Quality of Service (QoS)

## Overview Quality of Service (QoS) provides different priority levels to applications, users, or data flows to guarantee a certain level of performance. QoS is essential when multiple flows share the same link, causing resource contention that results in packet delays, drops, or jitter. **Root Cause:** Resource contention when multiple applications share the same link **Best Solution:** Avoid congestion through proper provisioning **Alternative Solution:** QoS to control delay, loss, jitter, and throughput ## Traffic Classification Methods Traffic classification is the foundation of QoS. There are three primary ways to classify traffic in class-maps: ### Conditional Classification Match traffic based on existing markings in the packet headers: ``` class-map VOICE-DSCP match dscp ef class-map VOICE-COS match cos 5 class-map CRITICAL-PRECEDENCE match ip precedence 4 class-map VIDEO-MULTIPLE match dscp af41 match dscp af42 match dscp af43 ``` **Use Cases:** When traffic is already marked by trusted devices like IP phones, other switches, or applications. ### ACL-Based Classification Match traffic using access control lists for granular identification: ``` ip access-list extended VOICE-TRAFFIC permit udp any any range 16384 32767 permit tcp any any eq 5060 ip access-list extended WEB-TRAFFIC permit tcp any any eq 80 permit tcp any any eq 443 class-map VOICE-RTP match access-group VOICE-TRAFFIC class-map WEB-BROWSING match access-group WEB-TRAFFIC ``` **Use Cases:** When you need to identify traffic by IP addresses, port numbers, or protocol combinations. ### NBAR2 Classification Match traffic using Network-Based Application Recognition for deep packet inspection: ``` class-map VOICE-APPS match protocol rtp match protocol cisco-phone class-map VIDEO-APPS match protocol skype match protocol netflix match protocol youtube class-map BUSINESS-APPS match protocol ms-office-365 match protocol webex ``` **Use Cases:** When you need to identify applications regardless of port numbers or when applications use dynamic ports. ## Basic Policy Actions Once traffic is classified, you can take actions on it using policy-maps: ### Simple Marking ``` policy-map BASIC-MARKING class VOICE-APPS set dscp ef class VIDEO-APPS set dscp af41 class class-default set dscp default interface GigabitEthernet0/1 service-policy input BASIC-MARKING ``` ### Traffic Policing with Drop ``` policy-map POLICE-DROP class VOICE-APPS set dscp ef police rate 256000 conform-action transmit exceed-action drop class VIDEO-APPS set dscp af41 police rate 2000000 conform-action transmit exceed-action drop interface GigabitEthernet0/1 service-policy input POLICE-DROP ``` ### Applying Policies to Interfaces Policies can be applied in both directions: ``` interface GigabitEthernet0/1 service-policy input CLASSIFY-AND-MARK service-policy output BANDWIDTH-ALLOCATION ``` **Input Policies:** Typically used for classification, marking, and policing **Output Policies:** Typically used for queueing, shaping, and congestion management ## Understanding QoS Queues Each class-map you create becomes its own separate queue on the interface. This is fundamental to how QoS works: **Without QoS:** All traffic uses a single FIFO (First In, First Out) queue **With QoS:** Each class gets its own queue that can be managed independently ### Bandwidth Allocation Between Queues ``` class-map VOICE match dscp ef class-map VIDEO match dscp af41 class-map BUSINESS-DATA match dscp af31 policy-map BANDWIDTH-SHARING class VOICE bandwidth percent 20 class VIDEO bandwidth percent 30 class BUSINESS-DATA bandwidth percent 25 class class-default bandwidth percent 25 interface GigabitEthernet0/1 service-policy output BANDWIDTH-SHARING ``` **How Bandwidth Allocation Works:** - Each queue gets guaranteed bandwidth during congestion - If a queue doesn't use its full allocation, other queues can use the excess - Bandwidth is only enforced when the interface is congested - Non-congested interfaces allow all traffic to flow normally ## Priority Queues and Bandwidth Caveats Priority queues change the fundamental behavior of queue servicing: ### Basic Priority Configuration ``` class-map VOICE match dscp ef class-map VIDEO match dscp af41 class-map DATA match dscp af31 policy-map PRIORITY-EXAMPLE class VOICE priority percent 15 class VIDEO bandwidth remaining percent 40 class DATA bandwidth remaining percent 30 class class-default bandwidth remaining percent 30 interface GigabitEthernet0/1 service-policy output PRIORITY-EXAMPLE ``` **Critical Priority Queue Rules:** - Priority queues are **always serviced first** before any other traffic - Can cause **starvation** of other queues if not properly limited - When using priority queues, all other classes **must use `bandwidth remaining`** instead of `bandwidth` - Priority traffic should **always be policed** to prevent abuse ### Priority Queue with Policing ``` policy-map SAFE-PRIORITY class VOICE priority percent 15 police rate 256000 conform-action transmit exceed-action drop class VIDEO bandwidth remaining percent 50 class class-default bandwidth remaining percent 50 interface GigabitEthernet0/1 service-policy output SAFE-PRIORITY ``` **Why Police Priority Queues:** - Prevents priority traffic from consuming all bandwidth - Protects other traffic classes from starvation - Ensures predictable network behavior ## Traffic Marking and Remarking Instead of dropping excess traffic, you can mark it down to a lower priority class: ### Table-Map for Marking Down ``` table-map MARKDOWN-TABLE map from 46 to 0 map from 34 to 18 map from 26 to 18 default copy policy-map MARK-DOWN-POLICY class VOICE police rate 256000 conform-action set-dscp-transmit ef exceed-action set-dscp-transmit dscp table MARKDOWN-TABLE class VIDEO police rate 2000000 conform-action transmit exceed-action set-dscp-transmit af43 interface GigabitEthernet0/1 service-policy input MARK-DOWN-POLICY ``` **Marking Down Benefits:** - Preserves traffic instead of dropping it - Allows lower-priority treatment of excess traffic - Maintains application functionality while enforcing policies ### Simple Remarking Without Tables ``` policy-map SIMPLE-REMARK class HIGH-PRIORITY police rate 512000 conform-action transmit exceed-action set-dscp-transmit af13 class MEDIUM-PRIORITY police rate 1000000 conform-action transmit exceed-action set-dscp-transmit default interface GigabitEthernet0/1 service-policy input SIMPLE-REMARK ``` **Common Remarking Strategies:** - Mark excess voice traffic as best effort (DSCP 0) - Mark excess video traffic to lower AF class (AF43 to AF13) - Mark excess business data to scavenger class ## Congestion Avoidance with WRED Weighted Random Early Detection (WRED) proactively drops packets before queues become full, preventing TCP global synchronization: ``` class-map BUSINESS-DATA match dscp af31 policy-map WRED-EXAMPLE class BUSINESS-DATA random-detect bandwidth percent 50 class class-default bandwidth percent 50 interface GigabitEthernet0/1 service-policy output WRED-EXAMPLE ``` **WRED Benefits:** - Prevents queue tail drops that cause TCP global synchronization - Maintains higher overall throughput during congestion - Works best with TCP traffic that responds to packet loss ## Traffic Shaping Traffic shaping smooths bursty traffic and controls the transmission rate using token bucket algorithms. ### Generic Traffic Shaping (GTS) Generic Traffic Shaping is configured using MQC with the `shape average` command: ``` policy-map SHAPE-10MBPS class class-default shape average 10000000 20000 40000 interface GigabitEthernet0/1 service-policy output SHAPE-10MBPS ``` **Shape Average Parameters:** - **CIR (Committed Information Rate):** Target rate in bits per second - **Bc (Committed Burst):** Normal burst size in bits (default: CIR/8) - **Be (Excess Burst):** Maximum burst size in bits (default: Bc) ### Single Rate Shaper Components **Token Bucket Algorithm:** - **CIR:** Tokens added to bucket at this rate - **Bc:** Normal bucket size for sustained traffic - **Be:** Extended bucket size for burst traffic - **AIR (Average Information Rate):** Actual transmission rate over time ### Traffic Shaping Formulas **Tc (Time Interval) = Bc / CIR** - Time interval for token bucket replenishment **Burst Duration = Be / CIR** - Maximum time traffic can exceed CIR **Example Calculation:** ``` shape average 1000000 8000 16000 CIR = 1 Mbps Bc = 8000 bits (1000 bytes) Be = 16000 bits (2000 bytes) Tc = 8000 / 1000000 = 8ms Burst Duration = 16000 / 1000000 = 16ms ``` ### Hierarchical Shaping Combine shaping with queueing for complete traffic management: ``` class-map VOICE match dscp ef class-map VIDEO match dscp af41 policy-map CHILD-QUEUING class VOICE priority percent 30 police rate 512000 conform-action transmit exceed-action drop class VIDEO bandwidth remaining percent 60 class class-default bandwidth remaining percent 40 policy-map PARENT-SHAPER class class-default shape average 10000000 80000 160000 service-policy CHILD-QUEUING interface GigabitEthernet0/1 service-policy output PARENT-SHAPER ``` **Hierarchical Shaping Benefits:** - Parent policy controls overall interface rate - Child policy manages queue behavior within shaped rate - Ideal for WAN interfaces with bandwidth contracts ## Real-World Use Cases and Examples ### Corporate Branch Office WAN Link **Scenario:** 50 Mbps WAN link supporting 200 users with voice, video conferencing, business applications, and internet access. The company has strict requirements for voice quality and needs to prevent bandwidth-hungry applications from affecting critical business operations. ``` class-map match-any VOICE match dscp ef match protocol rtp class-map match-any VOICE-SIGNALING match dscp cs3 match protocol sip class-map match-any VIDEO-CONFERENCING match protocol webex match protocol ms-teams match dscp af41 class-map match-any BUSINESS-CRITICAL match protocol oracle match protocol ms-sql-server match dscp af31 class-map match-any BULK-DATA match protocol ftp match protocol backup-systems match dscp af11 policy-map BRANCH-OFFICE-CHILD class VOICE priority percent 10 police rate 2000000 conform-action transmit exceed-action drop class VOICE-SIGNALING bandwidth remaining percent 2 class VIDEO-CONFERENCING bandwidth remaining percent 30 class BUSINESS-CRITICAL bandwidth remaining percent 40 random-detect dscp-based class BULK-DATA bandwidth remaining percent 8 random-detect class class-default bandwidth remaining percent 20 fair-queue policy-map BRANCH-OFFICE-SHAPER class class-default shape average 50000000 service-policy BRANCH-OFFICE-CHILD interface Serial0/1/0 description WAN-Link-to-HQ service-policy output BRANCH-OFFICE-SHAPER ``` **Deep Dive Analysis:** **Why Hierarchical QoS:** The parent shaper ensures that total traffic never exceeds the 50 Mbps contract, preventing drops at the ISP. The child policy manages queue behavior within this constraint. **Voice Design Decisions:** - 10% priority (5 Mbps) accommodates ~62 G.711 calls or ~125 G.729 calls - Police rate of 2 Mbps provides safety margin and prevents voice abuse - Exceed action drops excess voice to maintain quality of legitimate calls - Voice signaling gets separate class to ensure call setup/teardown works **Video Considerations:** - 30% of remaining bandwidth (after voice) = ~13.5 Mbps - Accommodates 3-4 high-definition video conferences simultaneously - Uses NBAR2 to identify modern collaboration tools regardless of port changes - No policing allows video to burst when bandwidth available **Business Critical Apps:** - 40% remaining bandwidth ensures ERP and database performance - WRED prevents TCP global synchronization during congestion - DSCP-based WRED allows different drop profiles for AF31, AF32, AF33 **Bulk Data Management:** - Limited to 8% to prevent impact on interactive applications - Includes backups, file transfers, and software updates - WRED helps maintain some bulk transfer performance during congestion ### ISP Customer Edge with SLA Enforcement **Scenario:** Regional ISP providing business internet services with three service tiers. Gold customers pay premium for guaranteed performance, Silver customers get standard service, and Bronze customers receive basic best-effort with burst capability. ``` class-map CUSTOMER-GOLD match access-group GOLD-CUSTOMER class-map CUSTOMER-SILVER match access-group SILVER-CUSTOMER class-map CUSTOMER-BRONZE match access-group BRONZE-CUSTOMER ip access-list extended GOLD-CUSTOMER permit ip 10.1.0.0 0.0.255.255 any permit ip any 10.1.0.0 0.0.255.255 ip access-list extended SILVER-CUSTOMER permit ip 10.2.0.0 0.0.255.255 any permit ip any 10.2.0.0 0.0.255.255 ip access-list extended BRONZE-CUSTOMER permit ip 10.3.0.0 0.0.255.255 any permit ip any 10.3.0.0 0.0.255.255 table-map SLA-VIOLATION-REMARK map from 46 to 0 map from 34 to 18 map from 26 to 8 default copy policy-map ISP-SLA-ENFORCEMENT class CUSTOMER-GOLD bandwidth percent 50 police rate 100000000 conform-action transmit exceed-action set-dscp-transmit dscp table SLA-VIOLATION-REMARK class CUSTOMER-SILVER bandwidth percent 30 police rate 50000000 conform-action transmit exceed-action set-dscp-transmit cs1 class CUSTOMER-BRONZE bandwidth percent 20 police rate 20000000 conform-action transmit exceed-action drop interface GigabitEthernet0/0/1 description Customer-Aggregation-Link service-policy input ISP-SLA-ENFORCEMENT ``` **Deep Dive Analysis:** **Service Tier Architecture:** - **Gold (50% bandwidth):** Premium customers get half of available bandwidth guaranteed - **Silver (30% bandwidth):** Standard business customers get moderate guarantee - **Bronze (20% bandwidth):** Basic service customers get minimal guarantee - Percentages ensure fair distribution during congestion while allowing bursting **SLA Enforcement Strategy:** - **Police rates** define contracted speeds per customer tier - **Gold exceed action:** Uses table-map to intelligently remark high-priority traffic down rather than drop - **Silver exceed action:** Remarks excess traffic to scavenger class (CS1) - **Bronze exceed action:** Hard drop prevents service abuse **Table-Map Intelligence:** - Maps DSCP EF (46) to Default (0) - excess voice becomes best effort - Maps DSCP AF31 (34) to AF23 (18) - maintains some priority but lower - Maps DSCP AF21 (26) to CS1 (8) - becomes scavenger class - Preserves customer QoS markings within contracted rates **Revenue Protection:** - Prevents lower-tier customers from consuming premium bandwidth - Allows burst capability without affecting paying premium customers - Maintains service differentiation that justifies pricing tiers ### Small Office IP Phone Deployment **Scenario:** 25-person law office with Cisco IP phones, requiring crystal-clear voice quality for client calls while supporting normal business internet usage over a single 20 Mbps internet connection. ``` class-map VOICE-BEARER match dscp ef match cos 5 class-map VOICE-SIGNALING match dscp af31 match cos 3 class-map BUSINESS-DATA match dscp af21 match dscp af31 policy-map SMALL-OFFICE-QOS class VOICE-BEARER priority percent 20 police rate 1000000 conform-action transmit exceed-action drop class VOICE-SIGNALING bandwidth remaining percent 5 class BUSINESS-DATA bandwidth remaining percent 30 random-detect class class-default bandwidth remaining percent 65 interface GigabitEthernet0/1 description Uplink-to-ISP trust device cisco-phone auto qos voip cisco-phone service-policy output SMALL-OFFICE-QOS ``` **Deep Dive Analysis:** **Simplicity by Design:** - Minimal classes to reduce complexity for small IT staff - `trust device cisco-phone` automatically detects and trusts Cisco phones - `auto qos voip cisco-phone` provides baseline QoS configuration - Conservative bandwidth allocation prevents voice quality issues **Voice Quality Assurance:** - 20% priority (4 Mbps) supports ~50 G.711 calls - far exceeding office capacity - Police rate of 1 Mbps provides reasonable limit for 12-15 simultaneous calls - Matches both DSCP EF and CoS 5 to catch phone traffic regardless of marking method - Drop action on exceed ensures voice quality never degrades **Business Application Support:** - Voice signaling gets dedicated treatment for reliable call setup - Business data class provides some prioritization for important applications - 30% remaining bandwidth allocation ensures adequate performance - WRED helps maintain TCP performance during congestion **Scalability Considerations:** - Configuration easily scales to larger offices by adjusting percentages - Phone detection works automatically as phones are added - Simple enough for small business owners to understand and maintain - Provides foundation for future QoS expansion as business grows **Trust Boundary Management:** - Trust boundary correctly placed at IP phones - Prevents end users from gaming the system with traffic marking - Maintains security while enabling voice QoS functionality - Balances complexity with effectiveness for small office environment ## Verification Commands ``` show policy-map show policy-map interface GigabitEthernet0/1 show class-map show platform hardware qfp active interface GigabitEthernet0/1 qos queue stats show traffic-shape show traffic-shape statistics ```