Recently I designed a QoS template for our campus environment (3750 Access & 6500 for Core/Distribution). I thought of writing this post would help you/me to understand what it involve configuring QoS in access layer. From the CCIEW lab perspective I believe hardware platform for access layer would be C3560 (but this is same for 3750/2960 those are in my access layer in production network.)
There are 4 main component of configuring QoS in wired network. Before configuring those, QoS needs to enable in these platforms using “mls qos” global configuration command & you can verify it by using “show mls qos” command.
SWITCH#show mls qos QoS is enabled QoS ip packet dscp rewrite is enabled
1. Classification & Marking
2. Traffic Policing
3. Congestion Management (Queuing or Scheduling)
4. Congestion Avoidance (WTD-Weighted Tail Drop)
Best practice is to do Classification/Marking & Policing closer to the source itself (at the access layer switch port). In layer 2, CoS (Class of Service) can be used to mark the traffic & in layer 3 IPP-IP Precedence or DSCP value can be used to classify traffic. By default switch port will NOT trust any marking values of a IP packet & re-write to DSCP to 0. “mls qos trust <DSCP|CoS|IPP>” command can be used to change this behavior. If we want to conditionally trust the packet’s marking value we can use ” mls qos trust device <cisco-phone|cts|ip-camera>” command in addition to the first command.The other option is to re-classify all traffic by using policy-map. Following show how to reclassify traffic by using a policy-map.
ip access-list extended VOIP-TRAFFIC permit udp any any range 16384 32767 ! class-map match-all VOIP-TRAFFIC match access-group name VOIP-TRAFFIC ! policy-map LTU-1G class VOIP-TRAFFIC set ip dscp ef police 20000000 8000 exceed-action policed-dscp-transmit ! interface range g1/0/1-24 service-policy input LTU-1G
Below is the classification model I used for our campus QoS deployment. Five user defined traffic classes & 3 system defined (CS6,CS7 & CS0) traffic classes. It is customized version of the Cisco’s classification model to fit for our requirement.
This classified DSCP/CoS values will be re-write at the egress port depend on how cos-dscp map configured in the switch. By default CoS values 0 -7 will be mapped into DSCP 0,8,16,24,32,40,48,56. In most cases CoS value 5 used for RTP traffic marking & should map to DSCP 46. So default mapping can be changed by using “mls qos maps cos-dscp 0 8 16 24 32 46 48 56″
In addition to the classification, traffic can be policed to a required rate.(20 Mbps in this case). 8000 value represent number of bytes send within a given time interval at the line speed (over the time avg rate equivalent to 20Mbps). I found following video by Kevin Wallace explained it very well .(http://www.youtube.com/watch?v=dSEEwHCvOnA). If traffic rate exceed 20Mbps that traffic will be markdown according to the values configured by”mls qos map policed-dscp” configuration command. In my example exceed traffic in DSCP 18,34,46 will be mark down to CS0 or DSCP 0″mls qos map policed-dscp 18 34 46 to 0″. If you want to verify the new settings use “show mls qos maps ” command.
Cos-dscp map: cos: 0 1 2 3 4 5 6 7 -------------------------------- dscp: 0 8 16 24 32 46 48 56 Policed-dscp map: d1 : d2 0 1 2 3 4 5 6 7 8 9 --------------------------------------- 0 : 00 01 02 03 04 05 06 07 08 09 1 : 10 11 12 13 14 15 00 17 00 19 2 : 20 21 22 23 24 25 26 27 28 29 3 : 30 31 32 33 00 35 36 37 38 39 4 : 40 41 42 43 44 45 00 47 48 49 5 : 50 51 52 53 54 55 56 57 58 59 6 : 60 61 62 63
Once classified at the access layer you have to preserve that value across the network and need to trust DSCP value across the switch-switch trunk links and in any layer 3 links between distribution/core layers.
Queues available in “Ingress” & “Egress” directions are hardware dependent. In these platforms there will be two queues available for input direction with 3 threshold (1P1Q3T). Always Q2 will be the priority queue & all your important traffic needs to map into that queue to get preferred services during congestion.” Show interface capabilities” command can be used to see particular interface queuing capability.
SWITCH#sh int g1/0/1 capabilities Model: WS-C3750X-24P Type: 10/100/1000BaseTX Speed: 10,100,1000,10000,auto QoS scheduling: rx-(not configurable on per port basis), tx-(4q3t) (3t: Two configurable values and one fixed.) CoS rewrite: yes ToS rewrite: yes
Based on the DSCP classification we can put traffic into different queues (Q1 & Q2). In my example all VoIP traffic (marked with EF) put into Q2 & all other traffic goes into Q1. 30% bandwidth allocated to Q2 & rest of 70% for the Q1. 3 threshold values configured for Q1(80%,90% & 100%). Following configuration commands will achieve this.
mls qos srr-queue input bandwidth 70 30 mls qos srr-queue input buffers 90 10 mls qos srr-queue input threshold 1 80 90 mls qos srr-queue input priority-queue 2 bandwidth 30 ! mls qos srr-queue input dscp-map queue 1 threshold 1 0 8 16 18 mls qos srr-queue input dscp-map queue 1 threshold 2 34 mls qos srr-queue input dscp-map queue 1 threshold 3 48 56 mls qos srr-queue input dscp-map queue 2 threshold 3 46
In Egress direction, there will be 4 queues available & Q1 will be the priority queue by default. (1P3Q3T).In my case based on the DSCP classification traffic will put into each egress queue. Queue set concept is used for egress queuing in order to globally define the parameters and individually specify queue set number under the interface.
mls qos queue-set output 1 buffers 15 30 35 20 mls qos queue-set output 1 threshold 1 100 100 100 100 mls qos queue-set output 1 threshold 2 80 90 100 400 mls qos queue-set output 1 threshold 3 100 100 100 400 mls qos queue-set output 1 threshold 4 60 100 100 400 ! mls qos srr-queue output dscp-map queue 1 threshold 3 46 mls qos srr-queue output dscp-map queue 2 threshold 2 18 34 mls qos srr-queue output dscp-map queue 2 threshold 3 48 56 mls qos srr-queue output dscp-map queue 3 threshold 3 16 mls qos srr-queue output dscp-map queue 4 threshold 1 0 8
Bandwidth allocation for the egress queue can be done either “shape” or “share” basis. In “Shape” method bandwidth is limited to configured amount and that traffic class cannot take more bandwidth even if it is available. In “share” mode un-used bandwidth can be claimed by any other class if they require more bandwidth. This configuration is done on the interface level & not in the global configuration mode.
interface GigabitEthernet1/0/15 queue-set 1 srr-queue bandwidth share 1 30 35 5 priority-queue out
Congestion Avoidance technique (dropping packets) is the different threshold configured in each queue. T3 always 100% & not required to explicitly configured. for example, input direction 80% & 90% used for T1 & T2 for Q1. In egress queuing 60% 100% used for T1 & T2 in Queue 4 .
These topics are well explained in detail by Kevin Wallace on the following (http://www.youtube.com/watch?feature=player_embedded&v=IA4iOrn2eiU) video. I think it is one of the best video I have seen summarizing QoS configurations in these switch models. Also you can find detail QoS design guide for these platforms in Cisco Medianet Campus QoS design guide ( SRND 4.0)
When it comes to configure wireless devices connected switch ports for QoS, it is important to understand traffic will be CAPWAP encapsulated between AP & WLC. So original IP packet’s DSCP value is not visible to the switch port and therefore cannot classify/mark based on DSCP value of the original packet. Therefore trusting the outer DSCP value (mls qos trust DSCP) at the AP connected switch port & trust CoS value (mls qos trust cos) at the WLC connected switch port is the standard way of configuring switch ports for QoS in wireless. Below diagram shows mapping between original DSCP into CAPWAP headers & WMM parameters in wireless world.
In conclusion, it is important configure the wired infrastructure to preserve the QoS values End-to-End. I hope this helps you to understand how we can achieve that.
Reblogged this on ytd2525.
Thanks for sharing this on your blog…
Hi Rasika, am in the process of implementing QoS in my campus network, and came across this blog, very useful indeed, thank you very much!
You concluded that “it is important configure the wired infrastructure to preserve the QoS values End-to-End”.. which i agree; but out of curiosity, how did you extend your QoS across your edge firewall? or what do you think is the best way to approach this?
The only router in my network is a Cisco ASA 9.0, Core is a 3750, and 2960 for access in addition to WLC. I plan on enabling “modified” autoQoS everywhere, but how does that work on the ASA?
thanks a lot for your great blog
I have a small issue related to qos between voip and cctv
(or IP camera traffic) – since they are usu. set to be marked as EF and CS5 they both get same priority and this is all well, however during some testing that we did in our lab we noticed that this competition on same queue can still cause issues simply by have cctv bw be more than 100Mb on a shared 1 G uplink.
we are using 2960-S switches at the access with auto-qos and uplinked directly to 4500 core switch.
any ideas of how to go around this limitation pls?
If your CCTV camera on particular subnet, then you can remark that traffic from EF to AF41 (as example) at the 2960 ingress. Then only EF get prioritized.
How did your config work in your environment? Any performance issues?
How did the config worked on 3750X?
I was wondering that 4500 and 3850 switches police Voice traffic to 128K then what is the gain or loss of policing voice at 20M.
Appreciate your feed back.
Straight forward information, now I grasped QoS thank you very much!
You are welcome. Glad it helps you Eddie,
ZAINAL GANTENG said:
mls qos queue-set output 1 buffers 15 30 35 20
mls qos queue-set output 1 threshold 1 100 100 100 100
mls qos queue-set output 1 threshold 2 80 90 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 100 100 400
This number is taken from where and how to determine the number??
60 100 100 400
100 100 100 400
80 90 100 400
100 100 100 100
15 30 35 20
These config are from Cisco validated design guides and configuration guides