Vous êtes sur la page 1sur 109

CIS 187 Multilayer Switched Networks

(CCNP Switch)
IP Telephony
Rick Graziani
Cabrillo College
graziani@cabrillo.edu
Spring 2011

Power over Ethernet

Cisco IP Phone like other devices


requires power to operate.
Power can come from one of two
sources:
An external AC adapter
Power over Ethernet (DC) using the
network data cable.
2

External Adapters
External Adapters
External adapter are also known as wall
warts.
Disadvantage of IP Phones: If power
failure the IP Phone will fail.
Unlike the old days.

Power over Ethernet

Inline power or Power over Ethernet (PoE)


Same 48V DC is provided to an IP Phone over the same UTP cable
used for Ethernet.
The Power source is the switch itself.
UPS should be connected to the switch in case of power failure.
Advantages of PoE:
Power where power may not be easily found.
Managed
Monitored
Offered only to selected devices

Power over Ethernet

Available on several Cisco platforms including:


Catalyst 3750, 4500 and 6500
Two methods available for PoE:
Cisco Inline Power (ILP)
Cisco proprietary method developed before IEEE 802.3af
standard.
IEEE 802.3af
Standards based method for vendor interoperability.

Detecting a Powered
Device

Switch always keeps the power disabled when a switch port is down (a device is
not powered up).
Switch will continuously try to detect if a device is connected.
Because there are two PoE methods Cisco switches try both methods to detect
for a powered device.
The differences include:
the amount of power that is available to the connected device
the method used for device discovery
the way that power is removed from the wire when a powered device is
removed
http://www.cisco.com/warp/public/cc/so/neso/bbssp/poeie_wp.pdf
http://www.cisco.com/en/US/products/hw/phones/ps379/products_qanda_item09186a00808996f3.shtml6

IEEE 802.3af

IEEE 802.3af
Switch supplies a small voltage across the transmit and receive
pairs of the UTP cable.
It measures the resistance across the pairs to detect whether
current is being drawn by the device.
If so, the powered device is detected as present.
7

IEEE 802.3af

Switch can supply several predetermined voltages for


corresponding resistance values.
The default class is 0:
If either the switch or the power device does not support or does
not attempt an option power class category.
Class 4 is reserved under 802.3af but is available with 802.3at (PoE
Plus).

Cisco ILP

Cisco Inline Power (ILP) uses a different method to detect a


powered device.
A Cisco ILP switch transmits a 340kHz test tone to detect a PoE
device
If a Cisco ILP-capable device is present, the tone will be echoed
back.
Power is supplied over pairs 1,2 and 3,6.
Cisco ILP detects a devices power requirement via CDP.

Configuring PoE
Switch(config)# interface type mod/num
Switch(config-if)# power inline {auto [max milli-watts] | never |
static [max milli-watts]}

auto
Default
Device and power budget are automatically discovered
Default power budget for a switch port is 15.4W
Can be changed with max milli-watts
static
Configures a static power budget for a switch port
For devices that cannot use either power discovery method
never
If you want to disable PoE on a switch port
Power will never be offered and powered devices will never be
detected

10

Configuring PoE
Switch(config)# interface fastethernet 0/1
Switch(config-if)# power inline auto
Switch# show power inline fastethernet 0/1
Available:677(w) Used:11(w) Remaining:666(w)
Interface Admin Oper
Power(Watts)
Device
Class
From PS
To Device
--------- ------ ---------- ---------- ---------- ------------------- ----Fa0/1
auto
on
11.2
10.0
Ieee PD
0
Interface AdminPowerMax
AdminConsumption
(Watts)
(Watts)
---------- --------------- -------------------Fa0/1
15.4
10.0
Switch#

Configuring Power over Ethernet


http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25
ew/configuration/guide/PoE.html

11

For more information

http://www.poweroverethernet.com/

12

Voice VLANs

Voice VLANs
Most Cisco IP Phones contain a three
port switch:
Connecting to the upstream port
Connection to PC (usually)
Internal VoIP data stream
The internal VoIP and external PC
ports:
Access ports
Upstream data port:
Access port (single VLAN) or
802.1Q trunk (well, kind of)

14

Voice VLAN Configuration

Switch(config)# interface type mod/num


Switch(config-if)# switchport voice vlan {vlan-id | dot1p |
untagged | none}

The uplink port can be an access


link or a trunk link.
The IP Phone is considered a
switch so this port is
considered an uplink port.
Trunks to IP phones are
automatically negotiated by
Dynamic Trunking Protocol (DTP)
and CDP.
Several option exist
15

switchport voice vlan none

Voice:
Untagged: Access VLAN
Data:
Untagged: Access VLAN

switchport voice vlan dot1p

Voice:
Tagged as VLAN 0

802.1Q trunk
CoS in 802.1p bits

Data:
Untagged: Native VLAN

switchport voice vlan untagged


Voice:
Untagged: Native VLAN
Data:
Untagged: Native VLAN

switchport voice vlan vvid


Voice:
Tagged as vvid

Recommended Option

802.1Q trunk
CoS in 802.1p bits

Data:
Untagged: Native VLAN
16

switchport voice vlan none


Voice:
Untagged: Access VLAN
Data:
Untagged: Access VLAN

Switch(config)# interface type mod/num


Switch(config-if)# switchport voice vlan none

Default condition for every switch port is none (no trunk).


Uses default access VLAN (VLAN 1) or configured access VLAN
(switchport command).

17

switchport voice vlan dot1p


Voice:
Tagged as VLAN 0

802.1Q trunk
CoS in 802.1p bits

Data:
Untagged: Native VLAN

Switch(config)# interface type mod/num


Switch(config-if)# switchport voice vlan dot1p
Instructs the switch port to use 802.1p priority tagging (coming) for voice traffic and to use
the default native VLAN to carry all traffic.
802.1p defines eight different classes of service which are available, usually expressed
through the 3-bit user_priority field in an IEEE 802.1Q header added to the frame.
By default, the Cisco IP phone forwards the voice traffic with an 802.1p priority of 5.
Creates a special 802.1Q trunk (more about this so called trunk later)
Negotiated by DTP and CDP (provisioning of the vvid)
CoS (Class of Service) in 802.1P bits (later)
dot1p option puts:
Voice packets on VLAN 0
VLAN 0 is created automatically if does not exist.
VLAN 0 cannot be the native vlan.
Data packets on Native VLAN
VLAN 1 by default unless modified on the switch
18

switchport voice vlan untagged


Voice:
Untagged: Native VLAN
Data:
Untagged: Native VLAN

Switch(config)# interface type mod/num


Switch(config-if)# switchport voice vlan untagged

No special 802.1Q trunk (error in book)


No CoS (Class of Service) in 802.1p bits
Untagged puts:
Voice packets on Native VLAN
Data packets on Native VLAN

19

switchport voice vlan vvid


Voice:
Tagged as vvid

Recommended Option

802.1Q trunk
CoS in 802.1p bits

Data:
Untagged: Native VLAN

Switch(config)# interface type mod/num


Switch(config-if)# switchport voice vlan vlan-id
Instructs the Cisco IP phone to forward all voice traffic through the specified VLAN.
By default, the Cisco IP phone forwards the voice traffic with an 802.1Q priority of 5.
Creates a special 802.1Q trunk (more about this so called trunk later)
Negotiated by DTP and CDP (provisioning of the vvid)
CoS (Class of Service) in 802.1p bits (later)
vvid puts:
Voice packets on voice VLAN
Voice VLAN is configured.
Data packets in Native VLAN
VLAN 1 by default unless modified on the switch
Can configure the data VLAN to be a a VLAN other than Native or Voice. (coming)
20

switchport voice vlan none

Voice:
Untagged: Access VLAN
Data:
Untagged: Access VLAN

switchport voice vlan dot1p

Voice:
Tagged as VLAN 0

802.1Q trunk
CoS in 802.1p bits

Data:
Untagged: Native VLAN

switchport voice vlan untagged


Voice:
Untagged: Native VLAN
Data:
Untagged: Native VLAN

switchport voice vlan vvid


Voice:
Tagged as vvid

Recommended Option

802.1Q trunk
CoS in 802.1p bits

Data:
Untagged: Native VLAN
21

Configuring Voice VLAN Operation


Voice:
Tagged as voice VLAN 200

Recommended Option

802.1Q trunk
CoS in 802.1p bits

Data:
Untagged: Native VLAN
Tagged as VLAN 100

Switch(config)# interface FastEthernet0/24


Switch(config-if)# switchport voice vlan 200
Switch(config-if)# switchport access vlan 100

Portfast is automatically enabled with voice VLAN.


Switch# show run
interface FastEthernet0/24
switchport voice vlan 200
switchport access vlan 100
spanning-tree portfast

More to come!

22

The Voice VLAN: Trunk or No Trunk?

http://cciepursuit.wordpress.com/2009/01/01/group-study-goodexplanation-of-the-voice-vlan/

23

A word about this special 802.1Q trunk


A lot of Cisco documentation calls this a trunk port however Cisco
calls this a Multi-VLAN access port, and NOT a trunk port.
If it were a trunk port, according to Cisco, it would flood all VLANs
configured on the switch out to the phone (because its a trunk link).
A port configured for voice VLAN does not flood out all VLANs to
the phone, just the voice VLAN frames (tagged) and the data
frames (untagged ).
The show interfaces switchport command verifies this as an
access port.
ALS1# show inter fa 0/24 switchport
Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
<output omitted>

24

The 3560 configuration guide even goes so far as to warn you:


Note Voice VLAN is only supported on access ports and not
on trunk ports, even though the configuration is allowed.
Multiservice switches supports a new parameter for IP Telephony
support that makes the access port a multi-VLAN access port.
The new parameter is called an auxiliary VLAN.
Every Ethernet 10/100/1000 port in the switch is associated with two
VLANs
A Native VLAN for data service that is identified by the port
VLAN identifier or PVID
An Auxiliary VLAN for voice service that is identified by the
voice VLAN identified or VVID.
Although the switchport is configured to use two different VLANs,
only the voice VLAN traffic is actually tagged by the IP Phone. The
data VLAN is sent untagged (making use of the native VLAN dot1q
feature). This STILL sounds like trunking to me though.

25

Verifying Voice VLAN Operation

Switch# show interfaces type mod/num switchport

Output on next slide

26

ALS1#show inter fa 0/24 switchport


Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Ports are in access mode not
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 100 (VLAN0100)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 200 (VLAN0200)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
<output omitted>
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: untrusted

trunking

27

Quality of Service (QoS)

Overview

Previously an organization would use separate networks for:


Voice
Video
data traffic
Now common practice to combine these into a single multi-service
network in which the varied traffic types coexist.
29

Overview

QoS Issues over non-QoS networks:


Stop-start and choppy Internet streaming video performance
Harsh audio when using Internet based IP phone
30

Quality of Service
defined

QoS refers to the ability of a network to provide improved service to


selected network traffic over various underlying technologies
including Frame Relay, ATM, Ethernet and IP-routed networks.
QoS features provide improved and more predictable network service by
offering the following services:
Dedicated bandwidth
Improved loss characteristics
Congestion management and avoidance
Traffic Shaping
Prioritization of traffic
31

Quality of Service defined

The goal is to move information from one point to another and the characteristics
that define the quality of this movement are:
Delay
Delay Variation (also known as Jitter)
Loss

32

Loss

Loss refers to the percentage of packets that fail to reach their


destination.
Loss can result from:
Errors in the network
Corrupted frames
Congested networks
33

Loss
TCP Header
UDP Header

Packet loss in a healthy network are actually deliberately dropped by


networking devices to avoid congestion.
TCP:
TCPs retransmission mechanism
UDP:
Some loss may be acceptable
As a guide, a highly available network should suffer less than 1% loss and for
voice traffic the loss should approach 0%.

34

Delay or latency

Delay or latency refers to the:


Time it takes for the packet to be sent across the wire (delay)
Time it takes for a packet to travel from the source to the destination
(latency)
Fixed delays
Serialization and encoding/decoding.
For example, a bit takes a fixed 100ns to exit a 10Mb Ethernet interface.
Variable delays
Congestion and time packets spend in network buffers waiting for access
to the media.
Router/Switch table lookups and decision making
As a design rule the total time it takes a voice packet to cross the network should
35
be less than 150ms (ms, millisecond = 1,000th of a second).

Delay variation or jitter

Delay variation or jitter is the difference in the delay times of


consecutive packets.

Jitter is the uneven arrival of packets.


A jitter buffer is used to smooth out arrival times.
Increases total network delay.
Audio streams are particularly susceptible to jitter.
In general, traffic requiring low latency also requires a minimum variation in
latency.
36

Delay variation or jitter

For example, consider that in a Voice over IP (VoIP) conversation:


Packet 1arrives.
Then, 20 ms later, packet 2 arrives.
After another 70 ms, packet 3 arrives.
And then 20 ms later packet 4 arrives.
This variation in arrival times (that is, variable delay) is not dropping packets, but
this jitter can be interpreted by the listener as dropped packets.
Jitter in excess of 30ms will result in degraded audio performance.
Excessive jitter in a streaming video environment will result in:
Jerky motion
Loss of video quality
Loss of video
37
As a design rule, voice networks cannot cope with more than 30ms of jitter.

Quality of Service requirements for video

Streaming video applications have more lenient QoS requirements


due to application buffering.

38

Design rules of thumb for voice, video, and data traffic:


Voice:
No more than 150 ms of one-way delay
No more than 30 ms of jitter
No more than 1 percent packet loss
Video:
No more than 150 ms of one-way delay for
interactive voice applications (for example,
videoconferencing)
No more than 30 ms of jitter
No more than 1 percent packet loss
Data:
Applications have varying delay and loss
characteristics.
Therefore, data applications should be categorized
into predefined classes of traffic, where each
class is configured with specific delay and loss
characteristics.

39

Network availability

Highly available network uses:


Redundancy
Dynamic routing protocols
Hot Standby Routing Protocol (HSRP)
Spanning Tree Protocol (STP)
40

Provisioning

Bandwidth is not listed as an element of QoS.


Inadequate bandwidth inflates latency
It is not possible to meet QoS requirements if network LAN and WAN links
have insufficient bandwidth simply by adding bandwidth; (also known as overprovisioning) this will not solve the problem.
Over-provisioned network:
Good News: Less likely to be congested
Bad News: If it does become congested, the network may not perform
as well as a lower bandwidth network that makes use of QoS features.

41

Quality of Service mechanisms

Quality of Service mechanisms

Once the QoS requirements of the network have been defined, an appropriate service model must be
selected.
A service model is a general approach or a design philosophy for handling the competing streams
of traffic within a network.
There are three service models from which to chose;
Best-effort
Integrated Service Model
Differentiated Service Model

43

Best-Effort service
(single interface outbound queue)

(one packet at a time)

(relative time of arrival)

Best effort is a single service model in which an application sends data:


Whenever it must
In any quantity
Without requesting permission or first informing the network
No real QoS
For best-effort service, the network delivers data if it can, without any assurance of:
Reliability
Delay
Throughput

44

Best-Effort service
(single interface outbound queue)

(one packet at a time)

(relative time of arrival)

Cisco IOS QoS implements best-effort service is FIFO queuing.


FIFO is the default method of queuing for LAN and high speed WAN
interfaces on switches and routers.
Best-effort service is suitable:
General file transfers
E-mail
Web browsing

45

Best-Effort service

This would be like a fire truck having to wait in normal traffic lanes
with everyone else.
No priority.

46

Integrated services model


Integrated service or IntServ
The application requests a
specific kind of service from
the network before it sends
data.
The Cisco IOS IntServ model makes
use of the IETF Resource
Reservation Protocol (RSVP)
Used by applications to signal
their QoS requirements to the
router.
Drawbacks
Not scalable
Require continuous signalling
from network devices
47

Integrated services model

This would be like a fire truck having to radio ahead to each


intersection before it left the firehouse.
Police at each intersection would contact each other to announce
that the fire truck was coming and give it priority.

48

Differentiated services

Differentiated services or DiffServ


Each network device handles packets on an individual basis.
Each device is configured with QoS policies to follow.
No advance reservations
QoS information is contained in each packet header.
Fire Truck analogy: Police at each intersection but dont know fire
truck is coming until they see the lights or hear the siren (packet
header QoS), then they give priority to the fire truck.

49

Differentiated services model

Differentiated Service or DiffServ architecture


Each packet is classified upon entry into the network.
These are represented using the Type of Service (ToS) field.
IP packet header:
IP precedence or
Differential Services Code Point (DSCP)
Either of these can be used to signify the QoS requirements of an IP
packet.

50

Differentiated services model

Packets are classified at the edge by


Access layer switches
Border routers
Hosts/Applications
Unlike the IntServ model, DiffServ does not require network
applications be QoS aware.

51

DiffServ QoS at Layer 3: ToS and DSCP

ToS byte can be used to mark packets.


IP Precedence: 3 bits
Type of Service: 5 bits
DiffServ keeps the existing IP ToS byte but uses it in a more scalable fashion.
Known as the DSCP (DiffServ Code Point)
Also known as the DS Byte
Terminology: ToS byte = DS byte
Same location but different interpretation
DSCP has been arranges so it is backward compatible with the IP
precedence bits.

52

ToS

Class
Selector

Drop
Precendence

ToS
IP DSCP value is the first 6 bits
IP Precedence value is the first 3 bits
The IP Precedence value is actually part of the IP DSCP value.
Therefore, both values cannot be set simultaneously.
DSCP supersedes IP Precedence.
A maximum of:
8 different IP precedence markings
64 different IP DSCP markings

53

DiffServ QoS at Layer 2: CoS

Data Link Layer:


Ethernet frames have no fields to signify its QoS requirements.
ISL or 802.1Q provides a 3 bit Class of Service (CoS) field.
Gives Layer 2 switches the ability to prioritize traffic.
802.1Q
3 bit Priority field indicates the frame CoS.
Untagged frames will receive a default CoS configured on the receiving
switch.
ISL
54
Similar but slightly different format.

CoS

The 3 bit CoS field present allows eight levels of priority.


0 lowest priority to 7 highest priority
Switches set a layer 2 CoS value for traffic based on their
ingress port
Hosts/applications can also set the CoS
Routers can translate the CoS value into an equivalent IP
Precedence or DSCP value

55

Trusting the CoS

If Edge device (IP phone or application) is capable of setting the CoS


bits then other devices must decide whether to trust the device or not.
The default action of switches:
Not to trust edge devices
Any frames that enter the switch have their CoS re-written to the lowest
priority of 0.
If the edge device can be trusted:
Default behaviour must be overridden
Access switch must be configured to simply switch the frame leaving
the CoS bits untouched.
56

Slight tangent on configuring QoS and CoS

We are going to discuss configuring QoS for voice shortly but for
now I just want to discuss trusting the CoS value.
These slides will have a blue header.

57

Configuring CoS trust using the IOS

switch(config)# mls qos


Required on both the Catalyst 3550 and 6500.
The Catalyst 2950 has QoS enabled by default.

Depending on the switch model it may be necessary to first activate QoS using the command:

58

Configuring CoS trust using the IOS


The trust is configured on the switch port using the command:
switch(config-if)# mls qos trust cos
Any ISL or 802.1Q/P frames that enter the switch port will
now have its CoS passed, untouched, through the switch.
If an untagged frame arrives at the switch port, the
switch will assign a default CoS to the frame before
forwarding it. (How it will be treated within the switch.)
Default CoS = 0
Can be changed using the interface configuration
command:

switch(config-if)# mls qos cos default-cos

default-cos is a number between 0 and 7


59

Assigning CoS on
a per-port basis

switch(config-if)# mls qos trust cos


switch(config-if)# mls qos cos default-cos
If the incoming frame has a CoS, maintain the same CoS.
If the incoming frame has no CoS (0), apply the default CoS.

60

Re-writing the CoS

Switch(config-if)# mls qos cos override


switch(config-if)# mls qos cos default-cos

May be desirable not to trust any CoS value that may be present
in frames sourced from an edge device.
Override parameter - ignores any existing CoS value
Apply the default value. (Default = 0)
End of tangent
61

Traffic marking
Layer 2

Layer 3
The decision of whether to mark traffic at layers 2 or 3 or both is not trivial
and should be made after consideration of the following points:
Layer 2 marking of frames can be performed for non IP traffic.
Layer 2 marking of frames is the only QoS option available for
switches that are not IP aware
Layer 3 marking will carry the QoS information end-to-end
Older IP equipment may not understand DSCP
62

Mapping Layer 2 and Layer 3

When a frame is marked with DSCP, for example, and it needs to traverse a
series of Layer 2 switches or 802.1Q Trunks.
How will it be queued in these Layer 2 devices?
To accomplish this, there is a mapping that takes place between the Layer 3
mapping field (TOS) and the Layer 2 CoS fields.
I will show how this works soon.
Mapping is vendor specific.
On Cisco devices, this is taken care of for you through a mapping
process.

63

Putting it all together

64

Routine
Default class, Class 0
Offers only best-effort delivery

65

Classes 1 through 4 are called Assured Forwarding (AF) levels.


Packets with lower class numbers are more likely to be dropped.
Packet with AF Class 4 is more likely to be delivered than a packet with
an AF Class of 3
66

Class 5 is known as expedited forwarding (EF).


Packets with this class number are given premium service and are least
likely to be dropped.
Used for time-critical traffic such as voice.
67

Class 6 and 7 are used for operations necessary to keep the network functioning properly.
Used by routers and switches for packets containing STP, routing protocols, etc.

68

Each DSCP class has three levels of drop


precedence
1: Low (least likely to be dropped)
2: Medium
3: High (most likely to be dropped)
NOTE: Packets with a higher drop precedence have
the potential for being dropped before those with a
lower value.
This gives DSCP a finer granularity to the decision of
what packet to drop when necessary.
69

DSCP value can be given a codepoint name with


the class selector providing:
two letters (AF or EF)
followed by the Class Selector number
followed by the Drop Precedence number
Class AF Level 2 with a drop precedence of 1 (Low)
is written and referred to as:
AF21
The DSCP is commonly give a decimal value.
For AF21 the decimal value is:
18 (the decimal equivalent of the six binary bits)

70

These values are not as random as they may seem.


Class selector: First three bits
Drop Precedence: Next three bits, 3rd bit is always 0
1: 010 (1, if you remove the last bit)
2: 100 (2 , if you remove the last bit)
3: 110 (3 , if you remove the last bit)
And remember, the decimal value is just the bits in
decimal.
71

When a frame is marked with DSCP, and it needs to traverse a series of Layer 2
switches or 802.1Q Trunks how will it be queued in these Layer 2 devices?
Mapping that takes place between the Layer 3 DSCP (or ToS) to the Layer 2 CoS
fields.
The CoS value is the value of the 3 ToS bits or the first 3 bits of the DSCP (same
values) with the last three bits of 000.

72

Implementing QoS for Voice

Classification

Classification: The process by the switch to identify which level of service


each packet should receive.
Switch of router may also look at: (outside this scope of the current CCNP
SWITCH course and exam)
Port numbers
Stateful inspection of packet flow
ACLs
Switch may also look at:
IP packets may have ToS or DSCP values.
Ethernet frames on a trunk may have CoS values.
A switch can decide to whether or not to trust the ToS, DSCP or CoS values
already assigned it the inbound packet (from the device or another switch).

74

Trust

A switch can decide to whether or not to trust the ToS, DSCP or CoS
values already assigned it the inbound packet (from the device or
another switch).
If the QoS values are not trusted they can be reassigned or
overruled.
Set to a trusted value which falls within the QoS policies.
This prevents users (or applications) from falsely setting the ToS
or DSCP values of the packets to receive higher priority.
75

Trust boundary

Public Network

Trust Boundary

Trust Boundary

An organization should be able to trust the:


QoS values within its own network
Do not trust QoS values from outside your network
QoS values assigned by the network devices themselves
Do not trust QoS values assigned by the devices themselves
Trust boundary is usually on the farthest reaches of the enterprise network:
Access switches
WAN or ISP demarcation points
All routers and switches must be configured with the appropriate QoS
features and policies so that the trust boundary is completely formed and
implemented throughout the network.

76

Configuring QoS for Voice

When a Cisco IP Phone is connected to a switch port, think of the IP


Phone as another switch (because it is).
If you install the phone as part of your network you can trust the
QoS values relayed by the phone.
However, the phone has two sources of data:
VoIP packets coming from the phone (can trust)
Data packets coming from the PC data port on the phone
(cannot trust)

77

Configuring QoS for Voice

The switch instructs the IP Phone using CDP messages on how it


should extend the QoS trust to the user data switch port.
To configure the QoS and the trust extension

78

Configuring QoS for


Voice
1. Enable QoS on the switch
Switch(config)# mls qos
2. Define the QoS parameter to be trusted
Switch(config)# interface type mod/num
Switch(config-if)# mls qos trust {cos | ip-precedence | dscp}

Only one of these values can be selected.


Generally, for Cisco IP Phones you should always use cos because the
phone can control the CoS values on its two-VLAN trunk.
3. Make the trust conditional only if a Cisco IP Phone is present
Switch(config-if)# mls qos trust device cisco-phone

If Cisco IP Phone is not detected, the QoS parameter from the device will
not be trusted.
79

Configuring QoS for


Voice

4. (Optional) Instruct the IP phone to extend its trust boundary to the PC data port
Switch(config-if)# switchport priority extend {cos value | trust}

Normally, the QoS value from the PC connected to the IP Phone should not
be trusted.
If the CoS value from the data port cannot be trusted they should be
overwritten to a CoS value of 0.
This is the default.
By default, the switch instructs the attached IP Phone to consider the
PC port as untrusted and to overwrite the CoS value to 0.
If the CoS value from the data port can be trusted use the trust keyword
to forward these frames unmodified.
cos valueConfigure the IP phone to override the priority received from the
PC or the attached device with the specified CoS value.

80

Configuring QoS for Voice

5. Configure the switch uplink ports (ports between switches) to trust the CoS
Switch(config-if)# mls qos trust cos

Switch uplink ports should always be considered as trusted ports as long as


they are connected to devices within the trust boundary.

81

Sample configuration

Switch(config)# interface FastEthernet0/24


Switch(config-if)# switchport access vlan 100
Switch(config-if)# switchport voice vlan 200
Switch(config-if)# mls qos trust cos
Switch(config-if)# mls qos trust cisco-phone
Switch(config-if)# switchport priority extend trust

Only if you want to trust the CoS from the PC data port
switchport priority extend trust

82

Switch# show inter fa 0/24 switchport


Name: Fa0/24
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 100 (VLAN0100)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: 200 (VLAN0200)
Switch(config)#
Administrative private-vlan host-association:
none interface FastEthernet0/24
Administrative private-vlan mapping:
none
Switch(config-if)#
switchport access vlan 100
Administrative private-vlan trunkSwitch(config-if)#
native VLAN: none
switchport voice vlan 200
Administrative private-vlan trunk Native VLAN tagging: enabled
Switch(config-if)# mls qos trust cos
Administrative private-vlan trunk encapsulation: dot1q
Switch(config-if)# mls qos trust cisco-phone
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunkSwitch(config-if)#
private VLANs: none switchport priority extend trust
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: trusted
ALS1#

Default is none
83

Auto QoS

Cisco switches and routers support a variety of other QoS mechanisms and
parameters.
These can be overwhelming and complex.
This is one reason why the bulk of QoS is no longer covered in the
SWITCH course/exam.
To reduce the complexity, Cisco introduced the Auto-QoS feature on most
switch platforms.
Auto-QoS is a macro command that enters many other configuration
command.
Auto-QoS is not meant to be used on all switches, mostly on access level
switches.

84

Auto QoS
Switch(config)# interface type mod/num
Switch(config-if)# auto qos voip {cisco-phone | cisco-softphone |
trust}

Auto-QoS is a macro which automatically performs the following


configurations:
Enabling QoS
CoS-to-DSCP mapping
Ingress and egress queue tuning
Strict priority queues for egress voice traffic
Establishing an interface QoS trust boundary
cisco-phone: If the switch port is connected to a Cisco IP Phone.
cisco-softphone: If the PC is running the Cisco SoftPhone
application.
trust: If the switch port is an uplink port to another switch or router.

85

Cisco Softphone

86

Auto QoS
Switch(config)# interface FastEthernet0/15
Switch(config-if)# switchport access vlan 100
Switch(config-if)# switchport voice vlan 200
Switch(config-if)# auto qos voip cisco-phone
Switch# show run
interface FastEthernet0/15
switchport access vlan 100
switchport voice vlan 200
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust device cisco-phone
Otherwise manually configured
mls qos trust cos
auto qos voip cisco-phone
Portfast is automatically enabled
spanning-tree portfast
with voice VLAN.

Any existing QoS configuration must be completely removed from


an interface before Auto-QoS can be applied.
You will also see many other QoS commands in the running config!

87

Side discussion (FYI)


Queuing Overview and WFQ

Queuing overview

A protocol-dependent switching process handles traffic arriving at a


router interface.
This process includes delivery of traffic to an outgoing interface
buffer.
First-in, first-out (FIFO) queuing is the classic algorithm for packet
transmission.

89

Queuing
overview

Cisco IOS software offers three alternative queuing options:


Weighted fair queuing (WFQ)
Class-based weighted fair queuing (CBWFQ) - IOS 12.2 and later
Low latency queuing (LLQ) - IOS 12.2 and later
Queuing methods discussed in previously in CCNP, and have been replaced
somewhat by CBWFQ and LLQ
Custom Queuing replaced by CBWFQ
Priority Queuing replaced by LLQ
90

Effective use of traffic prioritization

Generalizations on Queuing:
If there is no congestion on the WAN link, traffic prioritization is not
necessary.
If a WAN link is constantly congested, traffic prioritization may not
resolve the problem.
Adding bandwidth might be the appropriate solution.

91

Establishing a queuing policy

Goal is to deploy and maintain a single enterprise network that supports


a variety of:
Applications
Organizations
Technologies
User expectations
Result: Provide all users with an appropriate level of service, while continuing
to support mission-critical applications.

92

Choosing a Cisco IOS queuing options

Custom
CBWFQ

Priority
LLQ (PQ/CBFQ)
WFQ

Typically, voice and video have the lowest tolerance for delay.

93

Weighted Fair Queuing

FIFO First In First Out


(single interface outbound queue)

(one packet at a time)

(relative time of arrival)

FIFO queuing is in effect, traffic is transmitted in the order received without


regard for bandwidth consumption or the associated delays.
Packet trains are groups of packets that tend to move together
through the network.
These packet trains can consume all available bandwidth, and other
traffic flows back up behind them.
95

FQ Fair Queuing
(single interface outbound queue)

(one packet at a time)

Fair Queuing is not an option on Cisco routers.


Allows packets that are ready to be transmitted to leave, even if they
started to arrive after another packet.
Complete packets that are ready to be transmitted leave first.
Remember, packets may enter the output buffer from a variety of input
interfaces.

96

Weighted fair queuing overview


Packet 3 is queued before packets 1 or
2 because packet 3 is a small packet in
a low-volume conversation
Small packet in low-volume conversation arrives 3rd

Weighted fair queuing (WFQ) is an automated method that provides fair bandwidth
allocation to all network traffic.
Provides traffic priority management that dynamically sorts traffic into
conversations, or flows.
Then breaks up a stream of packets within each conversation to ensure that
bandwidth is shared fairly between individual conversations.
There are four types of weighted fair queuing:
Flow-based Default (WFQ)
Distributed - Runs on Versatile Interface Processor
Class-based
Distributed class-based

97

Weighted fair queuing overview


(single interface outbound queue)

(one packet at a time)

Flow Based WFQ schedules delay-sensitive traffic to the front of a queue to reduce
response time, and also shares the remaining bandwidth fairly among highbandwidth flows.
By breaking up packet trains, WFQ assures that:
Low-volume traffic is transferred in a timely fashion.
Gives low-volume traffic, such as Telnet sessions, priority over high-volume
traffic, such as File Transfer Protocol (FTP) sessions.
Gives concurrent file transfers balanced use of link capacity.
Automatically adapts to changing network traffic conditions.
98

Weighted fair queuing overview


T1

T3

WFQ default on T1/E1


and slower.
FIFO default on faster
than T1/E1.

Weighted fair queuing is enabled by default for physical interfaces


whose bandwidth is less than or equal to T1/E1, or 1.544
Mbps/2.048 Mbps.

99

Weighted fair queuing operation


Packet 3 is queued before packets 1 or
2 because packet 3 is a small packet in
a low-volume conversation
Small packet in low-volume conversation arrives 3rd

The WFQ sorting of traffic into flows is based on packet header


addressing.
Common conversation discriminators are as follows (based on a hash):
Source/destination network address
Source/destination Media Access Control (MAC) address
Source/destination port or socket numbers
Frame Relay data-link connection identifier (DLCI) value
Quality of service/type of service (QoS/ToS) value
The router determines what the actual flows are, not the administrator.
100

Weighted fair queuing operation

WFQ assigns a weight to each flow.


Lower weights are served first.
Small, low-volume packets are given priority over large, high-volume
conversation packets.
Flow Based WFQ algorithm allocates a separate queue for each
conversation.
WFQ is IP Precedence-aware.
This is only pertinent if the IP precedence bit is used
101

Weighted fair queuing


(single interface outbound queue)
Flow #1
Flow #2

Flow #3
17

15 14

10

(relative time of arrival)

WFQ starts by sorting traffic that arrives on an egress interface into conversation
flows.
The router determines what the actual flows are
The administrator cannot influence this decision.
Conversations are based on a hash (combination) of:
Source/destination network address
Source/destination Media Access Control (MAC) address
Source/destination port or socket numbers
Frame Relay data-link connection identifier (DLCI) value
Quality of service/type of service (QoS/ToS) value

102

Weighted fair queuing


IP ToS bits are used to determine which
packet gets priority.
Simplification:
Dispatch = Finish time x Weight
Weight = 32768/(IP Prec + 1)

IP Precedence

Weight 12.0(5)T and later

Our Value

32768

16384

10920

8192

6552

5456

4680

4096

103

Weighted fair queuing


(single interface outbound queue, IP Prec Our Value)
Flow #1

0-8

Flow #2

3-5

Flow #3

0-8
17

15 14

10

(relative time of arrival)

FIFO Largest first, then medium, then smallest


FQ Smallest first, then medium, then largest
WFQ Multiplier is used, weight = 32768/(IP Prec + 1)
To keep it simple we will use our values and leave out some details.
Lowest value wins!
Higher IP Precedence gets a lower value (weight)
104

Weighted fair queuing


(single interface outbound queue, IP Prec Our Value)
Flow #1

0-8

Flow #2

3-5

Flow #3

0-8
17

15 14

0-8

0-8

3-5

10

(relative time of arrival)

Lowest wins!
Dispatch = Finish time x Our Value (weight)
First packet: 17 x 8 = 136
Last
Second packet: 15 x 5 = 75
Lowest
Third packet: 14 x 8 = 112
Next lowest

105

Weighted fair queuing


(single interface outbound queue, IP Prec Our Value)
Flow #1

0-8

Flow #2

3-5

Flow #3

3-5
20

3-5

0-8

0-8

3-5

0-8
17

15 14

10

(relative time of arrival)

Must wait for previous packet in flow to leave.


Handled using FIFO.
What if a flow has contains packets with different IP Precedence bits?
Problem is that high-priority packet, 3-5, cannot be dispatched until after the
large packet in front of it (same flow) leaves.
Packets within a flow are handled FIFO.
106

TCP Slow Start and Congestion


Avoidance
TCP Slow Start and Congestion avoidance are important issues in
networking.
For more information on these topics, please see:
TCP Performance
by Geoff Huston, Telstra
http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac196/about_cis
co_ipj_archive_article09186a00800c8417.html
TCP/IP Illustrated, Vol. 1 W. Richard Stevens Addison-Wesley Pub Co
ISBN: 0201633469
IP Quality of Service, Cisco Press

107

Suggested Readings

108

CIS 187 Multilayer Switched Networks


(CCNP Switch)
IP Telephony
Rick Graziani
Cabrillo College
graziani@cabrillo.edu
Spring 2011