Classification
Ethernet Layer 2 - Class of Service (CoS) - in ISL header or 802.1q frame, 3 bits
IP Layer 3 - IP precedence or Differentiated Services Code Point (DSCP) inside Type of Service (ToS), 3 bits or 6 bits respectively
MPLS Layer 2 - Experimental bits (EXP) - corresponds to L3 IP precedence, 3 bits
Frame Relay Layer 2 - Discard Eligible bit (DE), only 1 bit, marked frame is susceptible to dropping (if necessary)
ATM Layer 2 - Cell Loss Priority (CLP), only 1 bit, more likely to be discarded in case of congestion
Link Efficiency Management
One area that also belongs to QoS, and which I haven't addressed yet, is the efficient use of a slow link (speed up to 768 kbps). The main methods used here are content compression, header compression, and packet fragmentation.
Header Compression
RTP Header Compression (cRTP) - compresses IP, UDP and RTP headers (i.e., layers L3 and L4), which is 20+8+12 = 40B, which it can reduce to 2B or 4B if we preserve the original UDP checksum. It's set on point-to-point links on both sides. Each interface that receives the packet must first decompress it. It's advantageous for packets with small content of 20 to 50B. It's based on the fact that between the headers of individual packets within an RTP stream, there are only minimal differences.
ROUTER(config-if)#frame-relay ip rtp header-compression
TCP Header Compression - compresses TCP/IP header. It's based on removing redundant data (tcp session has the same header in each packet), so common information is sent only at the beginning of the session and stored in a dictionary. Suitable for communication with small packets, such as telnet, over slow links like 64kbps.
ROUTER(config-if)#frame-relay ip tcp header-compression
Link Fragmentation and Interleaving - LFI
LFI is an L2 technique that divides large frames into smaller ones of the same size and transmits them on the link interleavedly (allows other frames to be inserted between them). The advantage is that other small packets (such as telnet, VoIP) get on the link quickly (they don't have to wait for a large frame to be sent). It reduces queuing delay (how long a frame remains in the output queue), mainly serialization delay (how quickly data gets on the link), thus reducing delay and jitter (delay variation). It's mainly used on slow links where there's a large serialization delay.
QoS pre-classification - QoS for VPN
This technique allows the router to create a copy of the inner IP header and perform QoS classification before encryption according to the data in the inner header. It's used with VPN. If we classify according to ToS, we don't need to use qos pre-classify, because the ToS value is copied to the outer header. It allows using source and destination IP and original port numbers.
Service policy can be applied to the tunnel interface or to the physical interface lying under it. It's supported for IPsec and GRE. For IPsec it's applied to crypto map, for GRE tunnel to tunnel interface.
ROUTER(config-crypto-map)#qos pre-classify
Control Plane Policing - CoPP
CoPP offers protection for the Route Processor against DoS attacks, it allows setting a QoS filter on the Control Plane - CP. This is a group of rules applied to the input and output of CP, it treats it as a separate unit with its own ports. CP is a summary of processes that run on the Route Processor. CoPP protects the control and management plane.
SWITCH(config)#control-plane SWITCH(config-cp)#service-policy input control-plane-policy
Cisco Router and Security Device Manager - SDM
SDM is a GUI for easy configuration and management of routers, it's provided free with all routers. It allows setting up NAT, IPS, VPN, QoS, NAC, FW and LAN and WAN interfaces. It can detect errors in configuration and suggest fixes. It contains a number of simple configuration wizards.
SDM QoS wizard performs validation of bandwidth utilization by applications in real-time using NBAR. We can use it to optimize LAN, WAN and VPN interfaces. It has predefined categories:
- real-time - two classes (VoIP and signaling)
- business-critical - three classes (transactional, network management, routing)
- best-effort - no QoS
Auto-QoS
In the fifth part of the series, I've already mentioned the Auto-QoS function. But it was in connection with the switch. Now we'll focus more on routers.
Auto-QoS comes in two types: VoIP and Enterprise. It requires enabled CEF (Cisco Express Forwarding) and on the interface we want to configure with it, there must be no existing QoS Policy. AutoQoS Enterprise is supported on router interfaces and uses NBAR for traffic analysis (which takes some time and maps traffic on the interface). After performing the analysis, it configures the interface for up to 10 classes. If parameters change, it must be invoked again.
AutoQoS is supported on PPP, HDLC, slow ATM PVC point2point. It configures WRED, Shaping, Classification using NBAR. It creates and sets up class and policy maps. Depending on the interface type and bandwidth, it sets LFI, LLQ, compressed RTP. It creates a trust boundary on access ports and uplink. If needed, it changes queue sizes and weights.
The following command displays the configuration of interfaces, policy and class maps. It also works on the switch, but there it displays interfaces and what auto-qos is configured on them.
ROUTER#show auto qos
Chcel by som sa spytat, ci sa horeuvedene metody pouzivaju aj na rychlejsich linkach. Napr prinesie to citelne zlepsenie aj na 10Mb/s linke(asi je to hlupa otazka, no chcem to pocut)
A chcel by som sa este spytat, ci mate niekto skusenosti s rozbehanim SDM na virtualizovanom routeri(napr pod GNS3). Pred casom som sa s tym hral podarilo sa mi cez SDM na router nahlasit, no takmer nic sa nedalo zmenit.
respond to [1]joe07: S Link Efficiency Management nemám praktické zkušenosti, ale všude se uvádí, že je to pouze pro pomalé linky. Člověk se musí zamyslet, jaké by byly výkonnostní nároky pro kompresi při určité rychlosti. Nebo jaké je serializační zpoždění na rychlé lince (většinou zanedbatelné).
zdravim, prosimte mohl by jsi mi popsat jednoduchy QOS aby mel nejvyssi prioritu VPN tunel resp. (IPsec)?