What and how QoS does?
QoS provides predictable management of network resources during times of congestion, assists in maximizing the end-user experience of critical sessions, also provides differentiated services to packets based upon pre-definied user criteria. In other words the engineer has influence on behaviour of the packet on its entire path. Engineer may mainuplate the traffic in this way, that some packets will reach destination faster than the other owing to their importance and priority. It is done thanks to different QoS features as: classification of data, marking of packets, queue management (size,placement of packets, scheduling order, transmission rate ) or congestion management with pre-emptive drops.
The buffer is a physical part of memory used to store packets before and after forwarding decision is made. On the routers the same memory can be allocated to interfaces ingress/egress queues, shared memory is used also by other CPU processes
On the routers a queue is a logical part of the shared memory buffers, on switches, individual interfaces (or linecards) have their own memory which is used as interface queues.
Configuration of buffers is not a part of Qos (is possible but not recommended). QoS configuration applies to queues. So with QoS we don’t modify the quantity of physical buffers allocated to the interface, instead we take existing buffer that have already beed definied as interface queues and modify how packets are treated when got inside these queues.
What is a congestion ?
When there is no congestion, QoS is not needed and packets are transmitted in FIFO mode (first in first out).
Egress congestion – packets are forwarded to egress interface faster than TX-Ring cand handle them
Ingress congestion – packets arrive on multiple ingress interfaces faster than forwarding engine can process them.
Results of congestion
Delay – occures when the flow of packets, let’s say voice reach the destination interface but due to congestion on the interface caused by the other flow that destination is the same interface, the space between particular voice frames is bigger than required i.e 200 m/s. To summarize, delay causes that entire conversation will be delayed on the second site.
Jitter – similar to delay but the space between the frames is not the same, it causes that conversation may be understandable. The voice will be broken.
Drops – packets are drops, taking vice conversation into consideration if a couple of packets will be dropped, not big deal but more packets may breake the conversation.
Integrated services – qos model in which entire end to end packet flow is subjected to the same QoS protocol and required bandwidth is allocated. RSVP – Resource Reservation protocol was used as primary protocol. The problem with RSVP is that on the entire path of the packet there must be devices that are RSVP aware, also appropriate bandwidth of links is required, what may work out in case of MPLS but may be hard to achieve in case of Internet.
Differentied Services – unlike Integrated Services, each router on the path doesn’t have to be aware about the same QoS protocol. Routers may use different protocols to provide QoS or even doen’t use QoS. It is called PHBs (Per Hop Behaviours). There is no reserved bandwidth on the path of the packet.
A “class” is the traffic flow that will be subjetced to the same QoS treatment. Traffic has to be classified in order to differentiate flows. In the class we specify which traffic is interesting for us. Packets are marked usually at the ingress edge of the network, in the field of IP header that is called “ToS byte” – Type of Service.
Policing , shaping and marking down.
Between ISP and customer there is a contracted rate (CIR – commited information rate). This is nothing more than confirmed Upload and Download speed. ISP will police ingress traffic, what means if we exceed allowed CIR traffic that we send, ISP will drop its or mark down and pass further for any reason.
Of course the customer doesn’t want traffic to be dropped (even delay is better than drops), then shaping is being done on the engress interface leading to ISP. Ok, but what about shaping on the ingress interface? Does it have any sense? Let’s assume the situation where you have a switch with 48 ports and only one upstream link that leads towards the upstream switch. Then on particular port you may limit an accessible bandwidth. In this way you may avoid congestion on the egrees. interface.
When egress traffic cannot be transmitted is placed in egress queue. A single egress interface may have multiple, associated egress queues differentiated by priority, each traffic is in different queue with different priority. QoS features, designed for queuing provide control over which classified traffic is placed into each of these queues. Queuing can also drop traffic within the queues to make space for higher priority traffic. If the queue is full for example in 60% then particular traffic is dropped.
We have a couple of queues on the egrees interface with different priority. But we are also allowed to set up how packets should be transmitted from particular queues via the egress interface. For example we may decide 5 packets are taken from the queue with the highest priority, next 3 packets from the queue with lower prioroty and 1 packet from the queue with the lowest priority. The queuing and sheduling can be a separate feature, mostly on switches.
Congestion management features allow us to control congestion by determining the order in which packets are sent out an interface based on priorities assigned to those packets. Congestion management is a set of tools that control queuing and shceduling of trafic (WFQ, CBWFQ, PQ, LLQ, WRR, SRR, Traffic Shaping)
set of QoS tools that preemptively drop traffic to avoid congesting queues (RED, WRED, WTD, Policing)
MQC – Modular QoS Command-Line
Allows QoS features that apply Classification, Policing etc to be configured independently and then linked together as needed. MQC is similar to Modular Policy Framework that also utilizes Class-MAP , Polisy-MAP and Service-Policy.
Classification is done by using “Class Map”
class-map [match-all] [match-any] NAME
match protocol ospf
action for traffic defined in Class-Map
bandwidth percent 30
Place of appliance (an interface)
service-policy out Policy-MAP-Name
HQF – Hierarchiical Queuing Framework
Provides common IOS commands and QoS features across platforms since 12.4(20)T IOS
CLASSIFICATION AND MARKING
Classification is a feature that identifies traffic, we may classify the traffic by markings, addressing or application signature. In other words classification enables us grouping the packets into single queu that is interesting for us.
Layer 2 Classification – by default there is no opportunity to prioritize the traffic, there is only one way to classify (prioritize) the traffic at layer 2, frame has to be encapsulated in 802.1q or ISL, then we get a field in ISL header (CoS) and VLAN TAG (User Priotity) to add the priority. User Priority in VLAN TAG is called 802.1p.
Layer 3 Classification – the most classification is done on layer 3. There is a filed in IP header – ToS – Type of Service or Traffic Class in IPv6. ToS consists of 8 bits. ToS may consists of Precedence or DSCP
IP Precedence consists of 8 bits:
First 3 bits (0-2) – Precedence – assigns priority (111-network control, 110-internetwork control, 101-critical, 010- immidiate, 001- priority, 000-routine).
Bit 3 – Delay – 0-normal delay, 1-low delay
Bit 4 – Throuhgput – 0- normal 1-high
Bit 5 – Reliability – 0-normal 1-high
Bit 6-7 reserved for future use
In reality no networking equipments were checking bits from 3 to 5, only first 3 priority precedence bits. So these 3 bits (Delay, Throughput and Reliability) “have been added” to the Precedence field and in this way we got DSCP – Differentiated Services Code Point.
utilizes 6 bits of ToS field for QoS prioritization instead of 3. We may still choose the type of prioritization on the router between Precedence or DSCP. We are doing this in class-map (match). In order to make DSCP backward compatible with IP Precedence we have CS (Class Selector from 0 to 5), that is the exact number from IP precedence and has the same value, also is represented by 3 first bits, for example Class Selector 1 is [0 0 1], CS 5 is [1 0 1] we also have 3 Assured Forwarding values AF within each CS. AF is represented by the next 2 bits. and is called sub-class. The first number of AF means CS, the second number is 1,2 or 3 and represents traffic priority (called Drop Precedence) within each CS (1 the highest priority, “Low drop precedence”).
R1(config-cmap)#match ip dscp ?
<0-63> Differentiated services codepoint value
af11 Match packets with AF11 dscp (001010)
af12 Match packets with AF12 dscp (001100)
af13 Match packets with AF13 dscp (001110)
af21 Match packets with AF21 dscp (010010)
af22 Match packets with AF22 dscp (010100)
af23 Match packets with AF23 dscp (010110)
af31 Match packets with AF31 dscp (011010)
af32 Match packets with AF32 dscp (011100)
af33 Match packets with AF33 dscp (011110)
af41 Match packets with AF41 dscp (100010)
af42 Match packets with AF42 dscp (100100)
af43 Match packets with AF43 dscp (100110)
cs1 Match packets with CS1(precedence 1) dscp (001000)
cs2 Match packets with CS2(precedence 2) dscp (010000)
cs3 Match packets with CS3(precedence 3) dscp (011000)
cs4 Match packets with CS4(precedence 4) dscp (100000)
cs5 Match packets with CS5(precedence 5) dscp (101000)
cs6 Match packets with CS6(precedence 6) dscp (110000)
cs7 Match packets with CS7(precedence 7) dscp (111000)
default Match packets with default dscp (000000)
ef Match packets with EF dscp (101110)
ef- expedited forwarding, high priority usually Voice traffic ef(101110)= dscp 46. IP phone puts value DSCP 46 into ToS field when creating the packet.
How do we apply DSCP value on the port?
set ip dscp 30
mls qos – we run “mls QoS” on the switch, but even if we run that command all ports are untrasted.
show mls qos interface fa0/1
trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 0
trust state: not trusted – means reset IP Precedence or DSCP to 0 even if packet is marked with DSCP value, the switch doesn’t have idea what is connected to this port
When we configure QoS on the ingress interface then we get internal DSCP. Internal DSCP may be set up via COS, IP Precedence, DSCP and port default setting.
We have to precisely set up if interface must trust IP Precedence or DSCP !
mls qos trust dscp
If we have connected PC via the phone then Data Vlan DSCP=0 and Voice VLAN DSCP= EF, even if we set up the other DSCP on the PC. PC is connected to the Phone switch and its configure QoS values.
Classification by NBAR (network-based application recognistion)
Most protocols can be identified by matching on their well-known L2 or L4 numbers. Some protocols negotiate dynamic numbers and can’t be matched this way. NBAR comec forward and examines the payload but is more CPU intensive than other classifiaction features. NBAR can be used in 2 ways :
to discover protocols on the interface (nbar in passive mode) configuration:
ip nbar protocol-discovery
show ip nbar protocol-discovery
and next to match these protocols within a Class-Map (active mode) :
match protocol xxxxxx
NBAR supports recognition of a large quantity of protocols. NBAR can be used in class map to map on a full URL name, or a word or phrase within URL: whatever is being matched up (when using HTTP) is sorrounded by quotes, we may use regular expressions within a quotes, match http url “*itbundle.net”
Classification and marking using MCQ
There is a “class-default”. If traffic doesn’t match to the configured class map then gets into class-default. Class default is “invisible”, has no QoS (uses FIFO, first in first out)
Default statement in class-map is “match-any”
We may have 2 or more class map applied to the same policy-map. Policy-map is processed from top to down. When traffic is matched to the particular class-map then is not processed anymore.
Policy-maps have no effect until are applied to an interface. Policy map may be also applied to the tunnel interface. But if we change DSCP value to 4 and apply on the GRE tunnel interface, the new GRE IP header will have ToS byte 0, regardless we set up to 4. This is why we have to apply MCQ ALWAYS! to the physical interfaces.
show policy-map – displays configuration
show policy-map interface fa0/0 – shows statistics and hit count