Optimizing Converged Cisco Networks (ONT) · Mission-critical applications: Oracle, SAP, SNA...
Transcript of Optimizing Converged Cisco Networks (ONT) · Mission-critical applications: Oracle, SAP, SNA...
© 2006 Cisco Systems, Inc. All rights reserved.
Optimizing Converged Cisco Networks (ONT)
Module 4: Implement the DiffServ QoS Model (Intro)
© 2006 Cisco Systems, Inc. All rights reserved.
Introducing Classification and Marking
© 2006 Cisco Systems, Inc. All rights reserved.
Objectives
Describe the classification and marking for QoS.
Explain the relationship between IP Precedence and DSCP.
Describe the standard Per Hop Behavior (PHB) groups and their characteristics.
Explain how a service class is used to implement QoS policies.
Describe a trust boundary and the guidelines used to establish this boundary.
© 2006 Cisco Systems, Inc. All rights reserved.
Classification
Classification is the process of identifying and categorizing traffic into classes, typically based upon:
Incoming interface
IP precedence
DSCP
Source or destination address
Application
Without classification, all packets are treated the same.
Classification should take place as close to the source as possible.
© 2006 Cisco Systems, Inc. All rights reserved.
Marking
Marking is the QoS feature component that ―colors‖ a packet (frame) so it can be identified and distinguished from other packets (frames) in QoS treatment.
Commonly used markers:
Link layer:
CoS (ISL, 802.1p)
MPLS EXP bits
Frame Relay
Network layer:
DSCP
IP precedence
© 2006 Cisco Systems, Inc. All rights reserved.
Classification and Marking in the LAN with IEEE 802.1Q
IEEE 802.1p user priority field is also called CoS.
IEEE 802.1p supports up to eight CoSs.
IEEE 802.1p focuses on support for QoS over LANs and 802.1Q ports.
IEEE 802.1p is preserved through the LAN, not end to end.
© 2006 Cisco Systems, Inc. All rights reserved.
Classification and Marking in the Enterprise
© 2006 Cisco Systems, Inc. All rights reserved.
DiffServ Model
Describes services associated with traffic classes, rather than traffic flows.
Complex traffic classification and conditioning is performed at the network edge.
No per-flow state in the core.
The goal of the DiffServ model is scalability.
Interoperability with non-DiffServ-compliant nodes.
Incremental deployment.
© 2006 Cisco Systems, Inc. All rights reserved.
Classification ToolsIP Precedence and DiffServ Code Points
IPv4: three most significant bits of ToS byte are called IP Precedence (IPP)—other bits unused
DiffServ: six most significant bits of ToS byte are called DiffServ Code Point (DSCP)—remaining two bits used for flow control
DSCP is backward-compatible with IP precedence
7 6 5 4 3 2 1 0
ID Offset TTL Proto FCS IP SA IP DA DataLenVersion Length
ToSByte
DiffServ Code Point (DSCP) IP ECN
IPv4 Packet
IP Precedence UnusedStandard IPv4
DiffServ Extensions
© 2006 Cisco Systems, Inc. All rights reserved.
IP ToS Byte and DS Field Inside the IP Header
7 6 5 4 3 2 1 0
7 6 5 4 3 2 1 0
© 2006 Cisco Systems, Inc. All rights reserved.
IP Precedence and DSCP Compatibility
Compatibility with current IP precedence usage (RFC 1812)
Differentiates probability of timely forwarding:
(xyz000) >= (abc000) if xyz > abc
That is, if a packet has DSCP value of 011000, it has a greater probability of timely forwarding than a packet with DSCP value of 001000.
© 2006 Cisco Systems, Inc. All rights reserved.
Per-Hop Behaviors
DSCP selects PHB throughout the network:
Default PHB (FIFO, tail drop)
Class-selector PHB (IP precedence)
EF Expedite Forwarding PHB
AF Assured Forwarding PHB
© 2006 Cisco Systems, Inc. All rights reserved.
Standard PHB Groups
© 2006 Cisco Systems, Inc. All rights reserved.
Expedited Forwarding (EF) PHB
EF PHB:
• Ensures a minimum departure rate (lowest delay)
• Guarantees bandwidth—class guaranteed an amount of bandwidth with prioritized forwarding
• Polices bandwidth—class not allowed to exceed the guaranteed amount (excess traffic is dropped)
DSCP value of 101110: Looks like IP precedence 5 to non-DiffServ-compliant devices:
Bits 5 to 7: 101 = 5 (same 3 bits are used for IP precedence)
Bits 3 and 4: 11 = No drop probability (contradiction to AF PHB)
Bit 2: Just 0
© 2006 Cisco Systems, Inc. All rights reserved.
Assured Forwarding (AF) PHB
AF PHB:
Guarantees bandwidth
Allows access to extra bandwidth, if available
Four standard classes: AF1, AF2, AF3, and AF4
DSCP value range of aaadd0:
aaa is a binary value of the class
dd is drop probability
© 2006 Cisco Systems, Inc. All rights reserved.
AF PHB Values
Each AF class uses three DSCP values.
Each AF class is independently forwarded with its guaranteed bandwidth.
Congestion avoidance is used within each class to prevent congestion within the class.
Probability of drop, a relationship where AFx1 <= AFx2 <= AFx3.
© 2006 Cisco Systems, Inc. All rights reserved.
Mapping CoS to Network Layer QoS
En
d-t
o-e
nd
Qo
S
© 2006 Cisco Systems, Inc. All rights reserved.
QoS Service Class
A QoS service class is a logical grouping of packets that are to receive a similar level of applied quality.
A QoS service class can be:
A single user (such as MAC address or IP address)
A department, customer (such as subnet or interface)
An application (such as port numbers or URL)
A network destination (such as tunnel interface or VPN)
© 2006 Cisco Systems, Inc. All rights reserved.
Implementing QoS Policy Using a QoS Service Class
© 2006 Cisco Systems, Inc. All rights reserved.
QoS Service Class Guidelines
Profile applications to their basic network requirements.
Do not over engineer provisioning; use no more than four to five traffic classes for data traffic:
Voice applications: VoIP
Mission-critical applications: Oracle, SAP, SNA
Interactive applications: Telnet, TN3270
Bulk applications: FTP, TFTP
Best-effort applications: E-mail, web
Scavenger applications: Nonorganizational streaming and video applications (Kazaa, Yahoo, Youtube)
Do not assign more than three applications to mission-critical or transactional classes.
Use proactive policies before reactive (policing) policies.
Seek executive endorsement of relative ranking of application priority prior to rolling out QoS policies for data.
© 2006 Cisco Systems, Inc. All rights reserved.
Classification and Marking DesignQoS Baseline Marking Recommendations
ApplicationL3 Classification
DSCPPHBIPP CoS
Transactional Data 18AF212 2
Call Signaling 24CS3*3 3
Streaming Video 32CS44 4
Video Conferencing 34AF414 4
Voice 46EF5 5
Network Management 16CS22 2
L2
Bulk Data 10AF111 1
Scavenger 8CS11 1
Routing 48CS66 6
Mission-Critical Data 26AF31*3 3
Best Effort 000 0
* Cisco IP phones use AF31 currently for call-signaling => MCD = DSCP 25
© 2006 Cisco Systems, Inc. All rights reserved.
How Many Classes of Service Do I Need?
4/5 Class Model
Scavenger
Critical Data
Call Signaling
Realtime
8 Class Model
Critical Data
Video
Call Signaling
Best Effort
Voice
Bulk Data
Network Control
Scavenger
11 Class Model
Network Management
Call Signaling
Streaming Video
Transactional Data
Interactive-Video
Voice
Best Effort
IP Routing
Mission-Critical Data
Scavenger
Bulk Data
Time
Best Effort
© 2006 Cisco Systems, Inc. All rights reserved.
Trust Boundaries: Classify Where?
For scalability, classification should be enabled as close to the edge as possible, depending on the capabilities of the device at:
Endpoint or end system
Access layer
Distribution layer
If a endpoint is trusted then enable mls qos trust dscp in the sw.
© 2006 Cisco Systems, Inc. All rights reserved.
Trust Boundaries: Mark Where?
For scalability, marking should be done as close to the source as possible.
© 2006 Cisco Systems, Inc. All rights reserved.
Self Check
1. Which PHB would be used for voice traffic?
2. How many bits are used for IP Precedence? For DSCP?
3. Which PHB can allow access to extra bandwidth if it is available?
4. How is CDP used to establish trust boundaries?
© 2006 Cisco Systems, Inc. All rights reserved.
Summary
Classification, marking, and queuing are critical functions of any successful QoS implementation.
Classification allows network devices to identify traffic as belonging to a specific class with the specific QoS requirements determined by an administrative QoS policy.
The DiffServ model uses classes to describe services offered to network traffic, rather than traffic flows.
DiffServ uses DSCP to establish Per Hop Behaviors (PHBs) to classify and service traffic.
© 2006 Cisco Systems, Inc. All rights reserved.
Resources
DiffServ -- The Scalable End-to-End QoS Model
http://www.cisco.com/en/US/partner/products/ps6610/products_white_paper09186a00800a3e2f.shtml
Quality of Service - The Differentiated Services Model
http://www.cisco.com/en/US/partner/products/ps6610/products_data_sheet0900aecd8031b36d.html
Differentiated_services
http://en.wikipedia.org/wiki/Differentiated_services
© 2006 Cisco Systems, Inc. All rights reserved.
Using NBAR for Classification
© 2006 Cisco Systems, Inc. All rights reserved.
Network-Based Application Recognition
Used in conjunction with QoS class-based features, NBAR is an intelligent classification engine that:
Classifies modern client-server and web-based applications
Discovers what traffic is running on the network
Analyzes application traffic patterns in real time
NBAR functions:Performs identification of applications and protocols (Layer 4–7)
Performs protocol discovery
Provides traffic statistics
New applications are easily supported by loading a Packet Description Language Module (PDLM).
My application
is too slow!
Sample Link Utilization
Citrix 25%Netshow 15%Fasttrack 10%FTP 30%HTTP 20%
© 2006 Cisco Systems, Inc. All rights reserved.
NBAR Functions & Features
NBAR performs the following two functions:
Identification of applications and protocols (Layer 4 to Layer 7)
Protocol discovery (statistics)
Some examples of class-based QoS features that can be used on traffic after the traffic is classified by NBAR include:
Class-Based Marking (the set command)
Class-Based Weighted Fair Queueing (the bandwidth and queue-limit commands)
Low Latency Queueing (the priority command)
Traffic Policing (the police command)
Traffic Shaping (the shape command)
© 2006 Cisco Systems, Inc. All rights reserved.
NBAR Application Support
NBAR can classify applications that use:
Statically assigned TCP and UDP port numbers
Non-UDP and non-TCP IP protocols
Dynamically assigned TCP and UDP port numbers negotiated during connection establishment (requires stateful inspection)
Subport and deep packet inspection classification
Restrictions: You must enable Cisco Express Forwarding (CEF) before you configure NBAR.
© 2006 Cisco Systems, Inc. All rights reserved.
Packet Description Language Module
PDLMs allow NBAR to recognize new protocols matching text patterns in data packets without requiring a new Cisco IOS software image or a router reload.
An external PDLM can be loaded at run time to extend the NBAR list of recognized protocols.
PDLMs can also be used to enhance an existing protocol recognition capability.
PDLMs must be produced by Cisco engineers.
CCO registered users can find the PDLMs at: http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm.
© 2006 Cisco Systems, Inc. All rights reserved.
NBAR Command Syntax
Used to enhance the list of protocols recognized by NBAR through a PDLM.
The filename is in the URL format (for example, flash://citrix.pdlm).
ip nbar pdlm pdlm-name
router(config)#
ip nbar port-map protocol-name [tcp | udp] port-
number
router(config)#
Configures NBAR to search for a protocol or protocol name using a port number other than the well-known port.
Up to 16 additional port numbers can be specified.
Example: ip nbar port-map http tcp 80 8080
© 2006 Cisco Systems, Inc. All rights reserved.
NBAR Show Protocol-to-Port Maps
Displays the current NBAR protocol-to-port mappings
router#show ip nbar port-map
port-map bgp udp 179
port-map bgp tcp 179
port-map cuseeme udp 7648 7649
port-map cuseeme tcp 7648 7649
port-map dhcp udp 67 68
port-map dhcp tcp 67 68
port-map dns udp 53
port-map dns tcp 53
Port-map http tcp 80 8080
show ip nbar port-map [protocol-name]
router#
© 2006 Cisco Systems, Inc. All rights reserved.
NBAR Protocol Discovery
Analyzes application traffic patterns in real time and discovers which traffic is running on the network
Provides bidirectional, per-interface, and per-protocol statistics
Important monitoring tool supported by Cisco QoS management tools:
Generates real-time application statistics
Provides traffic distribution information at key network locations
© 2006 Cisco Systems, Inc. All rights reserved.
Configuring and Monitoring NBAR Protocol Discovery
Configures NBAR to discover traffic for all protocols known to NBAR on a particular interface
Requires that CEF be enabled before protocol discovery
Can be applied with or without a service policy enabled
ip nbar protocol-discovery
router(config-if)#
show ip nbar protocol-discovery
router#
Displays the statistics for all interfaces on which protocol discovery is enabled. Statistics can be inaccurate because of policing of queue drops at the output interface.
© 2006 Cisco Systems, Inc. All rights reserved.
Configuring and Monitoring Protocol Discovery Output
router#show ip nbar protocol-discovery
Ethernet0/0
Input Output
Protocol Packet Count Packet Count
Byte Count Byte Count
5 minute bit rate (bps) 5 minute bit rate (bps)
---------- ------------------------ -----------------
realaudio 2911 3040
1678304 198406
19000 1000
http 19624 13506
14050949 2017293
0 0
<output omitted>
© 2006 Cisco Systems, Inc. All rights reserved.
Steps for Configuring NBAR for Static Protocols
Required steps:
1. Enable NBAR Protocol Discovery.
2. Configure a traffic class.
3. Configure a traffic policy.
4. Attach the traffic policy to an interface.
5. Enable PDLM if needed.
© 2006 Cisco Systems, Inc. All rights reserved.
Configuring NBAR for Static Protocols Commands
Configures the match criteria for a class map on the basis of the specified protocol using the MQC configuration mode.
Static protocols are recognized based on the well-known destination port number.
A match not command can be used to specify a QoS policy value that is not used as a match criterion; in this case, all other values of that QoS policy become successful match criteria.
match protocol protocol
router(config-cmap)#
© 2006 Cisco Systems, Inc. All rights reserved.
Configuring NBAR Example
HTTP is a static protocol using a well-known port number 80. However, other port numbers may also be in use.
The ip nbar port-map command will inform the router that other ports are also used for HTTP.
© 2006 Cisco Systems, Inc. All rights reserved.
Steps for Configuring Stateful NBAR for Dynamic Protocols
Required steps:
1. Configure a traffic class.
2. Configure a traffic policy.
3. Attach the traffic policy to an interface.
© 2006 Cisco Systems, Inc. All rights reserved.
Enhanced NBAR Classification for HTTP
Recognizes the HTTP GET packets containing the URL, and then matches all packets that are part of the HTTP GET request
Include only the portion of the URL following the address or host name in the match statement
match protocol http url url-string
router(config-cmap)#
match protocol http host hostname-string
router(config-cmap)#
Performs a regular expression match on the host field content inside an HTTP GET packet and classifies all packets from that host
© 2006 Cisco Systems, Inc. All rights reserved.
match protocol http mime MIME-type
router(config-cmap)#
match protocol fasttrack file-transfer
regular-expression
router(config-cmap)#
Special NBAR Configuration for HTTP and FastTrack
Matches a packet containing the MIME type and all subsequent packets until the next HTTP transaction for stateful protocol.
Stateful mechanism to identify a group of peer-to-peer file-sharing applications.
Applications that use FastTrack peer-to-peer protocol include Kazaa, Grokster, Gnutella, and Morpheus.
A Cisco IOS regular expression is used to identify specific FastTrack traffic.
To specify that all FastTrack traffic will be identified by the traffic class, use asterisk (*) as the regular expression.
© 2006 Cisco Systems, Inc. All rights reserved.
URL or HOST Specification String Options
Options Description
* Match any zero or more characters in this
position.
? Match any one character in this position.
| Match one of a choice of characters.
(|) Match one of a choice of characters in a
range. For example, xyz.(gif | jpg)
matches either xyz.gif or xyz.jpg.
[ ] Match any character in the range
specified, or one of the special
characters. For example, [0-9] is all of
the digits; [*] is the "*" character, and
[[] is the "[" character.
© 2006 Cisco Systems, Inc. All rights reserved.
match protocol rtp [audio | video | payload-type
payload-string]
router(config-cmap)#
Configuring Stateful NBAR for RTP
Identifies real-time audio and video traffic in the class-map mode of MQC
Differentiates on the basis of audio and video codecs
The match protocol rtp command has these options:
audio: Match by payload type values 0 to 23, reserved for audio traffic
video: Match by payload type values 24 to 33, reserved for video traffic
payload-type: Match by a specific payload type value; provides more granularity than the audio or video options
© 2006 Cisco Systems, Inc. All rights reserved.
Classification of RTP Session
© 2006 Cisco Systems, Inc. All rights reserved.
Resources
Network-Based Application Recognition, Q&A
http://www.cisco.com/en/US/partner/products/ps6616/products_qanda_item09186a00800a3ded.shtml
Network-Based Application Recognition and Distributed Network-Based Application Recognition
http://www.cisco.com/en/US/partner/products/ps6350/products_configuration_guide_chapter09186a0080455985.html
Remaining percent calculations example
https://supportforums.cisco.com/thread/122893?tstart=0
© 2006 Cisco Systems, Inc. All rights reserved.
Introducing Queuing Implementations
© 2006 Cisco Systems, Inc. All rights reserved.
Objectives
Describe the common causes of congestion on a link.
Compare and contrast various queuing methods used to relieve congestion.
Describe the purpose and functionality of software queues.
Describe the function and purpose of the hardware queue.
© 2006 Cisco Systems, Inc. All rights reserved.
Congestion can occur at any point in the network where there are points of speed mismatches or aggregation.
Queuing manages congestion to provide bandwidth and delayguarantees.
Congestion and Queuing
© 2006 Cisco Systems, Inc. All rights reserved.
• Speed mismatches are the most typical cause of congestion.
• Possibly persistent when going from LAN to WAN.
• Usually transient when going from LAN to LAN.
Speed Mismatch
© 2006 Cisco Systems, Inc. All rights reserved.
Aggregation
© 2006 Cisco Systems, Inc. All rights reserved.
What is Queuing?
Queuing is a congestion-management mechanism that allows you to control congestion on interfaces.
Queuing is designed to accommodate temporary congestion on an interface of a network device by storing excess packets in buffers until bandwidth becomes available.
© 2006 Cisco Systems, Inc. All rights reserved.
Congestion and Queuing
.
© 2006 Cisco Systems, Inc. All rights reserved.
Queuing Algorithms
First-in, first-out (FIFO)
Priority queuing (PQ)
Round robin
Weighted round robin (WRR)
© 2006 Cisco Systems, Inc. All rights reserved.
FIFO
First packet in is first packet out
Simplest of all
One queue
All individual queues are FIFO
By default serial interfaces at E1 and below use WFQ, all others interfaces by default use FIFO.
© 2006 Cisco Systems, Inc. All rights reserved.
Priority Queuing
Uses multiple queues
Allows prioritization
Always empties first queue before going to the next queue:
Empty queue number 1.
If queue number 1 is empty, then dispatch one packet from queue number 2.
If both queue number 1 and queue number 2 are empty, then dispatch one packet from queue number 3.
Queues number 2 and number 3 may ―starve‖
Best suited to low-bandwidth, congested serial interfaces
© 2006 Cisco Systems, Inc. All rights reserved.
Round Robin Queuing
Uses multiple queues
No prioritization
Dispatches one packet from each queue in each round:
• One packet from queue number 1
• One packet from queue number 2
• One packet from queue number 3
Then repeat
© 2006 Cisco Systems, Inc. All rights reserved.
Weighted Round Robin Queuing
Allows prioritization
Assign a weight to each queue
Dispatches packets from each queue proportionately to an assigned weight:
Dispatch up to four from queue number 1.
Dispatch up to two from queue number 2.
Dispatch 1 from queue number 3.
Go back to queue number 1.
Cisco CQ uses number of bytes instead of number of packets
© 2006 Cisco Systems, Inc. All rights reserved.
Problems with Weighted Round Robin Queuing
Problem with WRR:
Some implementations of WRR dispatch a configurable number of bytes (threshold) from each queue for each round—several packets can be sent in each turn.
The router is allowed to send the entire packet even if the sum of all bytes is more than the threshold.
© 2006 Cisco Systems, Inc. All rights reserved.
Router Queuing Components
Each physical interface has a hardware and a software queuing system.
© 2006 Cisco Systems, Inc. All rights reserved.
Hardware and Software Router Queuing Components
The hardware queuing system always uses FIFO queuing.
The software queuing system can be selected and configured depending on the platform and Cisco IOS version.
© 2006 Cisco Systems, Inc. All rights reserved.
The Software Queue
Generally, a full hardware queue indicates interface congestion, and software queuing is used to manage it.
When a packet is being forwarded, the router will bypass the software queue if the hardware queue has space in it(no congestion).
© 2006 Cisco Systems, Inc. All rights reserved.
The Hardware Queue Routers determine the length of the hardware queue based
on the configured bandwidth of the interface.
The length of the hardware queue can be adjusted with the tx-ring-limit command.
Reducing the size of the hardware queue has two benefits:
It reduces the maximum amount of time that packets wait in the FIFO queue before being transmitted.
It accelerates the use of QoS in Cisco IOS software.
Improper tuning of the hardware queue may produce undesirable results:
A long transmit queue may result in poor performance of the software queuing system.
A short transmit queue may result in a large number of interrupts, which causes high CPU utilization and low link utilization.
© 2006 Cisco Systems, Inc. All rights reserved.
R1#show controllers serial 0/1/0
Interface Serial0/1/0
Hardware is GT96K
DCE V.11 (X.21), clock rate 384000
<...part of the output omitted...>
1 sdma_rx_reserr, 0 sdma_tx_reserr
0 rx_bogus_pkts, rx_bogus_flag FALSE
0 sdma_tx_ur_processed
tx_limited = 1(2), errata19 count1 - 0, count2 - 0
Receive Ring
rxr head (27)(0x075BD090), rxr tail (0)(0x075BCEE0)
rmd(75BCEE0): nbd 75BCEF0 cmd_sts 80800000 buf_sz 06000000
buf_ptr 75CB8E0
rmd(75BCEF0): nbd 75BCF00 cmd_sts 80800000 buf_sz 06000000
buf_ptr 75CCC00
<...rest of the output omitted...>
Monitoring Hardware Queue Transmit Queue Length
The show controllers serial 0/1/0 command shows the length of the hardware queue.
© 2006 Cisco Systems, Inc. All rights reserved.
Congestion on Software Interfaces
Subinterfaces and software interfaces (dialers, tunnels, Frame Relay subinterfaces) do not have their own
separate transmit queue.
Subinterfaces and software interfaces congest when
the transmit queue of their main hardware interface congests.
The tx-ring state (full, not-full) is an indication of hardware interface congestion.
The terms ―TxQ‖ and ―tx-ring‖ both describe the hardware queue and are interchangeable.
© 2006 Cisco Systems, Inc. All rights reserved.
Self Check
1. When does the router use a software queue?
2. What are the typical causes of congestion?
3. When would FIFO queuing be appropriate in a network?
4. What is the ―worst case scenario‖ for Priority Queuing (PQ)?
5. How does Weighted Round Robin (WRR) improve on Round Robin queuing?
© 2006 Cisco Systems, Inc. All rights reserved.
Summary
Speed mismatch and aggregation are the most common causes of congestion on a network link.
When network links experience congestion, queuing methods can be used to sort the traffic and then determine some method of prioritizing it onto an output link. Each queuing algorithm was designed to solve a specific network traffic problem and has a particular effect on network performance.
Software queuing is activated when the hardware queue fills. If the hardware queue is not full, software queuing is bypassed and packets are sent directly to the hardware output queue.
© 2006 Cisco Systems, Inc. All rights reserved.
Q and A
© 2006 Cisco Systems, Inc. All rights reserved.
Resources
Congestion Management Overview
http://www.cisco.com/en/US/partner/products/ps6350/products_configuration_guide_chapter09186a00800b75a9.html
© 2006 Cisco Systems, Inc. All rights reserved.