Ask The Expert:QoS on Catalyst Switches

Unanswered Question
Aug 12th, 2011

Read the bioWith Shashank Singh

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to get an update on QoS on Catalyst 2960, 3550, 3560, 3750, 4500 and 6500 series switches with Cisco expert Shashank Singh. Shashank graduated in 2009 with a bachelor's degree in Computer Science and Engineering from VIT University, Vellore India. Prior to joining Cisco he worked at General Electric as a software engineer. Later on he joined the Cisco Technical Assistance Center as an engineer in October of 2009. He has been working on LAN Switching technologies in TAC since then. Shashank also holds a CCNP certificate. QoS on Catalyst switches is one of the areas of his interest.

Remember to use the rating system to let Shashank know if you have received an adequate response.

Shashank might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Network InfrastructureLAN Switching discussion forum shortly after the event. This event lasts through August 26 , 2011. Visit this forum often to view responses to your questions and the questions of other community members.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.7 (6 ratings)
the_ios_inquisition Fri, 08/12/2011 - 20:46

Shashank,

Thanks for this timely Ask The Expert topic. I am primarily a route/switch engineer that has always skirted around the topic of QoS. I am seeing the obvious holes in my skill-set and am attempting to add this as an area of serious study. My company tends to work primarily with the ISR G1 and G2 routers, and fixed-configuration switches(mostly the 2960 and 3560 series). I have a Ccnp background that includes ONT training. Other than the ONT self-study material and the ONT official course material, what books, classes, or online documents do you suggest for foundational study in QoS for both IOS-based routers and switches?

Thanks.

Sent from Cisco Technical Support iPad App

shashasi Fri, 08/12/2011 - 22:41

Hi,

Router QoS is pretty generic and there is a lot of quality learning material available on Cisco website in form of documents. Among books, Cisco QoS Exam Certification Guide by Wendell Odom is a good resource. If you are interested in learning the design and implementation aspects, End-to-End QoS Network Design: Quality of Service in LANs, WANs, and VPNs By Tim Szigeti, Christina Hatting makes a good reading.

Though the underlying theory remains the same, understanding and configuring QoS on switches requires a certain degree of platform knowledge. This is mainly because Switches are designed to perform QoS in hardware (ASICs) unlike most of the Routers which depend on the IOS for the same. For example, on Catalyst 6500 switches, QoS is performed by the PFC (Policy Feature Card) on the supervisor engine and  hence it is important to have a prior understanding of what PFC is and how it works.

The best resource for understanding QoS on switches are the platform QoS configuration and troubleshooting documents available on Cisco.com. Again as each switch platform implements QoS in a different way, there are separate documents available for each platform. These documents provide a comprehensive perspective of QoS configuration and troubleshooting on respective switch platforms.

Apart from ONT, Cisco offers 642-642 QOS exam which is one of the four qualifying papers in the CCIP (Cisco Certified Internetwork Professional) track. This paper covers Router QoS in detail and also  has a few topics on switch QoS.

You can review the exam topics and official learning resources at http://www.cisco.com/web/learning/le3/current_exams/642-642.html.

Hope this answers your queries. Feel free to put forward any more questions that you may have.

Cheers,

Shashank

the_ios_inquisition Sat, 08/13/2011 - 11:45

Shashank,

Thanks! I'm working my way through Wendell Odom's book now. I wanted to take this opportunity to ask you a few general QoS questions that I have always had. I know this Ask The Expert should be more specifically about QoS on switches, so I apologize if these questions take us slightly off topic, and I understand if you do not have time to answer them.

1)As I understand it, queuing methods such as CBWFQ and LLQ are only applied to traffic flows when there is congestion on the interface. I take this to mean if I have a DS3 with 45 Mbps configured as the bandwidth, no egress queuing policies will be enforced until 45 Mbps of transmit is reached. Is this true? If so, does the same hold true for policing and shaping?

2)We manage a large number of Soho and SMB remote locations. In Soho environments, we tend to use asymmetric internet connections such as aDSL. At all of these locations we are using ISRs as the edge routers. I can see how we would be able to control traffic that is egressing the site. But are there suggested methods to control Ingress or downstream traffic as well? As an example, we have several small satellite locations that we use an 887 to terminate an aDSL connection. How can we prevent one user from unfairly hogging all of the downstream bandwidth, and how can we protect mission-critical traffic in the Ingress direction?

3)We maintain several wireless MAN designs where we bridge buildings using 1400 series wireless bridges. These connect to fixed-configuration switches(mostly 3550s or 3560s). For traffic traveling from the switch to the AP, we would like to police it down to 35 Mbps and apply queuing methods as it egresses the switch to give certain traffic more bandwidth. We run into issues when large amounts of traffic egress the switch and Ingress the wired side of the AP. The wireless bridge tends to drop a significant amount of traffic since it can only wirelessly transmit 48 Mbps most of the time. I believe in IOS you can use HQF to do this, but is there a way to do it in those switch models? Just to give an example, we have Building A and Building B connected by a wireless bridge shot between two 1400s. Wireless Bridge A has a wired connection to Switch A. Traffic from Building A to Building B will egress the port on Switch A toward Wireless Bridge A. The transmit rate on this port never needs to exceed 35 Mbps, and certain classes of traffic need reserved bandwidth within that 35 megs.

Thanks for all of your help.

Sent from Cisco Technical Support iPad App

shashasi Sat, 08/13/2011 - 15:43

No worries! Please find the answers below:

1)As I understand it, queuing methods such as CBWFQ and LLQ are only applied to traffic flows when there is congestion on the interface. I take this to mean if I have a DS3 with 45 Mbps configured as the bandwidth, no egress queuing policies will be enforced until 45 Mbps of transmit is reached. Is this true? If so, does the same hold true for policing and shaping?

This is a tricky question! However, I would answer both yes and no for that. QoS is all about prioritizing certain traffic at the cost of other at times of congestion. If your link is not congested you do not need QoS at all.

CBWFQ matches traffic to the classes and applies QoS as per the configuration under that class.The bandwidth assigned to a class is the guaranteed bandwidth delivered to the class only during congestion. If there is no congestion on the link, counters in the show policy-map interface command are not updated.

However, this is not the case with all QoS concepts. Shaping and Policing do not require the link to be congested. If interested traffic exceeds the configured CIR in the policer, traffic is dropped irrespective of whether the link is congested or not. With shaping, excess traffic is buffer delayed instead of being dropped. Both the shape and police commands restrict the output rate to a maximum kbps value. Importantly, neither mechanism provides a minimum bandwidth guarantee during periods of congestion.


2)We manage a large number of Soho and SMB remote locations. In Soho environments, we tend to use asymmetric internet connections such as aDSL. At all of these locations we are using ISRs as the edge routers. I can see how we would be able to control traffic that is egressing the site. But are there suggested methods to control Ingress or downstream traffic as well? As an example, we have several small satellite locations that we use an 887 to terminate an aDSL connection. How can we prevent one user from unfairly hogging all of the downstream bandwidth, and how can we protect mission-critical traffic in the Ingress direction?

I am not sure if I got your requirement right, but if it is all about limiting the traffic rate on the ingress, policing lets you accomplish that. Configure a policer on the ingress interface to limit traffic rate to a maximum value.


3)We maintain several wireless MAN designs where we bridge buildings using 1400 series wireless bridges. These connect to fixed-configuration switches(mostly 3550s or 3560s). For traffic traveling from the switch to the AP, we would like to police it down to 35 Mbps and apply queuing methods as it egresses the switch to give certain traffic more bandwidth. We run into issues when large amounts of traffic egress the switch and Ingress the wired side of the AP. The wireless bridge tends to drop a significant amount of traffic since it can only wirelessly transmit 48 Mbps most of the time. I believe in IOS you can use HQF to do this, but is there a way to do it in those switch models? Just to give an example, we have Building A and Building B connected by a wireless bridge shot between two 1400s. Wireless Bridge A has a wired connection to Switch A. Traffic from Building A to Building B will egress the port on Switch A toward Wireless Bridge A. The transmit rate on this port never needs to exceed 35 Mbps, and certain classes of traffic need reserved bandwidth within that 35 megs.

Bandwidth on switches can be limted using the comamnd "srr-queue bandwidth limit". For more information visit http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_sed/command/reference/cli3.html#wp1947391

Classes of traffic that need reserved bandwidth within that 35 megs need to be mapped to be sent to the priority queue on the egress. For more information, visit http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/command/reference/cli1.html#wp2170015

With this we will ensure that the important traffic in the priority queue is always serviced until the queue is empty. And we also ensure

that the total egress bandwidth never crosses a maximum value.

Hope this helps.

Cheers,

Shashank

bprakas1483 Sun, 08/14/2011 - 16:49

Hi Shashank,

Thanks for the timely expert advise.  I am interested to know what kind of Qos mechanism would be best suitable for non  cisco soft phones in a 6500 ( CatOS ) swtiches.

Also I was thinking if the PC's witht the soft phone are connected through the Cisco phone it is going to be a challenge to get the Qos perfect since the Cisco phone will mark any traffic coming from the pc at the default cos value, unless configurations are updated.  Your thoughts and recommendations in this will be much appreciated.

Thanks

shashasi Sun, 08/14/2011 - 19:25

Hi Banu,

To come up with a switchport configuration that will work, it is important to know how your third party softphone marks the voice traffic.

"set port qos mod/port trust-device ciscoipphone" is a template available on CatOS switches. This template is recommended when a PC running a cisco soft phone is directly connected to the switchport. Whether this will work for third party soft phone will again depend on how the softphone marks the traffic.

Normally, cisco softphones mark the dscp in the voip packet, while the IP phones mark the cos value. Traffic in frame types other than 802.1Q  or 802.1p passes through the IP phone unchanged. So if your softphone traffic is not tagged, IP phone will not alter it.

However, if your soft phone is marking cos and you do not want the IP phone to rewrite this marking, you may use 'set port qos mod/ports trust-ext trusted'  on the switchport.

Following links explains in detail the QoS behaviour and configuration options available on cisco 6500 switches running CatOS.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/autoqos.html#wp1031820

Cheers,

Shashank

krissh789 Tue, 08/23/2011 - 01:32

Where in a Carrier Ethernet Network will the tags be   assigned to a service frame?

(2 of 4 answers are correct

1.


C-tag and S-tag can be added by the provider.

2.

The C-tag is always added by the customer, the S-tag is   always added by the provider.

3. 

C-tag and S-tag can be added by the customer.

4. .

C-tag and S-tag can be added by the provider, the S-tag   cannot be added by the customer

what should be the correct answer?

JosephDoherty Mon, 08/15/2011 - 07:17

Disclaimer

The Author of this posting offers the information  contained within this posting without consideration and with the  reader's understanding that there's no implied or expressed suitability  or fitness for any purpose. Information provided is for informational  purposes only and should not be construed as rendering professional  advice of any kind. Usage of this posting's information is solely at  reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

the_ios_inquisition wrote:

Shashank,

2)We manage a large number of Soho and SMB remote locations. In Soho environments, we tend to use asymmetric internet connections such as aDSL. At all of these locations we are using ISRs as the edge routers. I can see how we would be able to control traffic that is egressing the site. But are there suggested methods to control Ingress or downstream traffic as well? As an example, we have several small satellite locations that we use an 887 to terminate an aDSL connection. How can we prevent one user from unfairly hogging all of the downstream bandwidth, and how can we protect mission-critical traffic in the Ingress direction?

The only truly effective method is to control other side's egress to branch's ingress.

If for example, a VPN tunnel was running across the aDSL, you shape your hub's side to DSL bandwidth and then prioritize according to your needs.  (NB: this assumes, only hub's VPN traffic will be using the DSL.)

PS:

If traffic is TCP, there are 3rd party appliances that can regulate ingress rates.

kdecaluwe Fri, 08/19/2011 - 02:26

Hi Shashank,

I was reading your answer to question 1) of The_IOS_Inquisition's question: As I understand it, queuing methods such as CBWFQ and LLQ are only applied to traffic flows when there is congestion on the interface.

This raises a question for me: When do we speak about congestion? If only a few frames arrive on an output interface with LLQ/CBWFQ and they can easily be played-out with only a small delay, but than a packet arrives that is going to be placed in the PriorityQueueu, I suppose that this frame will not be send FiFo but will be send directly after the serialization of the current frame has finished? Therefore, can we make a statement that the moment that there is more than 1 packet queued for an interface, we may already speak of congestion? What in fact is the definition?

Regards, Kees.

shashasi Thu, 08/25/2011 - 18:03

Hi Kees,

Congestion is defined by the Cisco IOS software configuration guide as: "During periods of transmit congestion at the outgoing interface, packets arrive faster than the interface can send them.

If total amount of data that needs to be sent averaged over a period of time, does not exceed  the bandwidth we say that the link is not congested. However, we need to ensure that the traffic doesnt arrive in a burst. Technically we can summarize that if there is a need to buffer packets at any point of time, the link is congested.

Hope that helps,

Shashank

rams.dandu_2 Mon, 08/15/2011 - 00:37

Hi Shashank;

       Thanks for the timely expert advice topic.We are a big Campus LAN network with 2960G series on the access layer and 6509 in Core layer and we want to deploy QoS. As recommended we want to classify and mark the traffic at the access layer. We got more than 150 types of traffic which we want to classify in to 5 groups. If i classify them using access lists do they put extra load on the 2960 switches and is this is the correct way or are they any best or better ways to do this with less load on the switch?

Regards;

Rams

shashasi Mon, 08/15/2011 - 12:56

Hi Rams,

On 2960G classification can be done either by using ACLs or class maps. Both are safe to use.

Switch uses its CPU to program the ACLs in TCAM (hardware) and you may see a CPU spike immediately after configuring a new ACL. Once configured, all subsequent traffic is handled in hardware and this does not add load on the switch CPU.

Cheers,

Shashank

rams.dandu_2 Tue, 08/16/2011 - 00:38

Hi Shashank;

    Thanks for your help. Is there any limit on the number of ACLs the switch can handle in Hardware?

Regards;

Rams

shashasi Tue, 08/16/2011 - 02:01

Hi Rams,

Yes, there is a limit on the number of ACLs that cen be programmed on the TCAM. However, this number varies from one platform to other. On 2960 switches, you can check 'show platform acl usage asic-number' to find out the limit.

Cheers,

Shashank

patel.dipesh Mon, 08/15/2011 - 04:44

Dear Shashank,

I have to desgn and implement QOS for Campus Network.

Existing Scenario : To understand the existing Topology, I have attached diagram with the devices Make and model.

On WAN in MPLS clound the QOS has been configured by MPLS Service Provider i.e.

COS1 : 20% of BW --- Voice

COS2 : 20% of BW --- Video

COS3 : 25% of BW --- SAP

COS4 : 35% of BW --- Default

Main Traffic in Network :

  • IP Telephony : AVAYA CM 6.0 (Avaya Aura Technology)
  • Video Conferencing : Polycom
  • SAP / ERP Application
  • SMTP/ MS Exchange Traffic
  • Internet Traffic
  • Microsoft-ds traffic
  • CIFS traffic between Servers
  • And other default Traffic


Problem : Voice and Video Clarity / Quality is not good.

Requirement : To implement QOS in LAN and WAN.

I have gone through the documentation regarding the implementation of QOS for LAN. But it's littla bit confusing.

There are several queries if you will solve, it will be a great help me to go ahead.

Queries :

  • Should we go with Auto QOS or Manually configuration of QOS?
  • If AutoQos (SRND v4) than On Access Layer Switch,
    • On Disctribution switch :
      • Which command I should apply on the Trunk Ports?

  • On CORE switch :
    • Which command I should apply on trunk ports and on ports connected to Router?

  • In AutoQOS SRNDv4 I have seen 4 types of cmds are there where should I use? :
    • auto qos classify {police}

  • Post Auto QOS configuration - How to Tune the same ?

  • If no Auto QOS than how to configure QOS at Access layer / Distribution layer / CORE layer? Management insterested to go with this option. Please help. I m novice for this.

If you can provide the sample configuration for Access layer, Distribution lalyer and CORE layer according to the attached topology than it will be a great help for me.

I have gone throguh many documents on the Cisco Web. But Lots of Confusion !

In addition to this, After configuration of the QOS How can I monitor the QOS? Is there any Tool to monitor the same.

Waiting for the Replies from you.

Topology :

Thanks in Advance

Regards

shashasi Mon, 08/15/2011 - 13:50

Hi Dipesh,

Please find the answers inline:

Queries :

Should we go with Auto QOS or Manually configuration of QOS?

Auto Qos assumes that the traffic on the ingress is premarked and we need to trust that marking to apply QoS. Again, 'auto qos voip' is designed only for the access ports that directly connect the traffic source (say an IP phone). If traffic is premarked and you do not want to alter the marking, you can go ahead and apply auto qos voip trust on the ingress access port.


If AutoQos (SRND v4) than On Access Layer Switch,

On Disctribution switch :

Which command I should apply on the Trunk Ports?

On CORE switch :

Which command I should apply on trunk ports and on ports connected to Router?

You can go ahead and trust the marking on the trunk ports (mls qos trust cos|dscp) on all subsequent access and core switches. This will make  the switch queue traffic according to the marking.

There are four egress queues per interface on 2960/3750/3560 switches. Each marking goes to one particular queue. You can check the individual buffers using 'sh mls qos queue-set' on these switches. The buffers generally need not be tweaked unless we are sure that they are insufficient for the amount of traffic present for that queue. Each platform has its own port basd QoS commands which are available in detail in their respective configuration guides.

In AutoQOS SRNDv4 I have seen 4 types of cmds are there where should I use? : auto qos classify {police}

If you enter the auto qos classify command, the switch automatically creates class maps and policy maps. This is a template and saves you from the  pain of configuring the policy maps manually. Note that these policies classify and remark the traffic as  per the best practices.

Post Auto QOS configuration - How to Tune the same ?

This will require some analysis and traffic engineering. Once you apply auto qos switch uses a template to classify and mark traffic,  and queues it accordingly. However, it may happen that the queue resources (buffers/bandwidth) may be insifficient for one/more queues. This may show up as output drops  on some interfaces. If you see this, you may need to troubleshoot further and find out the queue that is being overutilized and may be tune it to suit your traffic.

If no Auto QOS than how to configure QOS at Access layer / Distribution layer / CORE layer? Management insterested to go with this option. Please help. I m novice for this.

When it comes to QoS, there is no standard configuration that always works. Auto Qos uses the default best values to apply QoS but it may still not suit your network. Hence, to come up with manual configurations, it is important to know whether or not you have congestion in your links. If you have congestion, you will need to  find out the amount of traffic for each type and which traffic is lesser important than others and can be dropped.

You can go through the borderless campus 1.0 design guide for recommended configuration to get started.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1.0/BN_Campus_QoS.html

Also, for a detailed Auto Qos overview, you may go through the whitepaper.

http://www.cisco.com/en/US/tech/tk543/tk759/technologies_white_paper09186a00801348bc.shtml

If you have any specific questions, feel free to let me know.

Cheers,

Shashank

patel.dipesh Tue, 08/16/2011 - 08:54

Dear Shashank,

Thanks for the Reply.

We have a Voice network of Avaya CM 6.0 with S8700. And Video Conferencing Devices are of Polycom.

Is it ok if we will go with Initially:

1.  All access Ports with switch---IP Phone----PC/Laptop  as *** auto-qos voip trust ***.

2.  All Access ports with Printers,Servers without Voice Traffic with *** auto-qos clasify police ***

3. All the trunk ports on Access, Distribution and CORE switch with *** auto-qos voip trust ***

4. Port connected to Router with *** auto-qos voip trust ***

And Avaya S8700 server with the marking change as Voip Barear traffic as dscp : 46(EF) and Voice signaling using dscp : 26 (AF31).

One more thins is that : On Cisco Catalyst 2960 Lan Lite switches there is no option of auto-qos. Hence need to go with manual configuration.

Is it ok if I will configure :

    1. cos-dscp mapping accodrding to cos-dscp 0 8 16 24 32 46 48 56

    2. All the ports with Ip phone are configured with mls qos trust cos or dscp.

    3. Is it ok if I will not configure any thing related to thresold, badwidth and buffer as I can not find all the cmds in this models which i can see in quto generated config in 2960 LAN Base model?

4.  What to configure in case of Autoqos and manual configration for Outlook Communicator as video conferecning will be done by OCS client also.

5. Any third Party free tool to monitor the QOS ?

Pls suggest if I m wrong in any case.

Thanks in advance.

Regards, 

shashasi Tue, 08/16/2011 - 18:00

Hi Dipesh,

Answers inline.

1.  All access Ports with switch---IP Phone----PC/Laptop  as *** auto-qos voip trust ***.

    Yes, this sounds good.


2.  All Access ports with Printers,Servers without Voice Traffic with *** auto-qos clasify police ***

    Yes, this should be good as long you are OK to let this traffic be policed if need be. This command may remark the traffic so make sure you are       aware of this.


3. All the trunk ports on Access, Distribution and CORE switch with *** auto-qos voip trust ***

   auto-qos voip trust should be used on ports dirrectly connectd to a voip source. On trunks, mls qos trust cos|dscp should be fine.

4. Port connected to Router with *** auto-qos voip trust ***

    This again can be mls qos trust cos|dscp.

Is it ok if I will configure :

    1. cos-dscp mapping accodrding to cos-dscp 0 8 16 24 32 46 48 56

       This is the default cos-dscp map on the switch. Do not alter this unless need be.


    2. All the ports with Ip phone are configured with mls qos trust cos or dscp.

       sounds good.


    3. Is it ok if I will not configure any thing related to thresold, badwidth and buffer as I can not find all the cmds in this models which i can see in quto generated config in 2960 LAN Base model?

    To get started, this is not required. This may be needed once the QoS is in place and anything looks suboptimal.

4.  What to configure in case of Autoqos and manual configration for Outlook Communicator as video conferecning will be done by OCS client also.

   There is no  Auto QoS template specially for Outlook Communicator. You may want to take a look at auto qos video though and check if the     generated configuration suits your needs.

5. Any third Party free tool to monitor the QOS ?

Don't take me wrong but with this question, I will just depend on Google

  

Cheers,

Shashank

sg_network Mon, 08/15/2011 - 12:05

Dear Shashank,

I would like to ask the following questions.

1) Is it best practice to turn on (DSCP)-based queue mapping for 10G WS6708 line card? If yes, which scenario we need to turn on DSCP based queue mapping?

2) Does 10G line card required any special tuning for Voice traffic?

3) Is there any performance difference DFC3C and DFC3CXL?

4) Does Cisco phone able to set DSCP instead of COS?

Thanks,

John

shashasi Mon, 08/15/2011 - 15:43

Hi John,

Please find the answers inline.

1) Is it best practice to turn on (DSCP)-based queue mapping for 10G WS6708 line card? If yes, which scenario we need to turn on DSCP based queue mapping?

This is not a best practice and not the default behavior. queue-mode by default is mode-cos. You can change the mode to mode-dscp if your traffic is marked with DSCP instead of CoS. With queue-mode as CoS switch uses the cos-dscp map to convert it into an internal dscp before applying QoS. With mode set as mode-dscp, the incoming DSCP is directly used for applying QoS.


2) Does 10G line card required any special tuning for Voice traffic?

Voice traffic is prioritized using the priority queues on switches. Priority queue is serviced until empty and hence traffic going to this queue gets priority over others. If your voice traffic is cos5/dscp 46, switch by default maps it to the priority queue and no spcial tuning needs to be done. However, if your voice is marked with smoething else, you may need to configure the interface to send voice to the priority queue.


3) Is there any performance difference DFC3C and DFC3CXL?

DFC3CXL offers more scalability in terms of routes and NetFlow entries supported compared with DFC3C. There is no difference from QoS point of view that I am aware of. http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns668/net_qanda0900aecd80534905.html

4) Does Cisco phone able to set DSCP instead of COS?

Most of the cisco IP Phones mark the call signalling as dscp 24 and RTP traffic as dscp 46 apart from the CoS marking. If this is not the case with your phone, I would suggest putting this up in the voice forum on the community to seek expert advice.

Hope that helps.

Cheers,

Shashank

sg_network Tue, 08/16/2011 - 00:04

Dear Shashank,

Thank you for reply..

for Q1)

If I am not wrong, COS is based on L2 and DSCP is based on L3?

Also COS will loss when L2 medium changed?

In that case, what is best practice for trust COS or DSCP between Access and Distribution?

If we trust DSCP then should used DSCP queuing mode?

for VSL link qos -

If traffic cross the VSL.. does it convert the DSCP to COS then reconvert back at another side?

for 3750 qos stastic -> show mls qos int stastic

Is there any equivalent command at Cat6?

for Cat6 Is there way to see how the qos internal changes?

dscp and internal-dscp are different is same?

Thanks,

John

shashasi Tue, 08/16/2011 - 01:43

Hi John,

If am not wrong, COS is based on L2 and DSCP is based on L3?

You are right. CoS is present in the dot1q tag in the ethernet header and is hence layer 2. DSCP is a L3 field.

In that case, what is best practice for trust COS or DSCP between Access and Distribution?

If your traffic has both cos and dscp fields marked, it is advisable to trust dscp on the access/distribution switches.

If we trust DSCP then should used DSCP queuing mode?

Not necessarily. Use DSCP queuing mode if you dont want the switch to calculate an internal DSCP from the fields in the packet.

If the queueing mode is mode-cos (default), and trust state on the interface is dscp, switch will derive an internal dscp from the external dscp which may not be same. Internal dscp will be used by the switch to apply QoS.  However, if you change the queueing mode to mode-dscp, the switch will use the dscp marking on the packet instead of deriving an internal dscp.

for VSL link qos - If traffic cross the VSL.. does it convert the DSCP to COS then reconvert back at another side?

On VSL, switch derives euqivalent CoS value from the dscp value (if traffic is untagged) using the cos-dscp map. If there is a CoS marking present, it is simply trusted. Note that this is only from switch's perspective and no change is made to any fileld in the packet traversing the VSL.

for 3750 qos stastic -> show mls qos int stastic Is there any equivalent command at Cat6?

Unfortunately there is no equivalent command on Cat6k. However, 'show mls qos ip' and 'sh queueing interface' provide similar information.

for Cat6 Is there way to see how the qos internal changes?

I am not aware of a show command that tells this on 6k platform.

dscp and internal-dscp are different is same?

Dscp and internal-dscp may not always be same. To understand how internal dscp is derived visit

http://www.cisco.com/en/US/products/hw/switches/ps708/products_qanda_item09186a00804d2e3a.shtml#q44

Cheers,

Shashank

sg_network Tue, 08/16/2011 - 07:01

Thanks Shashank,

>> no change is made to any fileld in the packet traversing the VSL.

Thats means can't design Campus qos not more that 8 Class?

If I am not wrong, Base line Qos model is more than 8 Class... How do we achieve with VSL?

>> Unfortunately there is no equivalent command on Cat6k.

>> However, 'show mls qos ip' and 'sh queueing interface' provide similar information.

Is there any other way? How about NetFlow is possible to see stastical?

WS-X6708-10G-3C have RX 8q4t and TX 1p7q4t?

Is there any theories behind for that..

Also.. Is there difference between tail drop and WRED drop?

RX - T is tail drop threshold

TX - T is configurable WRED-drop thresholds or non-onfigurable WRED-drop thresholds

Is possible to combine Interactive Video and Streaming Video together with Cos6?

Thank you,

John

shashasi Tue, 08/16/2011 - 17:21

Hi John,

Please find the answers below. I did not get your question regarding configurable / non configurable WRED thresholds. Please elaborate on that one.

>> no change is made to any fileld in the packet traversing the VSL.

Thats means can't design Campus qos not more that 8 Class?

If I am not wrong, Base line Qos model is more than 8 Class... How do we achieve with VSL?

Unfortunately trust CoS is the only option available with VSL which means that all the traffic traversing through the VSL will belong to one of the eight CoS values and will be accordingly queued on the VSL ports. Hence it is recommended to have sufficient bandwidth for the VSL to avoid any congestion.

>> However, 'show mls qos ip' and 'sh queueing interface' provide similar information.

Is there any other way? How about NetFlow is possible to see stastical?

Yes netflow provides granular statistics and lets you analyze data more effectively.

WS-X6708-10G-3C have RX 8q4t and TX 1p7q4t?

Is there any theories behind for that..

These expressions indicate the port level queue architecture of this line card.  RX 8q4t means that the port has 8 queues with 4 threshold each on the ingress. 1p7q4t means that the port has 1 priority queue, 7 regular queues and 4 thresholds per queue.

Also.. Is there difference between tail drop and WRED drop?

Tail drop treats all traffic equally and does not differentiate between classes of service. Queues fill during periods of congestion. When the output queue is full and tail drop is in effect, packets are dropped until the congestion is eliminated and the queue is no longer full. In this case the last traffic going into the queue (tail) gets dropped. 

On the other hand, WRED makes early detection of congestion possible and provides a means for handling multiple classes of traffic. WRED can selectively discard lower priority traffic when the router begins to experience congestion

Is possible to combine Interactive Video and Streaming Video together with Cos6?

Yes, you just need to classify and mark both traffics to CoS 6 (if they come in with different markings). As long as they are marked as CoS 6, they will be treated in the same way by the switch.

Cheers,

Shashank

shashasi Wed, 08/17/2011 - 01:46

Hi John,

dscp to cos / vice versa conversion is governed by maps. By default dscp 46 maps to cos 5. See below.  Left hand column is first digit of DSCP value.  Top row is second digit of DSCP value. So DSCP 8 maps to CoS 1 and  DSCP 46 maps to CoS value 5.

6509#show mls qos map dscp-cos

   Dscp-cos map:               (dscp= d1d2)

     d1 :  d2 0  1  2  3  4  5  6  7  8  9

     -------------------------------------

      0 :    00 00 00 00 00 00 00 00 01 01

      1 :    01 01 01 01 01 01 02 02 02 02

      2 :    02 02 02 02 03 03 03 03 03 03

      3 :    03 03 04 04 04 04 04 04 04 04

      4 :    05 05 05 05 05 05 05 05 06 06

      5 :    06 06 06 06 06 06 07 07 07 07

      6 :    07 07 07 07

Similarly for cos to dscp conversion, there is a separate map. cos 5 gets converted to dscp 46 as evident from the map below

6509#show mls qos maps cos-dscp  
 Cos-dscp map:
        cos:   0  1  2  3  4  5  6  7
     --------------------------------
       dscp:   0  8 16 26 32 46 48 56

Hope that helps,

Shashank

sg_network Wed, 08/17/2011 - 21:20

Hi Shashank,

Is there way to disable DSCP-COS rewrite at Cat6? or it is fixed..

If switch convert DSCP - COS rewrite.. what happen to original packet dscp value?

packet ( dscp 46) -> PFC rewrite -> cos 5 (*)

At * stage.. what is dscp value?

I would like to know what is main reason PFC to rewrite at Egress port..

Another things was default cos-dscp map for Cos 5 is dscp 40

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a0080883f9e.shtml#concept21

Distribution1#show mls qos maps cos-dscp   Cos-dscp map:
        cos:   0  1  2  3  4  5  6  7
     --------------------------------
       dscp:   0  8 16 24 32 40 48 56

Thanks,

John

shashasi Thu, 08/18/2011 - 00:06

Hi John,

DSCP-COS rewrite is actually a method of calculating the COS value from given DSCP. Technically DSCP cannot be rewritten with a COS as they are present in different layer headers.

When switch has to send a packet out on a dot1q trunk interface, only then there may be a need to calculate COS value from the DSCP value. Before dot1q tag is stripped on the ingress trunk interface, switch finds out an equivalent DSCP value and uses it for queueing within the switch. On egress trunk, PFC uses this DSCP to derive the COS and write it back in the dot1q tag so that the marking is retained on the egress.

Cheers,

Shashank

sg_network Thu, 08/18/2011 - 02:34

Hi Shashank,

Thanks for reply.

If egress is Layer 3 link. does it still write back COS? or only required for dot1q  link.

I heard Cat66 with PFC4 new card? Is it for IPv6 qos upgrade?

Does IPv6 qos for cat6 is same as IPv4?

Also I did not find default cos5 is assign to dscp 46.

below is the show result from VSS.

Do we need to modify?

Cos-dscp map:

         cos:   0  1  2  3  4  5  6  7

     ------------------------------------

        dscp:   0  8 16 24 32 40 48 56

Thanks,

John

shashasi Thu, 08/18/2011 - 11:12

Hi John,

If egress is L3 link, the frame going out of that link will not have a dot1 tag and hence no CoS. Yes, CoS is present only on a dot1q link.

PFC4 provides some enhanced features which were absent in PFC3. With respect to IPV6, PFC4 lets you classify IPV6 using flow label and extened header which was not possible using PFC3. New QoS feature list is available at

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11-652042.html#wp9000513

IPV6 packet also has a DSCP just like an IPV4 packet which can be used for applying QoS. Following RFC defines DSCP for IPV6. http://tools.ietf.org/html/rfc2474

No need to modify if you are trusting dscp on the ingress. You will need to modify the map only in case your voice traffic is dscp 46/cos 5 and you are trusting cos on the ingress.

Cheers,

Shashank

sg_network Thu, 08/18/2011 - 22:45

Hi Shashank,

Thanks for reply,

sometimes packet did not go through RP and just switch through SP.

In that case, Does switch perform any qos function if congested?

How Layer2 read QOS from DSCP?

Thanks,

John

shashasi Mon, 08/22/2011 - 11:20

Hi John,

Even on layer 2 ports, switch has the capability to look into the IP header and find out the dscp value, provided you trust dscp.

Cheers,

Shashank

shashasi Mon, 08/22/2011 - 11:21

Hi John,

If you trust dscp on a dot1q trunk, CoS/ToS fields are left untouched.

Cheers,

Shashank

sg_network Tue, 08/23/2011 - 10:10

Hi Shashank,

thanks for reply.

since we can't see mls qos int stastic at cat6, if possible to remote port SPAN from Cat6 to Cat3750. does QOS parameter change once packet after R-SPAN?

Based on URL http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd803e5269.pdf

Regards to Figure 3. Cisco Catalyst 6500 QoS Processing Model

There are two Rewrite.

1st rewrite at PFC

2nd rewrite at Egress.

Based on previous discussion, 2nd rewrite occured only if egress links are Layer 2 dot1q link. How about 1st rewrite at PFC?

Regards to Table 1. Map Summary

CoS to DSCP Map and IP Precedence to DSCP Map for Input.

DSCP to CoS Map for output.

How about the following maps? Are they apply for both directions?

Dscp-exp map

Exp-dscp map

Normal Burst Policed-dscp map

Maximum Burst Policed-dscp map

Also where should I find more info ( reason for mutation, best practices ) for Ingress COS Mutation and Egress DSCP Mutation.

is there way to extend this Expert Discussion?


Thanks,

John

shashasi Tue, 08/23/2011 - 17:21

Hi John,

Please find the answers inline.

since we can't see mls qos int stastic at cat6, if possible to remote port SPAN from Cat6 to Cat3750. does QOS parameter change once packet after R-SPAN?

Yes, you can do this. If 3750 has QoS enabled, make sure that you trust dscp/cos on the ingress uplink on 3750.

Based on previous discussion, 2nd rewrite occured only if egress links are Layer 2 dot1q link. How about 1st rewrite at PFC?

First rewrite at PFC may happen if you are marking/policing your traffic. If there is a policy map that is configured on the ingress to

remark the traffic, or if an ingress policer is marking down out of profile traffic, it will happen at PFC.

How about the following maps? Are they apply for both directions?

Dscp-exp map: affects internal dscp to exp conversion. Only egress.

Exp-dscp map: affects exp to internal dscp conversion. Only ingress.

Normal Burst Policed-dscp map: configures the markdown map used by the exceed-action policed-dscp-transmit keywords.

This can be used on both ingress and egress based on where you have configured the policer.

Maximum Burst Policed-dscp map: configures the markdown map used by the violate-action policed-dscp-transmit keywords.

This can be used on both ingress and egress based on where you have configured the policer.

Also where should I find more info ( reason for mutation, best practices ) for Ingress COS Mutation and Egress DSCP Mutation.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/qos.html#wp1924278 is a detailed

document that  talks about mutation configuration and best practices.

is there way to extend this Expert Discussion?

Well, this is one question I am not sure of Normally, these sessions are planned and scheduled in advance and forthcoming sessions

would already be lined up. I would let the moderators decide.

P.S: Even if the session ends as per schedule you are welcome to post similar queries in Lan Switching and Routing space on the forum.

Cheers,

Shashank

krissh789 Tue, 08/23/2011 - 01:29

Where in a Carrier Ethernet Network will the tags be   assigned to a service frame?

(2 of 4 answers are correct)

 

C-tag and S-tag can be added by the provider.

 

The C-tag is always added by the customer, the S-tag is   always added by the provider.

 

C-tag and S-tag can be added by the customer.

 

C-tag and S-tag can be added by the provider, the S-tag   cannot be added by the customer

what should the correct answer??

lee_jia_en Tue, 08/16/2011 - 05:08

My company is using Alcatel IP PBX and IP Phones. Do I need to separate data and voice packets into two VLANs, what is the effect for not doing that and do I need to apply QoS to the voice VLAN?

shashasi Tue, 08/16/2011 - 17:31

Hi,

Its not mandatory to have data and voice in two different vlans. As long as your links are not congested and you do not want to have different set of configuration for voice and data, there is no point of separating them in two vlans. However it is a good idea to separate them if you are expecting the link to get congested and do not want your voice traffic to get dropped.

Hope that helps.

Shashank

lee_jia_en Tue, 08/16/2011 - 19:16

Thanks Shashank for your help.

In the voice VLAN, do I need to apply QoS command to it and what is the effect for not applying QoS in voice VLAN verus applying it?

Thank you.

shashasi Tue, 08/16/2011 - 20:14

The answer to your question depends on whether or not you expect to have congestion in your network. If you do and you wish to prioritize voice traffic so that it does not get dropped during congestion, you can configure QoS.

In congested networks, QoS allows you to prioritize certain traffic at the cost of remaining not so important traffic. If there is no congestion expected at any point of time, do not apply QoS.

Cheers,

Shashank

Jon Marshall Thu, 08/18/2011 - 13:19

Shashank

Hope you don't mind me asking a general QOS question as opposed to specific Catalyst QOS.

When you specifiy a priority queue that is a guarantee of a certain amount of bandwidth. During times of congestion this bandwidth is policed so that it cannot exceed the bandwidth configured.

During times when there is additional bandwidth available can the priority queue use spare available bandwidth from the other queues ? 

And if there is available bandwidth, which presumably means the link is not congested ?, does IOS still allocate packets into their configured queues. I ask as i see in an earlier thread that you mentioned the policy map does not get updated when there is no congestion. But even with no congestion is it not still important to make sure certain packets ie. VOIP do not get delayed due to larger non VOIP packets being sent ?

My understanding was that the priority queue was still active even during non-congested times but that any additional bandwidth it used outside of it's guaranteed limit would not be treated as priority ?

Jon

shashasi Thu, 08/18/2011 - 18:08

Hi Jon,

Tough questions but I will give them a shot  

During times when there is additional bandwidth available can the priority queue use spare available bandwidth from the other queues ?

Yes it can. Infact unused bandwidth is distributed proportionately among all queues. However, if priority class data is eating up free bandwidth and the device gets congested,  the priority class traffic above the allocated bandwidth is discarded. This is true for both bandwidth and priority classes.

If a bandwidth or priority class should not exceed its allocated bandwidth during periods of no congestion, you can combine the priority command with the police command.

And if there is available bandwidth, which presumably means the link is not congested ?, does IOS still allocate packets into their configured queues.

When there is no congestion, the limits configured under the classes go fuzzy.  There is extra bandwidth and everybody gets a proportianal share of the extra bandwidth. With fluid queue boundaries, some packets may be using the extra (unused) portion of the bandwidth for that queue and IOS does not update the policy-map counters.

But even with no congestion is it not still important to make sure certain packets ie. VOIP do not get delayed due to larger non VOIP packets being sent ?

With sufficient bandwidth available, there is no need to buffer packets. I believe this rules out possibility of latency. I am not sure if there is any other way latency can be seen except when traffic is buffered before being transmitted on the wire.

My understanding was that the priority queue was still active even during non-congested times but that any additional bandwidth it used outside of it's guaranteed limit would not be treated as priority ?

Priority queue is active during non-congested times as in the traffic going to the priority queue gets more bandwidth than minimum gurantee. You are definitely correct with the fact that any additional bandwidth being used is non priority and can be confiscated when the link gets congested.

Let me know your thoughts.

Cheers,

Shashank

Jon Marshall Fri, 08/19/2011 - 04:08

Shashank

Many thanks for the reply.

The priority queue using additional bandwidth was my understanding as well. And that any additional bandwidth that was being used was not actually priority traffic.

But in relation the last question if the additional bandwidth is not priority then during times of spare bandwidth is it right to call any bandwidth priority bandwidth, as it is simply being put on the wire in order ?

This is where i am still a little unclear. Interestingly i posted this question because it came up in another thread and we have these discussions crop up quite often so i wanted to get the definitive answer on this. As i said in the other thread i could have sworn i read somewhere that even during times of no congestion due to packet sizes priority still needed to be given to certain packets, hence the reason i assumed the LLQ was always active. And that would make sense when we say that any additional bandwidth the LLQ used was not priority bandwidth.

But i think i may be misremembering as i seem to be the only one in the other thread who thinks this

Jon

JosephDoherty Fri, 08/19/2011 - 17:08

Disclaimer

The  Author of this posting offers the information  contained within this  posting without consideration and with the  reader's understanding that  there's no implied or expressed suitability  or fitness for any purpose.  Information provided is for informational  purposes only and should not  be construed as rendering professional  advice of any kind. Usage of  this posting's information is solely at  reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Jon, you might be thinking of the need to priorize VoIP traffic by fragmenting larger packets on low bandwidth links.

shashasi Fri, 08/19/2011 - 15:13

Hi Jon,

To be honest, I have not come across anything that explains how packet size could be a parameter for deciding traffic that needs priority. As far as I know, priority is a relative concept and if bandwidth is present in abundance, there will not be a need to prioritize anything.I agree with the thought that when there is no congestion, there is no priority bandwidth. Its just bandwidth

Cheers,

Shashank

jgauthray Fri, 08/19/2011 - 06:03

Dear Shashank,

I got a customer who has L2 WAN links (SDSL 2Mbps & 4Mbps) that connect his branch offices to his central office. As there is no QoS on those links we have to limit the bandwidth on egress, and as he asked for a layer 2 WAN architecture we plan to deploy switch like C3560 or C2960 (cheaper).

I wonder if limit the bandwidth with L2 switch like C2960 is a good idea. It seems that it's possible to limit it with "srr-queue bandwidth " command but I wonder if it's the best solution :

  • I'm afraid of the performance impact and high CPU processing
  • Is implementing policy-map a best solution ?
  • Can we implement WRED drop or shaping policy on 2960 ?

Thanks a lot

shashasi Sat, 08/20/2011 - 00:28

Hi Julien,

srr-queue bandwidth limit lets you limit the output on a port and can be used if this serves your purpose. Policy map can be used to police traffic but this is supported only on the ingress.

Shaping can be configured only for the egress queues. None of these features are known to contribute towards persistent increase in CPU utilization. However, if your links on the switch gets congested there may be some performance issues if certain traffic gets lesser resources than required. This would requires the configuration to be fine tuned to suit the traffic.

Cheers,

Shashank

ewood2624 Fri, 08/19/2011 - 06:47

What's the best practice for QoS trunk links trust cos or trust dscp?  Also is there a best practice guide for QoS on wireless networks?

Actions

Login or Register to take actions

This Discussion

Posted August 12, 2011 at 3:38 PM
Stats:
Replies:71 Avg. Rating:4.66667
Views:24491 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,725
4 7,083
5 6,742
Rank Username Points
165
82
70
69
55