qos must be implemted consistently
across the entire network
If data travels over even a small portion of a network where different policies (or no policies) are applied,
the entire QoS policy is destroyed.
A trust boundary is
the point within the network where markings such as CoS or DSCP begin to be accepted.
the trust boundary must be implemented
at one of three locations in a network as shown:
- Endpoint or end system
- Access layer
- Distribution layer
Trusted endpoints have the capabilities and intelligence to mark
- application traffic to the appropriate CoS and/or
- DSCP values.
- and remark traffic
endpoints connected to a switch command
mls qos trust dscp interface command.
if end point is not trusted then boundry should be at the
classification should be done as close to the
network edge as possible.
IP phones are trusted devices while
pcs are not
to discover weather the device can be trusted
Cisco Discovery Protocol (CDP)
Network-Based Application Recognition (NBAR)
- classification and protocol discovery feature of Cisco IOS
- software that recognizes a wide variety of applications, including
- web-based applications and client/server applications that dynamically
- assign TCP or UDP port numbers.
- the ability to guarantee bandwidth
- to critical applications, limit bandwidth to other applications, drop
- selective packets to avoid congestion, and mark packets appropriately
- so that the network and the service provider's network can provide QoS
- from end to end.
. NBAR ensures that network bandwidth is used
- efficiently by classifying packets and
- then applying QoS to the classified traffic.
NBAR performs the following two functions:
Identification of applications and protocols (Layer 4 to Layer 7)
NBAR introduces several new classification features that
identify applications and protocols from Layer 4 through Layer 7:
- Statically assigned TCP and UDP port
Non-UDP and non-TCP IP protocols.
- Dynamically assigned TCP and UDP port
NBAR includes a Protocol Discovery feature that
provides an easy way to discover application protocols that are transversing an interface.
Protocol Discovery maintains the following
per-protocol statistics for enabled interfaces:
Total number of input and output packets and bytes
Input and output bit rates
Packet Description Language Module (PDLM)
- that can be loaded at run time to extend the NBAR list of recognized protocols. PDLMs can also be used
- to enhance an existing protocol-recognition capability
You must enable Cisco Express Forwarding (CEF) before you configure
NBAR cannot support the following:
- More than 24 concurrent URLs, hosts, or
- Multipurpose Internet Mail Extension (MIME)-type matches
- Matching beyond the first 400 bytes in a
- packet payload
- Multicast and switching modes other than
- URL, host, or MIME classification with
- secure HTTP
- Packets originating from or destined to
- the router running NBAR
NBAR is not supported on Fast EtherChannel,
but is supported on
Gigabit Ethernet interfaces.
Interfaces configured to use tunneling or
- do not support NBAR;that is, you cannot use NBAR to
- classify output traffic on a WAN link where tunneling or encryption is
NBAR looks into the TCP/UDP payload itself and classifies packets on content within the
- payload such as transaction identifier, message type, or
- other similar data.
HTTP URL matching in NBAR supports most HTTP request methods such as
GET, PUT, HEAD, POST, DELETE, and TRACE
NBAR protocal discovery provides an easy way to discover
application portocals transmitting on the interface
NBAR protocal discoverycan be applied to an interface
to monitor both input and output traffic
Modular QoS CLI
simple configuration manual configured.
deeper packet recgnition
NBAR can classify applications that use:
Statically assigned TCP and UDP port numbers
Non-UDP and non-TCP IP protocols
Dynamically assigned TCP and UDP port numbers negotiated during connection establishment (requires stateful inspection)
Subport and deep packet inspection classification
Can customize TCP and UDP port numbers to an application
Packet Description Language Module
- §PDLMs allow NBAR to recognize new protocols
- matching text patterns in data packets without requiring a new Cisco IOS
- software image or a router reload.
- §An external PDLM can be loaded at run time to
- extend the NBAR list of recognized protocols.
- §PDLMs can also be used to enhance an existing
- protocol recognition capability.
§PDLMs must be produced by Cisco engineers.
NBAR get statistics from
- polling Simple Network Management Protocol (SNMP) statistics from the NBAR Protocol Discovery
- (PD) Management Information Base (MIB).
NBAR Protocol Discovery
- Analyzes application traffic patterns in real
- time and discovers which traffic is running on the network
Provides bidirectional, per-interface, and per-protocol statistics
- Important monitoring tool supported by Cisco QoS
- management tools:
Generates real-time application statistics
Provides traffic distribution information at key network locations
NBAR Protocol Discovery can be applied to
interfaces and can be used to monitor both
input and output traffic.helps in defining QoS classes and policies
he NBAR feature has two components:
One component monitors applications traversing a network.
The other component classifies traffic by protocol.
Steps for Configuring NBAR for Static Protocols
- Enable NBAR Protocol
Configure a traffic class.
Configure a traffic policy.
- Attach the traffic policy
- to an interface.
Enable PDLM if needed.
Steps for Configuring Stateful NBAR for Dynamic Protocols
Configure a traffic class.
Configure a traffic policy.
- Attach the traffic policy to an
The ability of NBAR to classify traffic by protocol and then apply QoS to that traffic uses
the MQC class map match criteria.
Real-Time Transport Protocol (RTP) consists
of a data part and a control part.
The data part of RTP is a
- thin protocol providing support for applications with real-time properties (such as continuous media [audio
- and video]), which includes timing reconstruction, loss detection, and security and content identification.
NBAR RTP payload classification not only allows you to
statefully identify real-time audio and video traffic, but it also can differentiate on the basis of audio and video codecs to provide more granular QoS.
- can occur at any point in the network where
- there are points of speed mismatches or aggregation
manages congestion to provide bandwidth and delay guarantees.
to sort the traffic and then determine some method of prioritizing it onto an output link.
Speed mismatches are the most common reason for
Speed mismatches are the most typical cause of congestion.
•Possibly persistentwhen going from LAN to WAN.
•Usually transient when going from LAN to LAN.
- in WANs when multiple remote sites feed into a central
a congestion-management mechanism that allows you to control congestion on interfaces.
- designed to accommodate temporary congestion on an interface of a network device by storing excess
- packets in buffers until bandwidth becomes available.
Complex queuing generally happens on
outbound interfaces only. A router queues packets it sends out an interface.
First-in, first-out (FIFO)
Priority queuing (PQ)
Weighted round robin (WRR)
- FIFO: First-in,
- first-out; the simplest algorithmPriority queuing
- (PQ): Allows traffic to be prioritizedRound robin:
- Allows several queues to share bandwidthWeighted round
- robin (WRR): Allows sharing of bandwidth with prioritization
First packet in is first packet out
Simplest of all
All individual queues are FIFO
all interfaces except serial interfaces at E1 (2.048 Mbps) and below use
FIFO by default.
Serial interfaces at E1 (2.048 Mbps) and below
use weighted fair queuing (WFQ) by default.
§Uses multiple queues
- §Always empties first queue before going to
- the next queue:
§Empty queue number 1.
- §If queue number 1 is empty, then dispatch one
- packet from queue number 2.
- §If both queue number 1 and queue number 2 are
- empty, then dispatch one packet from queue number 3.
§Queues number 2 and number 3 may “starve”
PQ gives priority queues absolute preferential
A priority list is a set of rules that describe how packets
should be assigned to priority queues
Keepalives sourced by the network server are always assigned to the
PQ provides absolute preferential treatment to
high-priority traffic, ensuring that mission-critical traffic traversing various WAN links gets priority treatment
PQ introduces extra
Round robin refers to an
arrangement that involves choosing all elements in a group equally in some rational order, usually starting from the top to the bottom of a list and then starting again at the top of the list and so on.
Round Robin Queuing
Uses multiple queues
Dispatches one packet from each queue in each round:
- One packet from
- queue number 1
- One packet from
- queue number 2
- One packet from
- queue number 3
Weighted Round Robin Queuing
§Assign a weight to each queue
- §Dispatches packets from each queue
- proportionately to an assigned weight:
- §Dispatch up to four from
- queue number 1.
- §Dispatch up to two from
- queue number 2.
- §Dispatch 1 from
- queue number 3.
§Go back to queue number 1.
weighted round robin (WRR) algorithm provides
prioritization capabilities for round-robin queuing
drawbacks of WRR queuing
- it does not allocate bandwidth accurately
- ratio between the byte count and the MTU is too large, WRR queuing will cause long delays.
Problem with WRR:
Some implementations of WRR dispatch a configurable number of bytes (threshold) from each queue for each round—several packets can be sent in each turn.
The router is allowed to send the entire packet even if the sum of all bytes is more than the threshold.
Router Queuing Components
- Hardware queue: Uses FIFO strategy,
- which is necessary for the interface drivers to transmit packets one by one. The hardware queue is sometimes referred to as the transmit
- Software queuing system: Schedules
- packets into the hardware queue based on the quality of service (QoS) requirements.
Router queuing is needed bc
The input interface is faster than the output interface.
The output interface is receiving packets from multiple other interfaces.
The software queue activates
only when data must wait to be placed into the hardware queue.
The hardware queue (transmit queue) is a
final interface FIFO queue that holds frames to be immediately transmitted by the physical interface
The Software Queue
- Generally, a full hardware queue indicates
- interface congestion, and software queuing is used to manage it.
- When a packet is being forwarded, the router
- will bypass the software queue if the hardware queue has space in it (no congestion).
Reducing the size of the hardware queue has
It reduces the maximum amount of time that packets wait in the FIFO queue before being transmitted.
It accelerates the use of QoS in Cisco IOS software.
Improper tuning of the hardware queue may produce undesirable results:
A long transmit queue may result in poor performance of the software queuing system.
- A short transmit queue may result in a large number of interrupts, which causes high CPU utilization and
- low link utilization.
The Hardware Queue
- §Routers determine the length of the hardware
- queue based on the configured bandwidth of the interface.
- §The length of the hardware queue can be
- adjusted with the tx-ring-limit command.
Congestion on Software Interfaces
- Subinterfaces and software interfaces (dialers, tunnels, Frame Relay subinterfaces) do not have their own
- separate transmit queue.
Subinterfaces and software interfaces congest when the transmit queueof their main hardware interface congests.
The tx-ring state (full, not-full) is an indication of hardware interface congestion.
The terms “TxQ” and “tx-ring” both describe the hardware queue and are interchangeable.
Weighted Fair Queuing (WFQ)
A queuing algorithm should share the bandwidth fairly among flows by:
- Reducing response time for interactive flows by scheduling them to the front of the queue
- Preventing high-volume flows from monopolizing an interface
In the WFQ implementation, conversations are sorted into flows and transmitted by the
order of the last bit crossing its channel
Unfairness is reinstated
by introducing weight to give proportionately more bandwidth to flows with
- higher IP precedence
- (lower weight).
WFQ is a dynamic scheduling method that provides
fair bandwidth allocation to all network traffic.
weights to identified traffic, classifies traffic into flows,
- determines how much bandwidth each flow is allowed, relative to other
WFQ allows you to give low-volume traffic, such as Telnet sessions,
priority over high-volume traffic, such as FTP sessions.
concurrent file transfers balanced use of link capacity; that is, when
multiple file transfers occur,
The WFQ method works as the default
queuing mode on serial interfaces configured to run at or below E1
speeds (2.048 Mbps)
WFQ provides the solution for situations
- to provide consistent response times to heavy
- and light network users alike, without adding excessive bandwidth
WFQ can manage duplex data flows,
WFQ classification has to identify
from the IP header and the TCP or User Datagram Protocol (UDP) headers:
- Source IP addressDestination IP addressProtocol number (identifying TCP or
- UDP)Type of service fieldSource TCP or UDP port numberDestination TCP or UDP port number
WFQ uses a fixed number of queues. The
hash function is used to assign a queue to a flow. There are eight
additional queues for system packets and optionally up to 1000 queues
for Resource Reservation Protocol (RSVP) flows. The number of dynamic
queues that WFQ uses by default is based on the interface bandwidth.
With the default interface bandwidth, WFQ uses 256 dynamic queues
WFQ uses the following two parameters that affect
the dropping of packets:
- The congestive discard threshold (CDT) is used to start dropping
- packets of the most aggressive flow, even before the hold-queue limit
- is reached.
- The hold-queue limit defines the maximum number of packets that can be
- held in the WFQ system at any time.
There are two exceptions to the WFQ insertion and drop policy:
- If the WFQ system is above the CDT limit, the packet is still enqueued
- if the specific per flow queue is empty.
The dropping strategy is not directly influenced by IP precedence.
- §A fixed number of per-flow queues is
- §A hash function is used to translate flow
- parameters into a queue number.
- §System packets (eight queues) and RSVP flows
- (if configured) are mapped into separate queues.
- §Two or more flows could map into the same
- queue, resulting in lower per-flow bandwidth.
- §Important: The
- number of queues configured should be significantly larger than the expected
- number of flows.
benifites and draw backs of wfq
- provides simple
- configuration (no manual classification is necessary) and guarantees
- throughput to all flows. It drops packets of the most aggressive flows.
- Because WFQ is a standard queuing mechanism, most platforms and most
- Cisco IOS versions support WFQ
- Multiple flows can end up in a single queue.
- WFQ does not allow a network engineer to
- manually configure classification. Classification and scheduling are
- determined by the WFQ algorithm.
- WFQ is supported only on links with a
- bandwidth less than or equal to 2 Mb.
- WFQ cannot provide fixed guarantees to
- traffic flows.
Cisco routers automatically enable WFQ on all interfaces that have a
default bandwidth of less than 2.048 Mbps