In this post we will look at QoS recommendation for AireOS based WLCs. If you haven’t followed recent QoS configuration guidelines from Cisco on AireOS controllers, you may not aware that following are the current key recommendations.
1. Trust Upstream DSCP (Not 802.11 UP value like in the past)
2. Trust DSCP on AP & WLC connected switch ports (not COS value on WLC connected or FlexConnect AP switchports)
3. Metal QoS profile “Platinum” on SSID (Outer CAPWAP IP header DSCP value caps based on QoS profile)
4. Enable “Fastlane” on SSID (Simplification of all QoS related config implementation on AireOS based WLCs)
“Trust Upstream DSCP” is based on RFC 8325 recommendations that we discussed in my previous post. Below shows where you configure those QoS maps on AireOS (Wireless > QoS > QoS Maps)
Other recommendation to configure Platinum QoS profile on your SSID (unless Guest or Hotspot SSID). By configuring QoS profile value, it affects outer CAPWAP IP header DSCP value between AP & WLC communication (Local mode AP & Flex Central Switching traffic). Below summarize max DSCP value allowed in outer IP header when you configure those metal QoS profile in AireOS WLC.
For example, if your SSID configured with “Platinum” QoS profile up to DSCP 46 value is allowed in outer IP Header when it comes to CAPWAP between AP & WLC. When you change that to Gold, Silver & Bronze, that will cap outer header DSCP value. It is important to remember that inner packet DSCP value is not rewrite/change in AireOS deployment (one major difference compare to 9800).
For example, if you set WLAN QoS profile to Gold, that impact outer header DSCP values cap to AF41 (34) for traffic comes with DSCP value higher than 34 (eg Voice traffic that comes with DSCP value EF (46). This is applicable to both Downstream and Upstream direction of CAPWAP tunnel. Below diagram summarized “Gold” QoS profile QoS value modification in both directions.
You will see a different behavior with Cisco 9800 WLCs where inner packet DSCP also rewrite/change based on QoS policy config. Even though it is not common we configure those metal QoS profiles on 9800, option is available for you to configure. Here is the illustration of DSCP value changes in both upstream & downstream direction in a 9800 when you configure QoS gold policy on SSID level. Note that inner DSCP also change to AF41 (34) for voice traffic comes with EF (46)
In 9800 we do not specifically configure Platinum QoS profile under SSID QoS policy (under Policy Profile), However, by default it allows up to DSCP 46 value in CAPWAP outer headers (equivalent of Platinum QoS profile in AireOS)
It is also important to remember, when you configure “Fastlane” on a SSID, it automatically configure an “AUTOQOS-AVC-PROFILE” and apply to SSID. Note that in AireOS you can have maximum 32 rules per AVC profile. Below are the applications and respective DSCP value in that AVC profile. This is one area 9800 become much more flexible where you can use all AVC applications “Business Relevance” attribute to define your class-maps. (we will look at that in next post)
Hope this post gave you an overall idea how you should configure QoS configuration in AireOS WLCs today. We will look at 9800 QoS config recommendations in the next post.
If you are interested to learn 9800 QoS please register for my webinar next week.(30th Sep 2021-3PM CST)
1. QoS for WLAN Professionals
2. RFC8325 – QoS Mappings
3. Cisco 9800 QoS Recommendations
4. Understanding Wireless QoS (Part 1-5)
5. 3850 QoS (Part 1-5)
6. Best Practice QoS Config (AireOS 7.x)
I recently went through this exercise on my wireless controllers, and on AirOS 8.5.151, when one enables fastlane for the first time, having the controller setup all the best practices is very welcome. It’s helped with Zoom in particular, where jitter is significantly reduced.
In addition, getting 11.v and 11.k enabled meant that more of my clients (mostly Mac) seemed to anchor to 5Ghz without the aid of any controller steering enhancements enabled.
If you’ve not seen this guide, it’s very helpful is maximizing Cisco/Apple setups, which cover much of what you’ve outlined above.
Click to access AppleCiscoWirelessBestPracticeWhitePaper-v5c-28Mar2018.pdf
Great to hear that Jeff, I can imagine Covid forces most of org to heavily rely on video applications like zoom/ms-team/Webex.
Yes, that Apple/Cisco best practice guide is quite useful too, thanks for sharing the link
I’ve also got two brand new 9800-80’s that I’m in the process of setting up as replacements for my 8540s, and looking forward to your qos topic.
Great, I will do a blog post on 9800 QoS early next week. Please join the webinar on 30 Sep to learn 9800 QoS.
One thing to note regarding AVC on AireOS is https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw05117 which we have just hit. If you have a WLAN with large amounts of Clients don’t enable AVC.
With AireOS based controllers, it is common that you hit performance issues when you go ahead & try to control (C in AVC) applications using AVC.
I am interest to see you implemet Controlling (like Fastlane on SSID & DSCP remarking on certain appliations) or just use a AVC profile to get visibility without any controlling.
That bug ID listed indicating high CPU due to SNMP. Do you think that is related to AVC as well ?
Ah, my Copy&Paste skills may have failed me.
Basically what we saw was after enabling AVC in said wlan, everything began to hang. Ping times around 5-600 ms towards WLC, an d client unable to auth on the SSID.
What happened was the WLC began doing DPI on the first few incoming packet, and on 10000+ packets, it really couldn’t keep up. After disabling AVC, everything went back to normal.
Apparently there’s an enhancement bug on it, and been so for many years now.
That sounds typical behavior with large enterprise deployment AVC. Yes recommendation is just go for visibility and not for control. With Cisco 9800, Cisco claim no more peformance hit even if you want to conrol based on AVC classification… Thanks again for get back with additional info