Copyright © 2000, Cisco Systems, Inc. 1
© 2000, Cisco Systems, Inc.
Infrastructure
Quality of Service
Infrastructure
Quality of Service
Copyright © 2000, Cisco Systems, Inc. 2
© 2000, Cisco Systems, Inc. www.cisco.com econ_0386_09_010.ppt
Keep All Graphics Inside This Box
Objectives
Objectives
Upon completion of this module, you will be
able to perform the following tasks:
• Describe the purpose of classification and marking
• Explain IP Precedence and Diff-Serv
• Describe Quality of Service policy using Modular
QoS Command Line Interface (CLI)
• Explain Network Based Application Recognition
(NBAR)
Copyright © 2000, Cisco Systems, Inc. 3
© 2000, Cisco Systems, Inc. www.cisco.com econ_0386_09_010.ppt
Keep All Graphics Inside This Box
Objectives
Objectives
• Describe forms of packet, frame, or cell marking
• Describe the purpose and benefits of Resource
Reservation Protocol (RSVP) and Common Open
Policy Service (COPS)
• Explain briefly how RSVP and COPS work
• Describe each of the Cisco QoS management
products

30 Kbps
300 Kbps
• Remote site has a 350 Kbps CIR FR link
• Bursty applications contending for bandwidth
reduce collective throughput. Customer needs
better throughput
• What can we do to improve things?
These are charts from Ganymede Chariot used in a lab based on FIFO (no
queuing). TCP traffic was going all over the chart. With nothing controlling the
traffic, throughput is horrible and completely unpredictable!
With Traffic Shaping, Frame Relay DE bit setting, Class-Based Weighted Fair
Queuing (CBWFQ), and Weighted Random Early Detection (WRED) enabled, the
network is much more well behaved.
We’ll discuss CBWFQ and WRED in the Queuing module.
In this section we’ll look at techniques for Classification and Marking. These are
the beginning of solving the example customer’s problem.
Classification and Marking do not in themselves solve the customer problem. They
do however allow us to apply queuing and shaping techniques, both in the edge
router doing the classification and marking, and in the downstream routers in the
network.
Classification and Marking will be further defined in the following slides.
Terminology:
CIR Committed Information Rate
Copyright © 2000, Cisco Systems, Inc. 7
© 2000, Cisco Systems, Inc. www.cisco.com econ_0386_09_010.ppt
Keep All Graphics Inside This Box
Internet
Classification and marking of packets at the
edge of the network makes the packets
accessible to QoS handling within the network

Without classification, all packets will be
treated the same
Classification entails using a traffic descriptor to categorize a packet within a
specific group to define that packet and make it accessible for QoS handling on the
network. Using packet classification, you can partition network traffic into
multiple priority levels or classes of service. When traffic descriptors are used to
classify traffic, the source agrees to adhere to the contracted terms and the network
promises a quality of service. Traffic policers, such as Committed Access Rate's
(CARs) rate-limiting feature, and traffic shapers, such as Frame Relay Traffic
Shaping (FRTS) and Generic Traffic Shaping (GTS), use a packet's traffic
descriptor—that is, its classification—to ensure adherence to the contract.
Packet classification is pivotal to policy techniques that select packets traversing a
network element or a particular interface for different types ofQoS service. For
example, you can use classification to mark certain packets for IP Precedence and
you can identify others as belonging to a Resource Reservation Protocol (RSVP)
flow.
Methods of classification were once limited to use of the contents of the packet
header. Today's methods of marking a packet with its classification allow you to
set information in the Layer 2, 3, or 4 headers, or even to set information within
the packet's payload. Criteria for classification of a group might be as broad as
“traffic destined for subnetwork X” or as narrow as a single flow.
Copyright © 2000, Cisco Systems, Inc. 9
© 2000, Cisco Systems, Inc. www.cisco.com econ_0386_09_010.ppt
Keep All Graphics Inside This Box
Marking
What is it?
Marking
What is it?
Marking is…
• The QoS feature component that “colors” a

What Is Modular QoS CLI
(MQC)?
What Is Modular QoS CLI
(MQC)?
Modular QoS CLI (MQC):
• Is how you configure QoS policy
• Separates the definition of classes from the
application of QoS mechanisms
MQC is template-based:
• Reduces configuration
• Configure policy, not “raw” per-interface
commands
Modular QoS CLI (MQC) is available across all main Cisco IOS-based platforms,
initially with Cisco IOS Release 12.0(5)T. MQC is a new feature, a new, more
advanced way of configuring QoS.
In the next few slides we will look briefly at MQC.
Copyright © 2000, Cisco Systems, Inc. 12
© 2000, Cisco Systems, Inc. www.cisco.com econ_0386_09_010.ppt
Keep All Graphics Inside This Box
Modular QoS CLI
Modular QoS CLI
Class maps:
• Access lists, input interface, protocol
• Class-default
Policy maps:
• Bandwidth, random-detect, queue-limit
Service maps:
• Input, output, applied at interface
The MQC allows users to specify a traffic class independently ofQoS policies.
The class-map command is used to define a traffic class. A traffic class contains three major

© 2000, Cisco Systems, Inc. www.cisco.com econ_0386_09_010.ppt
Keep All Graphics Inside This Box
Classification through
Modular QoS CLI
Classification through
Modular QoS CLI
match input-interface
match source-address
(MAC)
match destination-
address (MAC)
match access-group
match ip dscp/prec
match qos-group
match protocol (NBAR)
match mpls experimental
match any
match not …..
Using MQC, various match criteria may be used to define a class of service. This is
classification.
• class-map match-all class-name: specifies a logical AND operator for all matching
statements under this traffic class. When neither match-all nor match-any is
specified, the default is match-all.
• class-map match-any class-name: specifies a logical OR operator for all matching
statements under this traffic class.
• match input-interface interface-name: specifies the name of the input interface used
as a match criterion against which packets are checked to determine if they belong to
the class.
• match source-address mac address: specifies the name of the source MAC address
used as a match criterion against which packets are checked to determine if they

from being classified as members of a specified traffic class. All other values of that
particular match criterion belong to the class.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120xe/120xe5/mqc/mcli.htm#xtoci
d121129
Copyright © 2000, Cisco Systems, Inc. 16
© 2000, Cisco Systems, Inc. www.cisco.com econ_0386_09_010.ppt
Keep All Graphics Inside This Box
Network Based Application
Recognition (NBAR)
Network Based Application
Recognition (NBAR)
Mark Citrix sub-applications as
GOLD service and police FTP
Guarantee bandwidth for Citrix!
19200 bps / user
My application
is too slow!
• Protocol Discovery analyzes
application traffic patterns in
real time
• NBAR classifies network traffic
using application information
• Enables downstream actions
based on QoS policies through
random early detection, class-
based queuing, and policing
• New applications easily
supported by loading Packet
Description Language Modules
Available now on

Keep All Graphics Inside This Box
Applications Supported by
NBAR
Applications Supported by
NBAR
Statefully Inspected
Protocols
FTP
Exchange
HTTP
(URL and MIME)
Netshow
Realaudio
r-commands
Oracle SQL*NET
SunRPC
TFTP
StreamWorks
VDOLive
Static Protocols
EGP
GRE
ICMP
IPINIP
IPSec
EIGRP
BGP
CU-SeeMe
DHCP/BOOTP
DNS

SPOP3
SSH
STELNET
Syslog
Telnet
X Windows
The real win with NBAR is simpler configuration coupled withstateful recognition
of flows. The simpler configuration means you don’t have to do a protocol analyser
capture to figure out ports and so on. Stateful recognition means smarter deeper
packet recognition.
NBAR can classify application traffic by looking beyond the TCP/UDP port
numbers of a packet. This is sub-port classification. NBAR looks into the
TCP/UDP payload itself and classifies packets on content within the payload such
as transaction identifier, message type, or other similar data.
Classification of HTTP by URL or MIME type is an example of subport
classification. NBAR classifies HTTP traffic by text within the URL using regular
expression matching. NBAR uses the UNIX filename specification as the basis for
the URL specification format. The NBAR engine then converts the specification
format into a regular expression.
NBAR recognizes HTTP GET packet(s) containing the URL and classifies all
packets that are sent to the source of the HTTP GET request.
Memory Management:
NBAR uses approximately 150 bytes of DRAM for each flow that requires stateful
inspection. When NBAR is configured, it allocates 1 MB of DRAM to support up
to 5000 concurrent flows. NBAR determines if it needs more memory to handle
additional concurrent stateful flows. If such a need is detected, NBAR expands its
memory usage in increments of 200 KB to 400 KB.
Copyright © 2000, Cisco Systems, Inc. 18
© 2000, Cisco Systems, Inc. www.cisco.com econ_0386_09_010.ppt
Keep All Graphics Inside This Box

© 2000, Cisco Systems, Inc. www.cisco.com econ_0386_09_010.ppt
Keep All Graphics Inside This Box
NBAR Protocol Discovery
NBAR Protocol Discovery
Discovers what traffic is
running on the network
Provides per-interface, per-
protocol,bidirectionalstatistics:
Packet and byte counts
Bit rates
How much bandwidth
should I guarantee to my
mission-critical applications?
Are there any non mission-critical
applications I should police?
So that QoS policies can be developed and applied, NBAR includes a Protocol
Discovery feature that provides an easy way to discover application protocols
transiting an interface. The Protocol Discovery feature discovers any protocol
traffic supported by NBAR. Protocol Discovery may be applied to interfaces and
can be used to monitor both input and output traffic. Protocol Discovery maintains
the following per-protocol statistics for enabled interfaces: total number of input
and output packets and bytes, and input and output bit rates.
Preliminary performance data: T3 with an average number of flows resulted in
18 % CPU load, some sensitivity to the number of flows. The comment from a
TME in class was that this is probably not something you do in a Service Provider
core.
Copyright © 2000, Cisco Systems, Inc. 20
© 2000, Cisco Systems, Inc. www.cisco.com econ_0386_09_010.ppt
Keep All Graphics Inside This Box
Topics

Standard IPV4: Three MSB Called IP Precedence
(Diff-ServWill Use 6 DS Bits Plus 2 for Flow Control)
Layer 3
IPV4
ID offset TTL Proto FCS IP-SA IP-DA Data
PREAM. SFD DA SA
TAG
4 Bytes
PT DATA FCS
3 bits used for CoS
(User Priority)
Layer 2
802.1Q/p
Data
Packet
Traffic Differentiation Mechanisms
IP Precedence and 802.1p
Traffic Differentiation Mechanisms
IP Precedence and 802.1p
• Layer 2 mechanisms are not assured end-to-end
• Layer 3 mechanisms provide end-to-end classification
Layer 2 marking sets bits or alters the header of the frame. This is for possible use
by LAN switches and other Layer 2 devices. The frame in the slide shows a Layer
2 802.1Q (and 802.1P) header, with extra space to hold a tag with priority
information embedded in it.
The slide also shows the Layer 3 IP header, with 3 IP Precedence bits in the Type
of Service (ToS) field . The newer Diff-Serv specification (DSCP) uses instead 6
of the ToS bits, plus the other two bits for flow control.
Although Layer 3 mechanisms provide end-to-end classification, they are not
recognized by switches, hence the need for additional Layer 2 mechanisms to

8500
Server
GSR
IP is normally thought of as being a “best effort” only protocol. But IP has always
had a mechanism for supporting differentiated services. The IP Type of Service
(ToS) field, and the IP Precedence bits provide this capability. Because the
majority of applications today are IP-based, why not leverage IP for end-to-end
QoS policy signaling?
IP Precedence takes advantage of in-band signaling. The ToS field can be used to
bind business policies into network behavior.
IP Precedence utilizes the three precedence bits in the IP header ToS field to
specify class of service for each packet. You can partition traffic in up to six
classes of service using IP Precedence (two others are reserved for internal
network use). The queuing technologies throughout the network can then use this
signal to provide the appropriate expedited handling.
IP Precedence enables service classes to be established using existing network
queuing mechanisms with no changes to existing applications and with no
complicated network requirements. And, this same approach is easily extended to
the next generation of IP, IP version 6, using its Priority field.
For historical reasons, each precedence corresponds to a name. These names,
which continue to evolve, are defined in the RFC 791 document.
Currently Cisco is using precedence 5 for voice traffic, and 4 down to 0 for
prioritized applications. The higher the precedence, the more quickly the packet
should get sent across the network.
Copyright © 2000, Cisco Systems, Inc. 24
© 2000, Cisco Systems, Inc. www.cisco.com econ_0386_09_010.ppt
Keep All Graphics Inside This Box
DSCP CU
DS field
DSCP

implementation (IP Precedence),
not compliant with DS-byte
encoding (RFC2474)
• Compliant with:
– Diff-Serv Architecture (RFC
2475)
– Default forwarding, class
selectors, assured
forwarding, expedited
forwarding
• Now compliant if use
DSCP
Data
IP Precedence
Type of Service (ToS)
Diff-Serv Code Point (DSCP)
Data, Voice, Video
Until recently, Cisco IOS software only really supported IP Precedence, because it
represented a pre-Diff-Serv implementation. This followed the general Diff-Serv
architecture (RFC 2475) in terms of behavior, but the actual Diff-Serv byte
encoding was really a special use, namely using the 3-bit Precedence bit encoding
and not really using all 6 Diff-Serv bits.
http://cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120xe/120xe5/mqc/mcli.htm