The document outlines Quality of Service (QoS) in multilayer switched networks, emphasizing the integration of voice, video, and data traffic into a single multi-service network. It defines QoS, its impact on network performance, and highlights mechanisms like traffic classification, prioritization, and service models (best-effort, integrated, and differentiated services). Additionally, it discusses specific QoS requirements for data, voice, and video applications, along with classification techniques and the importance of maintaining low packet loss, delay, and jitter.

1. Quality of Service (QoS)
CIS 187 Multilayer Switched Networks
CCNP
Rick Graziani
Spring 2009

2. 2
Overview
• Previously an organization would use separate networks for:
– Voice
– Video
– data traffic
• Now common practice to combine these into a single multi-service network
in which the varied traffic types coexist.

3. 3
Overview
• QoS Issues over non-QoS networks:
– Stop-start and choppy Internet streaming video performance
– Harsh audio when using Internet based IP phone

4. 4
Quality of Service
defined
• QoS refers to the ability of a network to provide improved service
to selected network traffic over various underlying technologies
including Frame Relay, ATM, Ethernet and IP-routed networks.
• QoS features provide improved and more predictable network service
by offering the following services:
– Dedicated bandwidth
– Improved loss characteristics
– Congestion management and Avoidance
– Traffic Shaping
– Prioritization of traffic

5. 5
Quality of Service defined
• The goal is to move information from one point to another
and the characteristics that define the quality of this
movement are:
– Delay
– Delay Variation (also known as Jitter)
– Loss

6. 6
Loss
• Loss refers to the percentage of packets that fail to
reach their destination.
• Loss can result from:
– Errors in the network
– Corrupted frames
– Congested networks
s

7. 7
Loss
• Packet loss in a healthy network are actually deliberately dropped by
networking devices to avoid congestion. (later)
• TCP:
– TCP’s retransmission mechanism
• UDP:
– Some loss may be acceptable
• As a guide, a highly available network should suffer less than 1% loss
and for voice traffic the loss should approach 0%.
TCP Header
UDP Header

8. 8
Delay or latency
• Delay or latency refers to the time it takes for a packet to travel from
the source to the destination.
• Fixed delays
– Serialization and encoding/decoding.
– For example, a bit takes a fixed 100ns to exit a 10Mb Ethernet
interface.
• Variable delays
– Congestion and time packets spend in network buffers waiting for
access to the media.
• As a design rule the total time it takes a voice packet to cross the network
should be less than 150ms (ms, millisecond = 1,000th
of a second).

9. 9
Delay variation or jitter
• Delay variation or jitter is the difference in the delay times of
consecutive packets.
• A jitter buffer used to smooth out arrival times.
– Increases total network delay.
• In general, traffic requiring low latency also requires a minimum
variation in latency.

10. 10
Delay variation or jitter
• As a design rule, voice networks cannot cope with more than 30ms of
jitter.
• Jitter in excess of 30ms will result in degraded audio performance.
• Excessive jitter in a streaming video environment will result in:
– Jerky motion
– Loss of video quality
– Loss of video

11. 11
Network availability
• Highly available network uses:
– Redundancy
– Dynamic routing protocols
– Hot Standby Routing Protocol (HSRP)
– Spanning Tree Protocol (STP)

12. 12
Provisioning
• Bandwidth is not listed as an element of QoS.
• Inadequate bandwidth inflates latency
• It is not possible to meet QoS requirements if network LAN and WAN links
have insufficient bandwidth simply adding bandwidth, (also known as over-
provisioning) will not solve the problem.
• Over-provisioned network:
– Good News: Less likely to be congested
– Bad News: If it does become congested, the network may not perform
as well as a lower bandwidth network that makes use of QoS features.

13. 13
Quality of Service
requirements for data
• Some traffic can usually tolerate lower QoS levels.
• Relative priority model divides traffic into four classes:
– Gold (Mission-Critical)— Transactional, software
– Silver (Guaranteed-Bandwidth)—Streaming video, messaging,
intranet
– Bronze (Best-Effort and Default class)—Internet browsing, E-Mail
– Less-than-Best-Effort (Optional; higher-drop preferences)—FTP,
backups, and applications (MySpace, YouTube, KaZaa)

14. 14
Quality of Service
requirements for voice
• Voice quality is directly affected by all
three QoS quality factors:
– Loss
– Delay
– delay variation

15. 15
Quality of Service requirements for video
• Streaming video applications have more lenient QoS
requirements due to application buffering.

16. 16
Quality of Service requirements for video
• QoS needs of video conferencing traffic are similar to those for
voice.
– Loss should be no more than 1%
– One-way latency should be no more than 150-200ms
– Average jitter should be no more than 30ms

17. Quality of Service mechanisms

18. 18
Quality of Service mechanisms
• Once the QoS requirements of the network have been defined, an
appropriate service model must be selected.
• A service model is a general approach or a design philosophy for
handling the competing streams of traffic within a network.
• There are three service models from which to chose;
– Best-effort
– Integrated
– Differentiated

19. 19
Best-Effort service
• Best effort is a single service model in which an application sends data:
– Whenever it must
– In any quantity
– Without requesting permission or first informing the network
• For best-effort service, the network delivers data if it can, without any
assurance of:
– Reliability
– delay
– throughput
(relative time of arrival)
(single interface outbound queue)
(one packet at a time)

20. 20
Best-Effort service
• Cisco IOS QoS implements best-effort service is FIFO queuing.
• FIFO is the default method of queuing for LAN and high speed
WAN interfaces on switches and routers.
• Best-effort service is suitable:
– General file transfers
– E-mail
– Web browsing
(relative time of arrival)
(single interface outbound queue)
(one packet at a time)

21. 21
Integrated services model
• Integrated service or IntServ
– The application requests a
specific kind of service from
the network before it sends
data.
• The Cisco IOS IntServ model
makes use of the IETF Resource
Reservation Protocol (RSVP)
– Used by applications to signal
their QoS requirements to the
router.
• Drawbacks
– Not scalable
– Require continuous signalling
from network devices

22. 22
Integrated services model
• Routers, in conjunction with RSVP are able to use intelligent queuing
mechanisms to provide two types of services.
• Guaranteed Rate Service, which allows applications to reserve bandwidth to
meet their requirements.
– For example, a Voice over IP (VoIP) application can reserve 32 Mbps end-
to-end using this kind of service.
– Cisco IOS QoS uses weighted fair queuing (WFQ) with RSVP to provide
this kind of service
• Controlled Load Service, which allows applications to have low delay and
high throughput even during times of congestion.
– For example, adaptive real-time applications such as playback of a
recorded conference can use this kind of service.
– Cisco IOS QoS uses RSVP with Weighted Random Early Detection
(WRED) to provide this kind of service.
FYI

23. 23
Differentiated services model
• Differentiated Service or DiffServ architecture
– Emerging standard from the IETF.
• Each packet is classified upon entry into the network.
• These are represented using the Type of Service (ToS)
field.
• IP packet header:
– IP precedence or
– Differential Services Code Point (DSCP).

24. 24
Differentiated services model
• Once packets are classified at the edge by
– Access layer switches
– Border routers
• Unlike the IntServ model, DiffServ does not require
network applications be QoS aware.

25. 25
Traffic marking
• Data Link Layer:
– Ethernet frame has no fields to signify its QoS
requirements.
– ISL or 802.1Q/P provides a 3 bit Class of Service
(CoS) field.
• Gives Layer 2 switches the ability to prioritize traffic.

26. 26
Traffic marking
• At the Network layer an IP packet contains:
• ToS:
– IP-Precedence field
– Differentiated Services Code Point (DSCP) fields.
• Either of these can be used to signify the QoS
requirements of an IP packet.

27. 27
Traffic marking
• The decision of whether to mark traffic at layers 2 or 3 or both is not
trivial and should be made after consideration of the following points:
– Layer 2 marking of frames can be performed for non IP traffic.
– Layer 2 marking of frames is the only QoS option available for
switches that are not “IP aware”
– Layer 3 marking will carry the QoS information end-to-end
– Older IP equipment may not understand DSCP
Layer 2
Layer 3

28. 28
CoS
• The 3 bit CoS field present allows eight levels of priority.
– 0 lowest priority to 7 highest priority
– Switches set a layer 2 CoS value for traffic based on
their ingress port
– Router translate the CoS value into an equivalent IP
Precedence or DSCP value

29. 29
ToS
• ToS
– IP DSCP value is the first 6 bits
– IP Precedence value is the first 3 bits
• The IP Precedence value is actually part of the IP DSCP value.
– Therefore, both values cannot be set simultaneously.
• DSCP supersedes IP Precedence.
• A maximum of:
– 8 different IP precedence markings
– 64 different IP DSCP markings

30. Modular QoS command line
interface (CLI)

31. 31
Modular QoS command line interface (CLI)
• The Modular QoS Command Line Interface or MQC is central to
Cisco’s model for implementing IOS based QoS solutions.
• The MQC breaks down the tasks associated with QoS into modules
that:
– Identify traffic flows
– Classify traffic flows as belonging to a common class of QoS.
– Apply QoS policies to that class
– Define the interfaces on which the policy should be enforced
• “The modular nature of MQC allows the reuse of common traffic
classes and policies. This simplifies the configuration, makes it more
efficient to implement changes and reduces the chances of errors.”

32. 32
Example Modular QoS CLI
Interface
service-policy
output policy1
Interface
service-policy
output policy1
Interface
service-policy
output policy2
policy-map policy1
class class1
bandwidth
queue-limit
random-detect
class class2
bandwidth
queue-limit
random-detect
policy-map policy2
class class1
bandwidth
queue-limit
random-detect
class class3
bandwidth
queue-limit
random-detect
class-map class1
match input-interface
class-map class2
match access-group
access-list
class-map class3
match input-interface

33. 33
Classification of traffic – The class-map
• The class-map command is used to define a traffic class.
– The purpose of a traffic class is to classify or identify traffic that
should be given a particular QoS.
– Traffic that matches a certain criteria.
• A traffic class contains three major elements:
– Name
– Series of match commands
– If more than one match command exists in the traffic class an
instruction on how to evaluate these match commands.
Switch(config)# class-map cisco
Switch(config-cmap)#

34. 34
Classification of traffic – The class-map
• Match commands are used to specify various criteria for classifying
packets.
• If a packet matches the specified criteria:
– Packet is considered a member of the class
– Packet is forwarded according to the QoS specifications set in
the traffic policy
• Packets that fail to meet any of the matching criteria:
– Classified as members of the default traffic class
– Subject to a separate traffic policy
Switch(config)# class-map cisco
Switch(config-cmap)# match access-group name test
In the example below, any traffic that is “permitted” by the named ACL test will
be considered part of the traffic class known as cisco.

35. 35
Classification of traffic
– The class-map
• If more than one match statement exists in the traffic class, use:
– class-map match-any
or
– class-map match-all
• Note Catalyst 2950:
– No match-any option
– Default behaviour is to match-any
– This can be overridden using the match-all command

36. 36
Classification of traffic – The class-map
• If match-any is specified as the evaluation instruction, the traffic being
evaluated by the traffic class must match one of the specified
criteria.
• If match-all is specified as the evaluation instruction, the traffic being
evaluated by the traffic class must match all of the specified criteria.
Switch(config)# class-map match-any cisco
Switch(config-cmap)# match access-group name test
Switch(config-cmap)# match interface fastethernet 0/1
If traffic matches a permit statement in the ACL test or the traffic
originates from FastEthernet 0/1 then it will be considered to be part of
the class of traffic known as cisco.

37. 37
Defining the QoS policy – The
policy-map
• The policy-map command is used to create a traffic policy.
– The purpose of a traffic policy is to configure the QoS features
that should be associated with the traffic that has been classified in
a user-specified traffic class.
• A traffic policy contains three elements:
– Policy Name
– Traffic class (specified with the class command)
– QoS policies to be applied to each class

38. 38
• The policy-map shown creates a traffic policy named
policy1.
– The policy applies to all traffic classified or identified
by the previously defined traffic-class “cisco”
• Specifies that traffic in this example should be
allocated bandwidth of 3000 kbps.
– Any traffic which does not belong to the class “cisco”
forms part of the catch-all class-default class
• Will be given a default bandwidth of 2000 kbps.
Switch(config)# policy-map policy1
Switch(config-pmap)# class cisco
Switch(config-pmap-c)# bandwidth 3000
Switch(config-pmap)# class class-default
Switch(config-pmap-c)# bandwidth 2000

39. 39
Applying the policy to an interface – The
service-policy
• The service policy command is used to attach the traffic
policy, as specified with the policy-map command, to an
interface.
– Can be applied to packets entering or leaving the
interface.
Switch(config)# interface fastethernet 0/1
Switch(config-if)# service-policy output policy1

40. 40
Applying the policy to an interface – The
service-policy
• All packets leaving the specified interface are evaluated according
to the criteria specified in the traffic policy named policy1.
Switch(config)#interface fastethernet 0/1
Switch(config-if)#service-policy output policy1
Switch(config-if)#exit

41. 41
Applying the policy to an interface – The
service-policy
• Any traffic which does not belong to the class “cisco” forms part of the catch-all
class-default class will be given a default bandwidth of 2000 kbps.
Switch(config)#interface fastethernet 0/1
Switch(config-if)#service-policy output policy1
Switch(config)#policy-map policy1
Switch(config-pmap)#class cisco
Switch(config-pmap-c)#bandwidth 3000
Switch(config-pmap)#class class-default
Switch(config-pmap-c)#bandwidth 2000
Switch(config)# class-map match-any cisco
Switch(config-cmap)# match access-group name test
Switch(config-cmap)# match interface fastethernet 0/1
Attach the traffic
policy to an interface
Identify the QoS
features of a Policy
using classes
Identify the traffic or traffic flows
Classify traffic
flows as
belonging to a
common class
of QoS.

42. IP Precedence and DSCP

43. 43
IP Precedence
• 3 bits = 8 possibilities.
• Network control and Internetwork control classes are
usually reserved for router-generated packets such as
routing updates, ICMP messages, etc.
– To protect packets that are necessary for the health of
the network.
• Only 6 usable classes for production.

44. 44
DSCP
• The Differentiated Service Code Point is a selector for
router's per-hop behaviors.
• DSCP (like IP Precedence) can be used to provide
differential treatment to packets.
• Up to 64 different aggregates/classes can be supported
• Default DSCP = 000 000

45. 45
Per Hop Behavior
• Behavior Aggregate (BA) - A collection of packets that have the
same DSCP value (also called a codepoint) and crossing in a
particular direction.
• Per Hop Behavior (PHB) - The packet scheduling, queuing, policing,
or shaping behavior of a node on any given packet belonging to a BA,
and as configured by a Service Level Agreement (SLA) or policy.
• To date, four standard PHBs are available to construct a DiffServ-
enabled network and achieve coarse-grained, end-to-end CoS and
QoS.
IP Packet
IP Packet
IP Packet
IP Packet
Same
DSCP
Value

46. 46
Class-Selector PHBs (Defined in RFC-2474)
• To preserve backward compatibility with the IP-precedence scheme:
– DSCP values of the form `xxx000,'
– These codepoints are called class-selector codepoints.
• These PHBs retain almost the same forwarding behavior as nodes
that implement IP-precedence based classification and forwarding.
• These PHBs ensure that DS-compliant nodes can co-exist with IP-
precedence aware node.
DSCP IP Precedence
111 000 (56) Range = 56 thru 63 111 (7) – Network Control
110 000 (48) Range = 48 thru 55 110 (6) – Internetwork Control
101 000 (40) Range = 40 thru 47 101 (5) – Critical
100 000 (32) Range = 32 thru 39 100 (4) – Flash Override
011 000 (24) Range = 24 thru 31 011 (3) – Flash
010 000 (16) Range = 16 thru 23 010 (2) - Immediate
001 000 (8) Range = 8 thru 15 001 (1) - Priority
000 000 (0) Range = 0 thru 7 000 (0) - Routine

47. 47
Expedited Forwarding and Assured Forwarding
• Expedited Forwarding (EF) PHB defines a premium service for video and VoIP.
– Recommended DSCP is 101110
• Assured Forwarding (AF) PHB defines a method by which BAs can be given
different forwarding assurances.
– The AFxy PHB defines four AFx classes: AF1, AF2, AF3, and AF4.
– Each class is assigned a certain amount of buffer space and interface
bandwidth, dependent on the SLA with the Service Provider/policy.
– Within each AFx class (AFxy) it is possible to specify 3 drop precedence
values.
Packets in AF13
will get dropped
before packets in
AF12, before
packets in AF11.

48. Classification at the Access Layer

49. 49
Classification at
the Access Layer
• QoS should be implemented end-to-end within a network.
• Best to classify traffic as soon as possible.
• Frames and packets can be marked as important by using:
– Layer 2 Class of Service (CoS)
– Layer 3 the IP Precedence/Differentiated Services Code Point
(DSCP)
Layer 2
Layer 3

50. 50
Trusting the CoS
• If Edge device (IP phone or application) is capable of setting the
CoS bits then other devices must decide whether to trust the device
or not.
• The default action of switches:
– Not to trust edge devices
– Any frames that enter the switch have their CoS re-written to the
lowest priority of 0.
• If the edge device can be trusted:
– Default behaviour must be overridden
– Access switch must be configured to simply switch the frame
leaving the CoS bits untouched.

51. 51
Configuring CoS trust using the IOS
• Depending on the switch model it may be necessary to first activate
QoS using the command:
switch(config)# mls qos
• Required on both the Catalyst 3550 and 6500.
• The Catalyst 2950 has QoS enabled by default.

52. 52
Configuring CoS trust using the IOS
• The trust is configured on the switch port using the command:
switch(config-if)# mls qos trust cos
• Any ISL or 802.1Q/P frames that enter the switch
port will now have its CoS passed, untouched,
through the switch.
• If an untagged frame arrives at the switch port,
the switch will assign a default CoS to the frame
before forwarding it.
– Default CoS = 0
– Can be changed using the interface configuration
command:
switch(config-if)# mls qos cos default-cos
default-cos is a number between 0 and 7

53. 53
Assigning CoS on
a per-port basis
switch(config-if)# mls qos trust cos
switch(config-if)# mls qos cos default-cos
• If the incoming frame has a CoS, maintain the same CoS.
• If the incoming frame has no CoS (0), apply the default CoS.

54. 54
Re-writing the
CoS
• May be desirable not to trust any CoS value that may
be present in frames sourced from an edge device.
– Override parameter - ignores any existing CoS value
– Apply the default value.
Switch(config-if)# mls qos cos override
switch(config-if)# mls qos cos default-cos

55. 55
Using a MAC ACL to assign a DSCP value
• It is not always possible to classify the CoS of a frame, based on
an ingress (incoming) port.
– Ingress port is connected to multiple hosts through a hub
– Simple workgroup switch that does not support QoS classification

56. 56
Using a MAC ACL to assign a DSCP value
Switch(config)# mac access-list extended name

57. 57
Configuring DSCP using a MAC ACL
Example
• Set the DSCP field of packets coming from a single IP-
Phone (called receptionphone) within a switched network.
• IP-Phone MAC address is 000.0a00.0111
Switch(config)# mac access-list extended receptionphone
Switch(config-ext-macl)# permit host 000.0a00.0111 any
Create the condition criteria.

58. 58
Configuring DSCP using a MAC ACL
• A class-map is used to link the identified traffic to a particular class of service.
• In this case a class of service called “ipphone” is created.
Switch(config)# class-map match-all ipphone
Switch(config-cmap)# match access-group name receptionphone
Identify the traffic or traffic flows
Switch(config)# mac access-list extended receptionphone
Switch(config-ext-macl)# permit host 000.0a00.0111 any
Create the condition criteria.

59. 59
Configuring DSCP using a MAC ACL
• The creation of the class-map can be verified with the show class-
map command
Switch# show class-map
Class Map match-any class-default (id 0)
Match any
Class Map match-all ipphone (id 2)
Match access-group name receptionphone

60. 60
Configuring DSCP using a MAC ACL
• Now a policy map is used to define the action that should
be taken on any traffic that forms part of that class.
• In this case the policy will be called “inbound-accesslayer”
and the action is to set DSCP for the packets to 40.
Switch(config)# policy-map inbound-accesslayer
Switch(config-pmap)# class ipphone
Switch(config-pmap-c)# set ip dscp 40
Identify the QoS features of a Policy

61. 61
Configuring DSCP using a MAC ACL
CoS 0 1 2 3 4 5 6 7
DSCP 0 8 16 24 32 40 48 56
IP
Prec
0 1 2 3 4 5 6 7
Cisco Switches support mapping
DSCP or IP Precedence

62. 62
Configuring DSCP using a MAC ACL
• The show policy-map command can be used to verify any policy-map
configuration.
Switch# show policy-map
Policy Map inbound-accesslayer
class ipphone
set ip dscp 40

63. 63
Configuring DSCP using a MAC ACL
• In this case the policy will be applied to all the
interfaces so that QoS will be maintained regardless of
the interface the IP-Phone is connected to.
Switch(config)# interface range fastethernet 0/1 - 24
Switch(config-if-range)# service-policy input inbound-
accesslayer
Attach the traffic policy to an interface.

64. 64
Configuring DSCP using a MAC ACL
• The show mls qos interface command can be used to determine the
policies that are bound to a particular interface on the switch.
Switch# show mls qos interface fastethernet 0/1
FastEthernet0/1
Attached policy-map for Ingress: inbound-accesslayer
trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 0
pass-through: none
trust device: none

65. 65
Configuring DSCP using a MAC ACL
Switch(config)#interface range fastethernet 0/1 - 24
Switch(config-if-range)#service-policy input inbound-
accesslayer
Switch(config)#policy-map inbound-accesslayer
Switch(config-pmap)#class ipphone
Switch(config-pmap-c)#set ip dscp 40
Switch(config)#class-map match-all ipphone
Switch(config-cmap)#match access-group name receptionphone
Switch(config)#mac access-list extended receptionphone
Switch(config-ext-macl)#permit host 000.0a00.0111 any
Attach the traffic policy to an interface.
Identify the QoS features of a Policy
Identify the traffic or traffic flows
Create the condition criteria.

66. Another Example (FYI)

67. 67
Using an IP ACL to define the DSCP or
precedence
• Using the Modular QoS Command Line Interface (MQC) it is possible
to classify traffic based on its IP or TCP properties.
• Scenario: In order to prevent large FTP downloads from disrupting
more critical services, the network administrator wishes to tag all FTP
packets entering an access-layer switch with either:
– An IP Precedence of 0 (low) or
– A DSCP of 0 (low) so that the traffic can be subjected to QoS
policies within the network.
• In this case an IP ACL will be used to identify the packets.
Switch(config)# ip access-list extended 100
Switch(config-ext-nacl)# permit tcp any any eq ftp
Create the condition criteria.

68. 68
Using an IP ACL to define the DSCP or
precedence
• Traffic is classified as “reducedservice” if it is permitted by the
access list.
Switch(config)# class-map reducedservice
Switch(config-cmap)# match access-group 100
Identify the traffic or traffic flows

69. 69
Using an IP ACL to define the DSCP or
precedence
• Policy-map is used to set the DSCP to 0 for this class of traffic.
Switch(config)# policy-map inbound-accesslayer
Switch(config-pmap)# class reducedservice
Switch(config-pmap-c)# set ip dscp 0
Identify the QoS features of a Policy

70. 70
Using an IP ACL to define the DSCP or
precedence
• Alternatively the IP precedence can be set using the following policy-
map.
• Note:
– Both the Catalyst 2950 and the Catalyst 3550 support the setting of
the DSCP.
• The 3550 does support the setting of IP precedence.
• The 2950 does not support the setting of IP precedence.
– This is not a serious problem as the IP Precedence field forms the
first 3 bits of the DSCP. Thus by choosing and setting the
appropriate DSCP value, the IP Precedence can still be set.
Switch(config)# policy-map inbound-accesslayer
Switch(config-pmap)# class reducedservice
Switch(config-pmap-c)# set ip precedence 0
Identify the QoS features of a Policy

71. 71
Using an IP ACL to define the DSCP or
precedence
• Having now defined the action to be taken on FTP packets, the only
remaining step is to tell the switch which interfaces to apply the policy
to.
• In this case the policy will be applied to all the interfaces so that QoS
will be maintained regardless of the interface an FTP source may be
connected to.
Switch(config)# interface range fastethernet 0/1 - 24
Switch(config-if-range)# service-policy input inbound-
accesslayer
Attach the traffic policy to an interface.

72. 72
Using an IP ACL to define the DSCP or
precedence
Switch(config)#ip access-list extended 100
Switch(config-ext-nacl)#permit tcp any any eq ftp
Switch(config)#class-map reducedservice
Switch(config-cmap)#match access-group 100
Switch(config)#policy-map inbound-accesslayer
Switch(config-pmap)#class reducedservice
Switch(config-pmap-c)#set ip dscp 0
Switch(config)#interface range fastethernet 0/1 - 24
Switch(config-if-range)#service-policy input inbound-accesslayer
Attach the traffic policy to an interface.
Identify the QoS features of a Policy
Identify the traffic or traffic flows
Create the condition criteria.

73. Scheduling

74. 74
Suggested Readings

75. 75
Queuing overview
• A protocol-dependent switching process handles traffic
arriving at a router interface.
• This process includes delivery of traffic to an outgoing
interface buffer.
• First-in, first-out (FIFO) queuing is the classic algorithm
for packet transmission.

76. 76
Queuing
overview
• Cisco IOS software offers three alternative queuing options:
– Weighted fair queuing (WFQ)
– Class-based weighted fair queuing (CBWFQ) - IOS 12.2 and later
– Low latency queuing (LLQ) - IOS 12.2 and later
• Queuing methods discussed in previously in CCNP, and have been
replaced somewhat by CBWFQ and LLQ
– Custom Queuing replaced by CBWFQ
– Priority Queuing replaced by LLQ
*

77. 77
Effective use of traffic prioritization
Generalizations on Queuing:
• If there is no congestion on the WAN link, traffic prioritization is
not necessary.
• If a WAN link is constantly congested, traffic prioritization may not
resolve the problem.
• Adding bandwidth might be the appropriate solution.
*

78. 78
Establishing a queuing policy
• Goal is to deploy and maintain a single enterprise network that
supports a variety of:
– Applications
– Organizations
– Technologies
– User expectations
• Result: Provide all users with an appropriate level of service, while
continuing to support mission-critical applications.
*

79. 79
Choosing a Cisco IOS queuing options
Typically, voice and video have the lowest
tolerance for delay.
WFQ
Priority
LLQ (PQ/CBFQ)
Custom
CBWFQ
*

80. Configuring Weighted Fair
Queuing
*

81. 81
FIFO – First In – First Out
• FIFO queuing is in effect, traffic is transmitted in the order received
without regard for bandwidth consumption or the associated delays.
• Packet trains are groups of packets that tend to move together
through the network.
– These packet trains can consume all available bandwidth, and
other traffic flows back up behind them.
*
(relative time of arrival)
(single interface outbound queue)
(one packet at a time)

82. 82
FQ – Fair Queuing
• Fair Queuing is not an option on Cisco routers.
– Allows packets that are ready to be transmitted to leave, even if
they started to arrive after another packet.
• Complete packets that are ready to be transmitted leave first.
• Remember, packets may enter the output buffer from a variety of input
interfaces.
(single interface outbound queue)
(one packet at a time)
*

83. 83
Weighted fair queuing overview
• Weighted fair queuing (WFQ) is an automated method that provides fair
bandwidth allocation to all network traffic.
• Provides traffic priority management that dynamically sorts traffic into
conversations, or flows.
• Then breaks up a stream of packets within each conversation to ensure that
bandwidth is shared fairly between individual conversations.
• There are four types of weighted fair queuing:
– Flow-based – Default (WFQ)
– Distributed - Runs on Versatile Interface Processor (not discussed)
– Class-based – Next section
– Distributed class-based – (Not discussed)
*
Packet 3 is queued before packets 1 or
2 because packet 3 is a small packet in
a low-volume conversation
Small packet in low-volume conversation arrives 3rd

84. 84
Weighted fair queuing overview
• Flow Based WFQ schedules delay-sensitive traffic to the front of a queue
to reduce response time, and also shares the remaining bandwidth fairly
among high-bandwidth flows.
• By breaking up packet trains, WFQ assures that:
– Low-volume traffic is transferred in a timely fashion.
– Gives low-volume traffic, such as Telnet sessions, priority over high-
volume traffic, such as File Transfer Protocol (FTP) sessions.
– Gives concurrent file transfers balanced use of link capacity.
– Automatically adapts to changing network traffic conditions.
*
(single interface outbound queue)
(one packet at a time)

85. 85
Weighted fair queuing overview
• Weighted fair queuing is enabled by default for physical
interfaces whose bandwidth is less than or equal to T1/E1,
or 1.544 Mbps/2.048 Mbps.
WFQ default on T1/E1
and slower.
FIFO default on faster
than T1/E1.
T1 T3
*

86. 86
Weighted fair queuing operation
• The WFQ sorting of traffic into flows is based on packet header
addressing.
• Common conversation discriminators are as follows (based on a
hash):
– Source/destination network address
– Source/destination Media Access Control (MAC) address
– Source/destination port or socket numbers
– Frame Relay data-link connection identifier (DLCI) value
– Quality of service/type of service (QoS/ToS) value
• The router determines what the actual flows are, not the
administrator.
Packet 3 is queued before packets 1 or
2 because packet 3 is a small packet in
a low-volume conversation
Small packet in low-volume conversation arrives 3rd
*

87. 87
Weighted fair queuing operation
• WFQ assigns a “weight” to each flow.
– Lower weights are served first.
• Small, low-volume packets are given priority over large, high-
volume conversation packets.
• Flow Based WFQ algorithm allocates a separate queue for each
conversation.
• WFQ is IP Precedence-aware.
– This is only pertinent if the IP precedence bit is used
– Coming next
*

88. 88
Weighted fair queuing
• WFQ starts by sorting traffic that arrives on an egress interface into conversation flows.
– The router determines what the actual flows are
– The administrator cannot influence this decision.
• Conversations are based on a hash (combination) of:
– Source/destination network address
– Source/destination Media Access Control (MAC) address
– Source/destination port or socket numbers
– Frame Relay data-link connection identifier (DLCI) value
– Quality of service/type of service (QoS/ToS) value
(relative time of arrival)
(single interface outbound queue)
10
14
15
17
Flow #3
Flow #2
Flow #1
*

89. 89
Weighted fair
queuing
• IP ToS bits are used to determine
which packet gets priority.
Simplification:
• Dispatch = Finish time x Weight
• Weight = 32768/(IP Prec + 1)
IP Precedence Weight – 12.0(5)T and later Our Value
0 32768 8
1 16384 7
2 10920 6
3 8192 5
4 6552 4
5 5456 3
6 4680 2
7 4096 1
*

90. 90
Weighted fair queuing
• FIFO – Largest first, then medium, then smallest
• FQ – Smallest first, then medium, then largest
• WFQ – Multiplier is used, weight = 32768/(IP Prec + 1)
– To keep it simple we will use “our values” and leave out some
details.
– Lowest value wins!
– Higher IP Precedence gets a lower value (weight)
(relative time of arrival)
(single interface outbound queue, IP Prec – Our Value)
10
14
15
17
Flow #3
Flow #2
Flow #1 0 - 8
3 - 5
0 - 8
*

91. 91
Weighted fair queuing
Dispatch = Finish time x Our Value (weight)
• First packet: 17 x 8 = 136
– Last
• Second packet: 15 x 5 = 75
– Lowest
• Third packet: 14 x 8 = 112
– Next lowest
(relative time of arrival)
(single interface outbound queue, IP Prec – Our Value)
10
14
15
17
Flow #3
Flow #2
Flow #1 0 - 8
3 - 5
0 - 8
3 - 5
0 - 8
0 - 8
*
Lowest wins!

92. 92
Weighted fair queuing
• What if a flow has contains packets with different IP Precedence bits?
• Problem is that high-priority packet, 3-5, cannot be dispatched until after the large packet in front
of it (same flow) leaves.
• Packets within a flow are handled FIFO.
(relative time of arrival)
(single interface outbound queue, IP Prec – Our Value)
10
14
15
17
Flow #3
Flow #2
Flow #1 0 - 8
3 - 5
0 - 8
3 - 5
0 - 8
0 - 8
3 - 5
20
3 - 5
*
Must wait for previous
packet in flow to leave.
Handled using FIFO.

93. 93
Configuring
weighted
fair queuing
• The congestive-discard-threshold is the number of messages to
queue for high-volume traffic.
• In other words, the maximum number of packets in a conversation held
in a queue before they are discarded.
– 1 to 512
– Default is 64 packets.
Router(config-if)#fair-queue {congestive-discard-threshold}
*
I have more than 128
packets! No more come
into this queue….
FYI

94. 94
Configuring
weighted
fair queuing
• The congestive-discard-threshold applies only to high volume
conversations that have more than one message in the queue.
• The discard policy tries to control conversations that would monopolize
the link.
• If an individual conversation queue contains more messages than the
congestive discard threshold, that conversation will not have any new
messages queued until that queue’s content drops below one-fourth of
the congestive discard value.
*
I have more than 128
packets! No more come
into this queue until ….
FYI

95. 95
Configuring
weighted
fair queuing
• Conversations cannot have any new messages queued until that
queue’s content drops below one-fourth of the congestive discard
value.
• If a conversation queue exceeds 128 packets, the queue must contain
fewer than 32 entries (1/4 of 128) before allowing any new messages to
be queued.
*
I have more than 128 packets! No
more get into this queue until it has
less than 32.
FYI

96. Class-Based Weighted Fair
Queuing
*

97. 97
Class Based WFQ
• WFQ separates packets into flows and applies a weight to high-priority
packets so they can leave first.
• CBWFQ adds a level of administrator control to WFQ.
• The same WFQ process is followed, the difference is that the
administrator can control how packets are divided into the
conversation or flows.
(relative time of arrival)
(single interface outbound queue, IP Prec – Our Value)
10
14
15
17
Flow #3
Flow #2
Flow #1 0 - 8
3 - 5
0 - 8
3 - 5
0 - 8
0 - 8
3 - 5
20
3 - 5
WFQ
*

98. 98
Class Based WFQ
• Scenario: the administrator has decided that all high-priority traffic
should reside in the same flow, regardless of any other conditions that
might place them into separate flows, such as Source/destination
network address, Source/destination Media Access Control (MAC)
address, etc.
• The WFQ algorithm is still at work, but the queue definition is now
under control.
• CBWFQ can be used to guarantee that flows receive adequate
bandwidth defined by the administrator.
(relative time of arrival)
(single interface outbound queue, IP Prec – Our Value)
10
14
15
17
Flow #3
Flow #2
Flow #1 0 - 8
3 - 5
0 - 8
3 - 5
20
3 - 5 3 - 5
3 - 5
0 - 8
0 - 8
*
3 - 5
0 - 8
0 - 8
3 - 5
WFQ
CBWFQ

99. 99
Class-based weighted fair queuing overview
• Class-based weighted fair queuing (CBWFQ) extends the standard
WFQ functionality to provide support for user-defined traffic
classes.
• By using CBWFQ, network managers can define traffic classes
based on several match criteria, including:
– Protocols
– Access Control Lists (ACLs)
– Input interfaces
*

100. 100
CBWFQ
• A FIFO queue is reserved for each class, and traffic belonging to a
class is directed to the queue for that class.
• More than one IP flow, or “conversation", can belong to a class.
• Once a class has been defined according to its match criteria, the
characteristics can be assigned to the class.
• To characterize a class:
– assign the bandwidth
– maximum packet limit
• The bandwidth assigned to a class is the guaranteed bandwidth given
to the class during congestion.
FIFO Queues
*

101. 101
CBWFQ
• CBWFQ (not you) assigns a weight to each configured class instead of each
flow.
• Weight is proportional to the bandwidth (you) configured for each class.
• Weight is equal to the interface bandwidth divided by the class bandwidth or
can be configured as a percentage.
– Weight = Interface bandwidth / class bandwidth
• 32 = 2,048 kbps / 64 kbps (2,048 kbps = 2 Mbps)
• 16 = 2,048 kbps / 128 kbps
• 64 = 2,048 kbps / 32 kbps
– A class with a higher bandwidth value will have a lower weight
Class
2
3
3 1
Highest BW
Lowest weight
Highest priority
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth 64
Router(config-pmap-c)# queue-limit 30
Router(config-pmap-c)# exit
Router(config-pmap)# class class2
Router(config-pmap-c)# bandwidth 128
Router(config-pmap-c)# exit
Bandwidth is configured in the policy-
map class (later)
*

102. 102
CBWFQ
• By default, the total amount of bandwidth allocated for all classes must
not exceed 75 percent of the available bandwidth on the interface.
– The other 25 percent is used for control and routing traffic.
– This is why when you configure a T1 link (and slower), you only get
75% of the bandwidth, unless you turn off queuing.
Class
2
3
3 1
Highest BW
Lowest weight
Highest priority
*

103. 103
CBWFQ
• The queue limit must also be specified for the class.
– The maximum number of packets allowed to accumulate in the queue
for the class.
– After limit is met packets are dropped – see Tail Drop and WRED.
• Packets belonging to a class are subject to the bandwidth and queue limits that
are configured for the class.
Class
2
3
3 1
Highest BW
Lowest weight
Highest priority
*
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth 64
Router(config-pmap-c)# queue-limit 30

104. 104
CBWFQ versus flow-based WFQ
• Bandwidth allocation – CBWFQ allows the administrator
to specify the exact amount of bandwidth to be allocated
for a specific class of traffic.
– Up to 64 classes, and can control distribution among
them.
Class
2
3
3 1
Highest BW
Lowest weight
Highest priority

105. 105
• Packet bursts or flows demanding high bandwidth can cause
congestion when packets arrive at an output port faster than they can
be transmitted.
• The router tries to handle short-term congestions by packet
buffering.
• Packet buffering has a cost of delay and jitter, but the packets are
not dropped.
• Jitter – Any distortion of a signal or image caused by poor
synchronization.
CBWFQ and tail
drops
* Hey, these packets are coming in
faster than I can send them out!
For now I will store some of them
in my output buffer.

106. 106
CBWFQ and tail
drops
• For network traffic causing longer-term congestion, a router using
CBWFQ or any of several other queuing methods will need to
drop some packets.
• A traditional strategy is tail drop.
* Now there are more packets than I can store
in my output buffer and I can’t send them out
fast enough. Guess, I have to start dropping
later packets until I have room in my buffer.
Full

107. 107
CBWFQ and tail
drops
• Tail drop.
– A router simply discards any packet that arrives at the tail end
of a queue that has completely used up its packet-holding
resources.
– Default queuing response to congestion.
• Tail drop treats all traffic equally and does not differentiate between
classes of service.
* Now there are more packets than I can store
in my output buffer and I can’t send them out
fast enough. Guess, I have to start dropping
later packets until I have room in my buffer.
Full

108. 108
• When using tail drop, the router drops all traffic that exceeds the queue
limit.
• Many TCP sessions then simultaneously go into a slow start.
• This reduces the TCP window size.
• Consequently, traffic temporarily slows as much as possible.
• As congestion is reduced, window sizes begin to increase in
response to the available bandwidth.
CBWFQ and
tail drops
* I didn’t receive an ACK for my last several TCP
segments. TCP says I have to go into slow start and
change my window size to 512 bytes. I can then
begin to increase it exponentially until I reach the
receiver’s advertised window size.
Full
All TCP hosts with non-
ACKed segments go
into TCP Slow Start.
Now, there is very
little traffic that
needs to be sent
out that interface.

109. 109
• This activity creates a condition called global synchronization.
• Global synchronization manifests when:
– Multiple TCP hosts reduce their transmission rates in response to
packet dropping, and then increase their transmission rates after the
congestion is reduced.
• The most important point is that the waves of transmission known as global
synchronization will result in significant link under-utilization.
CBWFQ and tail drops
*
Time
Full
Tail Drops
1. Traffic flows
enter the queue
at different
times
2. When aggregate
load exceeds queue
Tail drops cause
synched TCP window
reduction.
3. Under use causes
synched TCP window
expansion.
4. This causes more
Tail drop and window
size oscillations.
Bandwidth overused
then underused.
Queue
overused
Queue
underused

110. 110
TCP Slow Start and Congestion Avoidance
• TCP Slow Start and Congestion avoidance are important issues in
networking.
• For more information on these topics, please see:
– TCP Performance
by Geoff Huston, Telstra
– http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac196/abou
t_cisco_ipj_archive_article09186a00800c8417.html
• TCP/IP Illustrated, Vol. 1 W. Richard Stevens Addison-Wesley Pub Co
ISBN: 0201633469
• IP Quality of Service, Cisco Press
*

111. 111
Weighted Random Early Detect (WRED)
• Tail drops are a passive queue management mechanism.
• Random Early Detection (RED) and Weighted RED are alternatives to tail
drops for CBWFQ.
– Active queue management mechanisms (RED and WRED) drop packets
before congestion occurs.
– This is to prevent tail drops and the ups and downs from global TCP
synchronization.
*
My buffer is not full, but I am going to use Random Early
Detection (RED) and start dropping some packets. This will
help keep global synchronization of TCP slow start from
happening.

112. 112
Weighted Random Early Detect (WRED)
• WRED extends RED functions by permitting more granular RED drop
profiles for different types of traffic.
• WRED combines RED with IP precedence values or with
differentiated services code point (DSCP) values.
• Before tail drops are required, the router can drop packets based on
these IP precedence values.
*
My buffer is not full, but I am going to use Weighted
Random Early Detection (WRED) and start dropping some
packets. I will use a profile and average queue size to
determine what gets dropped.

113. 113
Weighted Random Early Detect (WRED)
• The WRED algorithm is constantly updated with the
calculated average queue size, which is based on the
recent history of queue sizes.
*

114. 114
WRED
• The configured WRED profiles define the dropping thresholds.
• When a packet arrives at the output queue, the IP Precedence of the
ToS or the Differentiated Services Code Point (DSCP) value is used to
select the correct WRED profile for the packet.
• The packet is then passed to WRED to perform a drop or queue
decision.
*

115. 115
WRED
• Based on the profile and the average queue size, WRED calculates
the probability for dropping the current packet and either drops it or
passes it to the output queue.
– If the queue is already full, the packet is tail-dropped.
– Otherwise, it is eventually sent out on the interface.
• WRED monitors the average queue depth in the router and determines
when to begin packet drops based on the queue depth.
• When the average queue depth crosses the user-specified
minimum threshold, WRED begins to drop both TCP and UDP
packets with a certain probability.
*

116. 116
WRED
• The packet drop probability is based on the minimum threshold, maximum
threshold, and mark probability denominator.
• When the average queue depth is above the minimum threshold, RED starts
dropping packets.
– The rate of packet drop increases linearly as the average queue size increases
until the average queue size reaches the maximum threshold.
• The mark probability denominator is the fraction of packets dropped when the
average queue depth is at the maximum threshold.
– For example, if the denominator is 512, one out of every 512 packets is dropped
when the average queue is at the maximum threshold.
• When the average queue size is above the maximum threshold, all packets are
dropped.
*

117. 117
WRED
• If the average queue depth ever crosses the user-specified maximum
threshold, then WRED reverts to tail drop, and all incoming packets
might be dropped.
• The idea behind using WRED is to maintain the queue depth at a
level somewhere between the minimum and maximum thresholds,
and to implement different drop policies for different classes of
traffic.
– WRED is only useful when the bulk of the traffic is TCP traffic.
– With TCP, dropped packets indicate congestion, so the packet
source reduces its transmission rate.
*

118. 118
CBWFQ Using WRED Packet Drop
Example
• In the following example, the class map class1 is created and defined
to use the input interface FastEthernet0/1 as a match criterion to
determine if packets belong to the class.
• Next, the policy map policy1 is defined to contain policy specification for
class1, which is configured for WRED packet drop.
Router(config)# class-map class1
Router(config-cmap)# match input-interface FastEthernet0/1
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth 1000
Router(config-pmap-c)# random-detect
Router(config)# interface serial0/0
Router(config-if)# service-policy output policy1
Amount of bandwidth in
proportion of the link.
Weight = int bw/ class bw
*
Enables WRED

119. 119
Low Latency Queuing (LLQ)
• The Low Latency Queuing (LLQ) feature provides strict priority queuing
for class-based weighted fair queuing (CBWFQ), reducing jitter in voice
conversations.
• Configured by the priority command, strict priority queuing gives delay-
sensitive data, such as voice, preferential treatment over other traffic.
• With this feature, delay-sensitive data is sent first, before packets in other
queues are treated.
• LLQ is also referred to as priority queuing/class-based weighted fair
queuing (PQ/CBWFQ) because it is a combination of the two techniques.
*

120. 120
LLQ
• CBWFQ (without PQ, non-LLQ)), the weight for a packet belonging to
a specific class is derived from the bandwidth assigned to the class
during configuration.
– The bandwidth assigned to the packets of a class determines the
order in which packets are sent.
– All packets are serviced equally, based on weight.
– No class of packets may be granted strict priority.
• This scheme poses problems for voice and video traffic that is largely
intolerant of delay, especially variation in delay.
*

121. 121
LLQ
• In the event of congestion or when bandwidth has expired, priority is
used to drop packets.
• Voice traffic queued to the priority queue is UDP-based and,
therefore, not adaptive to the early packet drop characteristic of
WRED.
• Because WRED is ineffective, you cannot use the WRED random-
detect command with the priority command.
No
RED/WRED

122. 122
LLQ
• Although it is possible to enqueue various types of real-time traffic to
the strict priority queue, Cisco recommends that only voice traffic
be directed to it.
*

123. 123
Configuring LLQ
• When the priority command is specified for a class, it uses a
bandwidth argument that gives maximum bandwidth in kilobits per
second (kbps).
• This parameter is used to specify the maximum amount of bandwidth
allocated for packets belonging to the class configured with the
priority command (during times of congestion).
• The bandwidth parameter guarantees bandwidth to the priority class
and restrains the flow of packets from the priority class.
• Note: There is also a max-reserved-bandwidth command that con
be used, so the priority queue does not starve the remaining queues.
and
*

124. 124
LLQ Example
router(config)# access-list 102 permit udp host 10.10.10.10 host
10.10.10.20 range 16384 20000
router(config)# access-list 102 permit udp host 10.10.10.10 host
10.10.10.20 range 53000 56000
router(config)# class-map voice
router(config-cmap)# match access-group 102
router(config)# policy-map policy1
router(config-pmap)# class voice
router(config-pmap-c)# priority 50
router(config-pmap)# class bar
router(config-pmap-c)# bandwidth 20
router(config-pmap)# class class-default
router(config-pmap-c)# fair-queue
router(config)# interface atm1/0
router(config-subif)# pvc 0/102
router(config-subif-vc)# service-policy output policy1
*
A strict priority queue
(with a guaranteed
allowed bandwidth of
50 kbps) is reserved
for traffic that is sent
from the source
address (10.10.10.10)
to the destination
address (10.10.10.20),
in the range of ports
16384 through 20000
and 53000 through
56000.

125. 125
Suggested Readings

126. Quality of Service (QoS)
CIS 187 Multilayer Switched Networks
CCNP
Rick Graziani
Spring 2009