cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
38595
Views
28
Helpful
73
Replies

Ask The Expert:QoS on Catalyst Switches

ciscomoderator
Community Manager
Community Manager

Read the bioWith Shashank Singh

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to get an update on QoS on Catalyst 2960, 3550, 3560, 3750, 4500 and 6500 series switches with Cisco expert Shashank Singh. Shashank graduated in 2009 with a bachelor's degree in Computer Science and Engineering from VIT University, Vellore India. Prior to joining Cisco he worked at General Electric as a software engineer. Later on he joined the Cisco Technical Assistance Center as an engineer in October of 2009. He has been working on LAN Switching technologies in TAC since then. Shashank also holds a CCNP certificate. QoS on Catalyst switches is one of the areas of his interest.

Remember to use the rating system to let Shashank know if you have received an adequate response.

Shashank might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Network InfrastructureLAN Switching discussion forum shortly after the event. This event lasts through August 26 , 2011. Visit this forum often to view responses to your questions and the questions of other community members.

73 Replies 73

Shashank,

Thanks for this timely Ask The Expert topic. I am primarily a route/switch engineer that has always skirted around the topic of QoS. I am seeing the obvious holes in my skill-set and am attempting to add this as an area of serious study. My company tends to work primarily with the ISR G1 and G2 routers, and fixed-configuration switches(mostly the 2960 and 3560 series). I have a Ccnp background that includes ONT training. Other than the ONT self-study material and the ONT official course material, what books, classes, or online documents do you suggest for foundational study in QoS for both IOS-based routers and switches?

Thanks.

Sent from Cisco Technical Support iPad App

Hi,

Router QoS is pretty generic and there is a lot of quality learning material available on Cisco website in form of documents. Among books, Cisco QoS Exam Certification Guide by Wendell Odom is a good resource. If you are interested in learning the design and implementation aspects, End-to-End QoS Network Design: Quality of Service in LANs, WANs, and VPNs By Tim Szigeti, Christina Hatting makes a good reading.

Though the underlying theory remains the same, understanding and configuring QoS on switches requires a certain degree of platform knowledge. This is mainly because Switches are designed to perform QoS in hardware (ASICs) unlike most of the Routers which depend on the IOS for the same. For example, on Catalyst 6500 switches, QoS is performed by the PFC (Policy Feature Card) on the supervisor engine and  hence it is important to have a prior understanding of what PFC is and how it works.

The best resource for understanding QoS on switches are the platform QoS configuration and troubleshooting documents available on Cisco.com. Again as each switch platform implements QoS in a different way, there are separate documents available for each platform. These documents provide a comprehensive perspective of QoS configuration and troubleshooting on respective switch platforms.

Apart from ONT, Cisco offers 642-642 QOS exam which is one of the four qualifying papers in the CCIP (Cisco Certified Internetwork Professional) track. This paper covers Router QoS in detail and also  has a few topics on switch QoS.

You can review the exam topics and official learning resources at http://www.cisco.com/web/learning/le3/current_exams/642-642.html.

Hope this answers your queries. Feel free to put forward any more questions that you may have.

Cheers,

Shashank

Shashank,

Thanks! I'm working my way through Wendell Odom's book now. I wanted to take this opportunity to ask you a few general QoS questions that I have always had. I know this Ask The Expert should be more specifically about QoS on switches, so I apologize if these questions take us slightly off topic, and I understand if you do not have time to answer them.

1)As I understand it, queuing methods such as CBWFQ and LLQ are only applied to traffic flows when there is congestion on the interface. I take this to mean if I have a DS3 with 45 Mbps configured as the bandwidth, no egress queuing policies will be enforced until 45 Mbps of transmit is reached. Is this true? If so, does the same hold true for policing and shaping?

2)We manage a large number of Soho and SMB remote locations. In Soho environments, we tend to use asymmetric internet connections such as aDSL. At all of these locations we are using ISRs as the edge routers. I can see how we would be able to control traffic that is egressing the site. But are there suggested methods to control Ingress or downstream traffic as well? As an example, we have several small satellite locations that we use an 887 to terminate an aDSL connection. How can we prevent one user from unfairly hogging all of the downstream bandwidth, and how can we protect mission-critical traffic in the Ingress direction?

3)We maintain several wireless MAN designs where we bridge buildings using 1400 series wireless bridges. These connect to fixed-configuration switches(mostly 3550s or 3560s). For traffic traveling from the switch to the AP, we would like to police it down to 35 Mbps and apply queuing methods as it egresses the switch to give certain traffic more bandwidth. We run into issues when large amounts of traffic egress the switch and Ingress the wired side of the AP. The wireless bridge tends to drop a significant amount of traffic since it can only wirelessly transmit 48 Mbps most of the time. I believe in IOS you can use HQF to do this, but is there a way to do it in those switch models? Just to give an example, we have Building A and Building B connected by a wireless bridge shot between two 1400s. Wireless Bridge A has a wired connection to Switch A. Traffic from Building A to Building B will egress the port on Switch A toward Wireless Bridge A. The transmit rate on this port never needs to exceed 35 Mbps, and certain classes of traffic need reserved bandwidth within that 35 megs.

Thanks for all of your help.

Sent from Cisco Technical Support iPad App

No worries! Please find the answers below:

1)As I understand it, queuing methods such as CBWFQ and LLQ are only applied to traffic flows when there is congestion on the interface. I take this to mean if I have a DS3 with 45 Mbps configured as the bandwidth, no egress queuing policies will be enforced until 45 Mbps of transmit is reached. Is this true? If so, does the same hold true for policing and shaping?

This is a tricky question! However, I would answer both yes and no for that. QoS is all about prioritizing certain traffic at the cost of other at times of congestion. If your link is not congested you do not need QoS at all.

CBWFQ matches traffic to the classes and applies QoS as per the configuration under that class.The bandwidth assigned to a class is the guaranteed bandwidth delivered to the class only during congestion. If there is no congestion on the link, counters in the show policy-map interface command are not updated.

However, this is not the case with all QoS concepts. Shaping and Policing do not require the link to be congested. If interested traffic exceeds the configured CIR in the policer, traffic is dropped irrespective of whether the link is congested or not. With shaping, excess traffic is buffer delayed instead of being dropped. Both the shape and police commands restrict the output rate to a maximum kbps value. Importantly, neither mechanism provides a minimum bandwidth guarantee during periods of congestion.


2)We manage a large number of Soho and SMB remote locations. In Soho environments, we tend to use asymmetric internet connections such as aDSL. At all of these locations we are using ISRs as the edge routers. I can see how we would be able to control traffic that is egressing the site. But are there suggested methods to control Ingress or downstream traffic as well? As an example, we have several small satellite locations that we use an 887 to terminate an aDSL connection. How can we prevent one user from unfairly hogging all of the downstream bandwidth, and how can we protect mission-critical traffic in the Ingress direction?

I am not sure if I got your requirement right, but if it is all about limiting the traffic rate on the ingress, policing lets you accomplish that. Configure a policer on the ingress interface to limit traffic rate to a maximum value.


3)We maintain several wireless MAN designs where we bridge buildings using 1400 series wireless bridges. These connect to fixed-configuration switches(mostly 3550s or 3560s). For traffic traveling from the switch to the AP, we would like to police it down to 35 Mbps and apply queuing methods as it egresses the switch to give certain traffic more bandwidth. We run into issues when large amounts of traffic egress the switch and Ingress the wired side of the AP. The wireless bridge tends to drop a significant amount of traffic since it can only wirelessly transmit 48 Mbps most of the time. I believe in IOS you can use HQF to do this, but is there a way to do it in those switch models? Just to give an example, we have Building A and Building B connected by a wireless bridge shot between two 1400s. Wireless Bridge A has a wired connection to Switch A. Traffic from Building A to Building B will egress the port on Switch A toward Wireless Bridge A. The transmit rate on this port never needs to exceed 35 Mbps, and certain classes of traffic need reserved bandwidth within that 35 megs.

Bandwidth on switches can be limted using the comamnd "srr-queue bandwidth limit". For more information visit http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_sed/command/reference/cli3.html#wp1947391

Classes of traffic that need reserved bandwidth within that 35 megs need to be mapped to be sent to the priority queue on the egress. For more information, visit http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/command/reference/cli1.html#wp2170015

With this we will ensure that the important traffic in the priority queue is always serviced until the queue is empty. And we also ensure

that the total egress bandwidth never crosses a maximum value.

Hope this helps.

Cheers,

Shashank

Hi Shashank,

Thanks for the timely expert advise.  I am interested to know what kind of Qos mechanism would be best suitable for non  cisco soft phones in a 6500 ( CatOS ) swtiches.

Also I was thinking if the PC's witht the soft phone are connected through the Cisco phone it is going to be a challenge to get the Qos perfect since the Cisco phone will mark any traffic coming from the pc at the default cos value, unless configurations are updated.  Your thoughts and recommendations in this will be much appreciated.

Thanks

Hi Banu,

To come up with a switchport configuration that will work, it is important to know how your third party softphone marks the voice traffic.

"set port qos mod/port trust-device ciscoipphone" is a template available on CatOS switches. This template is recommended when a PC running a cisco soft phone is directly connected to the switchport. Whether this will work for third party soft phone will again depend on how the softphone marks the traffic.

Normally, cisco softphones mark the dscp in the voip packet, while the IP phones mark the cos value. Traffic in frame types other than 802.1Q  or 802.1p passes through the IP phone unchanged. So if your softphone traffic is not tagged, IP phone will not alter it.

However, if your soft phone is marking cos and you do not want the IP phone to rewrite this marking, you may use 'set port qos mod/ports trust-ext trusted'  on the switchport.

Following links explains in detail the QoS behaviour and configuration options available on cisco 6500 switches running CatOS.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/autoqos.html#wp1031820

Cheers,

Shashank

Where in a Carrier Ethernet Network will the tags be   assigned to a service frame?

(2 of 4 answers are correct

1.


C-tag and S-tag can be added by the provider.

2.

The C-tag is always added by the customer, the S-tag is   always added by the provider.

3. 

C-tag and S-tag can be added by the customer.

4. .

C-tag and S-tag can be added by the provider, the S-tag   cannot be added by the customer

what should be the correct answer?

Disclaimer

The Author of this posting offers the information  contained within this posting without consideration and with the  reader's understanding that there's no implied or expressed suitability  or fitness for any purpose. Information provided is for informational  purposes only and should not be construed as rendering professional  advice of any kind. Usage of this posting's information is solely at  reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

the_ios_inquisition wrote:

Shashank,

2)We manage a large number of Soho and SMB remote locations. In Soho environments, we tend to use asymmetric internet connections such as aDSL. At all of these locations we are using ISRs as the edge routers. I can see how we would be able to control traffic that is egressing the site. But are there suggested methods to control Ingress or downstream traffic as well? As an example, we have several small satellite locations that we use an 887 to terminate an aDSL connection. How can we prevent one user from unfairly hogging all of the downstream bandwidth, and how can we protect mission-critical traffic in the Ingress direction?

The only truly effective method is to control other side's egress to branch's ingress.

If for example, a VPN tunnel was running across the aDSL, you shape your hub's side to DSL bandwidth and then prioritize according to your needs.  (NB: this assumes, only hub's VPN traffic will be using the DSL.)

PS:

If traffic is TCP, there are 3rd party appliances that can regulate ingress rates.

Hi Shashank,

I was reading your answer to question 1) of The_IOS_Inquisition's question: As I understand it, queuing methods such as CBWFQ and LLQ are only applied to traffic flows when there is congestion on the interface.

This raises a question for me: When do we speak about congestion? If only a few frames arrive on an output interface with LLQ/CBWFQ and they can easily be played-out with only a small delay, but than a packet arrives that is going to be placed in the PriorityQueueu, I suppose that this frame will not be send FiFo but will be send directly after the serialization of the current frame has finished? Therefore, can we make a statement that the moment that there is more than 1 packet queued for an interface, we may already speak of congestion? What in fact is the definition?

Regards, Kees.

Hi Kees,

Congestion is defined by the Cisco IOS software configuration guide as: "During periods of transmit congestion at the outgoing interface, packets arrive faster than the interface can send them.

If total amount of data that needs to be sent averaged over a period of time, does not exceed  the bandwidth we say that the link is not congested. However, we need to ensure that the traffic doesnt arrive in a burst. Technically we can summarize that if there is a need to buffer packets at any point of time, the link is congested.

Hope that helps,

Shashank

venkata dandu
Level 1
Level 1

Hi Shashank;

       Thanks for the timely expert advice topic.We are a big Campus LAN network with 2960G series on the access layer and 6509 in Core layer and we want to deploy QoS. As recommended we want to classify and mark the traffic at the access layer. We got more than 150 types of traffic which we want to classify in to 5 groups. If i classify them using access lists do they put extra load on the 2960 switches and is this is the correct way or are they any best or better ways to do this with less load on the switch?

Regards;

Rams

Hi Rams,

On 2960G classification can be done either by using ACLs or class maps. Both are safe to use.

Switch uses its CPU to program the ACLs in TCAM (hardware) and you may see a CPU spike immediately after configuring a new ACL. Once configured, all subsequent traffic is handled in hardware and this does not add load on the switch CPU.

Cheers,

Shashank

Hi Shashank;

    Thanks for your help. Is there any limit on the number of ACLs the switch can handle in Hardware?

Regards;

Rams

Hi Rams,

Yes, there is a limit on the number of ACLs that cen be programmed on the TCAM. However, this number varies from one platform to other. On 2960 switches, you can check 'show platform acl usage asic-number' to find out the limit.

Cheers,

Shashank

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: