do not use the command to mark frames with the default value 0
• The command can only be used on output Frame Relay
interfaces
policy-map
policy-map SetFR
SetFR
class
class Class1
Class1
set fr-de
fr-de
class
class Class2
Class2
class
class Class3
Class3
set fr-de
fr-de
!!
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-116
The user can specify which Frame Relay packets have low priority or low time
sensitivity and will be the first to be dropped when a Frame Relay switch is
congested. The mechanism that allows a Frame Relay switch to identify such
packets is the discard eligible (DE) bit. This bit is set for all packets of a class with
the set fr-de command.
This feature requires that the Frame Relay network be able to interpret the DE bit.
Some networks take no action when the DE bit is set. Other networks use the DE
bit to determine which packets to discard. The most desirable interpretation is to
use the DE bit to determine which packets should be dropped first and also which
packets have lower time sensitivity.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-109
Configuring ATM CLP Marking
Router(config-pmap-c)#
set atm-clp
• Mark cells of packets with the ATM Cell Loss Priority (CLP) bit
value 1
• Do not use the command to mark cells with the default value 0
• The command can only be used on output ATM interfaces
policy-map
policy-map SetATM
SetATM
class
class Class1
Class1
set atm-clp
atm-clp
class
class Class2
Class2
class
class Class3
Class3
set atm-clp
atm-clp
!!
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-117
The ATM CLP Setting feature somewhat allows users to extend their IP QoS
policies into an ATM network by setting the ATM CLP bit in ATM cells based on
the IP Precedence value of the packets being sent. As congestion occurs in the
ATM network, cells with the CLP bit set are more likely to be dropped, resulting in
improved network performance for high priority traffic and applications. The set
atm-clp command marks packets of a class with the ATM CLP bit as a part of an
input or output policy.
9-110 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Monitoring and Troubleshooting
CB-Marking
Service-policy
Service-policy input:
input: SetMPLS
SetMPLS (1837)
(1837)
Class-map:
Class-map: Class1
Class1 (match-any)
(match-any) (1839/12)
(1839/12)
00 packets,
packets, 00 bytes
bytes
30
30 second
second offered
offered rate
rate 00 bps,
bps, drop
drop rate
rate 00 bps
bps
Match:
Match: qos-group
qos-group 11 (1843)
(1843)
00 packets,
packets, 00 bytes
bytes
30
30 second
second rate
rate 00 bps
bps
QoS
QoS Set
Set
mpls
mpls experimental
experimental 11
Class-map:
Class-map: Class2
Class2 (match-any)
(match-any) (1847/13)
(1847/13)
00 packets,
packets, 00 bytes
bytes
30
30 second
second offered
offered rate
rate 00 bps,
bps, drop
drop rate
rate 00 bps
bps
Match:
Match: qos-group
qos-group 22 (1851)
(1851)
00 packets,
packets, 00 bytes
bytes
30
30 second
second rate
rate 00 bps
bps
QoS Set
QoS Set
mpls
mpls experimental
experimental 22
...
...
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-118
The show policy-map interface command displays all service policies applied to
the interface. Among the settings, marking parameters and statistics are displayed.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-111
MQC
Compatibility Matrix
CB QoS Configuration Supported Can be combined with the following
mechanism command directions Class--based mechanisms
Class
WFQ bandwidth output WRED, Shaping, Policing, Marking
LLQ
LLQ priority output Shaping, Policing, Marking
WRED random--detect
random output WFQ, LLQ
Policing police input/output
input/output WRED, Shaping, WFQ, LLQ, Marking
Shaping shape output WRED, Policing, WFQ,
WFQ, LLQ,
LLQ, Marking
Marking
Marking set input/output
input/output WRED, Policing, Shaping, WFQ, LLQ
© 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy-119
The figure shows the compatibility matrix of all QoS mechanisms within the
CB-WFQ system that can be configured via the Cisco IOS MQC. Supported
combinations of features are shown, as well as their processing sequence, and
applicability on input and output interfaces.
9-112 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Summary
n Class-based Marking is the most flexible Cisco IOS marking tool
n Class-based Marking is implemented as a part of the CB-WFQ system
n Class-based Marking supports marking of IP packets and a variety of Layer-2
frames
Lesson Review
1. Which parameters can be set using CB-Marking?
2. Can CB-Marking be used on input?
3. Can CB-Marking be combined with any other QoS mechanisms?
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-113
Summary
After completing this module, you should be able to perform the following tasks:
n Describe the policy part of the Modular QoS CLI
n Configure packet marking with modular CLI
n Configure policing and shaping with modular CLI
n Configure class-based WFQ with modular CLI
n Configure congestion avoidance mechanisms (WRED) with modular CLI
n Configure low-latency queuing
n Monitor and troubleshoot policy maps
9-114 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Review Questions and Answers
Service Policy
Question: What are the benefits of using MQC?
Answer: Template-based configuration; new classification options can be used
with any MQC-based QoS mechanism.
Question: How many classes can be used for one service policy?
Answer: The MQC allows up to 256 classes to be defined. One service policy
can use any number of classes. CB-WFQ is limited to 64 classes.
Class-based WRED
Question: How does WRED supplement CB-WFQ?
Answer: WRED is used to prevent congestion within a class queue.
Question: Can WRED be combined with flow-based WFQ in the default class?
Answer: Yes.
Question: Which two operational modes does WRED support?
Answer: IP-precedence-based and DSCP-based.
Question: How many profiles does WRED support?
Answer: 8 profiles for IP-precedence-based WRED and 64 profiles for DSCP-
based WRED.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-115
Class-based Low-latency Queuing
Question: What advantages does CB-LLQ have over IP RTP Prioritization?
Answer: CB-LLQ can use any classification supported by class maps. IP RTP
Prioritization can only classify based on a range of UDP port numbers.
Question: What guarantees does CB-LLQ provide?
Answer: CB-LLQ provides a bandwidth guarantee and minimum-delay
forwarding of packets.
Class-based Policing
Question: What do CAR and Class-based Policing do?
Answer: CAR and Class-based policing are primarily used to limit the rate of a
traffic cla ss by dropping excess packets.
Question: What are the main differences between CAR and Class-based Policing?
Answer: Class-based Policing uses the MQC and supports three different actions
(confirm, exceed and violate).
Question: What marking options does Class-based Policing support?
Answer: IP precedence, DSCP, MPLS experimental bits, QoS group, Frame Relay
DE bit, ATM CLP bit.
Question: What actions does do Class-based Policing support?
Answer: CB-Policing supports the following actions: transmit, drop and set
(marker). A different action can be used depending on whether a packet conforms,
exceeds or violates the policy.
Class-based Shaping
Question: What are the main differences between CB-Policing and CB-Shaping?
Answer: CB-Shaping polices bandwidth by delaying exceeding packets instead
of dropping them.
Question: What two shaping methods does CB-Shaping support?
Answer: CB-Shaping supports shaping to average or peak rate.
Class-based Marking
Question: Which parameters can be set using CB-Marking?
Answer: CB-Marking can mark packets with the following markers: IP
Precedence, IP DSCP, QoS Group, MPLS Experimental bits, IEEE 802.1Q or ISL
CoS/Priority bits, Frame Relay DE bit, ATM CLP bit
9-116 IP QoS Modular QoS CLI Service Policy Copyright 2001, Cisco Systems, Inc.
Question: Can CB-Marking be used on input?
Answer: Yes.
Question: Can CB-Marking be combined with any other QoS mechanisms?
Answer: Yes. CB-Marking can be combined with WRED, Policing, Shaping,
WFQ, LLQ.
Copyright 2001, Cisco Systems, Inc. IP QoS Modular QoS CLI Service Policy 9-117
10
IP over ATM
Overview
This module focuses on IP QoS mechanisms that can be used on ATM interfaces.
It includes the following topics:
n Introduction to IP over ATM
n Per-VC WRED
n VC Bundling
n Per-VC CB-WFQ
n RSVP to SVC Mapping
Objectives
Upon completion of this module, you will be able to perform the following tasks:
n List the requirements of IP QoS in combination with ATM QoS
n Describe the hardware and software requirements for advanced IP QoS
mechanisms on ATM interfaces
n Describe per-VC queuing
n Describe and configure per-VC WRED
n Describe and configure VC bundling
n Describe and configure per-VC CB-WFQ
n Describe RSVP to SVC mapping
n Monitor and troubleshoot IP QoS on ATM interfaces
Introduction to IP over ATM
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe the QoS-related problems when using ATM networks
n Describe the hardware and software requirements for advanced IP QoS
mechanisms on ATM interfaces
n Describe per-VC queuing
IP ATM
• Connectionless • Connection oriented
• Per-packet QoS (IP • Per-connection (virtual
precedence) circuit) QoS
• Small number of service • Large number of QoS
classes traffic classes (CBR,
• IP precedence or DSCP VBR, UBR, ABR)
does not encode • Rich traffic parameters
service parameters (PCR, MCR, SCR ...)
specified for each VC
The Internet Protocol (IP) is a routed protocol that is used to transmit data in
packets. It uses the best-effort delivery for individual packets without any flow
control. Transmission Control Protocol (TCP) is used with IP to provide a
connection-oriented service.
Asynchronous Transfer Mode (ATM), on the other hand, provides connections
between endpoints in the ATM network. The connections are called virtual circuits
(VCs).
IP’s default best effort service can be supplemented by differentiated quality of
service based on IP precedence or DSCP marking. A QoS solution using IP
precedence is limited to 8 classes, 2 of which are reserved and 1 should be used
for the default best-effort class. A QoS solution using DSCP scales up to 64
classes.
ATM provides a wider range of services:
n Constant Bit Rate (CBR) is useful for delay-sensitive applications such as
voice. This service provides bandwidth and delay guarantees.
n Variable Bit Rate—Real Time (VBR-RT) is useful for burstier delay-sensitive
applications. This service provides bandwidth and delay guarantees.
n Variable Bit Rate—Non Real Time (VBR-NRT) is useful for bursty traffic.
This service provides bandwidth guarantees.
n Available Bit Rate (ABR) is useful for best-effort traffic that is allowed more
bandwidth, when available or configured. This service provides bandwidth
guarantees and access to extra bandwidth.
n Unspecified Bit Rate is useful for the real best effort where there are no
guarantees.
Achieving good quality of service for IP classes greatly depends on the type of
ATM network and services used.
n Using UBR, prevents routers from detecting congestion in the network. It is
therefore difficult to manage congestion based on IP precedence or DSCP.
The reason for this is because all packet drops happen on the congested link
somewhere in the ATM network.
n VBR makes it easier to push congestion back to the source where it can be
managed by routers.
n CBR is typically used for non-bursty delay sensitive traffic. It is therefore
more important to prevent congestion by correctly provisioning the class that is
using CBR.
n ABR is a good solution where bandwidth can be utilized to the maximum
without having many drops in the ATM network.
No congestion
Router allowed to Congestion
send at full speed
• Solution:
– Set CLP on the router based on IP information to minimize the
effect of cell drops
• Solution:
– Set CLP on the router based on IP information
– Use available IP QoS mechanisms to manage congestion at the
source
© 2001, Cisco Systems, Inc. IP QoS IP over ATM-9
A solution using VBR is better at providing feedback to routers sending cells into
the ATM network. Congestion will occur on a router’s virtual circuit, where it can
be managed by using the QoS mechanisms available in the Cisco IOS software.
CLP marking can be used for less-important packets or for those packets above
the Sustained Cell Rate (SCR) to improve the chances for higher-priority packets
when congestion occurs in the ATM network.
The rt-VBR service category supports time-sensitive applications, which also
requires constrained delay and delay variation requirements, but which transmit at
a time varying rate constrained to a PCR, SCR, and MBS define a traffic contract
in terms of the worst-case source traffic pattern for which the network guarantees
a specified QOS. Examples of such bursty, delay-variation-sensitive sources are
voice and variable -bit-rate video.
The nrt-VBR service category supports applications that have no constraints on
delay and delay variations, but which still have variable -rate, bursty traffic
characteristics. This class of application expects a low Cell Loss Ratio (CLR).
The traffic contract is the same as that for rt-VBR. Applications include packet
data transfers, terminal sessions, and file transfers. Networks may statistically
multiplex these VBR sources effectively.
Congestion!
Router is sending
at configured rate.
• Solution:
– Use available IP QoS mechanism to handle congestion at the
source
CBR virtual circuits, are used for delay-sensitive traffic. This traffic should not
experience congestion due to keeping the quality of data being transmitted. If
congestion occurs, it can be managed by the IP layer using the IP QoS
mechanisms on the router’s ATM interface.
The CBR service category supports real-time applications requiring a fixed
amount of capacity defined by the PCR. CBR supports tightly constrained
variations in delay. Example applications are voice, constant-bit-rate video, and
Circuit Emulation Services (CES). Normally, networks must allocate the peak rate
to these types of source.
The ABR service category works in cooperation with sources that can change
their transmission rate in response to rate-based network feedback used in the
context of closed-loop flow control. The aim of ABR service is to dynamically
provide access to capacity currently not in use by other service categories to users
who can adjust their transmission rate in response to feedback. In exchange for
this cooperation by the user, the network provides a service with very low loss.
Applications specify a maximum transmit-rate (PCR_ and the minimum required
rate, called the Minimum Cell Rate (MCR). ABR service does not provide
bounded delay variation; hence real-time applications are for ABR are LAN
interconnection, high-performance file transfers, database archival, non-time-
sensitive traffic, and web browsing.
VC 1/76
ATM
Per-VC queuing with per-VC hardware
congestion management shaping
One of the most important parts of implementing QoS is to make ATM virtual
circuits appear as physical interfaces on routers; that is, each VC must have its
own queue (per-VC queuing). Per-VC queuing prevents one congested VC from
slowing down other VCs (head-of-line blocking).
Per-VC queuing can then be supplemented by various IP QoS mechanisms, such
as:
n WRED
n CAR
n CB-WFQ
n CB-LLQ
n CB-Policing
n CB-Shaping
n CB-Marking
CB-Marking and CB-Policing can also be used to set the CLP bit.
Review Questions
Answer the following questions:
1. What are the main differences between IP and ATM?
2. Which QoS services does ATM support?
3. How should congestion be handled when an ATM backbone is used?
4. Why is per-VC queuing so important?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe per-VC WRED
n Configure per-VC WRED
n Monitor and troubleshoot per-VC WRED
Traffic
Threshold Exceeded Shaping
VIP2-50 PA-A3-XX
VC1
VC2
VC3
No discard
Per-VC Per-VC on PA
WRED: Queues
Intelligent Discard
Per-VC queuing requires an Enhanced ATM Port Adapter that support up to 4096
cell queues. Each virtual circuit is assigned a queue and the ATM scheduler
forwards cells according to the ATM service and shaping parameters.
The router (or VIP on Cisco 7x00 series routers) also assigns one queue per virtual
circuit.
Cell departure is shaped if ABR, VBR or CBR services are used, thus causing
congestion in the frame queue if packet arrival is greater than the shaping rate in
ATM. Per-VC WRED can be used to manage congestion within individual queues
(classes).
Router(config)#
random-detect-group name
name
Note The default WRED parameter values are based on the best available data.
Cisco recommends that you do not change the parameters from their default
values unless you have determined that your applications will benefit from the
changed values.
Router#
show
show queueing random-detect
random-detect [interface
[interface intf [vc vpi vci
vci ]]
]]
Router#
show
show queueing interface
interface interface [vc vpi
vpi vci]
vci]
The case study shows a QoS design where packets are classified into three user
classes:
n Best-effort class
n Premium class
n Voice class
The Best-effort and Premium classes use two IP precedence values to mark
high-drop (out-of-contract) traffic and low-drop (within contract) traffic.
IP precedence values 6 and 7 are reserved for control messages (for example,
routing protocols) and should not be used for user traffic.
The design lists these two additional requirements:
n Virtual circuits faster than 10Mbps should have queues that can hold up to 100
packets
n Slower virtual circuits can store up to 40 packets in the queue
All virtual circuits should manage congestion by using WRED.
Packet Discard
Probability
VoIP
Precedence 3
Routing
Precedence 1
0.1
Precedence 2
Precedence 0
Average
Queue Size RSVP
10
15
20
25
30
35
37
© 2001, Cisco Systems, Inc. IP QoS IP over ATM-24
The figure illustrates the WRED parameters that should be implemented for fast
and slow virtual circuits. The minimum and maximum thresholds should reflect a
different maximum queue size for fast VCs (100 instead of 40).
High drop Best-effort and Premium packets start being dropped when the average
queue size reaches 10 or 15 respectively (25 or 37 on fast VCs). If the queue still
grows the low-drop Best-effort packets start being dropped when the queue size
reaches 20 (50 on fast VCs). High drop packets, of course, are more aggressively
dropped than low-drop packets.
Control packets, VoIP packets and packets of RSVP flows are only dropped in
extreme situations when the average queue size is close to the maximum (40 for
slow VCs and 100 for fast VCs).
The figure shows the configuration of WRED profiles used for slow VCs.
The figure shows the configuration of WRED profiles used for fast VCs.
Note This configuration simply uses scaled thresholds to support up to 100 packets
in the queue.
The figure shows the configuration of three virtual circuits. Two are using the
WRED profile for fast VCs and the third is using the WRED profile for slow VCs.
Review Questions
Answer the following questions:
1. What are the benefits of per-VC WRED?
2. What are the configuration steps needed to enable per-VC WRED?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe VC bundling
n Configure VC bundling
n Monitor and troubleshoot VC bundling
Control (routing)
Voice
VPN traffic
Premium Internet
Best-effort Internet
The figure illustrates a case study where there are four user classes and one class
for control traffic.
Routers perform classification based on IP precedence values:
n IP precedence 6 and 7 traffic is forwarded through the Control VC
n IP precedence 5 traffic is forwarded through the Voice VC
n IP precedence 4 traffic is forwarded through the VPN VC
n IP precedence 2 and 3 traffic is forwarded through the Premium VC
n IP precedence 0 and 1 traffic is forwarded through the Best-effort VC
Control (routing)
Voice
VPN traffic
Premium Internet
Each VC has its own HW queue in the
Best-effort Internet
router, managed with WRED
All five classes are separated in the ATM network and receive different quality of
service. Routers have to perform per-VC queuing to prevent head-of-line blocking.
All five virtual circuits, though, appear as one single point-to-point link on the IP
layer.
Control (routing)
Voice
VPN traffic
Premium Internet
Best-effort Internet
Control (routing)
Voice
VPN traffic
Best-effort Internet
n VC bumping is one approach to handling lost VCs. If one of the VCs goes
down the traffic from that VC is forwarded through another VC in the same
bundle.
n Implicit bumping is the default behavior where packets are forwarded
through the first available VC of a lower IP precedence value.
n Explicit bumping requires manual configuration where the IP precedence of
a backup VC is set.
Control (routing)
Voice
VPN traffic
Best-effort Internet
The figure illustrates how routers automatically reroute Premium traffic to the first
VC with a lower IP precedence value (Best-effort in the example).
Rejects
Voice
bumping
VPN traffic
Premium Internet
Best-effort Internet
Bump explicitely
to precedence 0
Voice
VPN traffic
Premium Internet
Best-effort Internet
Voice
VPN traffic
Premium Internet
Whole bundle
Precedence 0 traffic
is lost cannot be implicitly
bumped
In this figure the VC used for IP precedence 0 does not have a lower-precedence
VC to be used as backup. It is recommended to use explicit bumping for this VC.
Control (routing)
Voice VC is
protected VC
VPN traffic
Premium Internet
Whole bundle
is lost Best-effort Internet
Some VCs have special QoS requirements that cannot be accommodated by any
other VC.
The Voice VC in the figure cannot be bumped to any other VC because the voice
quality would no longer meet the requirements. It is better to declare the entire
bundle down and let the IP routing protocol find another path where guarantees
can be met. Classes that under no circumstances should be mixed with other
classes should reject bumped traffic (if a higher-precedence VC fails) and be
protected (if their VC fails).
Control (routing)
Voice
One group of VCs can be protected in a way where the bundle is declared down
but only if all of the VCs in the group fail.
To summarize bumping:
n Default implicit bumping is used to find the first-lower precedence VC that
accepts bumped traffic and is operational.
n Explicit bumping can be used to select the backup VC. If the backup VC is
down, that VC’s rules are used to find the backup of the backup VC.
n Individual VCs can be configured to reject bumped traffic. Bumped traffic will
skip such VCs.
n An individual VC can be protected. If a protected VC fails the entire bundle is
declared down.
n A collection of VCs can belong to a protected group. If all VCs in the
protected group fail the entire bundle is declared down.
Traffic is restored to the original VC the moment it becomes operational.
• Configuration steps:
– Configure ATM interface
– Configure VC bundle
– Configure individual VC in the bundle
– Optionally use VC-class object as VC parameter
template
The figure lists the parameters that can be set on a bundle or a vc-class template.
Individual member VCs inherits the parameters if they are not overridden in the
VC configuration.
Router(config-if)#
bundle
bundle bundle-name
bundle-name
class
class vc-class-name
vc-class-name
oam-bundle
oam-bundle [manage] [frequency]
[frequency]
bump
bump {implicit
{implicit || explicit
explicit precedence-level
precedence-level || traffic}
traffic}
encapsulation
encapsulation atm-encap
atm-encap
protocol
protocol atm-map-parameters …
[no]
[no] broadcast
broadcast
inarp
inarp timeout
timeout
Use the bundle interface command to enter the bundle configuration mode.
Parameters specific to this bundle should be configured on the bundle. Parameters
that are common to multiple bundles should be configured in a template (VC class)
and attached to the bundle using the class-bundle command.
The command used to attach VC class templates differs, depending on which
configuration mode is used:
n The class-int interface command is used to attach a VC class to an interface
n The class-bundle command is used to attach a VC class to a bundle
n The class-vc command is used to attach a VC class to a virtual circuit
Router(config-atm-vc)#
bump
bump implicit
implicit
• Configures implicit bumping rules for the bundle or
individual VC in the bundle
• If the VC fails, the traffic is bumped to the VC
carrying lower-precedence traffic
Router(config-atm-vc)#
bump
bump explicit
explicit precedence
precedence
• Configures explicit bumping rules for the bundle or
individual VC in the bundle
• If the VC fails, the traffic is bumped to the VC
currently carrying packets with specified IP
precedence
© 2001, Cisco Systems, Inc. IP QoS IP over ATM-52
The bump implicit command, depending on the mode, applies implicit bumping
rules, which is also the default, to a single VC bundle member (bundle -vc mode) or
all VCs in the bundle (bundle mode). The (default) implicit bumping rule stipulates
that bumped traffic is to be carried by a VC with a lower precedence.
The bump implicit command specifies the IP precedence level to which traffic on
a VC (bundle -vc mode) will be bumped when the VC goes down. It specifies a
single number as the value of the precedence-level argument.
Router(config-atm-vc)#
no
no bump
bump traffic
traffic
Router(config-atm-vc)#
bump
bump traffic
traffic
Use the no bump traffic command to reject bumped traffic on the configured VC.
Use the bump traffic command to restore the default behavior.
Router(config)#
class-vc
class-vc vc-class-name
vc-class-name
precedence
precedence [other | range ]
bump
bump {implicit
{implicit | explicit precedence-level
precedence-level | traffic}
protect
protect {group
{group | vc }
ubr
ubr || ubr+
ubr+ || vbr-nrt
vbr-nrt atm-qos-parameters
random-detect
random-detect [attach group-name]
Router(config-if)#
bundle bundle-name
pvc
pvc name
name [vpi/]vci
class vc-class-name
vc-class-name
precedence
precedence [other
[other || range
range ]
bump {implicit
{implicit || explicit
explicit precedence-level
precedence-level | traffic}
protect {group | vc}
ubr
ubr || ubr+
ubr+ || vbr-nrt
vbr-nrt atm-qos-parameters
random-detect
random-detect [attach group-name]
group-name]
Router(config-atm-vc)#
protect
protect {{ group
group || vc
vc }}
Use the protect vc command to protect a virtual circuit. Use the protect group
command to make the VC a member of the protected group.
When a protected VC goes down, it takes the bundle down. When all members of
a protected group go down, the bundle goes down.
The figure shows the inheritance rules for parameters set on interfaces, bundles,
VC classes or individual VCs. The parameters configured on individual VCs
override all inherited values.
The figure illustrates a case study where there are four user classes and one class
for control traffic.
Routers perform classification based on IP precedence values:
n IP precedence 6 and 7 traffic is forwarded through the Control VC
n IP precedence 5 traffic is forwarded through the Voice VC
n IP precedence 4 traffic is forwarded through the VPN VC
n IP precedence 2 and 3 traffic is forwarded through the Premium VC
n IP precedence 0 and 1 traffic is forwarded through the Best-effort VC
Per-VC WRED is the only IP QoS mechanism that will be used on the routers to
manage congestion.
The first part of the implementation shows the templates (VC classes) that will be
used for individual virtual circuits (classes) and one for the bundle.
The figure shows the configuration of the bundle with five individual VCs. Each
VC is configured with the PVC type and parameters. All other configuration
parameters are inherited from the VC classes attached to individual VCs and the
VC class attached to the bundle.
Review Questions
Answer the following questions:
1. How does VC Bundling classify IP packets?
2. Which QoS mechanisms are used when using VC Bundling?
3. How many parallel VCs can be used for one IP adjacency?
4. How many IP precedence values can map into one VC?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe per-VC CB-WFQ
n Configure per-VC CB-WFQ
n Monitor and troubleshoot per-VC CB-WFQ
Per-VC queuing can be supplemented by using the Modular QoS CLI (MQC).
ATM PVCs can be combined with any QoS mechanism available with the MQC:
n CB-WFQ for bandwidth management
n CB-LLQ for delay management
n CB-Marking
n CB-Shaping
n CB-Policing
CB-Marking and CB-Policing also include the capability to mark cells with the Cell
Loss Priority (CLP) bit.
Subinterface
PVC 0/50 ATM1/0/0.1
PVC 0/51
Interface
CB-WFQ ATM1/0/0
PVC 0/52
PVC 0/53
Subinterface
PVC 0/54 ATM1/0/0.2
The figure illustrates an ATM interface with two configured subinterfaces. The
first subinterface uses two ATM PVCs, the second subinterface uses three ATM
PVCs.
A service policy can be applied to an entire ATM interface.
Subinterface
PVC 0/50 ATM1/0/0.1
CB-WFQ
PVC 0/51
Interface
PVC 0/52 ATM1/0/0
Subinterface
CB-WFQ
PVC 0/50 ATM1/0/0.1
CB-WFQ
PVC 0/51
Interface
CB-WFQ
PVC 0/52 ATM1/0/0
CB-WFQ
PVC 0/53
Subinterface
CB-WFQ
PVC 0/54 ATM1/0/0.2
The example shows how a service policy is used in simple ATM configurations
where the main interface is used to establish IP adjacency. The service policy is
attached directly to the interface.
ATM5/0/0.1
ATM5/0/0.1
Service-policy
Service-policy output:
output: Smart
Smart (1755)
(1755)
Class-map:
Class-map: CorporateTraffic
CorporateTraffic (match-all)
(match -all) (1757/42)
(1757/42)
00 packets,
packets, 00 bytes
bytes
55 minute
minute offered
offered rate
rate 00 bps,
bps, drop
drop rate
rate 00 bps
bps
Match:
Match: access-group
access-group 100100 (1761)
(1761)
queue size 0, queue limit
queue size 0, queue limit 25002500
packets
packets output
output 0,
0, packet drops 0
tail/random
tail/random drops
drops 0,
0, no
no buffer
buffer drops
drops 0,
0, other
other drops
drops 00
Bandwidth:
Bandwidth: kbps
kbps 10000,
10000, weight
weight 29
29
...
...
Use the show policy-map interface command to display the parameters and
statistics of input and output policies attached to interfaces.
This command displays information about all classification options and the attached
QoS mechanisms.
Use the show queueing exec command to list all, or selected, configured queuing
strategies.
Review Questions
Answer the following question:
1. Where can CB-WFQ be attached on ATM interfaces?
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe RSVP to SVC mapping
n Configure RSVP to SVC mapping
n Monitor and troubleshoot RSVP to SVC mapping
The RSVP-ATM QoS Interworking feature provides support for Controlled Load
Service using RSVP over an ATM core network. This feature requires the ability
to signal for establishment of switched virtual circuits (SVCs) across the ATM
cloud in response to RSVP reservation request messages. To meet this
requirement, RSVP over ATM supports mapping of RSVP sessions to ATM
SVCs.
SVC
RSVP RSVP
Traditionally, RSVP has been coupled with WFQ. WFQ provides bandwidth
guarantees to RSVP and gives RSVP visibility to all packets visible to it. This
visibility allows RSVP to identify and mark packets pertinent to it.
The RSVP-ATM QoS Interworking feature provides the capability to decouple
RSVP from WFQ, and instead associate it with ATM SVCs to handle reservation
request messages (and provide bandwidth guarantees), and NetFlow to make
packets visible to RSVP.
Cell 1 Cell 2
ATM AAL5SNAP IP ATM
Voice Data Voice Data Unused
Header Header Header Header
5 5 43 5 48
Minimum IP packet
Bandwidth requested size
by RSVP
• Peak Cell Rate uses the same formula except it is based on the
line rate or the configured peak cell rate
© 2001, Cisco Systems, Inc. IP QoS IP over ATM-82
To ensure correspondence between RSVP and ATM SVC values, the software
algorithmically maps the rate and burst size parameters in the RSVP service
parameters to the ATM Sustained Cell Rate (SCR) and Maximum Burst Size
(MBS). For the Peak Cell Rate (PCR), it uses the value that is configured or it
defaults to the line rate.
The figure illustrates the formula used to calculate the ATM service parameters
from the RSVP service parameters. RSVP does not include the Layer-2 overhead,
which is difficult to calculate for ATM. Layer-3 packets are first framed
(AAL5SNAP header is prepended) and then segmented in 48-byte cells. Each cell
has an additional 5 bytes of overhead.
In addition to RSVP mapping into SVCs, individual virtual circuits can use IP
precedence or ToS marking and WRED for congestion management.
Router(config-if)#
ip rsvp bandwidth reservable-bw max-flow-bw
Note RSVP cannot reserve more than 75% of the default or configured interface
bandwidth.
Router(config-if)#
ip rsvp svc-required
Router(config-if)#
ip rsvp precedence {conform | exceed} precedence
precedence
Packets in an RSVP reserved path are divided into two classes: those that conform
to the reservation service parameters and those that correspond to a reservation
but exceed, or are outside, the reservation service parameters.
The ip rsvp precedence interface command allows the IP Precedence values to
be set to be applied to packets belonging to these two classes. The IP Precedence
value for at least one class of traffic must be set when this command is used. A
single instance of the command can be used to specify values for both classes, in
which case the conform and exceed keywords can be specified in either order.
As part of its input processing, RSVP uses the ip rsvp precedence command to
set the IP Precedence bits on conforming and nonconforming packets. If per-VC
dWRED is configured, the system uses the IP Precedence and ToS bit settings on
the output interface in its packet drop process. The IP Precedence setting of a
packet can also be used by interfaces on downstream routers.
Execution of the ip rsvp precedence command causes IP Precedence values for
all preexisting reservations on the interface to be modified.
RSVP receives packets from the underlying forwarding mechanism. Therefore,
before the ip rsvp precedence command is used to set IP Precedence, one of
the following features is required:
n Weighted Fair Queuing (WFQ) must be enabled on the interface
n RSVP switched virtual circuits (SVCs) must be used in combination with
NetFlow
interface
interface ATM2/1/0
ATM2/1/0
ip
ip address
address 10.1.1.1
10.1.1.1 255.255.255.0
255.255.255.0
ip
ip rsvp
rsvp bandwidth
bandwidth 10000
10000 10000
10000
ip
ip rsvp
rsvp svc-required
svc-required
ip route-cache
ip route-cache flowflow
ip
ip rsvp
rsvp precedence
precedence conform
conform 5
5 exceed 0
exceed 0
atm
atm pvc
pvc 11 00 55 qsaal
qsaal
atm
atm pvc
pvc 22 0 16
16 ilmi
ilmi
atm
atm esi-address
esi-address 111111111151.00
111111111151.00
pvc
pvc pvc12
pvc12 0/51
0/51
inarp
inarp 55
broadcast
broadcast
!!
Use the show ip rsvp interface command to display RSVP parameters and
statistics for all RSVP-enabled interfaces.
Field Description
interface Interface name.
allocate Current allocation budget.
i/f max Maximum allocatable bandwidth.
flow max Largest single flow allocatable on this
interface.
pct Percent of bandwidth utilized.
UDP Number of neighbors sending User Datagram
Protocol (UDP)-encapsulated RSVP.
IP Number of neighbors sending IP-encapsulated
RSVP.
UDP_IP Number of neighbors sending both UDP- and
IP-encapsulated RSVP.
Review Questions
Answer the following questions:
1. How does RSVP benefit from using SVCs?
2. What are the necessary configuration steps to enable RSVP-to-SVC?
Per-VC WRED
Question: What are the benefits of per-VC WRED?
Answer: Per-VC WRED allows differentiated congestion avoidance on per-VC
basis.
Question: What are the configuration steps needed to enable per-VC WRED?
Answer: Per-VC WRED requires the configuration of WRED profiles (random
detect groups) which are then attached to individual VCs.
VC Bundling
Question: How does VC Bundling classify IP packets?
Answer: VC Bundling classifies IP packets based on the IP precedence value.
Question: Which QoS mechanisms are used when using VC Bundling?
Answer: A QoS design can rely on the ATM QoS or supplement it by using
per-VC WRED or CB-WFQ.
Question: How many parallel VCs can be used for one IP adjacency?
Per-VC CB-WFQ
Question: Where can CB-WFQ be attached on ATM interfaces?
Answer: CB-WFQ can be used on per-interface, per-subinterface or per-VC
basis.
Overview
This module focuses on the IP QoS mechanisms available in combination with
Multiprotocol Label Switching (MPLS).
Objectives
Upon completion of this module, you will be able to perform the following tasks:
n Describe and configure QoS Mechanisms in Frame-mode MPLS networks
n Describe and configure QoS Mechanisms in Cell-mode MPLS networks
MPLS Introduction
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe basic features of MPLS
n Describe Frame-mode MPLS
n Describe Cell-mode MPLS
23-2 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Basic MPLS Concepts
10.1.1.1 10.1.1.1
L=3
5
L=
Routing lookup
Label removal and
and label assignment
routing lookup 10.0.0.0/8 à L=5
L=3
Label
swapping
L=5 à L=3
The example in the figure illustrates a situation where the intermediary router does
not have to perform a time-consuming routing lookup. Instead this router simply
swaps a label with another label (5 is replaced by 3) and forwards the packet
based on the received label (5).
In larger networks, the result of MPLS labeling is that only the edge routers
perform a routing lookup. All the core routers forward packets based on the labels.
23-4 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
MPLS vs. IP-over-ATM
The example in the figure shows how MPLS is used in ATM networks to provide
optimal routing across layer-2 ATM switches. In order for MPLS to work with
ATM switches, the switches must be layer-3 aware (ATM switches must run a
layer-3 routing protocol).
Another benefit of this setup is that there is no longer a need to manually establish
virtual circuits. ATM switches automatically create a full mesh of virtual circuits
based on layer-3 routing information.
Primary
OC-192 link
Large site A
Large site B
Secondary
OC-48 link
Small site C
MPLS also supports traffic engineering. Traffic engineered tunnels can be created
based on a traffic analysis to provide load balancing across unequal paths.
Multiple traffic engineering tunnels can lead to the same destination but can use
different paths. Traditional IP forwarding would force all traffic to use the same
path based on the destination-based forwarding decision. Traffic engineering
determines the path at the source based on additional parameters (available
resources and constraints in the network).
23-6 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
MPLS Architecture
To better understand the inner workings of MPLS, its two major components
should be clarified:
n Control plane, which takes care of the routing information exchange and the
label exchange between adjacent devices
n Data plane, which takes care of forwarding either based on destination
addresses or labels.
There is a large number of different routing protocols such as OSPF, IGRP,
EIGRP, IS-IS, RIP, BGP, etc. that can be used in the control plane.
The control plane also requires protocols such as TDP (MPLS), LDP (MPLS),
BGP (MPLS/VPNs), RSVP (Traffic Engineering), CR-LDP (Traffic
Engineering), etc. to exchange labels.
The data plane however, is a simple label-based forwarding engine that is
independent of the type of routing protocol or label exchange protocol. A Label
Forwarding Information Base (LFIB) is used to forward packets based on labels.
The LFIB table is populated by the control plane.
Control plane
OSPF
OSPF: 10.0.0.0/8 OSPF: 10.0.0.0/8
Data plane
Labeled packet LFIB Labeled packet
Label 17 4à17 Label 4
23-8 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
MPLS Modes of Operation
MPLS is designed for use on virtually any media and layer-2 encapsulation. Most
layer-2 encapsulations are frame-based and MPLS simply inserts a 32-bit label
between the layer-2 and layer-3 headers (“frame-mode” MPLS).
ATM is a special case where fixed-length cells are used and a label cannot be
inserted on every cell. MPLS uses the VPI/VCI fields in the ATM header as a
label (“cell-mode” MPLS).
23-10 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Frame Mode MPLS
Frame
IP header Payload
header
Layer 2 Layer 3
Routing
lookup and
label
assignment
Frame
Label IP header Payload
header
Layer 2 Layer 2½ Layer 3
The example in the figure shows an edge router that receives a normal IP packet.
The router then performs the following actions:
n A routing lookup to determine the outgoing interface
n A label is assigned and inserted between layer-2 frame header and layer-3
packet header if the outgoing interface is enabled for MPLS and a next-hop
label for the destination exists
n The labeled packet is sent
Other routers in the core simply forward the packet based on the label.
Frame
IP header Payload
header
Layer 2 Layer 3
Frame
Label IP header Payload
header
Layer 2 Layer 2½ Layer 3
ATM AAL5
Cell 1 Label IP header Payload
header header
Layer 2 Layer 2½ Layer 3
ATM
Cell 2 Payload
header
Cell-mode MPLS uses the ATM header’s VPI/VCI fields to make forwarding
decisions while the 32-bit label is still preserved in the frame but not used in the
ATM network. The original label is only present in the first cell of a packet.
23-12 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Label Switch Router
MPLS Domain
Edge
LSR
LSR
MPLS Domain
ATM ATM
Edge LSR
LSR
• ATM LSR can only forward cells
• ATM Edge LSR segments packets into cells and
forwards them into an MPLS ATM domain, or
reassembles cells into packets and forwards them
out of an MPLS ATM domain
© 2001, Cisco Systems, Inc. IP QoS IP over MPLS
23-14 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Architecture of LSRs
LSR
IP routing table
Exchange of
labels
Label distribution protocol
Note LSRs may not be able to forward unlabeled packets either because they are ATM
LSRs, or they do not have all the routing information.
23-16 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Architecture of Edge LSRs
Edge LSR
IP routing table
Exchange of
labels
Label distribution protocol
Incoming
Data plane Outgoing
IP packets IP packets
IP forwarding table
Incoming Outgoing
labeled packets labeled packets
Label forwarding table
Edge LSRs also forward IP packets based on their IP destination addresses and
optionally label them if a label exists.
The following combinations are possible:
n A received IP packet is forwarded based on the IP destination address and
sent as an IP packet.
n A received IP packet is forwarded based on the IP destination address and
sent as a labeled packet.
n A received labele d packet is forwarded based on the label; the label is changed
and the packet is sent.
The following scenarios are possible if the network is misconfigured:
n A received labeled packet is dropped if the label is not found in the LFIB table
even if the IP destination exists in the FIB table.
n A received IP packet is dropped if the destination is not found in the FIB table
even if there is a label-switched path available for the destination.
Review Questions
1. What are the main benefits of MPLS?
2. How is an MPLS label encoded into IP packets?
3. How are labels propagated?
23-18 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Frame-mode MPLS
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe the QoS possibilities in networks using Frame-mode MPLS
n Use MQC to implement QoS with Frame-mode MPLS
23-20 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
MPLS Label Assignment
Frame
IP Payload
Header
IP precedece
MPLS exp
Frame
LABEL IP Payload
Header
The figure lists the QoS mechanisms that can interact with MPLS-specific
information:
n WRED performs random drops based on MPLS experimental values.
n CAR can mark labeled packets with MPLS experimental values. Conforming
and exceeding packets can be marked with different MPLS experimental
values.
n Class-based Policing can mark labeled packets with MPLS experimental
values. Conforming, exceeding and violating packets can be marked with
different MPLS experimental values.
n Class-based Marking can statically mark labele d packets with an MPLS
experimental value.
Other QoS mechanisms (for example: CB-WFQ, CB-LLQ) can be used in
combination with classification that is based on the value of the MPLS
experimental bits.
23-22 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Configuring CB-WFQ for MPLS
Router(config-cmap)#
match mpls experimental exp
Meter
Meter
Yes Forward
Conform or exceed
Conforms?
Conforms? Transmit?
Transmit? or
marking value
Enqueue
No
Go to
Mark?
Mark? Yes
Continue?
Continue? Next
CAR command
Yes No
Set
Set IP
IP prec?
prec? Set
Set IP
IP Precedence
Precedence
Yes Drop
Drop
Set
Set DSCP?
DSCP? Set
Set DSCP
DSCP
Yes
Set
Set MPLS
MPLS exp?
exp? Set
SetMPLS
MPLSExperimental
Experimental
Yes
Set
Set QoS
QoS grp?
grp? Set
Set QoS
QoS Group
Group
Committed Access Rate (CAR) can be used to differentially mark packets based
on the arrival rate of packets within the selected class. If a packet conforms (is
within contract) it is marked with one value, if it exceeds it is marked with a
different value.
CAR also supports recursive processing of packets. One packet can be processed
by multiple rate-limit commands.
23-24 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Configuring
Configuring CAR for MPLS
Router(config-if)#
rate-limit {input | output} {access-group rate-limit
rate-limit acl}
acl} rate B CC BBEE
conform-act {set-mpls-exp-transmit exp
exp | set-mpls-exp-continue
set-mpls-exp-continue exp}
exp}
exceed-act
exceed-act {set-mpls-exp-transmit
{set-mpls-exp-transmit exp | set-mpls-exp-continue exp}
• CAR can mark MPLS packets based on their arrival rate
• CAR supports recursive processing of rate-limit commands
• CAR supports classification based on MPLS experimental bit values by
using rate-limit access list
• Both conform and exceed actions support other actions: transmit,
continue, drop, set-prec-transmit, set-prec-continue, …
interface
interface Serial0/0
Serial0/0
ip
ip address
address 10.1.1.1
10.1.1.1 255.255.255.252
255.255.255.252
rate-limit
rate-limit input 64000 2000 2000
2000 conform
conform set
set-mpls-exp-tr
-mpls-exp-tr 55 exceed
exceed set-
set-
mpls -exp-tr 0
mpls-exp-tr 0
rate-limit
rate-limit output
output 64000
64000 2000
2000 2000
2000 conform
conform set-mpls-exp-tr
set-mpls-exp-tr 55 exceed
exceed set -
set-
mpls -exp-tr 00
mpls-exp-tr
!!
CAR also supports a special rate-limit access list that can match labeled packets
based on their MPLS experimental values.
The action options include the two that can set MPLS experimental values:
n set-mpls-exp-continue: sets the MPLS experimental bits (0 to 7) and
evaluates the next rate-limit command.
n set-mpls-exp-transmit: set the MPLS experimental bits (0 to 7) and
transmits the packet.
Router(config)#
access-list
access-list rate-limit
rate-limit acl {exp | mask
mask mask}
mask}
• The acl index must be between 200 and 299 to select the rate
limit access list for MPLS experimental bits
• Rate limit access lists can be used to match on one or more
MPLS experimental values
• Set one value (exp) to be matched or use the mask option to
match on more values
• Each access list can have only one line
interface
interface Serial0/0
Serial0/0
rate-limit
rate-limit output access-group
access-group rate-limit 200 64000
64000 2000 2000
2000 conform
conform
transmit
transmit exceed
exceed drop
drop
rate-limit
rate-limit input
input access-group
access-group rate-limit
rate-limit 201
201 64000
64000 2000
2000 2000
2000 conform
conform set-
set-
mpls-exp-tr
mpls-exp-tr 00 exceed
exceed set-mpls-exp-tr
set-mpls-exp-tr 00
!!
access-list
access-list rate-limit
rate-limit 200
200 22
access-list
access-list rate-limit
rate-limit 201
201 mask
mask FE
!!
© 2001, Cisco Systems, Inc. IP QoS IP over MPLS
23-26 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
CB-Policing
Class-based Policing is used for the same purpose as CAR. CB-Policing differs
from CAR in the following ways:
n The Modular QoS CLI is used to classify packets.
n It can use two token buckets to determine whether a packet conforms to,
exceeds or violates the policy.
n It does not support recursive processing of packets (the continue option is not
available).
Router(config-pmap-c)#
police avg-rate [BCC [BE]] [conform-action
[conform-action [action]
[exceed-action [action]
[action] [violate-action [action]]]]
[action]]]]
• avg-rate – traffic rate in bps (8.000 to 200.000.000)
• BC – normal burst size dimensions the first token bucket in
bytes (default is 1500 or avg-rate/32; whatever is higher)
• BE – excess burst size dimensions the second token bucket in
bytes (equals BC if not configured)
• action – can be:
- transmit (default conform action)
- drop (default exceed and violate action)
- set-prec-transmit ip-precedence
- set-dscp-transmit dscp
- set-qos-transmit qos-group
- set-mpls-exp-transmit mple-exp
- set frde-transmit
- set-clp-transmit
The figure shows that one of several actions can be used to mark labeled packets
with an MPLS experimental value. Three different values can be used within a
single class depending on whether a packet conforms to, exceeds or violates the
policy.
23-28 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
CB Marking
Class-based Marking can use the classification options available in the Modular
QoS CLI and statically mark classes with the MPLS experimental values.
Implementation limitations should be considered when translating between any pair
of parameters on MPLS domain borders (DSCP to MPLS, IP precedence to
MPLS). MPLS marking is currently only supported on input. Inbound IP packets
can be directly marked with MPLS experimental values. Using the QoS group
parameter is necessary when translating MPLS experimental values back to IP
precedence or DSCP (for example: MPLS to QoS group translation on input and
QoS group to DSCP translation on output). This functionality and these limitations
may change with new IOS versions.
Router(config-pmap-c)#
set mpls experimental exp-bits
policy-map
policy-map SetMPLS
SetMPLS
class
class Class1
Class1 qos-group
qos-group 11
set mpls
mpls experimental
experimental 11
class
class Class2
Class2 qos-group
qos-group 22
set mpls
mpls experimental
experimental 22
class
class Class3
Class3 qos-group
qos-group 22
set mpls
mpls experimental
experimental 33
!!
Use the set mpls experimental command in the policy-map class configuration
mode to mark inbound packets with MPLS experimental values.
The sample configuration shows how a QoS group parameter can be translated
into MPLS experimental bits.
23-30 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
MPLS Translation
Case Study
IP Domain
MPLS Domain
The QoS design in the case study uses DSCP to mark packets. Four classes must
also be managed in the MPLS domain. A translation between DSCP and MPLS is
needed to implement a similar QoS solution in the MPLS domain.
Although standard DSCP values for AF classes seamlessly map to IP precedence
values for backward compatibility it is sometimes necessary to manually translate
markers between DSCP an IP precedence or DSCP and MPLS. For example:
n A QoS design based on IP precedence is using two IP precedence values to
mark packets belonging to one class:
- Class Premium is marked with IP precedence 5 and is guaranteed
low latency
- Class Gold is using IP precedence 4 for conforming (low-drop)
packets and IP precedence 3 for exceeding (high-drop) packets
- Class Silver is using IP precedence 2 for conforming (low-drop)
packets and IP precedence 1 for exceeding (high-drop) packets
- Best effort traffic is marked with IP precedence 0
n When migrating to DSCP-based implementation it is necessary to still support
the old QoS design until the entire network is migrated to support DSCP.
The case study shows how this translation can be done manually.
If the original IP-precedence-based design did not use multiple IP precedence
values per class there should be no need to configure the translation manually. All
class-maps, however, should include class selectors in their match options to
support backward compatibility with IP precedence:
n Matching packets for AF1 requires af11, af12, af13 and cs1 to be matched
23-32 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
MPLS Translation
Case Study Design
IP precedence
DSCP QoS group MPLS exp
IP DSCP MPLE
experimental
EF 5
AF1 low-drop 4
AF1 medium-drop 4
AF1 high-drop 3
AF2 low-drop 2
AF2 medium-drop 2
AF2 high-drop 1
Default 0
class-map
class-map EFEF
match
match ip
ip dscp
dscp ef
ef
class-map
class-map AF1LD
AF1LD interface
interface Serial5/1/0
Serial5/1/0
match
match ip
ip dscp
dscp af11
af11 af12
af12 service-policy
service-policy input DSCP2prec
class-map
class-map AF1HD
AF1HD !!
match
match ip
ip dscp
dscp af13
af13
!!
policy-map
policy-map DSCP2prec
DSCP2prec
class
class EF
EF
set
set ip
ip precedence
precedence 55
class
class AF1LD
AF1LD
set
set ip
ip precedence
precedence 44
class
class AF1HD
AF1HD
set
set ip
ip precedence
precedence 33
!!
The first part of the configuration shows how DSCP is translated to IP precedence
on ingress into the MPLS network. IP precedence is then automatically copied into
MPLS experimental bits.
The default DSCP value equals the default IP precedence value and does not need
to be translated. The EF class does not need to be translated either because the EF
value (101110) is copied as IP precedence into the MPLS experimental field (101),
which equals 5. The configuration for AF2 is not shown in the figure.
23-34 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
MPLS Translation
Case Study Implementation
QoS group
DSCP MPLS exp
Review Questions
1. Which MPLS parameter is used for classification and marking?
2. What is the default value of the MPLS experimental bits?
3. Which QoS mechanisms can be used to set MPLS experimental bits?
23-36 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Cell-mode MPLS
Objectives
Upon completion of this lesson, you will be able to perform the following tasks:
n Describe QoS features available with Cell-mode MPLS
n Implement QoS on interfaces using Cell-mode MPLS
ATM is a Layer-2 technology that does not use frames to transmit Layer-3
packets. Packets are fragmented into fixed-length cells. Cell-mode MPLS makes
use of the ATM header to encode labels into VPI/VCI fields. These fields are only
used to make a forwarding decision. QoS cannot be achieved using MPLS
experimental bits because:
n They are only propagated in the first cell of a packet.
n ATM switches do not look into the payload of cells.
QoS is therefore achieved using multiple labels (up to four).
23-38 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Cell-mode MPLS
Cell-mode MPLS
Frame-mode MPLS
Native IP
The figure illustrates how IP packets can be propagated over a native IP network
(no MPLS and no ATM or with ATM PVCs), a frame-based MPLS network and
a cell-based MPLS network.
QoS is retained when IP packets enter a frame-based MPLS network by copying
the IP precedence bits into MPLS experimental bits.
When labeled packets enter a cell-based MPLS network, QoS is retained by
forwarding the packet through one of four VCs, which are based on the value of
MPLS experimental bits.
Router(config-if)#
mpls atm multi-vc
Cell-mode MPLS uses one single VC for each IP destination. Use the mpls atm
multi-vc interface command to enable routers to request up to four VCs for each
IP destination. Classification is based on the low-order two bits of the MPLS
experimental field (like ToS-based dWFQ).
The table in the figure shows the default mapping of MPLS values into four VCs:
available, standard, premium and control.
Default mapping can be changed using the mpls cos-map and mpls prefix-map
commands.
23-40 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Configuring CoS Mapping
Router(config)#
mpls
mpls cos-map number
A CoS map must be configured to change the default behavior of the translation of
MPLS experimental values into one of four virtual circuits (available, standard,
premium and control).
Classes are identified by the two low-order bits of the MPLS experimental field.
Use the mpls prefix-map command to bind a cos-map to all destinations
permitted by the acl access list.
Note Most MPLS-related commands are available with the starting keyword mpls or
the older tag-switching version. Furthermore, using the mpls keyword results in
the command being automatically translated into the tag-switching version for
compatibility with older IOS versions.
The sample configuration shows that all traffic to network 10.0.0.0/8 uses four
parallel VCs. MPLS experimental bits are mapped using cos-map 10.
Note that only prefix map 10 is properly configured. Prefix map 11 does not have
the corresponding access list and prefix map 21 is missing the CoS map as well.
23-42 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Monitoring and Troubleshooting
Cell-mode MPLS
Router#
show mpls cos-map [cos-map]
Use the show mpls cos-map command to verify the parameters assigned to a
cos-map.
Use the show mpls prefix-map command to display one or all configured prefix
maps with their corresponding access lists and cos-maps.
Using this command helps determine if there is a component missing:
n Access list 101 is not configured for prefix map 11
n Prefix map 21 is missing both the access list and the CoS map
23-44 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Summary
Cell-mode MPLS uses up to four virtual circuits to achieve differentiated quality of
service. Packets are classified based on the two low-order bits of the MPLS
experimental field.
Review Questions
1. How is differentia ted QoS implemented on MPLS-enabled ATM
interfaces?
2. What information is used for classification in cell-mode MPLS?
23-46 World Wide Training Word Templates v1 Copyright 1999, Cisco Systems, Inc.
Review Questions and Answers
MPLS Introduction
Question: What are the main benefits of MPLS?
Answer: Simplified BGP designs, support for MPLS-based VPNs.
Question: How is an MPLS label encoded into IP packets?
Answer: A 32-bit label header is inserted in front of the IP header.
Question: How are labels propagated?
Answer: Labels are propagated between adjacent routers using TDP or LDP.
Frame-mode MPLS
Question: Which MPLS parameter is used for classification and marking?
Answer: The MPLS experimental bits are used to classify and mark labeled
packets.
Question: What is the default value of the MPLS experimental bits?
Answer: Cisco routers copy the IP precedence bits into MPLS experimental
bits.
Question: Which QoS mechanisms can be used to set MPLS experimental bits?
Answer: CAR, Class-based Policing and Class-based Marking.
Cell-mode MPLS
Question: How is differentiated QoS implemented on MPLS-enabled ATM
interfaces?
Answers: By using up to 4 VCs (labels) for each destination.
Question: What information is used for classification in cell-mode MPLS?
Answers: Classification is performed based on the two low-order IP precedence
bits.