campus qo s design simplified (2014 san francisco)

Campus QoS Design—Simplified

BRKCRS-2501

Tim Szigeti

Technical Leader

© 2014 Cisco and/or its affiliates. All rights reserved. BRKCRS-2501 Cisco Public

Campus QoS Design—Simplified

• This session discusses strategic factors driving network QoS designs, including: new applications and business requirements, new industry guidance and best practices and new platforms and technologies

• Cisco QoS strategy for rich media networks will be presented and campus-specific design considerations will be discussed.

• Then platform-specific designs for classification, policing and ingress & egress queuing policies will be detailed for the:

– Cisco Catalyst 3650/3850 series switches

– Cisco Catalyst 4500 (Supervisor 7-E / 8-E) and 4500-X series switches

– Cisco Catalyst 6500 (Supervisor 2T) and 6800 series switches

Session Abstract

3 3


Agenda

• QoS Design Strategy Review

• Campus QoS Design Considerations & Recommendations

• Cisco Catalyst 3650/3850 QoS Design

• Cisco Catalyst 4500 QoS Design


• Summary and References

4 4


QoS Design Strategy Review

• By 2017…

– global IP traffic will triple

– the number of IP devices will be more than triple the global population

– wireless traffic will exceed wired

– half of all IP traffic will be non-PC traffic (smartphones, tablets etc.)

– 80-90% of internet traffic will be video

Macro Trends in Internet Usage

5

http://www.cisco.com/en/US/solutions/collateral/ns341/ns525/ns537/ns705/ns827/white_paper_c11-481360_ns827_Networking_Solutions_White_Paper.html






QoS Design Strategy Review Trends in Voice, Video and Data Media Applications

6

Data

Data Apps

Convergence

Data Apps

• App Sharing • Web/Internet • Messaging • Email

Voice

• IP Telephony

Video

• IP Video Conf

Media Explosion

Data Apps

• App Sharing • Web/Internet • Messaging • Email

Voice

• IP Telephony • HD Audio • Softphone • Other VoIP

Video

• IP Video Conf • Surveillance • Video Telephony • HD Video Conf • VoD Streaming

Unmanaged

• Internet Streaming • Internet VoIP • YouTube • MySpace • Other

Collaborative Media

Ad

-Ho

c A

pp

Tele

Pre

sen

ce

Jab

be

r


QoS Design Strategy Review RFC 4594-Based Strategic QoS Recommendations

Application

Class

Per-Hop

Behavior

Admission

Control

Queuing &

Dropping

Application

Examples

VoIP Telephony EF Required Priority Queue (PQ) Cisco IP Phones (G.711, G.729)

Broadcast Video CS5 Required (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV

Realtime Interactive CS4 Required (Optional) PQ Cisco TelePresence

Multimedia Conferencing AF4 Required BW Queue + DSCP WRED Cisco Unified Personal Communicator, WebEx

Multimedia Streaming AF3 Recommended BW Queue + DSCP WRED Cisco Digital Media System (VoDs)

Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE

Signaling CS3 BW Queue SCCP, SIP, H.323

Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog

Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps

Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution

Best Effort DF Default Queue + RED Default Class

Scavenger CS1 Min BW Queue (Deferential) YouTube, iTunes, BitTorent, Xbox Live

7


QoS Design Strategy Review Business Requirements Will Continue to Evolve and Expand over Time

Critical Data

Realtime

4-Class Model

Best Effort

Signaling / Control Call Signaling

Critical Data

Interactive Video

Voice

8-Class Model

Scavenger

Best Effort

Streaming Video

Network Control

Network Management

Realtime Interactive

Transactional Data

Multimedia Conferencing

Voice

12-Class Model

Bulk Data

Scavenger

Best Effort

Multimedia Streaming

Network Control

Broadcast Video

Call Signaling

8


http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qosmrn.pdf

QoS Design Strategy—At-A-Glance

9



Campus QoS Design Considerations & Recommendations


Agenda







12


Campus QoS Design Considerations

• The primary role of QoS in medianet campus networks is not to control latency or jitter (as it is in the WAN/VPN), but to manage packet loss

• In GE/10GE campus networks, it takes only a few milliseconds of congestion to cause instantaneous buffer overruns resulting in packet drops

• Rich media applications—particularly HD video applications—are extremely sensitive to packet drops, to the point where even 1 packet dropped in 10,000 is discernable by the end-user

The Case for Campus QoS

13


10

80

lin

es o

f H

orizo

nta

l

Re

so

lutio

n

1920 lines of Vertical Resolution (Widescreen Aspect Ratio is 16:9) 1080 x 1920 lines =

2,073,600 pixels per frame

x 3 colors per pixel

x 1 Byte (8 bits) per color

x 30 frames per second

= 1,492,992,000 bps

or 1.5 Gbps Uncompressed

Cisco H.264-based HD Codecs transmit 3-5 Mbps per 1080p image

which represents over 99.67% compression (300:1)

Therefore packet loss is proportionally magnified in overall video quality

Users can notice a single packet lost in 10,000—

Making HD Video One Hundred Times More Sensitive to Packet Loss than VoIP!

Campus QoS Design Considerations Implications of Video Compression on Packet Loss Tolerance

14

© 2014 Cisco and/or its affiliates. All rights reserved. BRKCRS-2501 Cisco Public 20 msec

Voice Packets

Bytes

200

600

1000

Audio

Samples

1400

Time

200

600

1000

1400

33 msec

Video Packets Video

Frame

Video

Frame

Video

Frame

Campus QoS Design Overview VoIP vs. HD Video—At the Packet Level

15


0

20

40

60

80

100

120

140

10

50

90

13

0

17

0

21

0

25

0

29

0

33

0

37

0

41

0

45

0

49

0

53

0

57

0

61

0

65

0

69

0

73

0

77

0

81

0

85

0

89

0

93

0

97

0

KB

yte

s P

er

ms Gbps Line Rate

Campus QoS Design Considerations How Long Can Queue-Buffers Accommodate Line-Rate Bursts?

GE Linecard Example

16

Total Per-Port Buffer: 5.4 MB

Total Per-Queue Buffer*: 1.35 MB

Gbps Line Rate: 1 Gbps = 125 MB/s

or 125 KB/ms

Total Per-Queue Buffering Capacity: 10.8 ms

*Assuming (4) equal-sized queues

ms

GE Linecard Example (WS-X6148)

Begin dropping packets at this point (11 ms)

1 second


KB

yte

s P

er

ms 10 Gbps Line Rate

Campus QoS Design Considerations How Long Can Queue-Buffers Accommodate Line-Rate Bursts?

10-GE Linecard Example

17

Total Per-Port Buffer: 90 MB

Total Per-Queue Buffer*: 11.25 MB

Gbps Line Rate: 10 Gbps = 1.25 GB/s

or 1250 KB/ms

Total Per-Queue Buffering Capacity: 9.0 ms

*Assuming (8) equal-sized queues

ms

0

200

400

600

800

1000

1200

1400

10

50

90

13

0

17

0

21

0

25

0

29

0

33

0

37

0

41

0

45

0

49

0

53

0

57

0

61

0

65

0

69

0

73

0

77

0

81

0

85

0

89

0

93

0

97

0

10 GE Linecard Example (WS-X6908)

Begin dropping packets at this point (9 ms)

1 second



• Always perform QoS in hardware rather than software when a choice exists

• Classify and mark applications as close to their sources as technically and administratively feasible

• Police unwanted traffic flows as close to their sources as possible

• Enable queuing policies at every node where the potential for congestion exists

Strategic QoS Design Principles

18



• MLS QoS vs. MQC QoS vs. C3PL QoS

• Global Default QoS Setting

• Trust States and Conditional Trust

• Per-Port QoS, Per-VLAN QoS, Per-Port/Per-VLAN QoS

• Ingress QoS Models

• Egress QoS Models

• EtherChannel QoS

• QoS Roles in a Medianet Campus

Campus QoS Tools and Deployment Options

19



• Catalyst 2960 / 3560 / 3750 are the last platforms to use Multilayer Switch QoS (MLS QoS) syntax

– QoS is disabled by default and must be globally enabled with mls qos command

– Once enabled, all ports are set to an untrusted port-state

• Catalyst 3650/3850 and 4500 are using IOS Modular QoS Command Line Interface (MQC) syntax (the same as router platforms)

– QoS is enabled by default

– All ports trust at layer 2 and layer 3 by default

• Catalyst 6500 is using Cisco Common Classification Policy Language (C3PL) QoS

– QoS is enabled by default (Sup2T) – Disabled by default (Sup720)

– All ports trust at layer 2 and layer 3 by default

– C3PL presents queuing policies similar to MQC

MLS QoS vs. MQC QoS vs. C3PL QoS

20


Campus QoS Design Considerations Conditional Trust Operation

Cisco TelePresence System (CTS) Endpoint Example

21

3 CTS Primary Codec: Voice + Video CoS 4 & DSCP CS4

Call-Signaling CoS 3 & DSCP CS3

CoS-to-DSCP Map:

CoS 5 DSCP EF (46)

CoS 4 DSCP CS4 (32)

CoS 3 DSCP CS3 (24)

4

Trust is Dynamically Extended to Cisco CTS Primary Codec

Successful “Condition” Met (i.e. CDP negotiation successful)

1

Cisco 7975G IP Phone: Voice CoS 5 & DSCP EF

Signaling CoS 3 & DSCP CS3

2

Trust Boundary

Cisco Devices Supporting Conditional Trust:

• Cisco IP Phones

• Cisco TelePresence Systems

• Cisco IP Video Surveillance cameras

• Cisco Digital Media Players


Campus QoS Design Considerations Per-Port QoS vs. Per-VLAN QoS

22

Policy map is applied to the

physical switch port

VLAN 10 VLAN 20

Physical Ports

VLAN Interfaces

Policy map is applied to the

logical VLAN interface

Per-Port QoS Per-VLAN QoS

VLAN 10 VLAN 20

Physical Ports

VLAN Interfaces


DVLAN 10

DVLAN policy map is applied

to the Data VLAN (only)

on a given trunked switch port

VVLAN 110

Trunked Physical Ports

VLAN Interfaces

VVLAN policy map is applied

to the Voice VLAN (only)

on a given trunked switch port

Campus QoS Design Considerations Per-Port/Per-VLAN QoS

23

24

Campus Ingress QoS Models

Trust DSCP

Trust Device / Conditional Trust

No Trust (Untrusted)

Ing

res

s Q

ue

uin

g P

olic

ies

(if

req

uir

ed

an

d s

up

po

rted

)

(Optional) Policing Policies

VoIP Policer (<128 kbps)

Signaling Policer (<32 kbps)

MM-Conf Policer (<5 Mbps)

Signaling Policer (<32 kbps)

Trans-Data Policer (<10 Mbps)

Bulk Data Policer (<10 Mbps)

Best Effort Policer (<10 Mbps)

Scavenger Policer (<10 Mbps)

Drop

Drop

Remark to CS1

Remark to CS1

Remark to CS1

Drop

Drop

Drop

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No

Marking Policies

VoIP Classifier

Signaling Classifier

Multimedia Conferencing Classifier

Signaling Classifier

Transactional Data Classifier

Bulk Data Classifier

Scavenger Classifier

Best Effort (Class-Default)

Mark EF

Mark CS3

Mark AF41

Mark CS3

Mark AF21

Mark AF11

Mark CS1

Mark DF

DVLAN

VVLAN

Trust CoS


Campus QoS Design Recommendations Queuing and Dropping Recommendations

• Catalyst hardware queuing varies by platform/linecard and can be expressed as: xPyQzT

• For Example: 1P3Q8T means:

– 1 strict-Priority queue

– 3 non-priority Queues, each with

– 8 drop-Thresholds per queue

• Minimum recommended queuing capabilities is 1P3Q

– RFC 3246 EF PHB: Realtime (PQ) should be no more than 33% of link

– RFC 2597 AF PHB: Guarantee bandwidth to non-priority queue(s)

– RFC 2474 DF PHB: Best-Effort Queue should be guaranteed at least 25% of link

– RFC 3662 Scavenger PDB (and/or Bulk): BW-constrained queue(s) should be minimally provisioned

• Enable congestion-avoidance on non-priority + non-control queues

– WTD (Weighted Tail Drop) on Catalyst 3650/3850

– DBL (Dynamic Buffer Limiting) on Catalyst 4500

– WRED (Weighted Random Early Detect) on Catalyst 6500 25

Realtime

≤ 33%

Guaranteed BW

Scavenger/Bulk

≤ 5%

Best Effort

≥ 25%


Campus QoS Design Recommendations

• EtherChannels are comprised of logical (Port-Channel) interfaces and physical (port-member) interfaces

• Ingress QoS policies are applied to the logical interfaces

• Egress QoS policies (such as queuing) are always applied to the physical port-member interfaces

EtherChannel QoS

26

Platform QoS Policies Applied to the

(Logical) Port-Channel

Interface

QoS Policies Applied to the

(Physical) Port-Member

Interfaces

Catalyst 3650/3850 Ingress Egress

Catalyst 4500 Ingress Egress



Core Distribution Access

Untrusted Endpoints

Trusted

Endpoints

Conditionally-

Trusted

Endpoints

Switch-to-Switch/Router Port QoS

• Trust DSCP

• Egress Queuing

WAN/VPN

Block

Untrusted Endpoint Port QoS:

• No Trust

• [Optional Ingress Marking and/or Policing]

• Egress Queuing

Trusted Endpoint

Port QoS:

• Trust-DSCP

• [Optional Ingress

Marking and/or

Policing]

• Egress Queuing

Conditionally-Trusted Endpoint Port QoS

• Conditional-Trust with Trust-CoS

• [Optional Ingress Marking and/or Policing]

• Egress Queuing

Campus QoS Design – Port QoS Roles

27


http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampusaag.pdf

Campus QoS Design—At-A-Glance

28

http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampusaag.pdf

Cisco Catalyst 3650/3850 QoS Design


Agenda







31


Catalyst 3650/3850 Campus QoS Design Catalyst 3650/3850 QoS Roles in Campus Networks

32

No Trust +

Egress Queuing

Trust DSCP +

Egress Queuing

Conditional Trust +

Egress Queuing

Classification/Marking +

[Optional Policing] +

Egress Queuing

Wireless Per-Port / Per-SSID / Per-Client Policies:

[Optional: Classification/ Marking]

[Optional: Policing]

2P2Q+AFD Egress Queuing Distribution

Switches

C3650/3850

Access

Switch


Catalyst 3650/3850 Campus QoS Design Wired-to-Wireless QoS

33

Policer Marker

Policer Marker

Policer Marker

Policer Marker

Ingress Wired Port

Classify

Marker

Marker

Policer Marker

Marker

Client Level

Priority

Policer

Priority

Policer

Classify

Sh

ap

er

Priority Queue 1

Radio Shaper

NRT Queue

Radio/Port Level

Priority Queue 2

Multicast NRT

Queue

LLQ

CBWFQ Po

rt S

ha

per

Into a wired port Out of a wireless port

Policer

Policer

SSID Level

Priority

Policer

Priority

Policer

Cla

ssif

y

Sh

ap

er

Marker

Marker

Marker

Marker

AFD


Catalyst 3650/3850 Campus QoS Design Wireless-to-Wired QoS

Priority Queue 1

Queue

Egress Wired Port

Priority Queue 2 LLQ

CBWFQ

Queue

Queue

Queue

Policer Marker

Policer Marker

Policer Marker

Policer Marker

Classify W

T

D

S

H

A

P

E

R

Policer Marker

Policer Marker

Policer Marker

Policer Marker

Client Level

Traffic

Classify

Policer Marker

Policer Marker

Policer Marker

Policer Marker

SSID Level

Classify

Into a wireless port Out of a wired port

34


Catalyst 3650/3850 Campus QoS Design QoS Design Steps

35

1. Configure Ingress QoS Model(s):

Trust DSCP Model*

Conditional Trust Models (wired ports only)

Service Policy Models (wired or wireless ports)

2. Configure Egress Queuing

Wired Queuing Models: 8Q3T or 1P7Q3T or 2P6Q3T

Wireless Queuing Model: 2P2Q+AFD

*Catalyst 3650/3850 IOS MQC will trust by default on wired ports

Wireless ports are set to an untrusted state by default. However, this default setting can be globally disabled with the following command:

no qos wireless-default-untrust


interface GigabitEthernet 1/0/1

trust device cisco-phone

service-policy input CISCO-IPPHONE

Catalyst 3650/3850 Campus QoS Design Conditional Trust Models (Wired Ports Only)

36

class-map match-any VOICE

match cos 5

class-map match-any SIGNALING

match cos 3

policy-map CISCO-IPPHONE

class VOICE

set dscp ef

class SIGNALING

set dscp cs3

class class-default

set dscp default


trust device cisco-phone [or]

trust device cts [or]

trust device ip-camera [or]

trust device media-player

Conditional-Trust Models:

Cisco IP Phone Conditional Trust Example Conditional-Trust (Cisco IP Phone) Example:

Yellow Highlight are interface-specific configs

Grey Highlight are global configs

Only match-any is supported

(i.e. match-all is not supported)

Only one type of device can be configured for

conditional trust on an interface at a given time

CoS must be

matched as Cisco

IP Phones only

remark at Layer 2

CoS must be

matched as Cisco

IP Phones only

remark at Layer 2


[class-maps omitted for brevity]

policy-map MARKING-POLICY

class VOIP

set dscp ef

class MULTIMEDIA-CONFERENCING

set dscp af41

class SIGNALING

set dscp cs3

class TRANSACTIONAL-DATA

set dscp af21

class BULK-DATA

set dscp af11

class SCAVENGER

set dscp cs1

class default

set dscp default

Catalyst 3650/3850 Campus QoS Design Service Policy Model Example – Marking Policy

37

! This section attaches the service-policy

! to a wired interface(s)

interface range GigabitEthernet 1/0/1-48

service-policy input MARKING


! to a wireless interface(s) at the SSID level

wlan BRILEY-1

service-policy input MARKING


! to a wireless interface(s) at the client level

wlan BRILEY-1

service-policy client input MARKING

Inclusion of the client keyword applies the

service-policy at the client level


policy-map MARKING&POLICING

class VVLAN-VOIP

set dscp ef

police 128k

conform-action transmit

exceed-action drop

class VVLAN-SIGNALING

set dscp cs3

police 32k


exceed-action drop


set dscp af41

police 5m


exceed-action drop

class SIGNALING

set dscp cs3

police 32k


exceed-action drop

…

Catalyst 3650/3850 Campus QoS Design Service Policy Model Example – Marking & Policing Policy – Part 1

38

…[continued]


set dscp af21

police 10m


exceed-action TABLE-MAP

class BULK-DATA

set dscp af11

police 10m



class SCAVENGER

set dscp cs1

police 10m


exceed-action drop

class class-default

set dscp default

police 10m



table-map TABLE-MAP

map from 0 to 8

map from 10 to 8

map from 18 to 8

All markdown and/or

mapping operations

are configured

through table-maps

Policers can may be set to either remark or drop excess traffic

Policing to remark traffic

is done by referencing

the previously-configured

table-map


Catalyst 3650/3850 Campus QoS Design Service Policy Model Example – Marking & Policing Policy – Part 2

39

! This section attaches the service-policy to a wired interface(s)


service-policy input POLICING

! This section attaches the service-policy to a wireless interface(s) at the SSID level

! The policy will be applied to all clients belonging to the SSID at an aggregate level

wlan BRILEY-1

service-policy input POLICING

! This section attaches the service-policy to a wireless interface(s) at the client level

! The policy will be applied to individual clients at an aggregate level

wlan BRILEY-1

service-policy client input POLICING

Service policies applied to the

SSID level are actually

applied to the BSSID

(that is, per SSID/AP pair)

The inclusion of the client keyword

changes the application of the policer

from the SSID-aggregate level to the

client-aggregate level



service-policy input VLAN-POLICERS

Catalyst 3650/3850 Campus QoS Design Service Policy Model Example – Per-Port/Per-VLAN QoS (Wired Trunked Ports)

class-map VLAN

match vlan 110

class-map DVLAN

match vlan 10

40

policy-map VLAN-POLICERS

class VVLAN

police 192k

conform-action transmit exceed-action drop

class DVLAN

police 50m

conform-action transmit exceed-action drop

Individual (trunked) VLANs are

matched by the match vlan command

Individual (trunked) VLANs are

matched by the match vlan command

Policers are applied on a per-VLAN

basis Policers are applied on a Per-VLAN basis

Per-VLAN policers are then applied on a Per-Port basis

In this example the Voice VLAN is 110 and the Data VLAN is 10


Catalyst 3650/3850 Campus QoS Design Wired Port Egress Queuing (2P6Q3T with WTD) Model

41

BWR =

Bandwidth

Remaining

WTD =

Weighted

Tail

Drop

PQ Level 2 (20%)

Network Management

Signaling


Transactional Data


Bulk Data

AF2

CS3

CS4

AF4

CS2

AF1

Scavenger CS1

Best Effort DF

Multimedia Streaming AF3

Broadcast Video

VoIP

Application

CS5

EF

Internetwork Control CS6

DSCP

Network Control (CS7)

2P6Q3T

PQ Level 1 (10%) EF

CS5

CS4

Q6

(BWR 10%)

CS7 & CS6

CS3 & CS2

Q5

(BWR 10% + WTD)

Q4

(BWR 10% + DSCP-Based WTD)

Q3


Q2


Q1 (BWR 25%) DF

AF1

CS1

AF2

AF3

AF4


! This section configures the class-maps

class-map match-any VOICE-PQ1

match dscp ef

class-map match-any VIDEO-PQ2

match dscp

match dscp cs4

match dscp cs5

class-map match-any CONTROL-MGMT-QUEUE

match dscp cs7 cs6 cs3 cs2

class-map match-any MULTIMEDIA-CONFERENCING-QUEUE

match dscp af41 af42 af43

class-map match-any MULTIMEDIA-STREAMING-QUEUE


class-map match-any TRANSACTIONAL-DATA-QUEUE


class-map match-any BULK-DATA-QUEUE


class-map match-any SCAVENGER-QUEUE

match dscp cs1

Catalyst 3650/3850 Campus QoS Design Wired Port Egress Queuing (2P6Q3T) Example – Part 1 (Class-Maps)

42

When multiple DSCP values are matched

via a single match statement, then match

statistics will be aggregated in the show

policy interface command output


via dedicated match statements, then

match statistics will be collected for each

DSCP by the show policy interface

verification command




DSCP by the show policy interface





DSCP value by the show policy interface



Catalyst 3650/3850 Campus QoS Design Wired Port Egress Queuing (2P6Q3T) Example – Part 2

43

! This section configures the policy-map

policy-map 2P6Q3T

class VOICE-PQ1

priority level 1

police rate percent 10

class VIDEO-PQ2

priority level 2

police rate percent 20

class CONTROL-MGMT-QUEUE

bandwidth remaining percent 10

queue-buffers ratio 10

class MULTIMEDIA-CONFERENCING-QUEUE



queue-limit dscp af43 percent 80



…


service-policy output 2P6Q3T

…[continued]

class MULTIMEDIA-STREAMING-QUEUE






class TRANSACTIONAL-DATA-QUEUE






class BULK-SCAVENGER-DATA-QUEUE



queue-limit dscp values af13 cs1 percent 80

queue-limit dscp values af12 percent 90

queue-limit dscp values af11 percent 100

class class-default



If a PQ is enabled then

non-PQs must use

bandwidth remaining

Two-levels of priority

queuing are supported

Two-levels of priority

queuing are supported Allocates

buffers to

non-PQs

Tunes

WTD to

align to an

AF PHB

Tunes WTD

to align to an

AF PHB


policy-map 50MBPS-SHAPER

class class-default

shape average 50000000

service-policy 2P6Q3T

Catalyst 3650/3850 Campus QoS Design Wired Port Hierarchical Policies: Queuing within Shaped Rate Example

44


service-policy output 50MBPS-SHAPER

Defines the sub-line rate (CIR)

Provides back-pressure to the system to

engage the (previously-defined) queuing

policy, so that packets are properly

prioritized within the sub-line rate

Only the Hierarchical Shaping policy is

(directly) applied to the interface(s)


Catalyst 3650/3850 Campus QoS Design EtherChannel QoS Design (Wired Ports Only)

45



Interface



Interfaces


• Ingress QoS policies are configured on the logical Port-Channel interface

Typically these are simply to enable DSCP trust

(which requires no explicit configuration)

• Egress QoS policies are configured on the physical port-member interfaces


Catalyst 3650/3850 Campus QoS Design Wireless Ports 2P2Q+AFD Egress Queuing Architecture

46

Sh

ap

er

Priority Queue 1

Radio Shaper

Unicast Queue

Radio/Port Level

Priority Queue 2

Multicast Queue

LLQ

CBWFQ

Po

rt S

ha

per

AFD


Catalyst 3650/3850 Campus QoS Design Approximate Fair Drop (AFD) Operation

47

Weighted

Scheduling

Client VQ SSID VQ Radio VQ

Data Queue

AFD BLOCK

Min or Max BW

Allocation

Default Shaper Radio Agg

Default Shaper


Catalyst 3650/3850 Campus QoS Design Wireless Ports 2P2Q+AFD Wireless Egress Queuing Model

48

2P2Q with AFD

Signaling

Transactional Data

Interactive Video

Voice

Application Classes

Scavenger

Best Effort

Bulk Data

Network Control

DSCP

Q2

Unicast-

Non-Realtime Queue

(63% BWR)

Q1

Priority Level 2

(Limited to 20% of BW)

Q0

Priority Level 1

(Limited to 10% of BW)

Q3

Multicast Non-Realtime Queue

(7% BWR)

EF

DF

CS1

AF2

AF1

AF4

CS3

CS6

CS3

AF2

AF4

EF

CS1

DF

AF1

CS6


Catalyst 3650/3850 Campus QoS Design 2P2Q+AFD Wireless Egress Queuing Configuration

49

class-map match-any REALTIME-1

match dscp ef

match dscp cs6

match dscp cs3

class-map match-any REALTIME-2

match dscp af41

match dscp af42

match dscp af43

! This section configures egress wireless queuing and a dual PQ

policy-map port_child_policy

class non-client-nrt-class

bandwidth remaining ratio 7

class REALTIME-1

priority level 1

police rate percent 10 conform-action transmit exceed-action drop

class REALTIME-1

priority level 2

police rate percent 20 conform-action transmit exceed-action drop

class class-default

bandwidth remaining ratio 63

Note: This policy is applied automatically to all wireless ports.

Therefore, no explicit service-policy command is required

to attach the policy to a wireless interface(s).

System-defined (but configurable) queuing policy

System defined queue for multicast wireless traffic

Default unicast queue (non-priority queue)

Two-levels of priority queuing are supported Two-levels of priority queuing are supported


Catalyst 3650/3850 QoS Design—At-A-Glance

50

http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat3x50aag.html



Cisco Catalyst 4500 (Supervisor 7-E / 8-E) and 4500-X QoS Design


Agenda







53 53


Catalyst 4500 Campus QoS Design Catalyst 4500 QoS Role in Campus Networks

54

Trust DSCP +

Egress Queuing

Core Switches

Access

Switches Catalyst 4500

Distribution

Switches


Catalyst 4500 Campus QoS Design QoS Design Steps

55

1. Configure Ingress QoS Model(s):

DSCP-Trust Model*

Conditional Trust Model

Service Policy Models


*Catalyst 4500 IOS MQC will trust DSCP by default

(therefore no explicit policy is required for DSCP trust)


interface GigabitEthernet 3/1

qos trust device cisco-phone

service-policy input CISCO-IPPHONE

Catalyst 4500 Campus QoS Design Conditional Trust Model – Cisco IP Phone Example

56

class-map match-all VOICE

match cos 5

class-map match-all SIGNALING

match cos 3

policy-map CISCO-IPPHONE

class VOICE

set dscp ef

class SIGNALING

set dscp cs3

class class-default

set dscp default

Catalyst 4500 supports both match-all (logical AND)

and match-any (logical OR) operators

Conditional trust command (trust device x) must be

prefaced by qos on the Catalyst 4500


[class-maps omitted for brevity]

policy-map MARKING-POLICY

class VOIP

set dscp ef


set dscp af41

class SIGNALING

set dscp cs3


set dscp af21

class BULK-DATA

set dscp af11

class SCAVENGER

set dscp cs1

class class-default

set dscp default

Catalyst 4500 Campus QoS Design Service Policy Model Example – Marking Policy

57


service-policy input MARKING-POLICY


policy-map MARKING&POLICING

class VOIP

police 128k bc 8000

conform-action set-dscp-transmit ef

exceed-action drop

class SIGNALING

police 32k bc 8000

conform-action set-dscp-transmit cs3

exceed-action drop


police 5m bc 8000

conform-action set-dscp-transmit af41

exceed-action set-dscp-transmit af42


police 10m bc 8000



Catalyst 4500 Campus QoS Design Service Policy Model Example – Marking & Policing Policy

58


service-policy input MARKING&POLICING

class BULK-DATA

police 10m bc 8000



class SCAVENGER

police 10m bc 8000

conform-action set-dscp-transmit cs1

exceed-action drop

class class-default

police 10m bc 8000

conform-action set-dscp-transmit default

exceed-action set-dscp-transmit cs1

Markdown is configured as part of the policing action

(i.e. no table-map or markdown-map is referenced)


interface range GigabitEthernet 2/1-48

qos trust device cisco-phone

vlan 10

service-policy input DVLAN-POLICERS

vlan 110

service-policy input VVLAN-POLICERS

Catalyst 4500 Campus QoS Design Service Policy Model Example – Per-Port/Per-VLAN QoS (IP Phone Example)

59

In this example VLAN 10 is the Data VLAN and VLAN 110 is the VVLAN

Per-Port/Per-VLAN policies can be applied to

a specific VLAN on a trunked interface via an

interface-VLAN configuration mode

Per-Port/Per-VLAN policies can be applied to

a specific VLAN on a trunked interface via an

interface-VLAN configuration mode


Catalyst 4500 Campus QoS Design Egress Queuing (1P7Q1T+DBL) Model

60

Network Management

Signaling


Transactional Data


Bulk Data

AF2

CS3

CS4

AF4

CS2

AF1

Scavenger CS1

Best Effort DF


Broadcast Video

VoIP

Application

CS5

EF


DSCP


1P7Q1T (+DBL)

PQ

EF

CS5

CS4

Q7

(BWR 10%)

CS7 & CS6

CS3 & CS2

Q6

(BWR 10%)

Q5

(BWR 10%)

Q4

(BWR 10%)

Q3

(BWR 4%)

Q2 (BWR 1%)

Q1 (25%) DF

AF1

CS1

AF2

AF3

AF4

BWR =

Bandwidth

Remaining


policy-map 1P7Q1T

class PRIORITY-QUEUE

priority

class CONTROL-MGMT-QUEUE








dbl

class BULK-DATA-QUEUE


dbl

class SCAVENGER-QUEUE


class class-default


dbl

class-map match-all PRIORITY-QUEUE

match dscp cs4 cs5 ef

class-map match-all CONTROL-MGMT-QUEUE


class-map match-all MULTIMEDIA-CONFERENCING-QUEUE


class-map match-all MULTIMEDIA-STREAMING-QUEUE


class-map match-all TRANSACTIONAL-DATA-QUEUE


class-map match-all BULK-DATA-QUEUE


class-map match-all SCAVENGER-QUEUE

match dscp cs1

Catalyst 4500 Campus QoS Design Egress Queuing (1P7Q1T+DBL) Example

61

service-policy output 1P7Q1T

Enables the PQ

If PQ is enabled then

bandwidth remaining

must be used

DBL can be enabled on a per-class basis, but

should not be enabled on the PQ or Control

traffic queues.

Enabling DBL on UDP-based queues and/or

Scavenger queue is optional

DBL can be enabled on a per-class basis, but

should not be enabled on the PQ or Control

traffic queues.

Enabling DBL on UDP-based queues and/or

Scavenger queue is optional

DBL can be enabled on a per-class basis,

but should not be enabled on the PQ or Control traffic queues

Enabling DBL on UDP-based queues and/or Scavenger queue

is optional


Catalyst 4500 Campus QoS Design EtherChannel QoS Design

62



Interface



Interfaces



Typically these are simply to enable DSCP trust

(which requires no explicit configuration)



http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat4500aag.html

Catalyst 4500 Campus QoS Design—At-A-Glance

63


Cisco Catalyst 6500 (Supervisor-2T) & 6800 QoS Design


Agenda







66 66


Cisco Catalyst 6500/6800 Campus Core QoS Design Catalyst 6500/6800 Role in Campus Networks

67

Trust DSCP

+ Ingress Queuing

+ Egress Queuing

Catalyst 6500

Core/Distribution

Switches


Cisco Catalyst 6500 Campus Core QoS Design QoS Design Steps—Cisco Catalyst 6500 (Supervisor 2T) or 6800

68

1. Configure Ingress Queuing


Catalyst 6500 IOS C3PL will trust DSCP by default

(therefore no explicit policy is required for DSCP trust)


BWR =

Bandwidth

Remaining

Network Management

Signaling


Transactional Data


Bulk Data

AF2

CS3

CS4

AF4

CS2

AF1

Scavenger CS1

Best Effort DF


Broadcast Video

VoIP

Application-Class

CS5

EF


DSCP


8Q4T/1P7Q4T

Realtime-Queue

(10% BW/Priority)

EF

CS5

CS4

Control Queue

(10% BW/BWR)

CS7 & CS6

CS3 & CS2

Multimedia-Conferencing Queue

(10% BW/BWR

+ DSCP-WRED)

Multimedia-Streaming Queue

(10% BW/BWR

+ DSCP-based WRED)

Transactional Data

(10% BW/BWR

+ DSCP-based WRED)

Bulk Data

(4% BW/BWR

+DSCP-based WRED)

Scavenger (1% BW/BWR)

Default Queue

(25% BW/BWR

+ WRED)

DF

AF1

CS1

AF2

AF3

AF4

Cisco Catalyst 6500/6800 Campus Core QoS Design 8Q4T (Ingress) & 1P7Q4T (Egress) Queuing Model Examples

69


class-map type lan-queuing REALTIME-QUEUE

match dscp cs4 cs5 ef

class-map type lan-queuing CONTROL-QUEUE


class-map type lan-queuing MULTIMEDIA-CONFERENCING-QUEUE


class-map type lan-queuing MULTIMEDIA-STREAMING-QUEUE


class-map type lan-queuing TRANSACTIONAL-DATA-QUEUE


class-map type lan-queuing BULK-DATA-QUEUE


class-map type lan-queuing SCAVENGER-QUEUE

match dscp cs1

Cisco Catalyst 6500/6800 Campus Core QoS Design Queuing Policies: Part 1 of 3 (Common Ingress & Egress Queuing Class-Maps)

70

Unless specified otherwise, the

default C3PL class-map and

policy-map type is qos

(classification, marking, policing)

Class-maps and policy-maps

used for ingress and/or egress

queuing policies must be explicitly

configured as type lan-queuing

Note: A C3PL interface may support up to

4 QoS policies:

• service-policy type qos input

• service-policy type qos ouput

• service-policy type lan-queuing input

• service-policy type lan-queuing output


Cisco Catalyst 6500/6800 Campus Core QoS Design Queuing Policies: Part 2 of 3 (8Q4T Ingress Queuing Policy-Map)

71

policy-map type lan-queuing INGRESS-8Q4T

class REALTIME-QUEUE

bandwidth percent 10

class CONTROL-QUEUE




random-detect dscp-based

random-detect dscp af41 percent 80 100









[continued]








bandwidth percent 4






bandwidth percent 1

class class-default


random-detect dscp default percent 80 100

service-policy type lan-queuing input INGRESS-8Q4T

No PQ support on ingress

Bandwidth remaining is not required

(as no PQ is enabled)

Tunes WRED to better

align to the AF PHB

Policy-map must be defined as type lan-queuing


Cisco Catalyst 6500/6800 Campus Core QoS Design Queuing Policies: Part 3 of 3 (1P7Q4T Egress Queuing Policy-Map)

72

policy-map type lan-queuing EGRESS-1P7Q4T

class REALTIME-QUEUE

priority

class CONTROL-QUEUE














[continued]















class class-default


random-detect dscp default percent 80 100

service-policy type lan-queuing output EGRESS-1P7Q4T

Policy-map must be defined as type lan-queuing

Enables egress PQ

bandwidth remaining is required

(as PQ is enabled)

Tunes WRED to better align

to the AF PHB


Cisco Catalyst 6500/6800 Campus QoS Design EtherChannel QoS Design

73


– No ingress policies typically needed for C6500/6800 EtherChannels

(as all ports trust DSCP & CoS by default)




Interface



Interfaces

Catalyst 6500/6800 Ingress Egress


http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat6500sup2taag.html

Cisco Catalyst 6500 QoS Design—At-A-Glance

74



Summary & References


Agenda







77


Summary

• The explosion of rich media applications requires network architects to reevaluate current QoS designs

• RFC 4594 provides an industry best-practice QoS strategy

• Campus QoS is needed primarily to control packet drops

– Some rich media applications require fewer than 1 drop per 10,000 packets

– QoS architects need to know how trust-states, Port-based QoS, VLAN-based QoS and EtherChannel QoS can impact designs

– Hardware queuing (both ingress and egress) vary by platform & linecard

• Cisco provides many At-A-Glance guides to get up and running quickly

– As well as comprehensive in-depth design chapters for additional design reference

• AutoQoS for Medianet Feature is available on Catalyst 2960/3560/3750 and Catalyst 3650/3850 and 4500

Key Takeaways

78


Campus QoS Design 4.0—At-A-Glance Docs

79

• QoS Design Strategy At-A-Glance http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qosmrn.html

• Campus QoS Design At-A-Glance http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampusaag.html

• Cisco Catalyst 3560/3750 QoS Design At-A-Glance http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat3xxxaag.html

• Cisco Catalyst 3650/3850 QoS Design At-A-Glance http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat3x50aag.html

• Cisco Catalyst 4500 QoS Design At-A-Glance http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat4500aag.html

• Cisco Catalyst 6500 QoS Design At-A-Glance http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat6500sup2taag.html

• Cisco Campus AutoQoS SRND4 At-A-Glance http://www.cisco.com/c/dam/en/us/td/docs/solutions/Enterprise/Video/autoqosmediacampus.pdf

http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qosmrn.html



http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampusaag.html

http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampusaag.html

http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/qoscampuscat3xxxaag.html






http://www.cisco.com/c/dam/en/us/td/docs/solutions/Enterprise/Video/autoqosmediacampus.pdf

http://www.cisco.com/c/dam/en/us/td/docs/solutions/Enterprise/Video/autoqosmediacampus.pdf


Campus QoS Design 4.0—In-Depth

• Enterprise Quality of Service Design 4.0 http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSIntro_40.html

• Campus QoS Design 4.0 http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html

Comprehensive Design Chapters

80

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSIntro_40.html

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSIntro_40.html

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html


Recommended Reading

• Release Date: Jan 2014

• Comprehensive QoS design guidance for PINs and platforms:

• Campus Catalyst 3750/4500/6500

• WLAN WLC 5508 / Catalyst 3850 NGWC

• Data Center Nexus 1000V/2000/5500/7000

• WAN & Branch Cisco ASR 1000 / ISR G2

• MPLS VPN Cisco ASR 9000 / CRS-3

• IPSec VPNs Cisco ISR G2

• ISBN: 1-58714-369-0

81

Ken Briley

http://www.ciscopress.com/store/end-to-end-qos-network-design-quality-of-service-for-9781587143694
























Complete Your Online Session Evaluation

• Give us your feedback and you could win fabulous prizes. Winners announced daily.

• Complete your session evaluation through the Cisco Live mobile app or visit one of the interactive kiosks located throughout the convention center.

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

https://www.ciscolive.com/online


Participate in the “My Favorite Speaker” Contest

• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)

• Send a tweet and include

– Your favorite speaker’s Twitter handle @tim_szigeti

– Two hashtags: #CLUS #MyFavoriteSpeaker

• You can submit an entry for more than one of your “favorite” speakers

• Don’t forget to follow @CiscoLive and @CiscoPress

• View the official rules at http://bit.ly/CLUSwin

Promote Your Favorite Speaker and You Could be a Winner

83

https://twitter.com/tim_szigeti/

https://twitter.com/tim_szigeti/

http://bit.ly/CLUSwin


Continue Your Education

• Demos in the Cisco Campus

• Walk-in Self-Paced Labs

• Table Topics

• Meet the Engineer 1:1 meetings

84