QoS is a pretty big area on the CCIE exam topic list, it's certainly the largest single topic, IPv4 has 9 different areas, but these are broken down into protocols, so can be considered separate, whereas QoS is all one major topic, and has six sub-topics (but OK, you could argue that these are as separate as EIGRP and OSPF are in IPv4...), anyway, it's a big topic.
QoS isn't something I have done anything with so far, either on this blog or in the workplace, so it's all new to me, as are some other topics I'll need to cover. But let's get started.
QoS is covered by part 8 on the exam list, and 8.10 lists the following:
8.10 Implement Modular QoS CLI (MQC)
(a) Network-Based Application Recognition (NBAR)
(b) Class-based weighted fair queuing (CBWFQ), modified deficit round robin (MDRR), and low latency queuing (LLQ)
(c) Classification
(d) Policing
(e) Shaping
(f) Marking
(g) Weighted random early detection (WRED) and random early detection (RED)
(h) Compression
So lets start at the beginning with the MQC
QoS and the MQC
QoS has been around on Cisco devices for ages, there were many different tools, with different commands and configurations, then life was made easier and everything was bundled into the Modular QoS CLI (MQC). MQC is a method of catgorizing classification, marking, policing and shaping into logical groups. MQC based tools all begin with "Class-Based" - or CB for short - such as Class-Based Weighted Fair Queuing (CBWFQ).MQC has three components, a class-map (classifies packets into classes), the PHB (Per-Hop Behaviour - or the actions to take) and the policy-map (which is configured on an interface). The interface calls a service-policy which references our policy-map, which in turn calls our class-map:
class-map myclassmap1
#set match commands
policy-map mypolicymap1
class myclassmap1
#actions to take
interface serial 0/0
service-policy output mypolicymap1
Policy maps can reference multiple class maps, and with that let's take a look at class maps.
MQC Class Maps
Let's start with the class-map command:R1(config)#class-map ? WORD class-map name match-all Logical-AND all matching statements under this classmap match-any Logical-OR all matching statements under this classmap type Configure CPL Class Map R1(config)#class-mapWe can either specify a class-map name or using one of the match- commands specify whether we are going to use ANDing or ORing. Type gives us the following options:
R1(config)#class-map type ? access-control access-control specific class-map control Configure a control policy class-map inspect Configure Firewall Class Map logging Class map for control-plane packet logging multicast-flows multicast class-maps port-filter Class map for port filter queue-threshold Class map for queue threshold stack class-map for protocol header stack specification urlfilter Config Class map for local URL filtering waas Configure a WAAS Class MapFor the moment we will just look at the first option and give our class-map a name:
R1(config)#class-map MYFIRSTCLASS R1(config-cmap)#? Class-map configuration commands: description Class-Map description exit Exit from class-map configuration mode match classification criteria no Negate or set default values of a commandSo lets give it a description and start matching some packets. Doing "match ?" shows what you can match:
R1(config-cmap)#match ? access-group Access group any Any packets application Application to match class-map Class map cos IEEE 802.1Q/ISL class of service/user priority values destination-address Destination address discard-class Discard behavior identifier dscp Match DSCP in IPv4 and IPv6 packets fr-de Match on Frame-relay DE bit fr-dlci Match on fr-dlci input-interface Select an input interface to match ip IP specific values metadata Metadata to match mpls Multi Protocol Label Switching specific values not Negate this match result packet Layer 3 Packet length precedence Match Precedence in IPv4 and IPv6 packets protocol Protocol qos-group Qos-group source-address Source address vlan VLANs to matchWe'll start by matching a protocol. If you do "match protocol ?" you will find loads and loads of options (too many to list here), so for the moment lets match icmp:
R1(config)#class-map MYFIRSTCLASS R1(config-cmap)#description My First Class-Map R1(config-cmap)#match protocol icmpNow we need a Policy map so that we can use our class map.
MQC Policy Maps
In order to use our class-map we need a policy map.R1(config)#policy-map MYFIRSTPOLICY R1(config-pmap)#? Policy-map configuration commands: class policy criteria description Policy-Map description exit Exit from policy-map configuration mode no Negate or set default values of a command R1(config-pmap)#description My First Policy Map R1(config-pmap)#class MYFIRSTCLASS R1(config-pmap-c)#? Policy-map class configuration commands: bandwidth Bandwidth compression Activate Compression drop Drop all packets exit Exit from QoS class action configuration mode fair-queue Enable Flow-based Fair Queuing in this Class log Log IPv4 and ARP packets measure Measure netflow-sampler NetFlow action no Negate or set default values of a command police Police priority Strict Scheduling Priority for this Class queue-limit Queue Max Threshold for Tail Drop random-detect Enable Random Early Detection as drop policy service-policy Configure QoS Service Policy set Set QoS values shape Traffic ShapingSo there is a lot we can do with our class-map. We can compress packets, drop them, enable fair-queuing, sample them using netflow, police them and drop depending on how well our network is performing, along with all the other options.
For the moment I want to drop ICMP traffic. To see this in action I have set up two routers, joined by their FastEthernet interfaces using the IP addresses 10.250.1.1 and 10.250.1.2.
R1#ping 10.250.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.250.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/25 ms R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#policy-map MYFIRSTPOLICY R1(config-pmap)#class MYFIRSTCLASS R1(config-pmap-c)#drop R1(config-pmap-c)#exit R1(config-pmap)#exit R1(config)#exit R1#Now we need to "attach" this policy map to our interface
R1(config)#int f0/0 R1(config-if)#service-policy output MYFIRSTPOLICY R1(config-if)#exit R1(config)#exit R1#And we can see the before and after effects from the other router:
R2#ping 10.250.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.250.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 10/11/15 ms R2#ping 10.250.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.250.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R2#So there we have a very basic example. Just dropping traffic isn't really the best usage of QoS - after all it's about improving quality rather than just dropping traffic (unless we are dropping marked traffic in order to improve other traffic - but that's for later). Let's see what we can do to our ping packets instead, and for that we need to know a bit about DSCP classes and values.
DSCP
If we fire up Wireshark and look at a ping packet we can see that in the IPv4 details we have a Differentiated Services Field, and the value is set to 0x00:
But what does this value mean and what's DSCP anyway?
Within an IP header are different byte fields. Originally this included a 1-byte field called the type of Service (ToS) byte - and this was used to mark a packet for QoS. The ToS byte included the IP Precedence field (IPP) and this was numbered from 0 to 7 (as it used the high-order 3 bits):
| Name | Decimal Value | Binary Value |
| Routine | Precedence 0 | 000 |
| Priority | Precedence 1 | 001 |
| Immediate | Precedence 2 | 010 |
| Flash | Precedence 3 | 011 |
| Flash Override | Precedence 4 | 100 |
| Critical | Precedence 5 | 101 |
| Internetwork Control | Precedence 6 | 110 |
| Network Control | Precedence 7 | 111 |
Differentiated Services (DiffServ) then came along and needed three more bits, the ToS byte got renamed to the Differentiated Service (DS) field, and IPP was replaced witha 6-bit field called the Differentiated Services Code Point (DSCP) field. The low-order 2 bits of which is ised for Explicit Congestion Notification (ECN), which you can also see in the Wireshark output above.
There is a lot of commonality between IPP and and DSCP, they are numbered from CS0 (meaning Class Selector) to CS7 and the binary values match those of IPP:
| DSCP Class Selector Name | Binary |
|---|---|
| Default/CS0 | 000000 |
| CS1 | 001000 |
| CS2 | 010000 |
| CS3 | 011000 |
| CS4 | 100000 |
| CS5 | 101000 |
| CS6 | 110000 |
| CS7 | 111000 |
Now if we set our DSCP value to CS4
R1(config)#policy-map MYFIRSTPOLICY R1(config-pmap)#class MYFIRSTCLASS R1(config-pmap-c)#set dscp ? <0-63> Differentiated services codepoint value af11 Match packets with AF11 dscp (001010) af12 Match packets with AF12 dscp (001100) af13 Match packets with AF13 dscp (001110) af21 Match packets with AF21 dscp (010010) af22 Match packets with AF22 dscp (010100) af23 Match packets with AF23 dscp (010110) af31 Match packets with AF31 dscp (011010) af32 Match packets with AF32 dscp (011100) af33 Match packets with AF33 dscp (011110) af41 Match packets with AF41 dscp (100010) af42 Match packets with AF42 dscp (100100) af43 Match packets with AF43 dscp (100110) cos Set packet DSCP from L2 COS cs1 Match packets with CS1(precedence 1) dscp (001000) cs2 Match packets with CS2(precedence 2) dscp (010000) cs3 Match packets with CS3(precedence 3) dscp (011000) cs4 Match packets with CS4(precedence 4) dscp (100000) cs5 Match packets with CS5(precedence 5) dscp (101000) cs6 Match packets with CS6(precedence 6) dscp (110000) cs7 Match packets with CS7(precedence 7) dscp (111000) default Match packets with default dscp (000000) ef Match packets with EF dscp (101110) qos-group Set packet dscp from QoS Group. R1(config-pmap-c)#set dscp cs4 R1(config-pmap-c)#exit R1(config-pmap)#exit R1(config)#int f0/0 R1(config-if)#serv R1(config-if)#service-policy out R1(config-if)#service-policy output MYFIRSTPOLICY R1(config-if)#We can then see this in Wireshark:
We have some other options we could have chosen - those beginning with AF, we could have set the DSCP manually (<0-63>) or set ef or qos-group. The AF values are for Assured Forwarding, and ef is for Expedited Forwarding.
Assured Forwarding
Assured Forwarding defines four classes for queuing, and each of these has three levels of "drop probability", allowing for 12 different values or levels. The first number (1-4) is the queue that the packet is in, and the second number (1-3) is its drop probability.| Queue Class | Low Drop Probability | Medium drop Probability | High drop Probability |
| Name / Decimal / Binary | Name / Decimal / Binary | Name / Decimal / Binary | |
| 1 | AF11 / 10 / 001010 | AF12 / 12 / 001100 | AF13 / 14 / 001110 |
| 2 | AF21 / 18 / 010010 | AF22 / 20 / 010100 | AF23 / 22 / 010110 |
| 3 | AF31 / 26 / 011010 | AF32 / 28 / 011100 | AF33 / 30 / 011110 |
| 4 | AF41 / 34 / 100010 | AF42 / 36 / 100100 | AF43 / 38 / 100110 |
Expedited Forwarding
Expedited Forwarding (EF) queues packets to that they are scheduled quicker, EF packets are also policed so that they do not starve other queues. The DSCP value in decimal is 46, and the binary value is 101110.I think this is a good point to end at. So we can let things sink in a bit before moving on to a deeper delve into classification using class-maps.