This website is originally written in the Czech language. Most content is machine (AI) translated into English. The translation may not be exact and may contain errors.

Tento článek si můžete zobrazit v originální české verzi. You can view this article in the original Czech version.
Cisco QoS 2 - Classification and Marking, Modular QoS CLI

Cisco QoS 2 - Classification and Marking, Modular QoS CLI

Monday, 26.01.2009 17:21 | Petr Bouška - Samuraj | Cisco admin

This section of Quality of Service articles focusing on Cisco focuses on the first action we need to take when applying QoS. This involves examining the traffic and classifying it into classes - classification and then marking each packet with that class - marking.

displayed: 30 188x (29 252 CZ, 936 EN) | Comments [6]

Note: Configuration commands and options vary by IOS version (considering newer versions here) and by device (router, switch, category).

Trust Boundary - the boundary of trust, it separates the part of the network where we still trust the transmitted markings (classes) and where we don't, typically the edge switch, we don't trust what the client sends us, but we classify the traffic ourselves, there may be an exception like an IP phone.

Detailed traffic analysis (of the packet) should be performed at the network edge, as much as possible, where we establish the Trust Boundary. Based on the analysis, we categorize the traffic into classes. Other active elements then use this classification for traffic routing. DiffServ operates in a manner referred to as Per-hop behavior, processing at each active element. To achieve a comprehensive QoS solution, all active elements on the path must have the same Per-hop behavior.

Classification

We can distinguish packets based on a number of parameters, some of which are:

ACL (access control list) using access group - this includes definition based on a number of parameters, primarily IP address or MAC address
input interface - through which the packet came
IP parameter - DSCP or Precedence
protocol - some basic protocols or a range when using NBAR (which is only on better routers or the largest switches)
all - all traffic
class-map - according to a nested class map
trusted Cos, DSCP or IP precedence - accepting the received values

Marking

After classifying the packet into a class, we need to assign this information to it. This is done using marking and there are several options, depending on the protocol/technology used. Here I only mention the more common TCP/IP and Ethernet (and omit other options like ATM, Frame Relay, MPLS).

Class of Service (CoS) field in OSI Layer 2

CoS is a priority bit according to IEEE 802.1p within the IEEE 802.1q Ethernet frame (extended frame header by 4 bytes), size 3 bits, taking values 0 to 7.

802.1q frame

6B	6B	4B	2B	64 to 1500B	4B
Destination Address (DA)	Source Address (SA)	802.1q tag	Type or Length	Data	Frame Check Sequence (FCS)

Structure of 802.1q tag

2B	3b	1b	12b
0x8100	Priority (802.1p)	Canonical Format Indicator (CFI)	VLAN ID
Tag Protocol ID (TPID) 2B	Tag Control Information (TCI) 2B

Type of Service (ToS) field in OSI Layer 3

The ToS field is inside the IP header and is 8 bits long, inside it is the value of the Differentiated Services Code Point (DSCP) 6 bits and thus values 0 to 63, inside it is the IP Precedence (IPP) of 3 bits (values 0 to 7). Originally, IP Precedence was used, for DiffServ it was extended to DSCP, which is backward compatible with IP Precedence.

IP header

13b

Version

Header Length

ToS

Length

Flags

Offset

TTL

Protocol

FSC

IP-SA

IP-DA

Data

ToS field

0	1	2	3	4	5	6	7
Precedence			Unused					Standard IPv4
Differentiated Services Code Point (DSCP)						Flow Control (Explicit Congestion Notification)		DiffServ Extensions

CoS, IP Precedence, DSCP Values

CoS	IPP	DSCP	PHB	Typical Application
7	7			Reserved
6	6	48	CS6	Routing
5	5	46	EF	Voice
5	5	34	AF41	Video Conference
4	4	32	CS4	Streaming Video
3	3	26	AF31	Mission Critical Data
3	3	24	CS3	Call Signaling
2	2	18	AF21	Transactional Data
2	2	16	CS2	Network Management
1	1	10	AF11	Bulk Data
1	1	8	CS1	Scavenger
0	0	0	0	Best Effort Data

Per-Hop Behaviors - PHB

PHB is a term used in DiffServ that defines the policies and priorities applied to a packet as it passes through a router (hop). The standard PHBs are:

Expedited Forwarding - EF - fast (prioritized) transmission, ideal for small bandwidth but low latency
Assured Forwarding - AF - assured transmission, has reserved bandwidth, often divided into gold, silver, and bronze
Class Selector - CS - compatible with IP Precedence
Best Effort - BE - default, worst

PHB is defined in several RFCs, but in reality it is just a recommendation. Everything depends on how we configure it on the active elements. The mentioned classes do not automatically exist, so if we mark the traffic to a recommended value, nothing will happen yet, we need to set the behavior of the given class.

The following table shows the recommended values of IP Precedence (IPP) and the corresponding PHB classes along with the DSCP value. The size of DSCP is 6 bits, the first 3 bits correspond to IP Precedence. The higher the IP Precedence number, the higher the priority. For PHB AF, this number is added to the name (and also forms CS). The next two bits determine the drop probability, the higher the number, the more likely it is to be dropped (AFx1 - low drop preference, AFx2 med drop preference, AFx3 high drop preference), and they are also added to the PHB EF name. The last bit is 0.

IPP	Per Hop Behavior / DSCP
0		BE 000000
1	CS1 001000 (8)	AF11 001010 (10)	AF12 001100 (12)	AF13 001110 (14)
2	CS2 010000 (16)	AF21 010010 (18)	AF22 010100 (20)	AF23 010110 (22)
3	CS3 011000 (24)	AF31 011010 (26)	AF32 011100 (28)	AF33 011110 (30)
4	CS4 100000 (32)	AF41 100010 (34)	AF42 100100 (36)	AF43 100110 (38)
5		EF 101110 (46)

Configuration in Cisco IOS - MQC

Nowadays, the Modular Quality of Service Command Line Interface (Modular QoS CLI or just MQC) is used for configuring QoS under Cisco IOS (regardless of whether on a router or switch, although the detailed options differ). We always work with classes (in which we classify traffic), so it is called Class-based QoS.

Using MQC, more activities are performed than just classification and marking, and the same commands are used for everything, so I will also indicate other options that will be described in more detail next time. The following mechanisms can be used in MQC:

Marking - marking packets, applicable to input/output, set command
Shaping - limiting traffic with delay (distribution), applicable to output, shape command
Policing - limiting traffic by dropping packets, applicable to input/output, police command
Weighted fair queuing (CBWFQ) - queues for bandwidth reservation (guarantee), applicable to output, bandwidth command
Low-latency queuing (CBLLQ) - queues for bandwidth reservation (guarantee) and ensuring low latency, applicable to output, priority command
Weighted random early detection (WRED) - queues for bandwidth reservation (guarantee) with intelligent packet dropping, random-detect command

The configuration in MQC consists of three steps:

Traffic class definition - I determine what traffic I want to work with, I create a class-map
Policy definition - I determine what I want to do with the selected traffic, I create a policy-map and include one or more class-maps in it
Policy application - I apply the policy to an interface, that's when it starts working, using service-policy

Traffic class definition

We create a named class into which (or using which) we will select traffic. Inside the class, we select traffic using the match command, which can be used once or multiple times. In the class definition, we can specify whether multiple match commands should use logical AND or logical OR, using the match-all or match-any parameter.

ROUTER(config)#class-map test-class            // definition of class-map named test-class, match-all is used by default
ROUTER(config)#class-map match-all test-class  // same as above
ROUTER(config)#class-map match-any test-class  // at least one match must apply

We can select traffic based on a number of parameters (see above), depending on the device type and what it supports.

ROUTER(config-cmap)#match any                    // select everything, doesn't work for all applications
ROUTER(config-cmap)#match access-group 10        // what ACL number 10 evaluates
ROUTER(config-cmap)#match ip precedence critical // what has IP Precedence = 5 set
ROUTER(config-cmap)#match vlan 100 - 105         // VLAN 100 to 105
ROUTER(config-cmap)#match destination-address mac 00-16-EA-E4-D0-96 // destination MAC address
ROUTER(config-cmap)#match input-interface fa1    // what came through interface fa1
ROUTER(config-cmap)#match protocol ip            // by protocol

An interesting option is to use the match not command, which selects based on all other values of the given criterion except the specified values.

ROUTER(config-cmap)#match not protocol ip  // all protocols except IP

We can also nest class-maps for more complex selections

ROUTER(config)#class-map match-any test-class 
ROUTER(config-cmap)#match class-map test-class-1 
ROUTER(config-cmap)#match class-map test-class-2

Classification using ACL

ACL (Access Control List) is often used to find interesting traffic. We can use standard IP ACL, extended IP ACL or L2 MAC ACL. More about creating ACLs in the article Cisco IOS 8 - ACL - Access Control List.

It's important to know how ACLs are evaluated when assigned to a class-map. The following rules are used:

if a match with a permit action is found, the assigned QoS action is used
if a match with a deny action is found, the ACL is skipped and the next one is continued
if no permit rule is found, QoS is not processed and Best-Effort is used
if multiple ACLs are defined, the search stops after the first permit match

Policy definition

In the first step, we selected which traffic we're interested in, and now we need to determine what we'll do with it. There are many options, and in this step, we actually apply all the QoS possibilities. We can mark traffic, perform marking, (set IP precedence, DSCP, etc.) or work directly with traffic, limit or reserve bandwidth for traffic, handle queues, etc.

We create a named policy called test-policy.

ROUTER(config)#policy-map test-policy

Next, we determine which class-map our settings will apply to. We can include multiple class-maps in one policy-map and set different behaviors for them. This is necessary because we can only apply one policy-map per interface and direction.

ROUTER(config-pmap)#class test-class

Within the class-map, we already determine the given policy, it can be multiple settings.

ROUTER(config-pmap-c)#set cos 3         // mark traffic as COS 3
ROUTER(config-pmap-c)#set precedence 3  // mark traffic as IPP 3
ROUTER(config-pmap-c)#set dscp 24       // mark traffic as DSCP 24
ROUTER(config-pmap-c)#police 128000 8000 exceed-action drop // traffic limitation
ROUTER(config-pmap-c)#police aggregate test-policer // traffic limitation using pre-created policy
ROUTER(config-pmap-c)#shape average 512000 // traffic shaping
ROUTER(config-pmap-c)#priority 16000    // prioritization and bandwidth allocation in kbps
ROUTER(config-pmap-c)#bandwidth 1024    // bandwidth allocation in kbps
ROUTER(config-pmap-c)#log               // logging

All other traffic that we didn't include in any class is automatically assigned to the default class, to which QoS is not applied - Best-effort is used. This class is called class-default and we can change its behavior.

ROUTER(config)#policy-map test-policy 
ROUTER(config-pmap)#class class-default    
ROUTER(config-pmap-c)#queue-limit 10    // queue size of 10 packets

Policy application

Creating a policy-map doesn't mean it will start working. First, it needs to be mapped to an interface within which it will be executed. And also determine whether it applies to incoming or outgoing packets (similar to ACL).

ROUTER(config)#interface gigabitEthernet1/0/1       // select interface
ROUTER(config-if)#service-policy input test-policy  // apply policy map named test-policy to incoming packets

We can also create hierarchical policies by applying one policy inside another policy under a class.

ROUTER(config)#policy-map test-policy 
ROUTER(config-pmap)#class test-class  
ROUTER(config-pmap-c)#police 512000 
ROUTER(config-pmap-c)#service-policy test-inner-policy  // apply policy within a policy

Show commands - verification

To verify our settings, we can use the following show commands:

ROUTER#show running-config    // we'll find the entered commands in the running configuration
ROUTER#show class-map         // displays all defined class-maps
ROUTER#show class-map class1  // displays class-map class1
ROUTER#show policy-map        // displays all defined policy-maps (doesn't show individual commands)
ROUTER#show policy-map policy1 class class1 // displays configuration of specified class in given policy-map
ROUTER#show policy-map interface s0/0  // displays statistics on how the policy is applied to the interface

Author: Petr Bouška

Related articles:

Cisco IOS

A large series about the operating system of Cisco's active elements. It contains some of the most read articles on this site. The articles describe the configuration of switches and routers, primarily with Cisco IOS. Things about ports, VLANs, STP, ACLs, QoS, etc.

Cisco IOS 1 - introduction, show command [08.03.2007 13:00]
Cisco IOS 2 - IOS version, upgrade and backup [16.03.2007 14:28]
Cisco IOS 3 - interface/port settings - access, trunk, port security [09.04.2007 11:09]
Cisco IOS 4 - reset, password recovery [25.04.2007 17:34]
Cisco IOS 5 - communication with a switch [16.05.2007 16:15]
Cisco IOS 6 - Initial Switch Configuration [08.06.2007 17:31]
Cisco IOS 7 - VLAN configuration, VTP [18.06.2007 14:12]
Cisco IOS 8 - ACL - Access Control List [10.08.2007 15:40]
Cisco IOS 9 - Spanning Tree Protocol [20.08.2007 17:55]
Cisco IOS 10 - Rapid Spanning Tree Protocol [01.09.2007 14:11]
Cisco IOS 11 - IEEE 802.1x, port authentication, MS IAS [10.10.2007 14:38]
Cisco IOS 12 - IEEE 802.1x and more advanced features [24.10.2007 16:42]
Cisco IOS 13 - DHCP services on the switch [06.01.2008 11:24]
Cisco IOS 14 - tips for routine work [29.02.2008 08:15]
Cisco IOS 15 - backups and restores of configuration and images [13.03.2008 09:43]
Cisco IOS 16 - HSRP - Hot Standby Routing Protocol [27.05.2008 16:05]
Cisco IOS 17 - more switches as Stack - StackWise technology [29.07.2008 20:27]
Cisco IOS 18 - inter-VLAN routing and ACL - routing between VLANs [24.12.2008 11:50]
Cisco QoS 1 - introduction to Quality of Service and DiffServ [18.01.2009 13:31]
Cisco QoS 2 - Classification and Marking, Modular QoS CLI [26.01.2009 17:21] ...... reading now
Cisco QoS 3 - Rate Limiting - Policing, Shaping [01.02.2009 12:20]
Cisco QoS 4 - Speed Guarantee - Queuing [08.02.2009 13:13]
Cisco QoS 5 - QoS on the switch, MLS, SRR, Auto QoS [14.02.2009 14:55]
Cisco QoS 6 - practical examples of QoS usage [28.02.2009 16:33]
TCP/IP - Internet Protocol Version 6 - IPv6 [05.03.2009 15:41]
TCP/IP - IP Multicast and Cisco multicast [10.03.2009 20:05]
Cisco Routing 1 - General Features of Routing Protocols [20.03.2009 14:43]
Cisco Routing 2 - EIGRP - Enhanced Interior Gateway Routing Protocol [29.03.2009 19:04]
Cisco Routing 3 - OSPF - Open Shortest Path First [03.04.2009 10:54]
Cisco Routing 4 - IS-IS - Intermediate System to Intermediate System [09.04.2009 08:48]
Cisco Routing 5 - BGP - Border Gateway Protocol [18.04.2009 13:50]
Cisco Routing 6 - Routing Protocol Comparison [28.04.2009 16:27]
Cisco IOS 19 - Private VLAN and Protected Port [20.05.2009 18:41]
Cisco IOS 20 - VLAN access-map - VLAN map - VACL [29.05.2009 15:05]
Cisco IOS 21 - EtherChannel, Link Agregation, PAgP, LACP, NIC Teaming [08.06.2009 09:41]
Common attacks on switches, Cisco Dynamic ARP Inspection [18.06.2009 10:15]
Cisco - Router Switching methods and related terms - CAM, FIB, CEF [28.06.2009 17:15]
Cisco IOS 22 - traffic monitoring/control/mirroring - SPAN and RSPAN [15.07.2009 11:52]
Cisco IOS 23 - User authentication on the switch against Active Directory [15.09.2009 17:09]
Cisco QoS 7 - Additional Information [05.11.2009 09:31]
Cisco NX-OS 1 - Virtual Port Channel [25.08.2016 17:14]
Cisco IOS 24 - security of communication on ports [19.10.2016 11:01]
Cisco NX-OS 2 - port communication security [03.11.2016 14:18]
Cisco IOS 25 - StackWise Virtual [11.11.2020 14:13]
Cisco IOS 26 - IOS XE upgrade - standalone switch, stack and ISSU [12.11.2020 08:29]

QoS - Quality of Service

This series of articles is devoted to the comprehensive issue of quality assurance in data transmission, i.e. Quality of Service. Everything is addressed taking into account the current trends used on Cisco active elements, along with configuration examples.

Cisco QoS 1 - introduction to Quality of Service and DiffServ [18.01.2009 13:31]
Cisco QoS 2 - Classification and Marking, Modular QoS CLI [26.01.2009 17:21] ...... reading now
Cisco QoS 3 - Rate Limiting - Policing, Shaping [01.02.2009 12:20]
Cisco QoS 4 - Speed Guarantee - Queuing [08.02.2009 13:13]
Cisco QoS 5 - QoS on the switch, MLS, SRR, Auto QoS [14.02.2009 14:55]
Cisco QoS 6 - practical examples of QoS usage [28.02.2009 16:33]
Cisco QoS 7 - Additional Information [05.11.2009 09:31]

If you want write something about this article use comments.

Comments

[1] joe07

Chcel by som sa spytat na analyzu trafficu. Tu: http://www.opalsoft.net/qos/ sa pise, ze prave analyzou zistime nase potreby. Niekto s tym pravdepodobne mate skusenosti ako (velmi by som ocenil presnejsi navod) sa analyzuje traffic na sieti?
Na tej stranke sa pise, ze stacia free aplikacie a jeden linuxovy stroj konkretne: tcpdump, awk, gnuplot, and of course, an unexpensive Linux box.
Viete niekto poradit konkretny postup? Dakujem
- comment responded to by [2]tomfi
Friday, 12.06.2009 00:36 | answer
[2] tomfi

respond to [1]joe07:
Hodně záleží na tom co přesně myslíte...když se omezím na linux tak pro operativní analýzu (kdo co právě dělá) jsou dobré:
tcpdump
iptraf
iftop
iptables
wireshark
Pro sledování trendů a přehled co kdo dělá:
mrtg
ntop
a speciální "home-made" skripty, které umí shromáždit a analyzovat "na co máte políčeno"... ale to je právě už případ těch awků, gnuplotů, rrdtoolů a podobných věcí :)
Nejsem si jistý co si představujete pod návodem na analýzu trafficu... analýza má vždy nějaký důvody... takže většinou hledáte něco konkrétního... případně sledujete pro odhalení abnormalit... ale takový nakousnutí:
když po spuštění iptraf uvidíte že broadcast v síti vám tvoří 50% trafficu, tak možná něco v pořádku, když uvidíte jeden broadcast rámec pomocí tcpdump 2x, tak máte v síti pravděpodobně taky nějaký problémek... to je traffic analysis zaměřený na nízkou úroveň.. dále můžete pomocí analýzy sledovat dobu odezvy aplikací, chybové stavy v síti, trendy v síťovém provozu, hledat příznaky útoku apod.

Saturday, 13.06.2009 22:55 | answer
[3] joe07

Dakujem skusim s tym trochu poexprerimentovat.
Myslel som spociatku zakladnu analyzu: Pocet broadcastov(mozno aj multicastov), TCP vs. UDP a napokon zistenie ake protokoly sa skryvaju v UDP.
Na tie dalsie udaje ako odozva, chybove stavy som zatial nepomyslel

Sunday, 14.06.2009 12:13 | answer
[4] Zaram

Mám dotaz ohledně té default class (u CBWFQ) - tím ,že jsou všechny zbývající packety obsluhovány best-effort tím se míní že jsou zařazeny do jedné jediné FIFO? Nebo se pro každý flow vytvoří vlastní queue? To už ale nebude best-effort...
Viz. "Inside Cisco IOS Software Architecture" str. 145):
"A default class also can be configured; if no default class is configured, packets that are not otherwise classified into a user-defined class are sorted by flow and are given best-effort treatment."
Překládám si to tak, že všechen traffic spadající do default class se chová jako legacy WFQ. Co si o tom myslíte?
Jinak pěkný seriál
- comment responded to by [5]Samuraj
Wednesday, 23.09.2009 01:37 | answer
[5] Samuraj

respond to [4]Zaram: Já myslím, že vše co se neurčí jinak, padá do class-default a ta má jednu frontu (u té můžeme konfigurovat chování). Něco ukazuje tento obrázek www.cisco.com/en/US/i/000001-100000/60001-65000/60001-61000/60595.jpg.

Friday, 25.09.2009 08:54 | answer
[6] Zaram

to Samuraj: Nejspíše je to tak, jak jsem psal na konci. V tomto dokumentu to sice není explicitně napsáno, ale dá se to z toho odvodit:
http://www.cisco.com/en/US/tech/tk543/tk544/technologies_tech_note09186a0080094612.shtml#undqu
Dle mého to funguje následovně:
Queues 1- 256 - Defalt class - obsluhovaná jako WFQ (stejný schedul. alg.) - tedy se počítá hash z IP packetů - dělí se do samostatných flows, těm se následně přiděluje samostatná Queue a ta je posléze obsluhována dle vypočteného sequence number. Odeslaný packet ale nejde na (např. do Tx ringu) interface, ale ocitá se vlastně v další frontě která se obsluhována dalším schedulerem - ten obsluhuje priority queue(pro cdp protokol, a další control trafic, nebo pokud se v police map nadefinována "priority" tak všechen traffic v definované třídě/class), námi vytvořené reserved queue.
To jsou queues vyšší než 256.
Zkoušel jsem aplikovat police map s použitím CBWFQ:
Service-policy output: PK
Class-map: PK (match-all)
41 packets, 14022 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol rtp audio
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 5 (%)
Bandwidth 77 (kbps) Burst 1925 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0
Class-map: class-default (match-any)
347 packets, 9924 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

A ve výpisu z interface jde vidět, že těch 256 front z class default zůstává:
Queueing strategy: Class-based queueing
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/2/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1081 kilobits/sec

Sunday, 27.09.2009 23:03 | answer