Quality of Service, Part III
Introduction
This month we continue looking at Quality of Service (QoS) in Cisco devices.
This article looks at
- Traffic Shaping
- Policy Routing
- QoS Policy Propagation via BGP (QPPB)
Traffic Shaping
About Traffic Shaping
Traffic Shaping comes in two forms: Generic Traffic Shaping and Frame Relay Traffic Shaping.
Traffic Shaping allows you to control how fast packets are sent out an interface, any interface. You might want to do this to avoid congestion either locally or elsewhere in your network, for example if you have a network with different access rates or if you are restricting some traffic to a fraction of the available bandwidth. For example, if one end of the link in a Frame Relay network is 256 Kbps and the other end of the link is only 128 Kbps, sending packets at 256 Kbps at the very least causes congestion. Somewhere.
You can traffic shape all traffic on an interface, or use an access list to specify certain traffic. On Frame Relay interfaces, additional per-virtual-circuit features are available with Frame Relay Traffic Shaping.
Traffic shaping is not supported with optimum, distributed, or flow switching. If you enable traffic shaping, all interfaces will revert to fast switching.
Configuring Generic Traffic Shaping
1 2 | traffic-shape rate bit-rate [burst-size [excess-burst-size]] traffic-shape group access-list bit-rate [burst-size [excess-burst-size]] |
The former command traffic shapes all traffic on an interface. The latter uses an access-list to specify which traffic is to be traffic shaped.
bit-rate: Bit rate that traffic is shaped to in bits per second.
burst-size: Sustained number of bits that can be transmitted per interval. The default is the bit-rate divided by 8.
excess-burst-size: Maximum number of bits that can exceed the burst size in the first interval in a congestion event. The default is equal to the burst-size.
The measurement interval is calculated by dividing the burst-size (if non-zero) by the bit rate. If the burst-size is zero, the excess-burst-size is used (if non-zero).
For Frame Relay, you can use:
1 | traffic-shape adaptive [bit-rate] |
This command uses the configured bit rate as a lower bound, with the bit rate specified by the traffic-shape rate command as the upper bound for bandwidth. The actual rate that the traffic is shaped to lies between those two rates. It should be configured at both ends of the link because it also configures the devices to reflect forward explicit congestion notifications (FECN’s) as BECN’s, enabling the faster end of the link to adjust to congestion at the other end.
Relevant EXEC Commands
1 2 | show traffic-shape [interface] show traffic-shape statistics [interface] |
Sample Configuration
1 2 3 4 5 | access-list 101 permit udp any any interface Ethernet0 traffic-shape group 101 1000000 125000 125000 interface Ethernet1 traffic-shape rate 5000000 625000 625000 |
Frame Relay Traffic Shaping
The Frame Relay traffic shaping allows
- rate enforcement per PVC or SVC
- dynamic traffic throttling in response to BECN packets
- custom or priority queuing per virtual circuit
The intent is to allow guaranteed bandwidth for each type of traffic. The queuing features let us prioritize per-circuit, and the rate enforcement makes sure that we won’t have a burst on one virtual circuit denying access line bandwidth to the others.
Policy Routing
About Policy Routing
Policy routing is the name given to use of a route map on packets to influence the routing decision. The routing next hop or output interface can be chosen based on inbound interface, source, or type of traffic. The IP precedence can also be set by the route map.
If you’re choosing outbound interface or next hop in response to destination, then you’re doing normal routing, subject to some policy perhaps. Policy routing in the Cisco world refers specifically to routing based on source or other traffic characteristics, other than destination. Since this may have performance impact, use it only where needed and appropriate.
Policy routing has performance impact: it is process or fast switched. It is therefore suitable for setting precedence at low speed edge routers, but not elsewhere.
Configuring Policy Routing
To specify use of a route-map for policy routing on an interface, configure:
1 | ip policy route-map map-tag |
The route map blocks then are defined using:
1 | route-map map-tag [permit | deny] [sequence-number] |
Route-map match conditions used for policy routing can match either packet length or an IP extended access list.
To match the Layer 3 length of the packet, use:
1 | match length min max |
To match IP sources and destinations based on standard or extended access list(s):
1 | match ip address {access-list-number | name} [...access-list-number | name] |
The route-map block’s set conditions can specify precedence value, next-hop for IP routing, or output interface.
To set the precedence value in the IP header:
1 | set ip precedence value |
To specify the next hop to which to route the packet (it need not be adjacent):
1 | set ip next-hop ip-address [... ip-address] |
To specify the output interface(s) for the packet:
1 | set interface type number [... type number] |
To specify the default route next hop for use when there is no explicit route:
1 | set ip default next-hop ip-address [... ip-address] |
To specify the default output interface(s) for use when there is no explicit route:
1 | set default interface type number [... type number] |
Fast-switched policy routing supports all of the match commands and most of the set commands, except for the set ip default command and some use of the set interface command. The set interface command is supported only over point-to-point links, unless a route-cache entry exists using the same interface specified in the set interface command in the route map.
When process switching policy routing, the routing table is used to check output interface sanity. During fast switching, if the packet matches, the software blindly forwards the packet to the specified interface. To configure fast-switched policy routing on an interface:
1 | ip route-cache policy |
Packets generated by the router are not normally policy-routed. To enable local policy routing of such packets, specify the route map to use. This is a global configuration mode command.
1 | ip local policy route-map map-tag |
Related EXEC Commands
1 2 | show ip cache policy show ip local policy |
Sample Configuration
The following example provides two sources with equal access to two different service providers. Packets arriving on serial interface 1 from 1.1.1.1 are sent to the next hop 3.3.3.3 if there is no explicit route for the packet’s destination. Packets arriving from 2.2.2.2 are sent to the next hop 4.4.4.4 there is no explicit route for the packet’s destination. All other packets for which the router has no explicit route to the destination are discarded.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | access-list 1 permit ip 1.1.1.1 access-list 2 permit ip 2.2.2.2 ! interface serial 1 ip policy route-map equal-access ! route-map equal-access permit 10 match ip address 1 set ip default next-hop 3.3.3.3 route-map equal-access permit 20 match ip address 2 set ip default next-hop 4.4.4.4 route-map equal-access permit 30 set default interface null0 |
QoS Policy Propagation via BGP (QPPB)
About QPPB
QoS Policy Propagation via BGP (QPPB) allows you to classify packets based on access lists, BGP community lists, and BGP AS paths. The classification can then set either IP precedence (a global tagging scheme), or internal QoS group identifier (internal to the router). The BGP community can also contain both AS and IP precedence information — see the second example below. After classification, other QoS features such as CAR and WRED can then be used to enforce business policy.
Note that this allows you to set up a policy at one BGP speaking router, and propagate that to other routers via BGP. Hence the name. This means that at the service provider router connecting to a site, a policy can be set up so that inbound traffic elsewhere is classified into the right class of service (IP Precedence bits). This can then interact with Tag Switching, or MPLS.
If you set the QoS group ID, it can then be used for rate-limiting or WFQ based on QoS group ID. This expands on the classes of service provided by the 8 IP precedence values.
If you use IP precedence, it can now be set based on source or destination address.
Configuring QPPB
Configuring QPPB—ToS
1 2 | [no] bgp-policy input ip-prec-map [no] bgp-policy output ip-prec-map |
Configuring QPPB—QoS groups
1 2 | [no] bgp-policy input ip-qos-map [no] bgp-policy output ip-qos-map |
Relevant EXEC Commands
1 2 3 4 5 6 7 8 | show ip bgp show ip bgp community-list community-list-number show ip cef prefix show ip interface show ip route prefix |
Sample Configuration
Configuring QPPB on an interface:
1 2 3 | int hssi0/0/0 ip address 210.210.2.1 255.255.255.252 bgp-policy input ip-prec-map |
Configuring BGP to set QoS groups:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | router bgp 210 neighbor 210.210.14.1 remote-as 210 neighbor 210.210.14.1 route-map comm-relay-prec out neighbor 210.210.14.1 send-community ! ip bgp-community new-format ! access-list 1 permit 210.210.1.0 0.0.0.255 ! route-map comm-relay-prec permit 10 match ip address 1 set community 210:5 ! route-map comm-relay-prec permit 20 set community 210:0 |
Configuring BGP to set TOS bits (precedence):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | router bgp 210 table-map precedence-map neighbor 200.200.14.4 remote-as 210 neighbor 200.200.14.4 update-source Loopback0 ! ip bgp-community new-format ! ip community-list 1 permit 210:5 ! route-map precedence-map permit 10 match community 1 set ip precedence 5 ! route-map precedence-map permit 20 set ip precedence 0 |