16 Quality of Service (QoS) Flashcards
Quality of Service
Quality of service (QoS) provides the ability to assign a different priority to one or more
types of traffic over others for different applications, data flows, or users so a certain level of performance can be guaranteed. QoS is used to manage contention for network resources for a better end-user experience QoS methods focus on one of fi ve problems that can affect data as it traverses network cable:
- Delay
Data can run into congested lines or take a less-than-ideal route to the destination, and delays like these can make some applications, such as VoIP, fail. This is the best reason to implement QoS when real-time applications are in use in the network—to prioritize delay-sensitive traffic. - Dropped Packets Some routers will drop packets if they receive a packet while their
buffers are full. If the receiving application is waiting for the packets but doesn’t get them, it will usually request that the packets be retransmitted, another common cause of a service(s) delay. With QoS, when there is contention on a link, less important traffic is delayed or dropped in favor of delay-sensitive and/or otherwise prioritized traffic. - Error Packets can be corrupted in transit and arrive at the destination in an
unacceptable format, again requiring retransmission and resulting in delays. - Jitter
Not every packet takes the same route to the destination, so some will be more
delayed than others if they travel through a slower or busier network connection. The
variation in packet delay is called jitter , which can have a particularly negative impact on programs that communicate in real time. - Out-of-Order Delivery
Out-of-order delivery is also a result of packets taking different paths through the network to their destination. The application at the receiving end needs to put them back together in the right order for the message to be completed. So if there are significant delays, or the packets are reassembled out of order, users will experience the decline of an application’s quality. QoS can ensure that applications with a required bit rate receive the necessary bandwidth to work properly. Clearly, this isn’t a factor on networks with excess bandwidth, but the more limited your bandwidth is, the more important QoS becomes!
Traffic Characteristics
Today’s networks will typically have a mix of data, voice, and video traffic traversing them. Each traffic type has different properties.
Data traffic is not real-time traffic. Data packet traffic is bursty, and unpredictable making packet arrival vary by quite a bit.
Data
Data traffic doesn’t really require special handling in modern networks, especially
if TCP is used. Voice traffic is real-time traffic that requires and consumes a consistent
amount of bandwidth with known packet arrival times.
* Smooth/bursty
* Benign/greedy
* Drop insensitive
* Delay insensitive
* TCP retransmits
Voice
* Smooth
* Benign
* Drop sensitive
* Delay sensitive
* UDP priority
Voice requirements for one-way traffic:
■ Latency of less than or equal to 150 milliseconds
■ Jitter of less than or equal to 30 milliseconds
■ Loss of less than or equal to 1%
■ Bandwidth of only 128 kbps
Video
* Bursty
* Greedy
* Drop sensitive
* Delay sensitive
* UDP priority
Video requirements for one-way traffic are:
■ Latency of less than or equal to 200-400 milliseconds
■ Jitter of less than or equal to 30-50 milliseconds
■ Loss of less than or equal to 0.1-1%
■ Bandwidth 384 Kbps to 20 Mbps or greater
Trust Boundary
The trust boundary refers to a point in the network where packet markings aren’t necessarily trusted and is where we can create, remove, or rewrite markings. The borders of a trust domain are the network locations where packet markings are accepted and acted upon.
Untrusted domain
This is the part of the network you’re not actively managing populated by PCs, printers, etc.
Trusted domain
This is part of the network with only administrator-managed devices like
switches, routers, etc.
Trust boundary
Where packets are classified and marked. In an enterprise campus network, the trust boundary is almost always at the edge switch.
So traffic at the trust boundary is classified and marked before being forwarded to the
trusted domain. Markings on traffic coming from an untrusted domain are usually ignored to prevent end-user-controlled markings from taking unfair advantage of the network QoS configuration.
QoS Mechanisms
■ Classification and marking tools
■ Policing, shaping, and re-marking tools
■ Congestion management or scheduling tools
■ Link-specific tools
Classification and Marking
A classifier inspects a field within a packet to identify the type of traffic that the packet is
carrying so that QoS can determine which traffic class it belongs to and how the packet should be treated. Traffic is then directed to a policy-enforcement mechanism called policing. It’s important this isn’t a constant cycle for traffic because it takes up time and resources! Policy enforcement mechanisms include marking, queuing, policing, and shaping, and there are various layer 2 and layer 3 fields in a frame and packet for marking traffic.
Class of Service (CoS)
An Ethernet frame marking at layer 2 containing 3 bits. This is called the Priority Code Point (PCP) within an Ethernet frame header when VLAN tagged frames as defined by IEEE 802.1Q are used.
Type of Service (ToS)
ToS comprises 8 bits, 3 of which are designated as the IP precedence
field in an IPv4 packet header. The IPv6 header field is called Traffic Class.
Differentiated Services Code Point (DSCP or DiffServ)
One of the methods that can be used for classifying and managing network traffic and providing QoS on modern IP networks is DSCP. It uses a 6-bit differentiated services code point in the 8-bit, Differentiated Services field (DS field) within the IP header for packet classification. This
permits us to create traffic classes needed for assigning priorities. While IP precedence is the old way to mark ToS, DSCP is the new way. DSCP is backwards-compatible with IP
precedence. Layer 3 packet marking with IP precedence and DSCP is the most widely deployed marking option because Layer 3 packet markings have end-to-end significance.
Class Selector
Class selector uses the same 3 bits of the field as IP precedence and is used to indicate a 3-bit subset of DSCP values.
Traffic Identifier (TID)
TID is for wireless frames and describes a 3-bit field within the QoS control field in 802.11. Very similar to CoS—just remember CoS is wired Ethernet and TID is wireless.
Classification Marking Tools
As we talked about, the classification of traffic determines which type of traffic the packets or frames belong to. Once that’s been determined we can apply policies to it by marking, shaping, and policing. Always try to mark traffic as close to the trust boundary as possible. We typically use three ways to classify traffic:
Markings
This looks at header information on existing layer 2 or 3 settings. Classification is based on existing markings.
Addressing
This classification technique looks at header information using source and destinations of interfaces, layer 2 and 3 address, and layer 4 port numbers. We can group
traffic with the device using IP and by type using port numbers.
Application signatures
This technique is the way to look at the information in the payload called deep packet inspection.
NBAR is a classifier that provides deep-packet inspection on layer 4 to 7 on a packet. Compared to using addresses (IP or ports), or ACLs, using NBAR is the most CPU intensive technique. Since it’s not always possible to identify applications by looking at just layer 3 and 4, NBAR looks deep into the packet payload and compares the payload content against its signature database called a Packet description Language Model (PDLM).
There are two different modes of operation used with NBAR:
■ Passive mode: Using passive mode will give you real-time statistics on applications by protocol or interface, as well as packet bit rate, packet, and byte counts.
■ Active mode: Classifies applications for traffic marking so QoS policies can be applied.
Policing, Shaping, and Re-marking
If some traffic exceeds bandwidth, it might be delayed, dropped, or even remarked in order to avoid congestion. Policers and shapers are two tools that identify and respond to traffic problems. Policers and shapers identify traffic violations in a similar way, but they differ in their responses:
Policers Since the policers make instant decisions, you want to deploy on the ingress if possible—you want to drop traffic as soon as you receive it if it’s going to be dropped anyway, right? Still, you can place policers on an egress to control the amount of traffic per class. When traffi c is exceeded, policers don’t delay it by introducing jitter or delay; they just check the traffic and drop or remark it. Just know that due to the higher drop probability, you can end up with a whole bunch of TCP resends. Shapers Shapers are usually deployed between an enterprise network and the ISPs on the egress side to make sure you stay within the contract rate. If the rate is exceeded, it
gets policed by the provider and dropped. This allows the traffic to meet the Service Level Agreement (SLA). Shaping introduces jitter and delay and results in fewer TCP resends than policers.
Tools for Managing Congestion
Next up is a couple of important sections on congestion issues. If traffic exceeds network resources, the traffi c gets queued into the temporary storage of backed-up packets. Queuing is done in order to avoid dropping packets and isn’t a bad thing because without it, packetsthat can’t be processed immediately would be dropped. Also, traffi c classes like VoIP are actually better off being immediately dropped unless you can somehow guarantee enough delay-free bandwidth for it! When congestion occurs, there are two types of congestion management are activated
Congestion management
Queuing (or buffering)
Buffering is the logic of ordering packets in output buffers and is only activated when congestion occurs. When queues fill up, packets can be reordered so that the higher-priority ones are sent out of the exit interface sooner than lower priority traffic.
Scheduling
This is the process of deciding which packet should be sent out next and occurs whether or not there is congestion on the link. Make sure you’re familiar with these three scheduling mechanisms:
Strict priority scheduling
Scheduling low priority queues only happens once the high priority queues are empty. This is great if you’re sending the high-priority traffic, but it’s possible for low-priority queues to never be processed. We call this traffic or queue starvation.
Round-robin scheduling
This sounds like a fair technique because queues are serviced in a set sequence. You won’t find starving queues here, but real-time traffic suffers badly!
Weighted fair scheduling
By weighing the queues, the scheduling process will service some queues more often than others—an upgrade over round-robin. You won’t find any starvation carnage here either, but unlike round-robin, you can give priority to realtime traffic. The inevitable disclaimer coming at us here is that we get no guarantees for
actual bandwidth availability.
Queuing is typically a layer 3 process,
but some queueing can occur at layer 2 or even layer 1. Interestingly, if a layer 2 queue fills up, the data can be pushed into layer 3 queues, and when layer 1—called the transmit ring or TX-ring queue, fills up—the data is pushed to layer 2 and 3 queues. This is when QoS becomes active on the device.
There are many different queuing mechanisms, with only two of them typically used today. Even so, it won’t hurt to take a quick look at legacy queuing methods:
First In First Out (FIFO)
A single queue, with packets being processed in the exact order they arrived in.
Priority Queuing (PQ)
Similar to round-robin scheduling, lower-priority queues are only served when the higher-priority queues are empty. There are only four queues, and low priority traffic may never be sent.
Custom Queueing (CQ)
With up to 16 queues and round-robin scheduling, CQ prevents low-level queue starvation and gives us traffic guarantees. But it doesn’t provide strict priority for real-time traffic so VoIP traffic could still end up being dropped.
Weighted Fair Queuing (WFQ)
WFQ is the Cisco default queuing mechanism. WFQ is actually a pretty popular way of queuing for a long time because it divided up the bandwidth by the number of flows. This provided bandwidth for all applications and worked great for real-time traffic, but there weren’t any guarantees for a particular flow.
Modern queuing mechanisms
Class Based Weighted Fair Queuing (CBWFQ):
Provides fairness and bandwidth guarantees for all traffic, but doesn’t provide a latency guarantee. It’s typically only used for data traffic management
Low Latency Queuing (LLQ):
LLQ is really the same thing as CBWFQ but with stricter priorities for real time traffic. LLQ is great for both data and real time traffic because it provides both latency and bandwidth guarantees. If you remove the low-latency queue (at the top), you’re left with CBWFQ, which is only used for data-traffic networks!
Tools for Congestion Avoidance
TCP changed our networking world when it introduced sliding windows as a flow-control mechanism in the middle 1990s. Flow control is a way for the receiving device to control the amount of traffic from a transmitting device. If a problem occurred during a data transmission, the previous flow control methods employed by TCP and other layer 4 protocols like SPX before sliding windows would just cut the transmission rate in half and leave it at the same rate, or lower, for the duration of
the connection. Clearly, this was less than popular with users! Sure, TCP certainly cuts transmission rates drastically if a flow control issue occurs, but it increases the transmission rate after the missing segments are resolved or when packets
are finally processed. This behavior, although awesome at the time, can result in something called tail drop, which isn’t acceptable in today’s networks because bandwidth isn’t used effectively. What’s tail drop? It’s the dropping of packets as they arrive when the queues on the receiving interface are full. This is a terrible waste of bandwidth since TCP will just keep
resending the data until it’s happy again when it fi nally receives an ACK. Enter another new term—TCP global synchronization—wherein each sender reduces their transmission rate
simultaneously when packet loss occurs.
Congestion avoidance starts dropping packets before a queue fi lls using traffic weights instead of just randomness. Cisco uses something called weighted random early detection, (WRED), a queuing method that ensures high-precedence traffi c has lower loss rates than other traffic during times of congestion. This prevents more important traffic, like VoIP, from being dropped by prioritizing it over less important traffic like a connection to Facebook. We can see three traffic flows beginning at different times, resulting in congestion. In a situation like this, you know that TCP may cause tail drop because it drops the traffic as soon as it’s received if the buffers are full! At that point, TCP would begin another traffic flow, synchronizing the TCP flows in waves, which sadly leaves much of the bandwidth unused!
