CCNP Self-Study: Understanding and

Implementing Quality of Service in Cisco

Multilayer Switched Networks
 Sample Chapter is provided courtesy of Cisco Press.
 Date: May 13, 2004.

Save Digg Del.icio.us Print

Chapter Information
Contents
1. The Need for QoS
2. QoS Service Models
3. Catalyst QoS Fundamentals
4. WAN QoS
5. QoS in the Multilayer Switched Network
6. Summary
7. Configuration Exercise: Configuring QoS on Cisco IOSBased Catalyst Switches
8. Review Questions
Chapter Description
This chapter describes how QoS is an integral part of any multilayer switched network
deployment. With QoS, you can build a network of predictable behavior for latency, jitter, and
packet loss. In addition, QoS mitigates anomalous network behavior and provides for
differentiation of traffic flows.

From the Book

CCNP Self-Study: Building Cisco Multilayer

Switched Networks (BCMSN), 2nd Edition
$60.00

Configuration Exercise: Configuring QoS on Cisco

IOS–Based Catalyst Switches
Complete this configuration exercise to familiarize yourself with basic QoS configuration on
Cisco IOS–based Catalyst switches as discussed in this chapter.

Required Resources
The resources and equipment required to complete this exercise are as follows (the last two
items are optional):
  Catalyst 3550
 Terminal server or workstation connected directly to the console port of the Catalyst
3550 or out-of-band access to the Catalyst 3550
 Cisco IP Phones infrastructure supporting voice calls (this resource verifies the
configuration and is not mandatory)
 Traffic generator (this resource verifies the configuration and is not mandatory)

Exercise Objective
The purpose of this exercise is to configure a Cisco IOS–based Catalyst switch for the
following QoS features:

 Classification
 Marking
 Policing
 Congestion management
 Congestion avoidance

The exercise exposes topics such as VLANs and spanning tree found in others chapters of
this book. Nevertheless, the main purpose of this exercise is to demonstrate a QoS
configuration. In this configuration exercise, your goal is to configure a Catalyst 3550 for the
following QoS features:

 Trust ingress DSCP values for interfaces FastEthernet0/1 through 0/10 when a Cisco
IP Phone is attached
 Reclassify frames on interface FastEthernet0/11 for a CoS value of 4
 Mark ingress TCP Port 30000 frames on interface FastEthernet0/12 with a DSCP
value of 16
 Apply strict-priority queuing for VoIP traffic
 Configure high-priority queues to have a 2-to-1 (2:1) priority over low-priority queues

Network Diagram
Figure 10-18 shows the network layout for this configuration exercise.

Figure 10-18 Network Diagram for Lab Exercise

Command List
In this configuration exercise, you will use the commands listed in Table 10-7, which are in
alphabetical order so that you can easily locate the information you need. Refer to this list if
you need configuration command assistance during the configuration exercise. The table
includes only the specific parameters used in the example and not all the available options for
the command.

Table 10-7 Command List for Configuration Exercise

Command Description
access-list access-list-number ?. Access list configuration command
class-map Enters the class-map configuration
submode
configure terminal EXEC command to enter the
 configuration mode
copy running-config startup-config Copies the running configuration to
NVRAM
enable EXEC command to enter privileged
mode
end Configuration EXEC command to end
the configuration mode
exit EXEC command to exit a configuration
mode to its antecedent mode
hostname hostname Configures switch with a descriptive
name
interface Configuration command to enter an
FastEthernet | GigabitEthernet interface interface configuration mode
interface range Configuration command to configure
FastEthernet | GigabitEthernet interfaces multiple interfaces simultaneously
interface vlan vlan-id Configuration command to enter the
VLAN configuration interface mode
match access-group access-list-number Configures class-map matching
clauses
mls qos Globally enables QoS
mls qos trust device cisco-phone Interface configuration command for
trusting when a Cisco Phone is
learned via CDP on the respective
interface; works in conjunction with
the mls qos trust dscp and mls qos
trust cos commands
mls qos trust dscp Interface configuration command for
trusting DSCP values for ingress
frames
no shutdown Configures an interface in the
Administrative UP state
policy-map policy_map_name Enters the policy-map configuration
submode
priority-queue out Configures queue 4 on the Catalyst
3550 family of switches as a priority
queue
service-policy input | output policy-map- Maps a policy map to an interface for
name ingress or egress traffic
set ip dscp dscp_value Policy-map class action for marking
DSCP
show mls qos interface Displays the trusting configuration of
FastEthernet | GigabitEthernet interface an interface
spanning-tree portfast Configures an interface for the
spanning-tree PortFast feature
Switchport Configures an interface for Layer 2
operation
switchport access vlan vlan-id Configures an interface for a specific
VLAN-ID
vlan vlan-id Adds or removes a VLAN-ID in the
VLAN database
wrr-queue bandwidth weight1 weight2 For weight1 weight2 weight3 weight4,
weight3 weight4 enter the ratio that determines the
frequency in which the WRR scheduler
dequeues packets; separate each
value with a space (the range is 1 to
65536)
wrr-queue cos-map queue-id cos1 ... cos8 Configures CoS value to egress queue
mapping

Task 1: Globally Enable QoS

Step 1 Connect the Catalyst switch to a terminal server or directly to the workstation's serial
port for in-band connectivity.

Step 2 Globally enable QoS features on the switch.

Switch#configure terminal
Switch(config)#mls qos

Step 3 Verify that QoS is globally enabled.

Switch(config)#do show mls qos

QoS is enabled

NOTE

The Cisco IOS do command is a recent addition to Cisco IOS to allow execution of privileged
mode commands within configuration mode. This command saves the time and annoyance of
exiting out and re-entering configuration mode. do is only found in the most recent Cisco IOS
version, so it may not be supported in your version. If not, exit configuration mode and type
the command (minus the keyword do) in privileged mode.

Recall that for the Catalyst 4000 and 4500 families of switches running Cisco
IOS, qos commands are not prefixed with the keyword mls.

Task 2: Configure the Switch to Trust DSCP on Interfaces

FastEthernet0/1 Through 0/10 If a Cisco IP Phone Is Attached
Step 1 Enter the range command to configure multiple interfaces simultaneously.

Switch(config)#interface range FastEthernet 0/1 -10

Step 2 Specify an access VLAN for IP Phones (voice VLANs are not used in this exercise).

Switch(config-if-range)#switchport access vlan 500

Step 3 Configure the switch to trust DSCP for incoming frames only if Cisco IP Phones are
attached to the interface.

Switch(config-if-range)#mls qos trust dscp

Switch(config-if-range)#mls qos trust device cisco-phone
Step 4 Configure the interfaces for spanning-tree PortFast.

Switch(config-if-range)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a
single
host. Connecting hubs, concentrators, switches, bridges, etc...
to this
interface when portfast is enabled, can cause temporary bridging
loops.
Use with CAUTION
%Portfast will be configured in 10 interfaces due to the range
command
but will only have effect when the interfaces are in a non-
trunking mode.

Step 5 Enable the interfaces.

Switch(config-if-range)#no shutdown

Step 6 Verify the QoS configuration.

Switch#show mls qos interface FastEthernet 0/1

FastEthernet0/1
trust state: not trusted
trust mode: trust dscp
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
trust device: cisco-phone

Task 3: Configure the Switch to Classify All Incoming Frames

on Interface FastEthernet 0/11 with a CoS Value of 4 for
Untagged Frames
Step 1 Enter the interface configuration mode for FastEthernet0/11.

Switch(config)#interface FastEthernet 0/11

Step 2 Configure the interface to classify all ingress frames with a CoS value of 4.

Switch(config-if)#mls qos cos 4

Step 3 Verify the QoS configuration.

Switch#(config-if)#do show mls qos interface FastEthernet 0/11

FastEthernet0/11
 trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 4
DSCP Mutation Map: Default DSCP Mutation Map
trust device: none

Task 4: Configure a Policy Map, Class Map, and the Interface

Such That All Ingress TCP Port 30000 Packets on
FastEthernet0/11 Have Their DSCP Set to 16
Step 1 Configure an access list to match packets on TCP port 30000.

Switch(config)#access-list 100 permit tcp any any eq 30000

Step 2 Configure a traffic profile using a class map.

Switch(config)#class-map TCP-PORT-30k
Switch(config-cmap)#match access-group 100
Switch(config-cmap)#exit

Step 3 Configure a policy map to apply the class map in Step 2 to the class action of setting
the DSCP to 16.

Switch(config)#policy-map BCMSN
Switch(config-pmap)#class TCP-PORT-30k
Switch(config-pmap-c)#set ip dscp 16
Switch(config-pmap-c)#exit
Switch(config-pmap)#exit

Step 4 Apply the policy-map ingress on interface FastEthernet0/11.

Switch(config)#interface FastEthernet 0/11

Switch(config-if)#service-policy input BCMSN
Switch(config-if)#exit

Step 5 Verify the policy-map configuration.

Switch#show policy-map interface FastEthernet 0/11

FastEthernet0/11

service-policy input: BCMSN

 class-map: TCP-PORT-30k (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
match: access-group 100

class-map: class-default (match-any)

0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
match: any
0 packets, 0 bytes
5 minute rate 0 bps

Task 5: Configure All Egress Queues Such That CoS Values

4, 6, and 7 Use Queue 3 and a CoS Value of 5 Uses Queue 4
Step 1 Enter the range command to configure multiple interfaces simultaneously.

Switch(config)#interface range FastEthernet 0/1 -24

Step 2 Configure interfaces for appropriate CoS mapping.

Switch(config-if)#wrr-queue cos-map 4 5
Switch(config-if)#wrr-queue cos-map 3 4 6 7
Switch(config-if)#exit

Task 6: Configure Queue 4 as a Strict-Priority Queue

Step 1 Enter the range command to configure multiple interfaces simultaneously.

Switch(config)#interface range FastEthernet 0/1 -24

Step 2 Configure queue 4 as a strict-priority queue.

Switch(config-if)#priority-queue out

Task 7: Configure WRR Weights Such That Queue 3

Receives Twice as Much Service as Any Other Single Queue
Step 1 Enter the range command to configure multiple interfaces simultaneously.

Switch(config)#interface range FastEthernet 0/1 -24

Step 2 Configure queue 3 with twice the service level as that of any other queue.

Switch(config-if)#wrr-queue bandwidth 20 20 40 20
Step 3 Verify the WRR configuration.

Switch#show mls qos interface FastEthernet 0/1 queueing

FastEthernet0/1
Egress expedite queue: ena
wrr bandwidth weights:
qid-weights
1 - 20
2 - 20
3 - 40
4 - 20 when expedite queue is disabled
Cos-queue map:
cos-qid
0 - 1
1 - 1
2 - 2
3 - 2
4 - 3
5 - 4
6 - 3
7 - 3

Task 8: Verify All Configurations by Viewing Interface

Statistics
Switch#show mls qos interface FastEthernet 0/1 statistics
FastEthernet0/1
Ingress
dscp: incoming no_change classified policed dropped (in bytes)
Others: 97663325 87828650 9834675 0 0
Egress
dscp: incoming no_change classified policed dropped (in bytes)
Others: 30540345 n/a n/a 0 0
Note - Cisco AutoQoS is available in the following Cisco IOS software releases—
Cisco IOS Software Release 12.1E or later for the Cisco Catalyst 2950 and 3550
Series switches; Cisco IOS Software Release 12.2T or later for the Cisco 2600,
2600XM, 3600, 3700, and 7200 Series routers; Cisco IOS Software Release 12.1E or
later for the Cisco Catalyst 4500 Series switches; and Cisco Catalyst Operating
System 7.5.1 or later for the Cisco Catalyst 6500 Series switches. For current
information concerning AutoQoS platform support, check Cisco's Feature
Navigator at http://www.cisco.com/go/fn.

Configuring AutoQoS on a Router

On a router platform, the following command enables AutoQoS from either
interface configuration mode or from DLCI configuration mode (for a Frame Relay
circuit):

Router(config-if)#auto qos voip [trust] [fr-atm]

The trust option indicates that AutoQos should classify voice traffic based on Layer
3 Differentiated Services Code Point (DSCP) priority markings, instead of using
Network-Based Application Recognition (NBAR). The fr-atm option enables the
AutoQoS feature for Frame Relay-to-ATM links and is issued from DLCI
configuration mode.

Before enabling AutoQoS on a router interface, consider the following

prerequisites:

 Cisco Express Forwarding (CEF) must be enabled, because AutoQoS uses

NBAR, which requires the CEF feature.

 A QoS policy must not be currently attached to the interface.

 The correct bandwidth should be configured on the interface, using

the bandwidth command.

 An IP address must be configured on an interface if its speed is less than 768

kbps.

 The interface must not be administratively shut down.

Note that the interface's bandwidth determines which AutoQoS features are
enabled. If an interface's bandwidth is less than 768 kbps, it is considered a low-
speed interface. On a low-speed interface, AutoQoS configures Multilink PPP (MLP),
which requires an IP address on the physical interface. AutoQoS takes the IP
address from the physical interface and uses it for the virtual multilink interface
that it creates.
1 second of 27 secondsVolume 0%
 
To verify that AutoQoS is configured for a router interface, use the following
command:

Router#show auto qos [interface interface-identifier]

To illustrate some of the configuration changes that AutoQoS can perform,

consider the configuration of a serial interface shown in Example 7-1, without
AutoQoS enabled.

Example 7-1   Router Configuration Without AutoQoS

interface Serial0/0

bandwidth 128

ip address 10.1.1.1 255.255.255.0

encapsulation ppp

Example 7-2 illustrates the configuration changes after entering the auto qos
voip command for interface Serial 0/0.

Example 7-2 Router Configuration with AutoQoS

class-map match-any AutoQoS-VoIP-Remark

class-map match-any AutoQoS-VoIP-Remark

match ip dscp ef

match ip dscp cs3

match ip dscp af31

class-map match-any AutoQoS-VoIP-Control-UnTrust

match access-group name AutoQoS-VoIP-Control

class-map match-any AutoQoS-VoIP-RTP-UnTrust

match protocol rtp audio

match access-group name AutoQoS-VoIP-RTCP

policy-map AutoQoS-Policy-UnTrust
class AutoQoS-VoIP-RTP-UnTrust

priority percent 70

set dscp ef

class AutoQoS-VoIP-Control-UnTrust

bandwidth percent 5

set dscp af31

class AutoQoS-VoIP-Remark

set dscp default

class class-default

fair-queue

interface Multilink2001100114

bandwidth 128

ip address 10.1.1.1 255.255.255.0

service-policy output AutoQoS-Policy-UnTrust

ip tcp header-compression iphc-format

ppp multilink

ppp multilink fragment delay 10

ppp multilink interleave

ppp multilink group 2001100114

ip rtp header-compression iphc-format

interface Serial0/0

bandwidth 128

no ip address

encapsulation ppp
auto qos voip

clockrate 128000

no fair-queue

ppp multilink

ppp multilink group 2001100114

ip access-list extended AutoQoS-VoIP-Control

permit tcp any any eq 1720

permit tcp any any range 11000 11999

permit udp any any eq 2427

permit tcp any any eq 2428

permit tcp any any range 2000 2002

permit udp any any eq 1719

permit udp any any eq 5060

ip access-list extended AutoQoS-VoIP-RTCP

permit udp any any range 16384 32767

rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice
Drops"

owner AutoQoS

rmon alarm 33333 cbQosCMDropBitRate.1081.1083 30 absolute rising-threshold 1

33333

falling-threshold 0 owner AutoQoS

The bandwidth configured for interface Serial 0/0 was set to 128 kbps. Therefore,
AutoQoS determined that certain link efficiency mechanisms (for example,
Multilink PPP, RTP Header Compression, and TCP Header Compression) were
appropriate. AutoQoS, therefore, automatically configured these link efficiency
mechanisms in addition to multiple other QoS mechanisms, including
classification, marking, LLQ, and Remote Monitoring (RMON) traps to alert
administrators if packet drops are excessive.
AutoQoS for Enterprise
Introduced in Cisco IOS Software Release 12.3(7)T, AutoQoS for Enterprise extends
the capabilities of AutoQoS on a Cisco router platform. Specifically, AutoQoS for
Enterprise allows a router to recognize multiple protocols traversing an interface
and recommends a customized policy, based on learned traffic patterns.

To configure a router's interface to begin learning traffic patterns, enter the

following command in interface configuration mode:

Router(config-if)#auto discovery qos

After entering the previous command, wait for a period of time for the router to
learn the traffic patterns crossing the interface. The ability to dynamically learn
these patterns is made possible by the Cisco IOS software's NBAR feature.

After waiting a period of time (for example, 30 minutes to an hour in a time period
representative of peak network usage) during which the router is learning the
traffic patterns of the network, enter the following command to view the router's
findings and to see the recommended policy for the interface:

Router#show auto discovery qos

Example 7-3 offers an example of the output received after issuing the show auto
discovery qos command.

Example 7-3 Output from the show auto discovery qos Command

R4#show auto discovery qos

Serial0/0

AutoQoS Discovery enabled for applications

Discovery up time—46 seconds

AutoQoS Class information:

Class Voice—

Recommended Minimum Bandwidth—40 Kbps/31% (PeakRate)

Detected applications and data:

Application/ AverageRate PeakRate Total

Protocol (kbps/%) (kbps/%) (bytes)

----------- ----------- --------

------------
 rtp audio 28/21 40/31 161160

Class Interactive Video—

No data found.

Class Signaling—

Recommended Minimum Bandwidth—0 Kbps/0% (AverageRate)

Detected applications and data:

Application/ AverageRate PeakRate Total

Protocol (kbps/%) (kbps/%) (bytes)

----------- ----------- -------- ------------

skinny 0/0 0/0 3648

Class Streaming Video—

No data found.

Class Transactional—

No data found.

Class Bulk—

No data found.

Class Scavenger—

No data found.

Class Management—

No data found.

Class Routing—

Recommended Minimum Bandwidth—0 Kbps/0% (AverageRate)

Detected applications and data:

Application/ AverageRate PeakRate Total

Protocol (kbps/%) (kbps/%) (bytes)

----------- ----------- --------

------------

eigrp 0/0 0/0 640

 icmp 0/0 0/0 120

Class Best Effort—

Current Bandwidth Estimation—77 Kbps/60% (AverageRate)

Detected applications and data:

Application/ AverageRate PeakRate Total

Protocol (kbps/%) (kbps/%) (bytes)

----------- ----------- --------

------------

http 77/60 110/85 446413

unknowns 0/0 0/0 104

Suggested AutoQoS Policy for the current uptime:

class-map match-any AutoQoS-Voice-Se0/0

match protocol rtp audio

policy-map AutoQoS-Policy-Se0/0

class AutoQoS-Voice-Se0/0

priority percent 31

set dscp ef

class class-default

fair-queue

If you find the suggested policy acceptable and wish to apply the dynamically
created policy, go into interface configuration mode for the monitored interface
and enter the following command:

Router(config-if)#auto qos

This auto qos command applies the recommended policy to the router.

Configuring AutoQoS on a Catalyst Switch

The QoS mechanisms on a Catalyst switch differ from those QoS mechanisms
found on a router. For example, while a router uses LLQ as a priority queuing
strategy, a Catalyst switch might use weighted round-robin (WRR) as a priority
queuing strategy. Fortunately, the AutoQoS feature available on some Catalyst
switch models (for example, the Cisco Catalyst 2950(EI) and 3550 Series) apply
voice-specific QoS features globally to a Catalyst switch and also at the port level.

To configure AutoQoS on supported Catalyst switch platforms (running the Native

IOS), issue the following command from interface configuration mode:

Switch(config-if)#auto qos voip [trust | cisco-phone]

If the trust option is used in the previous command, the Catalyst switch makes

queuing decisions based on Layer 2 Class of Service (CoS) markings. However, if
the cisco-phone option is used, the Catalyst switch makes queuing decisions
based on CoS markings originating from a Cisco IP phone. The switch detects the
presence of a Cisco IP phone via the CDP.

To illustrate the configuration changes made by a Catalyst switch's AutoQoS

feature, consider Example 7-4, which shows the initial configuration of interface
Gigabit 0/1 on a Catalyst 3550 switch.

Example 7-4 Catalyst Switch Configuration Without AutoQoS

interface GigabitEthernet0/1

no ip address

Example 7-5 illustrates the configuration changes after entering the auto qos voip
cisco-phone command for interface Gigabit 0/1.

Example 7-5 Catalyst Configuration with AutoQoS

mls qos map cos-dscp 0 8 16 26 32 46 48 56

mls qos

interface GigabitEthernet0/1

no ip address

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

wrr-queue bandwidth 20 1 80 1
 wrr-queue queue-limit 80 1 20 1

wrr-queue cos-map 1 0 1 2 4

wrr-queue cos-map 3 3 6 7

wrr-queue cos-map 4 5

priority-queue out

Example 7-5 demonstrates that the AutoQoS feature configured the Catalyst switch
to enable QoS globally (with the mls qos command) and remark Layer 2 CoS
markings to Layer 3 Differentiated Services Code Point (DSCP) markings (with
the mls qos map cos-dscp command). Also, AutoQoS configured WRR for interface
Gigabit 0/1 and placed traffic with a CoS value of 5 (that is, voice traffic) in a priority
queue, which is emptied ahead of other queues.

Implementing Call Admission Control

To prevent oversubscription of VoIP networks, the number of voice calls allowed
on the network must be limited. This section describes the configuration
parameters for implementing CAC, which can prevent oversubscription of WAN
resources.

Effects of Bandwidth Oversubscription

QoS tools such as queuing ensure that voice traffic receives priority over data
traffic. However, if a network link is oversubscribed with too much voice traffic,
data packets are dropped, and the remaining voice calls suffer because they must
compete for bandwidth available to the low-latency queue.

Figure 7-5 illustrates the effect of voice oversubscription. Using LLQ, voice traffic is
directed into a priority queue (PQ) while all other traffic is directed into various
CBWFQ queues. Note that the priority queue forwards packets while the data
packets, destined for the CBWFQ queues, are denied entry to the queue and are
dropped. In the case shown in Figure 7-5, even the priority queue buffer is full.
Therefore, the voice packets are competing with other voice packets for access to
the network link. This situation results in a degradation of all voice calls on this
link.

Figure 7-5

Effect of Oversubscription
CAC Operation
CAC can function on the outgoing gateway and base its decision on nodal
information, such as the state of the outgoing LAN or WAN link. For example, if the
local IP network link is down, there is no point in executing complex decision logic
based on the state of the rest of the network, because the network is unreachable.

As another example, if the network designer already knows that bandwidth

limitations allow no more than two calls across the outgoing WAN link, as
illustrated in Figure 7-6, then the local node can be configured to allow no more
than two calls. You can configure this type of CAC on outgoing dial peers.

Figure 7-6

The Need for CAC

RSVP
RSVP is the only CAC mechanism that makes actual bandwidth reservations for
calls. RSVP offers the unique advantage of not only providing CAC for voice but also
guarantees the QoS against changing network conditions for the duration of the
call. The RSVP reservation is made in both directions because a voice call requires
a two-way speech path. Therefore, bandwidth is reserved in both directions, as
depicted in Figure 7-7.

Figure 7-7

RSVP

The terminating gateway ultimately makes the CAC decision based on whether
both reservations succeed. At that point, H.323 continues with either an H.225
Alerting/Connect (the call is allowed and proceeds), or with an H.225
Reject/Release (the call is denied). The RSVP reservation is in place by the time the
destination phone starts ringing and the caller hears ringback.

RSVP has the following important differences from other CAC methods discussed in
this section:
Related: 

 Networking