Académique Documents
Professionnel Documents
Culture Documents
• QoS Introduction
• QoS Technologies Overview
• QoS Best Pratice Design Principle
• QoS Design for WAN 、 Branch 、 VPN
• QoS Design for Campus
Cisco
IP IP IP IP
cTCP data
Compress
the Headers
IP IP IP IP
Delay = P1 + Q1 + P2 + Q2 + P3 + Q3 + P4 = X ms
End-to-end delay equals a sum of all propagation, processing and queuing delays
in the path
Propagation delay is fixed, processing and queuing delays are unpredictable in
best-effort networks
cRTP data
Compress
the Headers
Forwarding
IP IP IP IP IP
Tail-drop
Tail-drops occur when the output queue is full. These are the most common drops which
happen when a link is congested.
There are also many other types of drops that are not as common and may require a
hardware upgrade (input drop, ignore, overrun, no buffer, ...). These drops are usually a
result of router congestion.
Queuing System
Queue
Packet Optional
Pre- Sche-
Optional
Stream Queuing Queue duler
Post-
Queuing
Operators Operators
Classification
Queue
Queuing System
Queue
Optional Optional
Pre- Sche- Post-
Queuing Queue duler Queuing
Operators Operators
Classification
Queue
Data
QoS for QoS for
Security Tiered Services
QoS for
Convergence
Architecture Standards
Data
QoS for QoS for
Security Tiered Services
Management Technologies
Management Applications
QoS for
Convergence
Auto-Provisioning
Provisioning/
Voice Voice
Realtime Interactive-Video
Video Streaming Video
Call Signaling Call Signaling Call Signaling
IP Routing
Network Control
Network Management
Critical Data Mission-Critical Data
Critical Data
Transactional Data
Bulk Data Bulk Data
CB Zone
Satellite Quality
High Quality Fax Relay, Broadcast
PSTN
IP WAN
Propagation
CODEC Queuing Serialization and Network Jitter Buffer
Fixed
G.729A: 25 ms Variable Variable (3.3 µ s/Km) + 20–50 ms
Network Delay
(Variable)
Voice
Reconstructed Voice Sample
3
• Latency ≤ 150 ms
Voice
One-Way
• Jitter ≤ 30 ms Requirements
• Loss ≤ 1%
• 17–106 kbps guaranteed priority
bandwidth per call • Smooth
• 150 bps (+ layer 2 overhead) • Benign
guaranteed bandwidth for • Drop sensitive
voice-control traffic per call • Delay sensitive
• CAC must be enabled • UDP priority
30pps
“P” and “B” Frames
128–256 Bytes
15pps
32Kbps
1025–1500 Bytes
37% 65–128 Bytes
1%
129–256 Bytes
513–1024 Bytes 34%
20%
257–512 Bytes
8%
• Loss ≤ 1%
• Minimum priority bandwidth
guarantee required is
• Bursty
Video-stream + 10–20%
• Drop sensitive
e.g., a 384 kbps stream could • Delay
require up to 460 kbps of sensitive
priority bandwidth • UDP priority
• CAC must be enabled
512–1023 253–511
Bytes Bytes
1024–1518
Bytes
128–252 65–127
Bytes Bytes
• Classification tools
• Scheduling tools
• Policing and shaping tools
• Link-Specific tools
• Signaling tools (RSVP)
• AutoQoS tools
• QoS for Security
7 6 5 4 3 2 1 0
Standard IPv4
IP Precedence Unused
DiffServ Code Point (DSCP) IP ECN DiffServ Extensions
Payload 3 2 1 0
MPLS EXP S
Overflow
CIR
CBS EBS
No No
B<Tc B<Te
PIR CIR
PBS CBS
No No
B>Tp B>Tc
Video 2 2
3 3
Data
Bandwidth
100% Utilization
Time
Tail Drop
Three Traffic Flows Another Traffic Flow
Start at Different Times Starts at This Point
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 44
Scheduling Tools
Congestion Avoidance Algorithms
TAIL DROP
WRED Queue
3 3
1 0
1 2 1 2 0 2 0 3 2 1 3
0
3
• Queueing algorithms manage the front of the queue
0
Which packets get transmitted first
3
• Congestion avoidance algorithms manage the tail of
the queue
Which packets get dropped first when queuing buffers fill
• Weighted Random Early Detection (WRED)
WRED can operate in a DiffServ-compliant mode
Drops packets according to their DSCP markings
WRED works best with TCP-based applications, like data
100%
50%
Average
0 Queue
Begin Begin Begin Size
Dropping Dropping Dropping
AF13 AF12 AF11 Max Queue
Length
(Tail Drop)
Version ToS
Len ID Offset TTL Proto FCS IP SA IP DA Data
Length Byte
IPv4 Packet
7 6 5 4 3 2 1 0
DiffServ Code Point (DSCP) ECT CE
Traffic Shaping Limits the Transmit Rate to a Value Lower Than Line Rate
!
!
class-map match-any AutoQoS-VoIP-RTP-Trust
interface Multilink2001100117
match ip dscp ef
bandwidth 768
class-map match-any AutoQoS-VoIP-Control-Trust
ip address 10.1.102.2 255.255.255.0
match ip dscp cs3
service-policy output AutoQoS-Policy-Trust
match ip dscp af31
ip tcp header-compression iphc-format
!
no cdp enable
!
ppp multilink
policy-map AutoQoS-Policy-Trust
ppp multilink fragment delay 10
class AutoQoS-VoIP-RTP-Trust
ppp multilink interleave
priority percent 70
ppp multilink group 2001100117
class AutoQoS-VoIP-Control-Trust
ip rtp header-compression iphc-format
bandwidth percent 5
!
class class-default
…
fair-queue
!
!
interface Serial2/0
bandwidth 768
no ip address
encapsulation ppp
auto qos voip trust
no fair-queue
ppp multilink
ppp multilink group 2001100117
!
Transactional/Interactive AF21
Best Effort 0
Scavenger CS1
<policy continued>
!
policy-map AutoQoS-Policy-Se4/0-Parent
class class-default
shape average 256000
service-policy AutoQoS-Policy-Se4/0
!
interface Serial4/0 point-to-point
frame-relay interface-dlci 100
class AutoQoS-FR-Serial4/0-100
!
map-class frame-relay AutoQoS-FR-Serial4/0-100
frame-relay cir 256000
frame-relay mincir 256000
frame-relay fragment 320
service-policy output AutoQoS-Policy-Se4/0-Parent
Global
Impact
Scope of Damage
Regional
Networks
Next Gen
Infrastructure
Hacking, Flash
Multiple Third Gen Threats,
Networks Multiserver Massive Worm
DoS, DDoS, Driven DDoS,
Individual
Second Gen Blended Threat Negative
Macro Viruses, (Worm+ Virus+ Payload
Networks Trojans, Email, Viruses,
Trojan), Turbo
Single Server Worms, Worms, and
First Gen DoS, Limited Widespread Trojans
Individual
Boot Viruses Targeted System
Computer Hacking Hacking
1—The Enabling
Vulnerability
2—Propagation
Mechanism
3—Payload
L3VPN
Internet
L2VPN
BBDSL
MetroE
Teleworker
Output
Input from the Control
to the Plane
Control Plane
Control Plane Policing Silent Mode
(Alleviating DoS Attack) (Reconnaissance Prevention)
Processor
Switched
Packets
NAT
CEF/FIB Lookup
CEF Input Forwarding
Path
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 66
Data Plane Policing (Scavenger-Class QoS)
Part One: First Order Anomaly Detection
Normal/Abnormal Threshold
Police
MetroE
Protect the Control Plane
• Control plane policing
Teleworker
L3 Classification L2
Application
IPP PHB DSCP CoS
Routing 6 CS6 48 6
Voice 5 EF 46 5
Video Conferencing 4 AF41 34 4
Streaming Video 4 CS4 32 4
Mission-Critical Data 3 AF31* 26 3
Call Signaling 3 CS3* 24 3
Best Effort
≥ 25%
Scavenger/Bulk
≤ 5%
Real-Time
≤ 33%
Critical Data
Best Effort
Bulk ≥ 25%
4%
Scavenger/ Voice
Bulk 5% 18%
Streaming-Video
Real-Time
≤ 33%
Critical Data
Network Management
Transactional Data
Interactive Video
15%
Mission-Critical Data
Internetwork-
Call-Signaling Control
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 76
Policing Design Principles
Where and How Should Policing Be Done?
WAN Aggregator
Campus
Distribution/
Queuing/Dropping/Shaping/
Core Switches Link-Efficiency Policies for
Campus-to-Branch Traffic
WAN Aggregator
WAN
Branch Router
Branch
Switch
WAN
P Routers
CE Router
PE Router PE Router CE Router
MPLS VPN
PE-to-CE Queuing/Shaping/LFI Required
Optional
Queuing/Dropping/Shaping/Link-Efficiency Policies
LLQ for Crypto
QoS Pre-Classification
ISAKMP Protection
Anti-Replay Tuning