Deploying QoS For Enterprise Network Infrastructures

Deploying QoS for Enterprise
Network Infrastructures
Mark Montañez
Enterprise Solutions Engineering
Design Team: CANI - QoS
PACUG AVVID
QOS Seminar © 2002, Cisco Systems, Inc. All rights reserved. 1
Session Objectives
• To be able to design and implement a converged

voice, video, and data network that can
guarantee voice quality while enabling video
conferencing and mission critical data
applications
• More information available here:
QoS SRND
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns1
IP Tel SRND
http://www.cisco.com/en/US/netsol/ns110/ns163/ns165/ns268
PACUG AVVID
The Enterprise Network Design Model
The OSI Stack Revisited
Business Layer
Application Layer
Highly Available, QoS-Enabled Infrastructure Layer
PACUG AVVID
3 Steps for Implementing QoS
• Classification—Marking the packet with a
specific priority denoting a requirement
for special service from the network
• Scheduling—Assigning packets to one of
multiple queues (based on classification)
for preferential treatment throughout
the network
• Provisioning—Accurately calculating the
required bandwidth for all applications
plus element overhead
PACUG AVVID
QoS Is Needed to Minimize
Packet Loss, Delay and Delay Variation
Where QoS Is Needed
Central Campus Remote Branch
Si
Si
WAN
QoS—Campus Access QoS—Campus Dist. QoS—WAN QoS—Branch

• Speed and duplex • Layer 3 policing for • Low-latency queuing • Speed and duplex
settings content distribution • Data traffic queue settings
• Classification/trust on IP • Multiple queues on all provisioning • Classification/trust on IP
phone, VC station, ports; priority queuing • Link fragmentation and phone, VC station,
content service, and for VoIP interleave Content service and
Citrix server • WRED within data Citrix traffic
• Traffic shaping
• Multiple queues on IP queues for congestion • Multiple queues on IP
• Admission control
phone and access ports management phone and access ports
PACUG AVVID
Agenda
• Quality Concerns with IP Telephony, Multimedia
Applications and Mission-Critical Data
• General Enterprise QoS Design Considerations
• Connecting the End-Points
• Designing the Campus
• Enabling the WAN
• QoS Impact
• VoIP and the Telecommuter
• Questions and Answers
• Summary
PACUG AVVID
Example of PCM (64Kbps)
IP Telephony Call
80Kbps
64Kbps
Single PCM VoIP Call
• Consistent, easily managed packet rate (default 50pps)

• A G.711 call is really ~80Kbps over a data network
• Packet loss
Current Cisco GW DSP CODEC algorithms can correct for 30 msec
of lost voice—1 G.729A voice packet contains 20 msec of voice
One lost FAX over IP packet causes a MODEM retrain;
2 drops cause a call disconnect
Causes of packet loss: Network quality, network congestion and
delay variation (jitter buffer under-runs and over-runs)
PACUG AVVID
Example of 384 Kbps Video (30 fps)
Conferencing Traffic (CIF)
“I” Frame “I” Frame
1024–1518 1024–1518
Bytes Bytes
600Kbps
30pps
“P” and “B” Frames

128–256 Bytes
15pps
32Kbps
• “I” frame is a full sample of the video

• “P” and “B” frames use quantization via motion vectors
and prediction algorithms
PACUG AVVID
Video Conferencing Traffic
Packet Size Breakdown (CIF)
1025–1500 Bytes 65–128 Bytes

37% 1%
129–256
513–1024 Bytes Bytes 34%
20%
257–512 Bytes
8%
PACUG AVVID
Some Applications that Require QoS
• Citrix • FTP
• DLSw+ • Batch updates
• PeopleSoft • Backups
• Oracle • Napster
• ERP— • KaZaa
underlying apps
• Morpheus
• PC replication/
• Grokster
multicast applications
• Video distribution
PACUG AVVID
Provisioning for Data:
General Principles
• Profile applications to their basic network

requirements
• Don’t over-engineer provisioning
• Use proactive policies before reactive
(policing) policies
• Seek executive endorsement of relative
ranking of application priority prior to
rolling out QoS policies for data
PACUG AVVID
Agenda
• Connecting the End-points
• QoS Impact
• Summary
PACUG AVVID
Layer 2 and 3 Traffic Classification
Layer 2
802.1Q/p
TAG
PREAM. SFD DA SA Type PT DATA FCS
4 Bytes
Three Bits Used for CoS

(802.1D User Priority)
PRI CFI VLAN ID
Layer 3
IPV4
Version ToS
Length 1 Byte Len ID Offset TTL Proto FCS IP-SA IP-DA Data
7 6 5 4 3 2 1 0
IP Precedence Flow Control

for DSCP
DSCP
Standard IPV4: Three MSB Called IP Precedence
PACUG AVVID
(Diffuser May Use Six D.S. Bits Plus Two for Flow Control)
Diff-Serv Behaviors
Per-Hop Behaviors (PHB) Diffuser Code Points (DSCP)
Expedited 101110
EF
Forwarding
Assured Low Drop Med Drop High Drop

Prêt Prêt Prêt
Forwarding
Class Selector (CS) 4 AF41 AF42 AF43 100010 100100 100110

Best
000000
Effort
PACUG AVVID
Diff-Serv Behaviors
Per-Hop Behaviors
DSCP (PHB)
Decimal Binary Diffuser Code Points (DSCP)
IP PREC Binary
<BE1 2 000010 0 000
Expedited <BE2 4 000100 0 000
EF
<BE3 6 000110 0
101110
Forwarding 000
BE 0 000000 0 000
AF11 10 001010 1 001
Assured Low Drop 12
AF12 Med Drop High Drop1
001100 001
Prêt
Forwarding AF13 14 Prêt 001110Prêt 1 001
Class Selector (CS) 4 AF41 18 AF42010010
AF21 AF43 2 010
100010 100100 100110
AF22 20 010100 2 010
Class Selector (CS) 3 AF31 22 AF32010110
AF23 AF33 2 010
011010 011100 011110
AF31 26 011010 3 011
Class Selector (CS) 2 AF32
AF21 28 AF22011100 AF23 3 011
010010 010100 010110
AF33 30 011110 3 011
AF11 34 AF12
AF41 100010 4 100
Class Selector (CS) 1 AF13 001010 001100 001110
AF42 36 100100 4 100
Best AF43 38 100110 4 100
EF 46 101110 5 000000
101
Effort
PACUG AVVID
Designing the Campus
General Guidelines
Si
• A robust, modern switching design is a requirement

Designing High-Performance Campus Intranets with Multilayer Switching
http://www.cisco.com/warp/public/cc/so/cuso/epso/entdes/highd_wp.htm
Gigabit Campus Design
http://www.cisco.com/warp/public/cc/so/neso/lnso/cpso/camp_wp.htm
Gigabit Campus Network Design— Principles and Architecture
http://www.cisco.com/en/US/netsol/ns110/ns146/ns147/ns17/networking_solutions_implementation_w
• Multiple queues are required on all interfaces to prevent

TX queue congestions/drops
• RTP bearer traffic should always go into the highest
priority queue; control should go into separate queue
PACUG AVVID
Building the Branch Office
General Guidelines
• The WAN branch router must support advanced

Cisco QoS tools
• Map between layer 2 and layer 3 classification
schemes
• Use a branch switch with multiple queues
• 802.1Q trunking between the router and switch for
multiple VLAN support (separation of voice/data
traffic) is preferred
PACUG AVVID
Enabling the WAN
General Guidelines
QoS Enabled
WAN
• Queuing
Use CBWFQ for data on all WAN interfaces in a converged network
LLQ for VoIP and video conferencing
• Traffic shaping is required for all frame-relay and ATM/FR
networks
• If running VoIP, use LFI on WAN connections below 768Kbps
Don’t use LFI on any video over IP solutions with VoIP
• Use cRTP carefully
PACUG AVVID
VoIP Over IPSec VPNs
General Guidelines
VPN
• Crypto is a FIFO queue, so:

Take steps to not over drive the crypto engines capabilities (CAR, skip crypto for voice,
new code coming, etc.)
• Use pre-classify when more than ToS byte used for classification
• If using IP mc MoH, IPSec GRE tunnel is required
• cRTP does not work w/IPSec
• See ESE SOHO VPN QoS Design Guide (Part of QoS SRND)
• See ESE Web Site V3PN Design Guide (available through your SE)
PACUG AVVID
Agenda
• QoS Impact
• Summary
PACUG AVVID
Classification Tools: Trust Boundaries
Endpoints Access Distribution Core WAN Agg.
1 Si Si
2
Si Si
3
Trust Boundary
• A device can be trusted if it correctly classifies packets

• For scalability, classification should be done as close to
the edge as possible
• The outermost trusted devices represent the
trust boundary
• 11 and 2 are optimal, 33 is acceptable (if access
switch cannot perform classification)
PACUG AVVID
PC CoS Settings Are Not Trusted
IP Phone Switch ASIC
Untrusted:
Phone ASIC Will
Re-Write CoS 0
COS = 5
COS = 5
COS = 7 COS = 0
• set port qos <mod/port> trust-ext _____
Only applies to port trust on the IP phone PC Ethernet port
Un-related to actual cat6k port trust
• set port qos <mod/port> trust ____
Applies to the actual switch port trust rules
untrusted (default), trust-cos, trust-ipprec, trust-dscp
Some 6k 10/100 cards require an additional ACL to actually enable
port trust
PACUG AVVID
Connecting the Video
Conferencing Stations
L3 Aware
• Watch physical speed/duplex settings/negotiation

• Trust classification of known room systems but filter
on assigned IP address; VC station is in a conference
room where anyone has access to the Ethernet port
• Use H.323 proxy to classify traffic from PC-based VC
for admission to WAN PQ
• All video conferencing traffic should be set to DSCP
AF41
PACUG AVVID
Integrating DLSw+
L3 Aware
• Default is IP Precedence 5 with no configuration; can cause PQ

over subscription if not accounted for
• trust-ipprec from router generating DLSw+ traffic
• Use the dlsw remote-peer priority to use the different DLSw+
ports; change the default DLSw+ IP Prec mapping
dlsw remote-peer 0 tcp 171.70.234.121 priority
dlsw tos map high 2 medium 2 normal 2 low 2
• DLSw+ is not DSCP aware so we can only set the IP
Precedence; admission to mission critical class needs to take
this into account
• Place in bandwidth defined class-based weighted fair queue
PACUG AVVID
Agenda
• QoS Impact
• Summary
PACUG AVVID
Is QoS Needed in the Campus?
“Just throw more

bandwidth at it. That
will solve the problem!”
Transmit Buffer Management Is Just as

Important as Bandwidth Management
PACUG AVVID
Transmit Queue Congestion—WAN
10/100m Queued 128k Uplink
WAN
Router
• 100 meg in 128 kb/s out—packets serialize in

faster than they can serialize out
• Packets queued as they wait to serialize out
slower link
PACUG AVVID
Transmit Queue Congestion—LAN
1 Gig Link Queued 100 Meg Link
Distribution Switch Access Switch
• 1 gig in 100 meg out—packets serialize in faster

than they can serialize out
• Packets queued as they wait to serialize out
slower link
• Many access ports aggregated into single
distribution link; instantaneous periods of
congestion
PACUG AVVID
Transmit Queue Congestion—
The Answer
Queue Mgr
• Multiple queues allow
us to protect the
queue containing Queue 1 Queue 2
important traffic
from drops
• Drops happen in BE
only queue(s)
RR/WRR/PQ
Queue Scheduler
Round Robin,
Weighted Round
Robin or Priority
Queuing Used for
Scheduling between Data Voice
Queues
PACUG AVVID
Transmit Queue Visibility
• Cat 6k CatOS - show qos Queue Mgr
statistics 4/1
Queue 1 Queue 2
• Cat 4500 SupIV - show int fa3/2
count all
• Cat 3550 – show mls qos int
statistics fa3/2 RR/WRR/PQ
Queue Scheduler
Data Voice
PACUG AVVID
Transmit Queue—Visibility 4500 SUPIV
Queue Mgr
4006-SUPIII-Access#sh int g3/2 count all Queue 1 Queue 2

.
.
.
Port InPkts 1549-9216 OutPkts 1549-9216 RR/WRR/PQ
Queue Scheduler
Port InPkts 1549-9216 OutPkts 1549-9216
Gi3/2 0 0 Voice
Data
Port Tx-Bytes-Queue-1 Tx-Bytes-Queue-2 Tx-Bytes-Queue-3 Tx-Bytes-Queue-4

Gi3/2 0 0 0 0
Port Tx-Drops-Queue-1 Tx-Drops-Queue-2 Tx-Drops-Queue-3 Tx-Drops-Queue-4

Gi3/2 1122 0 0 0
Port Rx-No-Pkt-Buff RxPauseFrames TxPauseFrames PauseFramesDrop

Gi3/2 0 0 0 0
PACUG AVVID
Access Layer
Classification and Scheduling
Required towards Phone and Distribution Layer
Core Si Si
QoS Required
Distribution Si Si
Access
PACUG AVVID
Campus QoS
atalyst Switches which Support Multiple Queues
Queuing/Scheduling Capabilities Depend on Hardware:
• Access • Distribution/core
2900/3500—2Q1T 4500/SUPIV—1P3Q2T
2950 4Q (priority 6500—2Q2T TX (10/100 classic)
schedule or WRR)
3550—1P3Q2T or 4Q2T 1Q4T RX (10/100 classic)
4000/SUPII—2Q1T 1P2Q2T TX (gig classic)
4500/SUPIV—1P3Q2T 1P1Q4T RX (gig classic)
(priority config)
1P3Q1T TX (10/100 fabric)
6500—2Q2T TX (10/100 classic)
1P1Q RX (10/100 fabric)
1Q4T RX (10/100 classic) 1P2Q1T TX (gig fabric)
1P2Q2T TX (gig classic) 1P1Q8T RX (gig fabric)
PACUG AVVID 1P1Q4T RX (gig classic)

Campus QoS
atalyst Switches which Support Multiple Queues
Queuing/Scheduling Capabilities Depend on Hardware:
• 1P2Q2T
1P2Q2T—One priority queue
1P2Q2T—Two additional queues
1P2Q2T—Two drop thresholds for each queue
• 2Q2T
2Q2T—Two queues
2Q2T—Two drop thresholds for each queue
PACUG AVVID
QoS in Catalyst 3550
• 4 transmit queues (1P3Q2T or 4Q2T)

Si
• Need to configure PQ and insure that CoS 5 traffic

serviced via PQ
Configurable PQ for 4th queue
priority-queue out
Configurable CoS to specific queue 6500 6500
wwr-queue 4 5
Configurable queue depth (expert mode)
Configurable queue weight (expert mode)
• 802.1p, DSCP or ACL-based QoS
• Trust DSCP, or CoS (policy maps) 3550 3550 3550
• Can set DSCP or CoS by port (marked/rewrite
or unmarked)
• Mapping from CoS to DSCP/DSCP to CoS
• Now shipping with inline power
PACUG AVVID
Catalyst 3550 Example
Access Layer—Access Port and Uplink
mls qos map cos-dscp 0 10 18 26 34 46 48 56
mls qos
Si
!
!
interface GigabitEthernet0/12
description Uplink to Distribution
no ip address 6500 6500
flowcontrol send off
mls qos trust dscp
wrr-queue cos-map 4 5
priority-queue out
!
interface Fastthernet0/1
description to IP Phone 3550 3550 3550
no ip address
mls qos trust CoS
priority-queue out
switchport voice vlan 111
switchport access vlan 11
switchport priority extend cos 0
PACUG AVVID
Access Layer—Classification
mls qos map cos-dscp 0 10 18 26 34 46 48 56
mls qos Si
!
class-map match-all VoIP-Bearer
match access-group name VoIP-Bearer
class-map match-all Mission-Critical
match access-group name Mission-Critical
class-map match-all VoIP-Control 6500 6500
match access-group name VoIP-Control
!
policy-map VoIP-Policy
class VoIP-Control
set ip dscp 26
class VoIP-Bearer
set ip dscp 46
class Mission-Critical 3550
set ip dscp 18 3550 3550
!
description Classification
no ip address
flowcontrol send off
service-policy in VoIP-Policy
priority-queue out
PACUG AVVID
QoS in Catalyst 4500—Access
(SUPIV)
• 4 queues (1P3Q2T or 4Q2T)
Need to configure PQ and insure that CoS 5
Si
traffic serviced via PQ

Configurable PQ for 3rd queue
tx-queue 3 Si Si
Priority high
Configurable queue depth (expert mode)
• 802.1p, DSCP or ACL-based QoS (policy 4000SUPIII
maps)
• Can set DSCP or CoS by port
(marked/rewrite or unmarked)
• Trust DSCP or CoS
• 4500
PACUG AVVID shipping with inline power (no PEM)
Catalyst 4000 (SUPIII) Example
Access Layer—Access Port and Uplink
qos map cos 1 to dscp 10
qos map cos 2 to dscp 18 Core Si

qos
! Distribution
! Si Si
description Uplink to Distribution
qos trust dscp
no snmp trap link-status
tx-queue 3
priority high Access 4000
!
!
interface FastEthernet4/1
description To IP Phone
qos trust cos
switchport voice vlan 111
switchport vlan 11
switchport priority extend cos 0
tx-queue 3
priority high
PACUG AVVID
Catalyst 4000 (SUPIII) Example
Access Layer—Classification
qos map cos 1 to dscp 10 Core Si
qos
! Distribution
class-map match-all VoIP-Bearer Si Si
match access-group name VoIP-Bearer

class-map match-all Mission-Critical
match access-group name Mission-Critical
class-map match-all VoIP-Control
match access-group name VoIP-Control
! Access
policy-map VoIP-Policy 4000
class Mission-Critical
set ip dscp 18
class VoIP-Control
set ip dscp 26
class VoIP-Bearer
set ip dscp 46
!
qos trust cos
service-policy in VoIP-Policy
tx-queue 3
priority high
PACUG AVVID
QoS in 6500 Switches—Access (PFC)
• Redundant SUP’s, transmit and receive queues,
priority queues and multiple drop thresholds
• 802.1p, DSCP or ACL-based QoS (policy maps) Si

• Can set by port DSCP or CoS (marked/rewrite or
unmarked) Si Si

• Port can trust DSCP, IP Prec or CoS
Recommended: trust-cos (access to RX PQ)
6500
10/100 cards require an additional step of configuring ACL to
trust traffic
• Output scheduling consists of:
Assigning traffic to queues based on CoS
Configuring threshold levels
Modifying buffer sizes (expert mode)
Assigning weights for WRR (expert mode)
PACUG AVVID
Access Layer—Catalyst 6000
Si
cat6k-access> (enable) set qos enable

cat6k-access> (enable) set qos cos-dscp-map 0 10 18 26 34
46 48 56
cat6k-access> (enable) set qos ipprec-dscp-map 0 10 18 26Si Si
34 46 48 56
cat6k-access> (enable) set qos map 1p2q2t tx 2 1 cos 3
cat6k-access> (enable) set qos map 2q2t tx 2 1 cos 3
cat6k-access> (enable) set port qos 5/1-48 trust trust-cos
cat6k-access> (enable) set port qos 5/1-48 cos-ext 0 4000 Access
cat6k-access> (enable) set port qos 5/1-48 vlan-based
cat6k-access> (enable) set qos acl ip ACL_IP-PHONES trust-
cos ip any any
cat6k-access> (enable) commit qos acl all
cat6k-access> (enable) set qos acl map ACL_IP-PHONES 110
cat6k-access> (enable) set port qos 1/1-2 trust trust-cos
PACUG AVVID
Distribution Layer
Classification and Scheduling
Required to/from Access Layer
Core Si Si
QoS Required
Distribution Si Si
Access
PACUG AVVID
QoS in Catalyst 4500—
Distribution (SUPIV)
• 4 queues (1P3Q2T or 4Q2T)
Need to configure PQ and insure that CoS 5 traffic serviced Si
via PQ
Configurable PQ for 3th queue
tx-queue 3
Priority high Si
4006
Si
Configurable queue depth (expert mode) w/SUPIII

• 802.1p, DSCP or ACL-based QoS (policy maps)
• Can set by port DSCP or CoS (marked/rewrite or
unmarked)
• Careful w/over-subscribed cards—32g max
PACUG AVVID
Catalyst 4500 (SUPIV) Example
Distribution Layer—Downlink
Core Si

qos map cos 5 to dscp 46 Distribution Si Si
qos
!
qos trust cos
no snmp trap link-status Access
tx-queue 3 4000
priority high
!
qos trust dscp
tx-queue 3
priority high
PACUG AVVID
QoS in 6500—Distribution
• Redundant sups, transmit and receive queues,
priority queues and multiple drop thresholds Si
• CoS, DSCP or ACL-based QoS (policy maps)

• Can set by port DSCP or CoS
Si Si
(marked/rewrite or unmarked)
• Port can trust DSCP, IP Prec or CoS
Recommended: trust-cos (access to RX PQ) 6500
10/100 cards require an additional step of configuring
ACL to trust traffic
• Output scheduling consists of:
Assigning traffic to queues based on CoS
Configuring threshold levels
Modifying buffer sizes (expert mode)
Assigning weights for WRR (expert mode)
PACUG AVVID
Catalyst 6500 Example—Hybrid
Distribution Layer—Catalyst 6000 Si
Hybrid
cat6k-distrib> (enable) set qos enable
6500
cat6k-distrib> (enable) set qos ipprec-dscp-map 0 10 18 26 34 46 48
56
cat6k-distrib> (enable) set qos cos-dscp-map 0 10 18 26 34 46 48 56
cat6k-distrib> (enable) set qos map 1p2q2t tx queue 2 1 cos 3
cat6k-distrib> (enable) set qos map 2q2t tx queue 2 1 cos 3
cat6k-distrib> (enable) set port qos 1/1-2 trust trust-cos
cat6k-distrib> (enable) set port qos 3/2 trust trust-dscp
cat6k-distrib> (enable) set port qos 9/1 trust trust-dscp
cat6k-distrib> (enable) set port qos 9/1 port-based
cat6k-distrib> (enable) set qos acl ip ACL_TRUST-WAN trust-dscp ip
any any
cat6k-distrib> (enable) commit qos acl ACL_TRUST-WAN
cat6k-distrib> (enable) set qos acl map ACL_TRUST-WAN 9/1
PACUG AVVID
Catalyst 6500 Example—Native
mls qos
Native-IOS
mls qos map ip-prec-dscp 0 10 18 26 34 46 48 56
mls qos map cos-dscp 0 10 18 26 34 46 48 56 6500
int range gigabitEthernet 1/1 - 2
wrr-queue cos-map 2 1 3
! Trust DSCP from the Layer-3 aware enabled Access

Switch
description trunk port to PFC enabled cat6k-access
no ip address
mls qos vlan-based
mls qos trust dscp
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
PACUG AVVID
Catalyst 6500 Example—Native (Cont.)
! Trust CoS from the Layer 2 only Catalyst 4000 Access Switch
description trunk port to layer 2-only cat4k
Native-IOS
no ip address 6500
mls qos vlan-based
mls qos trust cos
switchport
! Trust CoS from the Layer 2 only 3500 Access Switch
description trunk port to layer 2-only 3500
no ip address
mls qos vlan-based
mls qos trust cos
switchport
PACUG AVVID
Is QoS Needed in the Campus?
“Buffer management is as
important as bandwidth
management…”
Just Throw Bandwidth at It…NOT!
PACUG AVVID
Auto QoS—What Is It?
One Command per Interface to Enable and

Configure QoS; Modify Global and Interface
Settings to Make QoS for VoIP Work
WAN
• •
• •
• •
Voice Gateways
Callmanager Unity Voice
Applications
PACUG AVVID
Auto QoS What does it do?
Campus
• Enforce Trust boundary at the phone
• Enforce Trust boundary on access ports and Uplink/Downlink
• Setup Priority Queuing where required
• Modify Queue Admission criteria where required
• Modify CoS to DSCP and IP Prec to DSCP maps where required
WAN
• Builds QoS VoIP Modular Quality of Service Policy
• Provides LLQ for VoIP Bearer
• Provides Bandwidth CBWFQ for VoIP Control
• Sets up Traffic Shaping per QoS DG where required
• Sets up LFI (FRF.12 or MLP) where required
PACUG AVVID
Agenda
• QoS Impact
• Summary
PACUG AVVID
QoS in the WAN
General Guidelines
• The sum of all queues should be <75% of available bandwidth;
LLQ should not be more than 33% of link
• Use LLQ anytime VoIP over the WAN is involved
• Traffic shaping is a requirement for Frame Relay/ATM
environments
• Use LFI techniques for all links below 768Kbps
Don’t use LFI for any video conferencing over IP applications
• TX-ring sizes may require modifications
• Properly provision the WAN bandwidth
• Mission critical applications (Cytrix, DLSW+, etc.)
• Bandwidth hog applications = less than BE traffic
• Use cRTP carefully
PACUG AVVID
Low-Latency Queuing Logic Tree
Layer 3 Queuing Subsystem Layer 2 Queuing Subsystem

Low Latency Queuing Link Fragmentation
Police and Interleave
PQ Voice
PQ VC PQ
TX
Interleave Ring
VoIP-Cntrl
Packets Packets
MC-Data Out
In CBWFQ Fragment
Default
WFQ
LTBE
PACUG AVVID
Low-Latency Queuing Logic Tree
Layer 3 Queuing Subsystem Layer 2 Queuing Subsystem

Low Latency Queuing Link Fragmentation
Police and Interleave
PQ Voice
Prior to 12.2
PQthe Priority Queue Was Policing
PQAll
VCthe Time for Frame Relay on 7200 and
below; for ATM and Leased Lines It Was TX
Interleave
Policing Only during Periods of Congestion; Ring
VoIP-Cntrl
Packets after 12.2 the PQ ONLY Polices when There Packets
MC-Data
Is Congestion on the Link for All Platforms Out
In Fragment
CBWFQ
Default
WFQ
LTBE
PACUG AVVID
LLQ Example—WAN Router
VoIP—Queuing Leased Lines: 12.2(5.6)
class-map VoIP-Bearer
match ip dscp EF interface Multilink 1
class-map VoIP-Control service-policy output QoS-Policy
match ip dscp AF31
class-map Video
match ip dscp AF41 ATM: 12.2(3)
class-map mc-data
match ip dscp AF21 interface ATM1/0.1 point-to-point
match ip precedence 2 service-policy output QoS-Policy
!
policy-map QoS-Policy
class VoIP-Bearer VoIPovFR: 12.2(3)
priority percent 17
class Video map-class frame voipofr
priority percent 16 30000 frame cir 128000
class VoIP-Control frame mincir 1280
bandwidth percent 2 frame bc 1280
class mc-data frame frag 160
bandwidth percent 25
service-policy output QoS-Policy
class class-default
random-detect dscp-based
fair-queue
! *See Roles and Config Documents Located at ESE Web Site

PACUG AVVID
Calculating VoIP Bandwidth Requirements
Voice Payload Packets per Bandwidth per

CODEC Sampling Rate
in Bytes Second Conversion
G.711 20 msec 160 50 80 kbps
G.711 30 msec 240 33 74 kbps
G.729A 20 msec 20 50 24 kbps
G.729A 30 msec 30 33 19 kbps
A more accurate method for provisioning is to include

the Layer 2 Overhead into the bandwidth calculations:
ATM
801.Q Ethernet MLP Frame-Relay
CODEC + Variable L2 Bytes
+ 32 L2 Bytes + 13 L2 Bytes + 8 L2 Bytes (Cell Padding)
G.711 at 50 pps 93 kbps 86 kbps 84 kbps 106 kbps
G.711 at 33 pps 83 kbps 78 kbps 77 kbps 84 kbps
G.729A at 50 pps 37 kbps 30 kbps 28 kbps 43 kbps
G.729A at 33 pps 27 kbps 22 kbps 21 kbps 28 kbps
PACUG AVVID
Slow Link Efficiency Tools
Fragmentation and Interleave Not Needed on Links Greater than 768 kbps
Before
Real-Time MTU Elastic Traffic MTU

214 ms Serialization Delay
for 1500 Byte Frame at 56 kbps
After
Elastic MTU Elastic MTU Real-Time MTU Elastic MTU
Serialization Delay Matrix 10ms Delay Frags

64 128 256 512 1024 1500 Link or Frag
Bytes Bytes Bytes Bytes Bytes Bytes VC Speed Size
56 kbps 9 ms 18 ms 36 ms 72 ms 144 ms 214 ms 56 kbps 70 Bytes
640 768 kbps 1000 Bytes
768 kbps 1.2 ms 2.6 ms 5 ms 10 ms 15 ms
Used 1536 kbps 2000 Bytes
PACUG AVVID
TX-Ring Sizing
Misc. VoIP QoS Tools
• TX-Ring is an un-prioritized FIFO buffer which holds packets
just before media transmission
• Used to make sure enough packets are queued in order to
maximize available BW
• Will add to E-2-E delay numbers because serialization delay
really equals:
Serialization delay * number of packets in the TX-Ring buffer
Default TX-Ring Buffer Link Speed/ Recommended TX-

Media Ring Buffer
Sizing (Packets) CIR/PVC
Sizing (Packets)
PPP 6 128 kbps 3
MLPPP 2 192 kbps 3

8192—Must Be Changed 256 kbps 3
ATM
for Low Speed Vcs
512 kbps 3
Frame Relay 64 (Per Main T1 Interface )
768 kbps 3
PACUG AVVID
WAN QoS—Leased Lines
VoIP over Leased-Line Minimum IOS 12.2(5.6)
Leased-Line
Circuits
Queuing Low-Latency Queuing
LFI MLPPP—Link Speeds =< 768kb
cRTP Supported—See Roles Doc at ESE Web Site
PACUG AVVID
PPP QoS Example
interface Multilink1
ip address 10.1.61.1 255.255.255.0
no ip mroute-cache
load-interval 30
ppp multilink
ppp multilink fragment-delay 10
ppp multilink interleave
multilink-group 1
!
interface Serial0
bandwidth 256
no ip address
encapsulation ppp
no ip mroute-cache
load-interval 30
no fair-queue
ppp multilink
multilink-group 1
PACUG AVVID
WAN QoS—Frame Relay
VoIP over Frame Relay Minimum IOS 12.2(5.6)
Frame-Relay
Network
Queuing Low-Latency Queuing per VC
Traffic Shaping Frame Relay Traffic Shaping

Shape to CIR - flags and CRC overhead
Bc = CIR/100
Be = 0
MINCIR >= Sum of all configured queues
LFI FRF.12
Link Speeds < 768kbps
Fragment Size = Max_Allowed_Jitter/(1 Byte/Line Speed in kbps)
cRTP Supported—See Roles Document at ESE Web Site
PACUG AVVID
Traffic Shaping—Why?
Misc. VoIP QoS Tools Result:
Buffering which Will Cause Delay
and Eventually Dropped Packets
128 kbps
256 kbps
512 kbps T1
Remote Sites
768 kbps Frame Relay, ATM
T1 Central
Site
1. Central to remote site speed mismatch

2. To avoid remote to central site over-subscription
3. To prohibit bursting above committed rate
What are you guaranteed above your committed rate?
PACUG AVVID
Traffic Shaping—Why?
Misc. VoIP QoS Tools Result:
Buffering which Will Cause Delay
and Eventually Dropped Packets
128 kbps
What about Adaptive Shaping? ESE Did
Some Testing;
256 kbpsNet-Net the Buffers in the
Frame 512
Switch
kbps
Must Be Tuned Extremely
T1
Remote Sites Small to Achieve Timely Notification of
Frame 768
Network
kbps Congestion;
Frame Relay,EDCS-124026
ATM
T1 Central
Site
1. Central to remote site speed mismatch

2. To avoid remote to central site over-subscription
3. To prohibit bursting above committed rate
What are you guaranteed above your committed rate?
PACUG AVVID
Frame Relay Traffic Shaping (FRTS)
Operation
Bc 7000 Bits
Interval = 125ms Interval =
CIR 56000 bps
0
Bits 7k 14k 21k 28k 35k 42k 49k 56k
Important:
Line Rate Flags and
T1 CRC Are Not
Included in
Shaper
Calculations
4.5ms
0ms 125 250 375 500 625 750 875 1000
Time—1 Second
When 7000bits (Bc) Transmitted Credits Are Exhausted No More Packets Are
Sent in that Interval; This Can Happen at the 4.5ms Point of the Interval; This
Could Add 104.5 Milliseconds Delay in between Packets
PACUG AVVID
Frame Relay QoS Example
interface Serial1
no ip address
encapsulation frame-relay
load-interval 30
frame-relay traffic-shaping
!
interface Serial1.71 point-to-point
bandwidth 256
ip address 10.1.71.1 255.255.255.0
frame-relay interface-dlci 71
class VoIP
!
map-class frame-relay VoIP
frame-relay cir 250880
frame-relay bc 2509
frame-relay be 0
frame-relay mincir 250000
no frame-relay adaptive-shaping
frame-relay fragment 320
PACUG AVVID
interface Serial1
no ip address Frame Format
Flag Header
load-interval 30 CRC Flag
1 Byte 2 Bytes
Data Variable 2 Bytes 1 Byte
frame-relay traffic-shaping
!
bandwidth 256
ip address 10.1.71.1 255.255.255.0
class VoIP
!
map-class frame-relay VoIP Allow for Flags
frame-relay cir 250880 and CRC
frame-relay bc 2509
frame-relay be 0 95% of of CIR
Shape to CIR * Frame_Sz/[Frame_Sz
frame-relay mincir 250000
+ (Flags+CRC)]
service-policy output QoS-Policy 256000*320 / (320+4) = 252840
PACUG AVVID
interface Serial1
Traffic Shaping Do the Math…
no ip address Frame Format
Flag
load-interval Header
30 CRC Flag
1 Byte 2 Bytes
Data Variable 2 Bytes 1 Byte
Link
frame-relay CIR by
traffic-shaping
! Speed the Formula 99% 98% 97% 96% 95% 94%
56 kbps
bandwidth 25652968 55440 54880 54320 53760 52640 52080
ip address
64 kbps 10.1.71.1
60952 255.255.255.0
63360 62720 62080 61440 60160 59520
128 kbps
class VoIP 124872 126720 125440 124160 122880 120320 119040
! 256 kbps 252832 Allow
253440 250880 248320 245760
map-class frame-relay VoIP for238080
240640 Flags
frame-relay
512 kbps cir
508816 506880 501760 496640 491520 and
250880 481280CRC 476160
frame-relay bc 2509
768 kbps 764936
frame-relay be 0
760320 752640 744960 73728095% of of
721920 CIR
714240
Shape to CIR * Frame_Sz/[Frame_Sz
frame-relay mincir 250000 + (Flags+CRC)]
256000*320 / (320+4) = 252840
Formula = (Bandwidth
service-policy X Fragment
output Size) ÷ (Fragment Size + 4 Bytes)
QoS-Policy
PACUG AVVID
WAN QoS—ATM to Frame Relay
VoIP over Hybrid Networks 12.2(3)
ATM
Frame Relay Network
Network
FRF.8
Generic Traffic Shaping Frame-Relay Traffic Shaping

Traffic Shaping
Shape to Low VC Shape to CIR—Flags and CRC Overhead
Set MLPPP fragment Bc = CIR/100
To fit in ATM Cells Be = 0
MINCIR >= Sum of All Configured Queues
LFI MLPPP over ATM and Frame-Relay in 12.2(3)
cRTP See Roles Doc on ESE Web Site
PACUG AVVID
ATM to Frame Relay
Interworking QoS Example
Remote Frame-Relay Configuration Central ATM Configuration
interface Serial6/0 interface ATM2/0
description T1 to Frame Relay switch no ip address
no ip address no ip mroute-cache
encapsulation frame-relay no shutdown
load-interval 30 atm pvc 1 0 16 ilmi
no arp frame-relay no atm ilmi-keepalive
frame-relay traffic-shaping !
! interface ATM2/0.37 point-to-point
interface Serial6/0.73 point-to-point pvc cisco37 0/37
description 3640 tx-ring-limit 3
no arp frame-relay abr 256 256
frame-relay interface-dlci 73 ppp protocol ppp Virtual-Template2
Virtual-Template2 !
class VoIP-256kbs !
! interface Virtual-Template2
interface Virtual-Template2 bandwidth 254
bandwidth 254 ip address 10.1.37.52 255.255.255.0
ip address 10.1.37.51 255.255.255.0 service-policy output QoS-Policy
service-policy output QoS-Policy ppp authentication chap
ppp authentication chap ppp chap hostname HQ_7200
ppp chap hostname R72HQ ppp chap password 7 05080F1C2243
ppp chap password 7 05080F1C2243 ppp multilink
ppp multilink ppp multilink fragment-delay 10
ppp multilink fragment-delay 10 ppp multilink interleave
PACUG AVVID
WAN QoS—ATM
VoIP over ATM Minimum 12.2(3)
ATM
Network

Traffic Generic Traffic Shaping
Shaping Shape to MCR/SCR, Based on Service Class
LFI MLPPP over ATM in 12.2(3)

cRTP 12.2(4)XV2—See Roles Doc ESE Web Site
PACUG AVVID
PPPoATM MLPPP ATM
Cell Optimization
PVC Frag Size PPP Multi-Link
Bandwidth Real Delay
Speed (Cells) Fragment-Delay
56 kbps 2 12 msec 57 kbps 13.7 msec
• Modify delay and bandwidth to arrive at fragment that is

multiple of 48 bytes and still gives 10ms of serialization delay
PACUG AVVID
ATM QoS Example
interface ATM2/0
no ip address
no ip mroute-cache
atm pvc 1 0 16 ilmi
no atm ilmi-keepalive
!
interface ATM2/0.37 point-to-point
pvc cisco37 0/37
tx-ring-limit 3
vbr-nrt 128 128
protocol ppp Virtual-Template2
!
interface Virtual-Template2
bandwidth 132
ip address 10.1.37.52 255.255.255.0
ppp authentication chap
ppp chap hostname HQ_7200
ppp chap password 7 05080F1C2243
ppp multilink
ppp multilink fragment-delay 11
PACUG AVVID
QoS in the Branch Office
• If any VoIP over the WAN is part of the design, advanced

QoS tools are a requirement; specifically, LLQ and LFI
• Branch router will typically be 1700, 2600, 3600, 3700.
• L3 to L2 classification for L2 QoS
All of these support VoIP gateway interfaces: Classify VoIP traffic
• Catalyst scheduling capabilities depends on hardware:
Catalyst 2950, 3550, or 3524-XL
Catalyst 4000
Catalyst 6500
• NBAR to classify LTBE traffic
• Mission critical applications
PACUG AVVID
Branch Office Design
802.1Q Trunking
Native
VLAN=70
Aux VLAN=170
interface FastEthernet1/0 cat4k> (enable) set vlan 70 name data70
description Catalyst 4000 Branch Office Switch cat4k> (enable) set vlan 170 name voice170
no ip address cat4k> (enable) set vlan 70 2/1-48
ip route cache policy cat4k> (enable) set port host 2/1-48
no ip mroute-cache
cat4k> (enable) set port auxiliaryvlan 2/1-48
load-interval 30
speed 100 170
full-duplex cat4k> (enable) set port speed 2/1-49 auto
! cat4k> (enable) set trunk 2/49 on dot1q 1-1005
interface FastEthernet1/0.70
description native subnet 10.1.70.0 data
encapsulation dot1Q 70
ip address 10.1.70.1 255.255.255.0
service-policy output output-L3-to-L2
no ip mroute-cache
!
interface FastEthernet1/0.170
description native subnet 10.1.170.0 voice
encapsulation dot1Q 170
ip address 10.1.170.1 255.255.255.0
PACUG AVVID
Layer 3 to Layer 2
Classification Mapping at the Branch
Requires the mod-cli Commands Available in IOS 12.1(5)T*
class-map L3-to-L2-VoIP-RTP
WAN match ip dscp EF
class-map L3-to-L2-Video-Conf
match ip dscp AF41
class-map L3-to-L2-VoIP-Control
match ip dscp AF31
!
policy-map output-L3-to-L2
class L3-to-L2-VoIP-RTP
set cos 5
class L3-to-L2-Video-Conf
set cos 4
class L3-to-L2-VoIP-Control
set cos 3
!
interface e0/0
PACUG AVVID
NBAR to Identify Applications
Leased Line,
Frame Relay,
ATM Network
• Peer to peer applications like Napster, KaZaa,

Morpheus, Grokster
• Citrix and other applications that are not easy to
profile/recognize—dynamic/changing ports
• PDLM definitions available at:
http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm
PACUG AVVID
NBAR to Classify P2P Apps and Assign
Less than Best Effort Treatment
• Download the latest PDLMs and copy to flash:
http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm
• Activate PDLM into RAM: ip nbar pdlm flash:gnutella.pdlm
• Use MQC “match protocol” statements to classify the traffic
class-map match-any P2P
match protocol gnutella
match protocol fasttrack (identifies KaZaa, Morphius and Groekster)
match protocol napster (napster.pdlm already embedded into IOS 12.2)
• WRED DSCP-based to cause drops from this traffic first
policy-map QoS-Policy
policy-map P2P
class class-default
class P2P
fair-queue
set dscp 2 random-detect dscp-based
• Alternative is to place in separate bandwidth based queue with very
small bandwidth guarantee
policy-map P2P policy-map P2P-CBWFQ-MIN
class P2P class P2P
set dscp 2 bandwidth percent 1
PACUG AVVID
Config Example – NBAR for <BE traffic
ip nbar pdlm flash:gnutella.pdlm class-map match-all <BE
ip nbar pdlm flash:fasttrack.pdlm match ip dscp 2
! !
! policy-map <BE
ip cef class <BE
! bandwidth percent 2
class-map match-all peer-2-peer class class-default
match protocol napster fair-queue
match protocol napster non-std random-detect dscp-based
match protocol gnutella !
match protocol fasttrack interface Serial0/0
! ip address 10.100.1.1 255.255.255.252
! service-policy output <BE
policy-map peer-2-peer
class peer-2-peer
set ip dscp 2
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
speed 100
full-duplex
service-policy input peer-2-peer
PACUG AVVID
WAN QoS Summary
• Classification
• Scheduling
• Provisioning
• Lot’s of tools—LLQ/CBWFQ, FRF.12, MLPPP,
WRED, etc.
• More than just VoIP and video
Mission-critical applications = bandwidth classes
Bandwidth hogs = <BE treatment
PACUG AVVID
Agenda
• QoS Impact
• Summary
PACUG AVVID
The Solution Test Bed—
What We Tested
Leased Lines
Frame Relay 125 Remote Sites
ATM to Frame
Internetworking
PACUG AVVID
Traffic Profile—QoS without cRTP
Traffic Profile
TN3270 Email
FTP (TOS2) 1%
15% 10% DNS
4%
Standard
HTTP
10%
Mission-Critical
HTTP (TOS2)
10%
RTP
Call 45%
Setup
(TOS3)
5%
PACUG AVVID
Details on the ESE Page
• Get the details at:

http://wwwin.cisco.com/ent/ese/cani/ins/qos.shtml
• Performance documents
(WAN Agg and branch routers)
• Roles document
• Config quick reference
PACUG AVVID
Adding QoS Features—Loss
• Impact of QoS on RTP (voice) streams (ToS 5)
• Lost data (RTP streams) from campus to branch drops from a
range of 0.4—36% to 0% loss (all platforms)
% Loss % Loss
Platform PVC Speed
(Before) (After)
128 kbps 0.40 0.00
7500
256 kbps 2.20 00.0
768 kbps 13.00 00.0
1536 kbps 17.50 00.0
128 kbps 1.40 00.0
7200
256 kbps 2.30 0.00
768 kbps 34.50 0.00
1536 kbps 36.58 0.00
128 kbps 1.38 0.00
3660
256 kbps 2.26 0.00
768 kbps 11.79 0.00
1536kbps 12.35 0.00
PACUG AVVID
Adding QoS Features—Delay
• RTP latency from campus to branch also improves
Latency msec Latency msec
Platform PVC Speed
(Before) (After)
128 kbps 1861.00 22.60
7500
256 kbps 1050.00 21.80
768 kbps 621.00 22.80
1536 kbps 462.00 17.50
128 kbps 1851.53 24.21
7200
256 kbps 1048.24 23.82
768 kbps 347.25 22.04
1536 kbps 182.54 23.63
128 kbps 1862.42 24.28
3660
256 kbps 1047.74 22.44
768 kbps 482.86 22.15
1536kbps 258.74 22.08
Target for Latency Is < 50 msec

PACUG AVVID
Adding QoS Features—
Delay Variation
• Jitter (RTP streams) from campus to branch also shows a
noticeable improvement
Jitter msec Jitter msec
Platform PVC Speed
(Before) (After)
128 kbps 22.40 2.45
7500
256 kbps 19.30 2.70
768 kbps 14.40 3.93
1536 kbps 10.00 3.70
128 kbps 21.90 2.55
7200
256 kbps 19.50 2.67
768 kbps 17.10 3.71
1536 kbps 11.70 3.30
3660 128 kbps 22.29 2.47

256 kbps 19.30 2.79
768 kbps 12.12 3.72
1536kbps 7.51 3.44
Target for Jitter Is < 5 msec

PACUG AVVID
CPU Impact of Basic Voice
QoS Features on 7500/VIP4-80
• LLQ/LFI is part of the reason for the additional CPU load,
in that PPS actually goes up, as the smaller (RTP) packets
are prioritized:
Qos Impact to PPS on 7500/VIP-4-80
7500 Baseline
45000 7500 QoS Enabled 40992 41765
40000
35106 34057
35000 32706
30000
24592
25000
pps
19768
20000
15000 11849
10000
5000
0
128K 256K 768K 1536K
PVC Bandwidth
PACUG AVVID
Branch Router QoS Performance Tests
• 1751—Frame Relay and leased line—12.2(7.5)T
• 2651—Frame Relay, leased line and ATM—12.2(7.6)
• 3640—Frame Relay, leased line and ATM—12.2(7.6)
• 3725—Frame Relay, leased line and ATM (DS3)—12.2(7.6)T1
Number of
Line Speed Calls
128k 2
256k 4
768k 12
2.048M 28
4.5 M 80
• Pass/fail determined by RTP loss, delay and jitter (drawn from

Chariot), and by router proc cpu
PACUG AVVID
3725 CPU Utilization QoS + cRTP
3725 CPU by WAN Media Type
(QoS and cRTP Enabled
100
Frame Relay
90
x CPU (One Minute Avg.)
ATM
80
Leased Line
70
60
50
40 31.3
30 24.723.6
20 11.2 12.4
9.1 7.8 9
10 2 2 1.9 2.8 3.7 3
7
0
128K 256K 768K 2.048M 4.5M
Link Speed
PACUG AVVID
3640 CPU Utilization QoS + cRTP
Frame Relay QoS Impact on CPU 3640
100 Baseline
90 QoS Enabled
80 QoS + cRTP
CPU Utilization
70
60
50
40
30
20
10
0
128K 256K 768K 2048K 4645k
PVC Bandwidth
PACUG AVVID
Branch Device Summary
• 1751—Nice low-bandwidth branch router

• 2651—Nice low-bandwidth branch router
• 3640—Problems with higher-bandwidths
• 3725—CPU to spare for what we tested;
• Results on the ESE QoS page:
http://wwwin.cisco.com/ent/ese/cani/ins/qos.shtml
QOS Performance Guide for WAN Branch Platforms
PACUG AVVID
Agenda
• QoS Impact
• Summary
PACUG AVVID
Crypto VPN Applications
Enterprise Branch VPN
VPN
Telecommuter VPN
VPN Client
VPN
PACUG AVVID
VoIP + Crypto: Where Are We?
• Some customers are already doing this

• V3PN launch underway
• Site to site, QoS enabled, and SOHO DG’s from
your SE
• Project in the works—Queuing mechanism for
the crypto engine (LLQ before crypto)
• Beginning to work w/ SPs on how to provide this
service; CPN certification underway with AVVID
friendly SLA’s:
http://www.cisco.com/pcgi-bin/cpn/cpn_pub_bassrch.pl
PACUG AVVID
Provisioning: VoIP Bandwidth
Calculations with IPSec
VoIP Packet
Voice RTP UDP IPSec and Link
IP Header
Payload Header Header GRE Headers Header
X Bytes 12 Bytes 8 Bytes 20 Bytes 76/80 Bytes X Bytes
(Variable)
VoIP with IPSec MLPPP over ATM

IP UDP RTP ATM Cells
CODEC PPP 53b Cells 48b
and IPSec
Payload
G.711 at 50 pps 112 kbps 114.40 kbps 127.20 kbps
G.729A at 50 pps 54.4 kbps 56.8 kbps 63.6 kbps
PACUG AVVID
Traffic Shaping
10/100m Ethernet Shaped 128k Uplink
DSL
Backbone
806/1710 To Head End
3d-Party
DSL Modem
• Traffic shaping to uplink speed

• Avoid uplink congestion
• Ensure that QoS honored
PACUG AVVID
Classification and Scheduling,
LFI, and Traffic Shaping
Single-Box
827
Two-Box
DSL
Backbone
To Head End DSL
PIX 501
Variation:
Third-Party
VPN 3002 Can Be Used in Place of
Modem 806/1710 3d-Party PIX 501 if Firewall Not Required
DSL Modem
Single-Box
9x5
Two-Box
Cable
Backbone To Head End
Cable
PIX 501
Variations:
Third-Party VPN 3002 Can Be Used in Place of
Modem 806/1710 3d-Party PIX 501 if Firewall Not Required
Cable Modem
ISDN,
Others To Head End
Wireless
PIX 501 80x Etc. Others
PACUG AVVID
DSL Options
Single-Box
827
DSL
Two-Box To Head End
Backbone
PIX 501
Third-Party Modem
806/1710 3d-Party
DSL Modem
• Classification and scheduling LLQ/CBWFQ

• Link fragmentation and Interleave (MLPPP)
• PPPoATM vs PPPoEthernet
• PPPoATM fragment size to ATM Cell
considerations
PACUG AVVID
Config Example—PPPoATM (827)
class-map match-all voice interface Dialer0
match ip dscp EF bandwidth 132
class-map match-all signaling ip address negotiated
match ip dscp AF31
ip nat outside
!
encapsulation ppp
policy-map telework
no ip mroute-cache
class voice
load-interval 30
priority 64
dialer pool 1
class signaling
dialer-group 1
bandwidth 8
service-policy output telework
class class-default
no cdp enable
fair-queue
ppp authentication chap callin
!
ppp chap hostname 827a
interface ATM0
ppp chap password 7 104D000A0618
no ip address
ppp multilink
pvc 1/100
vbr-rt 128 128 ppp multilink fragment-delay 11
tx-ring-limit 3 ppp multilink interleave
encapsulation aal5mux ppp dialer

dialer pool-member 1
PACUG AVVID
Agenda

• QoS Impact
• Summary
PACUG AVVID
What Questions Do You Have?
PACUG AVVID
Summary
• Classification (trust boundary), scheduling,

provisioning
• Mission-critical data, voice, video
• QoS in the LAN—not just bandwidth—transmit
buffer management/congestion avoidance
• Lots of tools—LLQ/CBWFQ, PQ, WRR, WRED,
LFI—FRF.12, MLPPP, traffic shaping
• QoS is an end-to-end proposition; look Quality of
Service Policy Manager (QPM) in World of
Solutions and keep an eye out for Auto QoS…
PACUG AVVID

Deploying QoS For Enterprise Network Infrastructures

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Deploying QoS For Enterprise Network Infrastructures

Transféré par

Droits d'auteur :

Formats disponibles

Deploying QoS for Enterprise

• To be able to design and implement a converged

Highly Available, QoS-Enabled Infrastructure Layer

QoS—Campus Access QoS—Campus Dist. QoS—WAN QoS—Branch

• Consistent, easily managed packet rate (default 50pps)

“P” and “B” Frames

• “I” frame is a full sample of the video

1025–1500 Bytes 65–128 Bytes

• Profile applications to their basic network

Three Bits Used for CoS

IP Precedence Flow Control

Assured Low Drop Med Drop High Drop

Class Selector (CS) 3 AF31 AF32 AF33 011010 011100 011110

Class Selector (CS) 2 AF21 AF22 AF23 010010 010100 010110

Class Selector (CS) 1 AF11 AF12 AF13 001010 001100 001110

• A robust, modern switching design is a requirement

• Multiple queues are required on all interfaces to prevent

• The WAN branch router must support advanced

• Crypto is a FIFO queue, so:

• A device can be trusted if it correctly classifies packets

• Watch physical speed/duplex settings/negotiation

• Default is IP Precedence 5 with no configuration; can cause PQ

“Just throw more

Transmit Buffer Management Is Just as

10/100m Queued 128k Uplink

• 100 meg in 128 kb/s out—packets serialize in

1 Gig Link Queued 100 Meg Link

Distribution Switch Access Switch

• 1 gig in 100 meg out—packets serialize in faster

• Cat 6k CatOS - show qos Queue Mgr

4006-SUPIII-Access#sh int g3/2 count all Queue 1 Queue 2

Port Tx-Bytes-Queue-1 Tx-Bytes-Queue-2 Tx-Bytes-Queue-3 Tx-Bytes-Queue-4

Port Tx-Drops-Queue-1 Tx-Drops-Queue-2 Tx-Drops-Queue-3 Tx-Drops-Queue-4

Port Rx-No-Pkt-Buff RxPauseFrames TxPauseFrames PauseFramesDrop

1Q4T RX (10/100 classic) 1P2Q1T TX (gig fabric)

1P2Q2T TX (gig classic) 1P1Q8T RX (gig fabric)

PACUG AVVID 1P1Q4T RX (gig classic)

• 4 transmit queues (1P3Q2T or 4Q2T)

• Need to configure PQ and insure that CoS 5 traffic

traffic serviced via PQ

qos map cos 3 to dscp 26

match access-group name VoIP-Bearer

• Trust DSCP or CoS

• Mapping from CoS to DSCP/DSCP to CoS

cat6k-access> (enable) set qos enable

Configurable queue depth (expert mode) w/SUPIII

qos map cos 1 to dscp 10

• CoS, DSCP or ACL-based QoS (policy maps)

! Trust DSCP from the Layer-3 aware enabled Access

One Command per Interface to Enable and

Layer 3 Queuing Subsystem Layer 2 Queuing Subsystem

Layer 3 Queuing Subsystem Layer 2 Queuing Subsystem

! *See Roles and Config Documents Located at ESE Web Site

Voice Payload Packets per Bandwidth per

A more accurate method for provisioning is to include

Real-Time MTU Elastic Traffic MTU

Elastic MTU Elastic MTU Real-Time MTU Elastic MTU

Serialization Delay Matrix 10ms Delay Frags

Default TX-Ring Buffer Link Speed/ Recommended TX-

PPP 6 128 kbps 3

MLPPP 2 192 kbps 3

Queuing Low-Latency Queuing

LFI MLPPP—Link Speeds =< 768kb