, , , , , ,

Recently I designed a QoS template for our campus environment (3750 Access & 6500 for Core/Distribution). I thought of writing this post would help you/me to understand what it involve configuring QoS in access layer. From the CCIEW lab perspective I believe hardware platform for access layer would be C3560 (but this is same for 3750/2960 those are in my access layer in production network.)

There are 4 main component of configuring QoS in wired network. Before configuring those, QoS needs to enable in these platforms using “mls qos” global configuration command & you can verify it by using “show mls qos” command.

SWITCH#show mls qos
 QoS is enabled
 QoS ip packet dscp rewrite is enabled

1. Classification & Marking
2. Traffic Policing
3. Congestion Management (Queuing or Scheduling)
4. Congestion Avoidance (WTD-Weighted Tail Drop)

Best practice is to do Classification/Marking & Policing  closer to the source itself (at the access layer switch port). In layer 2, CoS (Class of Service) can be used to mark the traffic & in layer 3 IPP-IP Precedence or DSCP value can be used to classify traffic. By default switch port will NOT trust any marking values of a IP packet & re-write to DSCP to 0. “mls qos trust <DSCP|CoS|IPP>” command can be used to change this behavior. If we want to conditionally trust the packet’s marking value we can use ” mls qos trust device <cisco-phone|cts|ip-camera>” command in addition to the first command.The other option is to re-classify all traffic by using policy-map. Following show how to reclassify traffic by using a policy-map.

ip access-list extended VOIP-TRAFFIC
 permit udp any any range 16384 32767
class-map match-all VOIP-TRAFFIC
 match access-group name VOIP-TRAFFIC
policy-map LTU-1G
  set ip dscp ef
  police 20000000 8000 exceed-action policed-dscp-transmit
interface range g1/0/1-24
service-policy input LTU-1G

Below is the classification model I used for our campus QoS deployment. Five user defined traffic classes & 3 system defined (CS6,CS7 & CS0) traffic classes. It is customized version of the Cisco’s classification model to fit for our requirement.

This classified DSCP/CoS values will be re-write at the egress port depend on how cos-dscp map configured in the switch. By default CoS values 0 -7 will be mapped into DSCP 0,8,16,24,32,40,48,56. In most cases CoS value 5 used for RTP traffic marking & should map to DSCP 46. So default mapping can be changed by using     “mls qos maps cos-dscp 0 8 16 24 32 46 48 56″

In addition to the classification, traffic can be policed to a required rate.(20 Mbps in this case). 8000 value represent number of bytes send within a given time interval at the line speed (over the time avg rate equivalent to 20Mbps). I found following video by Kevin Wallace explained it very well .(http://www.youtube.com/watch?v=dSEEwHCvOnA). If traffic rate exceed 20Mbps that traffic will be markdown according to the values configured by”mls qos map policed-dscp” configuration command. In my example exceed traffic in DSCP 18,34,46 will be mark down to CS0 or DSCP 0″mls qos map policed-dscp 18 34 46 to 0″. If you want to verify the new settings use “show mls qos maps ” command.

Cos-dscp map:
        cos:   0  1  2  3  4  5  6  7 
       dscp:   0  8 16 24 32 46 48 56 

 Policed-dscp map:
     d1 :  d2 0  1  2  3  4  5  6  7  8  9 
      0 :    00 01 02 03 04 05 06 07 08 09 
      1 :    10 11 12 13 14 15 00 17 00 19 
      2 :    20 21 22 23 24 25 26 27 28 29 
      3 :    30 31 32 33 00 35 36 37 38 39 
      4 :    40 41 42 43 44 45 00 47 48 49 
      5 :    50 51 52 53 54 55 56 57 58 59 
      6 :    60 61 62 63

Once classified at the access layer you have to preserve that value across the network and need to trust DSCP value across the switch-switch trunk links and  in any layer 3 links between distribution/core layers.

Queues available in “Ingress” & “Egress” directions are hardware dependent.  In these platforms there will be two queues available for input direction with 3 threshold (1P1Q3T). Always Q2 will be the priority queue & all your important traffic needs to map into that queue to get preferred services during congestion.” Show interface capabilities” command can be used to see particular interface queuing capability.

SWITCH#sh int g1/0/1 capabilities 
  Model:                 WS-C3750X-24P
  Type:                  10/100/1000BaseTX
  Speed:                 10,100,1000,10000,auto
  QoS scheduling:        rx-(not configurable on per port basis),
                         tx-(4q3t) (3t: Two configurable values and one fixed.)
  CoS rewrite:           yes
  ToS rewrite:           yes

Based on the DSCP classification we can put traffic into different queues (Q1 & Q2). In my example all VoIP traffic (marked with EF) put into Q2 & all other traffic goes into Q1. 30% bandwidth allocated to Q2 & rest of 70% for the Q1. 3 threshold values configured for Q1(80%,90% & 100%). Following configuration commands will achieve this.

mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input buffers 90 10 
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input dscp-map queue 1 threshold 1 0 8  16 18 
mls qos srr-queue input dscp-map queue 1 threshold 2 34
mls qos srr-queue input dscp-map queue 1 threshold 3 48 56
mls qos srr-queue input dscp-map queue 2 threshold 3 46

In Egress direction, there will be 4 queues available & Q1 will be the priority queue by default. (1P3Q3T).In my case based on the DSCP classification traffic will put into each egress queue. Queue set concept is used for egress queuing in order to globally define the parameters and individually specify queue set number under the interface.

mls qos queue-set output 1 buffers 15 30 35 20
mls qos queue-set output 1 threshold 1 100 100 100 100
mls qos queue-set output 1 threshold 2 80 90 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 100 100 400
mls qos srr-queue output dscp-map queue 1 threshold 3 46
mls qos srr-queue output dscp-map queue 2 threshold 2 18 34   
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 16
mls qos srr-queue output dscp-map queue 4 threshold 1 0 8

Bandwidth allocation for the egress queue can be done either “shape” or “share” basis. In “Shape” method bandwidth is limited to configured amount and that traffic class cannot take more bandwidth even if it is available. In “share” mode un-used bandwidth can be claimed by any other class if they require more bandwidth. This configuration is done on the interface level & not in the global configuration mode.

interface GigabitEthernet1/0/15
 queue-set 1
 srr-queue bandwidth share 1 30 35 5
 priority-queue out

Congestion Avoidance technique (dropping packets) is the different threshold configured in each queue. T3 always 100% & not required to explicitly configured. for example, input direction 80% & 90% used for T1 & T2 for Q1. In egress queuing  60% 100% used for T1 & T2 in Queue 4 .

These topics are well explained in detail by Kevin Wallace on the following (http://www.youtube.com/watch?feature=player_embedded&v=IA4iOrn2eiU) video. I think it is one of the best video I have seen summarizing  QoS configurations in these switch models. Also you can find detail QoS design guide for these platforms in Cisco Medianet Campus QoS design guide ( SRND 4.0)


When it comes to configure wireless devices connected switch ports for QoS, it is important to understand traffic will be CAPWAP encapsulated between AP & WLC. So original IP packet’s DSCP value is not visible to the switch port and therefore cannot classify/mark based on DSCP value of the original packet. Therefore trusting the outer DSCP value (mls qos trust DSCP) at the AP connected switch port & trust CoS value (mls qos trust cos) at the WLC connected switch port is the standard way of configuring switch ports for QoS in wireless. Below diagram shows mapping between original DSCP into CAPWAP headers & WMM parameters in wireless world.

In conclusion, it is important configure the wired infrastructure to preserve the QoS values End-to-End. I hope this helps you to understand how we can achieve that.