From the beginning the IPv4 header RFC 791 defined a 1 byte field called the Type of Service or ToS. The intent was to use this 1 byte field to mark packets for preferential treatment in conjunction with QoS. The ToS field was further divided into a high order 3 bits called IP Precedence or IPP. Over time the IPP standard was improved upon, and today we know it as DSCP.
Avaliable Queuing Methods
- First In First Out or FIFO – Default
- Priority Queuing or PQ
- Custom Queuing or CQ
- Weighted Fair Queuing or WFQ – Below 2 Mbps
- Class Based Weighted Fair Queuing or CBWFQ
- Low Latency Queuing or LLQ
Lets put together a vary simple example of a modular QoS configuration using MQC.
- Class A – DSCP = RTP, EF with a reserve of 20%
- Class B – DSCP = CS3, AF31 with a reserve of 10%
- Class C – DSCP = AF31 with a reserve of 30%
Now lets start off by creating 4 simple extended ACL’s that we can use for classifying traffic. For simplicity sack lets call the 4 classification ACL’s A, B, and C. The A, and B ACL’s will be reserved for RTP, and Call Control. Lets assume the one of the the Call Manager Servers in the Cluster is at 192.168.2.18 listening on UDP port 2427, and TCP port 2428 for call control. Let’s also assume we have a Web Server at 172.16.2.31 listening on ports 80, and 443. Let’s also assume that voice related traffic is being sourced from the 192.168.17.0/24 network.
R1#configure terminal
R1(config)#ip access-list extended A
R1(config-ext-nacl)permit udp 192.168.17.0 0.0.0.255 any range 16384 32767
R1(config-ext-nacl)#exit
R1(config)#ip access-list extended B
R1(config-ext-nacl)#permit udp any host 192.168.2.18 eq 2427
R1(config-ext-nacl)#permit tcp any host 192.168.2.18 eq 2428
R1(config-ext-nacl)#exit
R1(config)#ip access-list extended C
R1(config-ext-nacl)#permit tcp any host 172.16.2.31 eq www
R1(config-ext-nacl)#permit tcp any host 172.16.2.31 eq 443
R1(config-ext-nacl)#exit
R1(config)#
When it comes to the actual voice conversation within the RTP stream we need to specific as possible with the classification, and DSCP marking. That’s why it’s important to match all as opposed to matching any within the class map. When matching with All its a logical AND condition as opposed to Any which is a logical OR condition.
R1(config)#class-map match-all A R1(config-class-map)#match access-group name A R1(config-class-map)#match ip dscp ef R1(config-class-map)#match protocol rtp audio R1(config-class-map)#exit R1(config)#exit R1#
Now lets associate the classification ACL B with the Call Control Class Map.
R1#config terminal R1(config)#class-map match-any B R1(config-class-map)#match ip dscp cs3 R1(config-class-map)#match ip dscp af31 R1(config-class-map)#match access-group name B R1(config-class-map)#exit R1(config)#
Next let’s move onto the Class Map for Class C’s Web related traffic.
R1(config)#class-map match-any C R1(config-class-map)#match access-group name C R1(config-class-map)#exit R1(config)#
Lets jump into configuring of the Policy Map, and associate the classes we created earlier.
R1(config)#policy-map QoS R1(config-pmap-c)#class A R1(config-pmap-c)#priority percent 20 R1(config-pmap-c)#class B R1(config-pmap-c)#set dscp af31 R1(config-pmap-c)#bandwidth percent 10 R1(config-pmap-c)#class C R1(config-pmap-c)#bandwidth percent 30 R1(config-pmap-c)#set dscp af21 R1(config-pmap-c)#end R1#
Policing
When it comes to Policing traffic there are basically a couple options. The first would be to simply drop the traffic all together when it meets or exceeds a defined limit. The other which is just as powerful or elegant depending on your point of view is re-classification. So for example if a particular class of traffic exceeded a defined percentage of the interface it could be re-classified to a lesser interface queue.
- Dropping
- Re-classification
Lets say that we have scenario with two FTP hosts that are heavily used throughout the day for transferring business related data between two separate Datacenters across the WAN. One of the FTP server’s is at 172.16.2.20, and the other at 172.17.2.20. Due to the critical nature of files being transferred we don’t’ wont the prevent them from communicating over FTP, however we don’t want them consuming 100% of the bandwidth between the Datacenters during the transaction.
Lets configure Router R1 to Police the traffic between the two FTP Servers.
R1#config terminal R1(config)#ip access-list extended FTP R1(config-ext-nacl)#permit tcp host 172.16.2.20 host 172.17.2.20 eq ftp R1(config-ext-nacl)#permit tcp host 172.16.2.20 host 172.17.2.20 eq ftp-data R1(config-ext-nacl)#exit R1(config)#
Now lets update the QoS Policy to include the FTP Policing traffic between host 172.16.2.20 and host 172.17.2.20.
R1(config)#policy-map QoS R1(config-pmap-c)#class FTP R1(config-pmap-c)#police cir percent 3 R1(config-pmap-c)#conform-action transmit R1(config-pmap-c)#exceed-action drop R1(config-pmap-c)#end R1#
Lets take a quick look the Policy Map and associated Class Map percentages.
Router#show run policy-map QoS
Policy Map QoS
Class A
priority 20 (%)
Class B
bandwidth 10 (%)
Class C
bandwidth 30 (%)
set dscp af21
Class FTP
police cir percent 3
conform-action transmit
exceed-action drop
Router#
Now lets associate or apply the Service Policy on the WAN interface.
R1#config terminal R1(config)#interface s0/0/0:0 R1(config-interface)#load-interval 30 R1(config-interface)#service-policy output QoS R1(config-interface)#end R1#
Now lets take a look at the queuing method associated with the interface.
Router#show int s0/0/0:0 | include Queueing Queueing strategy: Class-based queueing Router#
Watch QoS come to life in this animated Flash demo from Cisco. Demo
I hope you found this post on CBWFQ helpful and informative. Be sure to let me know what you think by leaving suggestions, and feedback in the comments section below. You can find out more about these and other articles be checking out recent posts and archives. To learn more about me be sure to check out the About page. And as always thanks again for visiting The Packet.
