Today, let's recap briefly about policy maps before moving on. The command show policy-map interface displays statistical information about the # of bytes, # of packets, 5 minute offer rate, drop rate, match command type (all or any), and the QoS PHB set for packets matching a class. Syntax options let you specify an interface, DLCI, VCI, or a particular class map.
Keep in mind that the load-interval for an interface affects your QoS statistics. The default load measurement interval is 5 minutes but can be dropped as low as 30 seconds. One other thing to keep in mind is that policy maps are processed JUST LIKE ACLs- if you put broad match statements first you may not be properly matching traffic. A final note- interfaces with 802.1Q enabled are the only ones that will accept service-policy commands that reference CoS in policy maps or class maps.
Class Based Marking using NBAR
Packet marking is normally done as close to the ingress point as possible. CB Marking is meant to simplify the other QoS tools by setting packet markings in a uniform manner.
Once you've applied the command ip nbar protocol-discovery to an interface, you can display statistics with the command show ip nbar. These statistics will be independent of ones created by class based marking.
PDLMs (Packet Description Language Modules) are used to upgrade NBAR and allow recognition of more protocols. You load a new PDLM with the command ip nbar pdlm pdlm-name.
CB Marking Design Choices
When deciding whether to trust QoS markings already on packets during ingress, you may have to override what is present already in them. In that case, the following markings are what are usually agreed on for various packet types.
Traffic Type CoS IPP DSCP
Voice Payload 5 5 EF
Video Payload 4 4 AF41
Voice/video 3 3 CS3
Mission Critical Data 3 3 AF31, AF32, AF33
Transactional Data 2 2 AF21, AF22, AF23
Bulk Data 1 1 AF11, AF12, AF13
Best-effort Data 0 0 BE
Scavenger 0 0 2, 4, 6
Marking with Policers
The concept of a traffic contract is that you've agreed on certain values for data traffic transmission, namely the traffic rate (measured in bits/second) and the burst size (measured in bytes). If either value is exceeded, the data is subject to policing QoS actions.Note that we have two classes of data and hence two different policing policies can be applied!!
The simplest policing action is to just drop excessive traffic. However, IOS allows for a compromise action where traffic is re-marked. Cisco recommends you use CB Marking where marking requirements allow. They also state that if a traffic contract is agreed on you MUST mark with CB policers to ensure you are marking packets for compliance/exceed status.
QoS Pre-classification
When traffic is put through an encrypted tunnel, the ToS byte is the only indicator of QoS (it's copied to the new header). Features like NBAR are broken when dealing with encrypted traffic. This also affects the ability to take egress actions. To mitigate the problem, Cisco came up with QoS pre-classification.
By encrypting traffic after QoS changes are made you regain the flexibility to mark egress traffic. There are several places in the CLI where you can configure pre-classification: tunnel interface config mode, virtual-template config mode, and crypto-map config mode. The command used is qos pre-classify. A reference for where to use the command and why follows.
Config Mode VPN Type
tunnel interface GRE or IPIP
virtual-template L2F or L2TP
crypto-map IPSEC
To view the results of the command, use show interface and show crypto-map. In the output of the former, you'll see the "queuing strategy" section has a comment about qos pre-classification. In the output of the show crypto-map command the same comment will be on its own line.
Policy Routing and Marking
Policy routing uses route maps for packet classification. A set command is used to define the route. Policy routing with marking can also mark the IPP field or entire ToS byte using set commands. The logic sequence involved is:
1. Packets enter an interface and are examined.
2. A route-map is used to match packets (all or some subset)
3. Marking is done as per the set command option already chosen
The traditional routing policy option can be used to set the route, but it is not a requirement in this instance. Cisco recommends marking packets via policy routing only when CB Marking is unavailable or when you have a defined need to both policy route and mark packets entering the same interface.
AutoQOS
Basically a macro that will configure your QoS for you. Best practice includes reviewing automatically generated configs though, to make sure you understand what's being done and so you can fine tune the config to meet your needs. Benefits of using it include:
AutoQoS for VOIP
Supported on most switches and routers, this is used for both VOIP and video. CDP can be used on edge interfaces to detect the presence of a Cisco VOIP phone and auto-implement the needed configuration. On uplink or trunk ports this AutoQoS will trust the received markings for CoS or DSCP.
AutoQoS VOIP on switches
Once it is enabled for any interface, IOS configures AutoQoS globally. The access interface-level configuration command is auto qos voip { cisco-phone | cisco-softphone }. Unless a phone or softphone is discovered through CDP, all traffic is marked DSCP 0 by default. If a phone is found, the switch trusts markings received from it.
By default on ingress traffic, the following data types go to the priority queue: voice/video control traffic, real-time video traffic, voice traffic, routing protocol traffic, and STP BPDU traffic. All other traffic is queued in the normal ingress queue. On egress, voice traffic goes to the priority queue and all other traffic is distributed amongst other queues as per the QoS configuration.
You enable AutoQoS on an uplink port using the command auto qos voip trust. The trust option specifies that CoS markings (L2 interface) or DSCP settings (Layer 3 interface) from the far end are to be trusted.
A summary of the config put in place by AutoQoS includes:
Keep in mind that the load-interval for an interface affects your QoS statistics. The default load measurement interval is 5 minutes but can be dropped as low as 30 seconds. One other thing to keep in mind is that policy maps are processed JUST LIKE ACLs- if you put broad match statements first you may not be properly matching traffic. A final note- interfaces with 802.1Q enabled are the only ones that will accept service-policy commands that reference CoS in policy maps or class maps.
Class Based Marking using NBAR
Packet marking is normally done as close to the ingress point as possible. CB Marking is meant to simplify the other QoS tools by setting packet markings in a uniform manner.
Once you've applied the command ip nbar protocol-discovery to an interface, you can display statistics with the command show ip nbar. These statistics will be independent of ones created by class based marking.
PDLMs (Packet Description Language Modules) are used to upgrade NBAR and allow recognition of more protocols. You load a new PDLM with the command ip nbar pdlm pdlm-name.
CB Marking Design Choices
When deciding whether to trust QoS markings already on packets during ingress, you may have to override what is present already in them. In that case, the following markings are what are usually agreed on for various packet types.
Traffic Type CoS IPP DSCP
Voice Payload 5 5 EF
Video Payload 4 4 AF41
Voice/video 3 3 CS3
Mission Critical Data 3 3 AF31, AF32, AF33
Transactional Data 2 2 AF21, AF22, AF23
Bulk Data 1 1 AF11, AF12, AF13
Best-effort Data 0 0 BE
Scavenger 0 0 2, 4, 6
Marking with Policers
The concept of a traffic contract is that you've agreed on certain values for data traffic transmission, namely the traffic rate (measured in bits/second) and the burst size (measured in bytes). If either value is exceeded, the data is subject to policing QoS actions.Note that we have two classes of data and hence two different policing policies can be applied!!
The simplest policing action is to just drop excessive traffic. However, IOS allows for a compromise action where traffic is re-marked. Cisco recommends you use CB Marking where marking requirements allow. They also state that if a traffic contract is agreed on you MUST mark with CB policers to ensure you are marking packets for compliance/exceed status.
QoS Pre-classification
When traffic is put through an encrypted tunnel, the ToS byte is the only indicator of QoS (it's copied to the new header). Features like NBAR are broken when dealing with encrypted traffic. This also affects the ability to take egress actions. To mitigate the problem, Cisco came up with QoS pre-classification.
By encrypting traffic after QoS changes are made you regain the flexibility to mark egress traffic. There are several places in the CLI where you can configure pre-classification: tunnel interface config mode, virtual-template config mode, and crypto-map config mode. The command used is qos pre-classify. A reference for where to use the command and why follows.
Config Mode VPN Type
tunnel interface GRE or IPIP
virtual-template L2F or L2TP
crypto-map IPSEC
To view the results of the command, use show interface and show crypto-map. In the output of the former, you'll see the "queuing strategy" section has a comment about qos pre-classification. In the output of the show crypto-map command the same comment will be on its own line.
Policy Routing and Marking
Policy routing uses route maps for packet classification. A set command is used to define the route. Policy routing with marking can also mark the IPP field or entire ToS byte using set commands. The logic sequence involved is:
1. Packets enter an interface and are examined.
2. A route-map is used to match packets (all or some subset)
3. Marking is done as per the set command option already chosen
The traditional routing policy option can be used to set the route, but it is not a requirement in this instance. Cisco recommends marking packets via policy routing only when CB Marking is unavailable or when you have a defined need to both policy route and mark packets entering the same interface.
AutoQOS
Basically a macro that will configure your QoS for you. Best practice includes reviewing automatically generated configs though, to make sure you understand what's being done and so you can fine tune the config to meet your needs. Benefits of using it include:
- Simpler QoS deployment
- Fewer operator errors
- Cheaper QoS deployment because of reduced staff time creating configs
- Faster QoS deployment
AutoQoS for VOIP
Supported on most switches and routers, this is used for both VOIP and video. CDP can be used on edge interfaces to detect the presence of a Cisco VOIP phone and auto-implement the needed configuration. On uplink or trunk ports this AutoQoS will trust the received markings for CoS or DSCP.
AutoQoS VOIP on switches
Once it is enabled for any interface, IOS configures AutoQoS globally. The access interface-level configuration command is auto qos voip { cisco-phone | cisco-softphone }. Unless a phone or softphone is discovered through CDP, all traffic is marked DSCP 0 by default. If a phone is found, the switch trusts markings received from it.
By default on ingress traffic, the following data types go to the priority queue: voice/video control traffic, real-time video traffic, voice traffic, routing protocol traffic, and STP BPDU traffic. All other traffic is queued in the normal ingress queue. On egress, voice traffic goes to the priority queue and all other traffic is distributed amongst other queues as per the QoS configuration.
You enable AutoQoS on an uplink port using the command auto qos voip trust. The trust option specifies that CoS markings (L2 interface) or DSCP settings (Layer 3 interface) from the far end are to be trusted.
A summary of the config put in place by AutoQoS includes:
- Globally enabling QoS
- Create CoS-to-DSCP and DSCP-to-CoS mappings
- Enable priority ingress and egress queues
- Map CoS values to ingress and egress queues and thresholds
- Map DSCP values to ingress and egress queues and thresholds
- Create class and policy maps for voice traffic and applies them to interfaces
