Sei sulla pagina 1di 273

Campus QoS Design-Simplified

Tim Szigeti, Principal Engineer - Technical Marketing


BRKCRS-2501
Agenda
Campus QoS Design Considerations and Best Practices
Cisco Catalyst 2960-X QoS Design
Cisco Catalyst 3650/3850 QoS Design
Cisco Catalyst 4500 QoS Design
Cisco Catalyst 6500/6800 QoS Design
Cisco Nexus 7000/7700 QoS Design
Campus WLAN QoS Design Considerations and Best Practices
Cisco IOS XE WLC AVC/QoS Design
Cisco AireOS WLC AVC/QoS Design

What are we doing to make this simpler?


Summary and References
Campus QoS Design
Considerations and Best Practices
What Do You Consider First?

BRKRST-2056: The QoS Paradigm Shift


https://cisco.box.com/s/8izevlg4k6gaggh3cmrc16lugm6sdr8y
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=83633&backBtn=true
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Start by Defining Your QoS Strategy
Articulate Your Business Intent, Relevant Applications and End-to-End Strategy

https://cisco.box.com/s/rprjqxtyzqvrbyy8keazk1gntefaxvql
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
The Case for Campus QoS

The primary role of QoS in campus networks is to manage packet loss


In campus networks, it takes only a few milliseconds of congestion to cause drops
Rich media applications are extremely sensitive to packet drops
Queuing policies at every node can prevent packet loss for real-time apps
The secondary role of QoS in campus networks is to condition traffic at the access
edge, which can include any of the following:
Trust
Classify and Mark
Police

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Why Is Video So Sensitive to Packet Loss?
1920 lines of Vertical Resolution (Widescreen Aspect Ratio is 16:9)

1080p60
1080 lines of Horizontal Resolution
1080 x 1920 lines =

2,073,600 pixels per frame

x 24 bits of color per pixel

x 60 frames per second

= 2,985,984,000 bps

or 3 Gbps Uncompressed!

Cisco (H264/H.265) codecs transmit 3-5 Mbps per 1080p60 video stream
which represents over 99.8% compression (~ 1000:1)
Packet loss is proportionally magnified by compression ratios
Users can notice a single packet lost in 10,000
Making HD Video One Hundred Times More Sensitive to Packet Loss than VoIP!
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
VoIP vs. HD VideoAt the Packet Level
Voice Packets Video Packets
1400 1400
Video Video Video
Frame Frame Frame

1000 1000

Bytes

600 Audio 600


Samples

200 200

Time
20 msec 33 msec
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Campus QoS Design Considerations
How Long Can Queue-Buffers Accommodate Line-Rate Bursts?
GE Linecard Example Begin dropping at 11 ms
but overall utilization is only 1%!

140
Gbps Line Rate GE Linecard Example (WS-X6148)
120
100 Total Per-Port Buffer: 5.4 MB
KBytes Per ms

80
60 Total Per-Queue Buffer*: 1.35 MB
40
20 Gbps Line Rate: 1 Gbps = 125 MB/s
0 or 125 KB/ms
50
10

90

490

570
130
170
210
250
290
330
370
410
450

530

610
650
690
730
770
810
850
890
930
970
Total Per-Queue Buffering Capacity: 10.8 ms
ms

*Assuming (4) equal-sized queues


1 second
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Campus QoS Design Considerations
How Long Can Queue-Buffers Accommodate Line-Rate Bursts?
10-GE Linecard Example Begin dropping at 9 ms
but overall utilization is still only 1%!

1400
1200
10 Gbps Line Rate 10 GE Linecard Example (WS-X6908)
1000
Total Per-Port Buffer: 90 MB
KBytes Per ms

800
600
Total Per-Queue Buffer*: 11.25 MB
400
200
Gbps Line Rate: 10 Gbps = 1.25 GB/s
0
or 1250 KB/ms
10
50
90
130
170
210
250
290
330
370
410
450
490
530
570
610
650
690
730
770
810
850
890
930
970
Total Per-Queue Buffering Capacity: 9.0 ms
ms

*Assuming (8) equal-sized queues


1 second
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Oversubscription in the Campus GE Link

10GE Link

40GE Link

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Oversubscription in the Campus GE Link

10GE Link

40GE Link

x 11
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Oversubscription in the Campus GE Link

10GE Link

40GE Link

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Oversubscription in the Campus GE Link

10GE Link

40GE Link

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Know Your Tools
Catalyst and Nexus switch hardware
Software and Syntax
Global Default QoS Settings
Trust States and Conditional Trust
Logical vs. Physical Interface QoS
Network Based Application Recognition (NBAR2)
Domain Name SystemAuthoritative Source (DNS-AS)
Ingress and Egress Queuing Models

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Economy

Hardware Varies
American Version
2016 Cisco Live Las Vegas
Utility

Performance

2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Economy

Hardware Varies
Italian Version
2015 Cisco Live Milan
Utility

Performance

2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Economy

Hardware Varies
German Version
2017 Cisco Live Berlin
Utility

Performance

2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Economy

Hardware Varies
Canadian Version
2015 Cisco Connect Toronto
Utility

Performance

2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Software and Syntax Variations
Catalyst 2960-X / 3560 / 3750 are the last platforms to use Multilayer Switch QoS (MLS QoS)
QoS is disabled by default and must be globally enabled with mls qos command
Once enabled, all ports are set to an untrusted port-state

Catalyst 3650/3850 and 4500 use IOS Modular QoS Command Line Interface (MQC)
QoS is enabled by default
All ports are trusted at layer 2 and layer 3 by default

Catalyst 6500/6800 use Cisco Common Classification Policy Language (C3PL) QoS
QoS is enabled by default (Sup2T) Disabled by default (Sup720)
All ports are trusted at layer 2 and layer 3 by default
C3PL presents queuing policies similar to MQC, but as a defined type of policy

Nexus 7000/7700 use NX-OS QoS


QoS is enabled by default
All ports are trusted at layer 2 and layer 3 by default
NX-OS presents queuing policies similar to MQC, but as a defined type and with default class-map names

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Trust Boundary

Trust Boundaries Untrusted / User-Administered Devices


no mls qos trust

Trust Boundary

The trust boundary is the edge where


Layer 2 (CoS / UP) and/or
Layer 3 (DSCP) Trusted Centrally-Administered Devices
mls qos trust dscp
markings are accepted or rejected

Trust Boundary

Centrally-Administered &
Conditionally-Trusted Devices
mls qos trust device
cisco-phone
cts
ip-camera
2017 Cisco and/or itsaffiliates.
media-player
All rights reserved. Cisco Public
Conditional Trust
Trust Boundary Extension to Cisco Devices If a Cisco IP Phone is detected then
Access Switch CoS-to-DSCP the trust boundary extends to the IP
Phone
Mapping Table
CoS 7 DSCP CS7 (56)
CoS 6 DSCP CS6 (48) The IP Phone sets CoS for Voice and
IP Phone CoS 5 DSCP EF (46)* Signaling and resets all else to 0
CoS Mapping Table CoS 4 DSCP CS4 (40)
CoS 6-7 CoS 0 CoS 3 DSCP CS3 (24)
The access switch maps CoS-to-
Voice CoS 5 CoS 2 DSCP CS2 (16) DSCP
Signaling CoS 3 CoS 1 DSCP CS1 (8)
CoS 0-4 CoS 0 CoS 0 DSCP DF (0)
* Non-Default Mapping

Trust Boundary
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Policy Enforcement Points (PEPs)
The Policy Enforcement Point (PEP) is the edge where classification and marking policies are enforced
The PEP may or may not be the same as the trust boundary
Multiple PEPs may exist for different types of network devices
e.g. switch PEP vs. router PEP

Note: For the sake of simplification, in this deck PEP will refer to
Trust Boundary
classification and marking policy enforcement points (only)
Switch Router and will not include other policy enforcement points (e.g. queuing).
PEP PEP

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Per-Port QoS vs. Per-VLAN QoS
Per-VLAN QoS
Per-Port QoS
Policy map is applied to the
logical VLAN interface
VLAN Interfaces VLAN Interfaces
VLAN 10 VLAN 20 VLAN 10 VLAN 20

Physical Ports Physical Ports

Policy map is applied to the interface gig 1/1-48


physical switch port mls qos vlan-based

interface Vlan 10
interface gig 1/1-48
service-policy input MARKING
service-policy input MARKING

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Campus QoS Design Considerations
Per-Port/Per-VLAN QoS

VLAN Interfaces
DVLAN 10

VVLAN 110

DVLAN policy map is applied Trunked Physical Ports


to the Data VLAN (only)
on a given trunked switch port VVLAN policy map is applied
to the Voice VLAN (only)
on a given trunked switch port

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Network Based Application Recognition (NBAR)
Business
applications types
of services

Content types of
services

Multi-Media &
Communications
services

SMB Commercial Enterprise Service Provider

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
NBAR2 Scale & Performance Improvements
40% performance improvement in just 2 releases
NBAR2 Packet Processing
5%

Fast-Path
Processed
95%

Measured on EMIX (SFR) benchmark NBAR2 Protocol-Discovery runs in Line Rate

Supported platforms: ISR-G2 (86x, 88x, 89x, 19xx, 29xx, 39xx), ISR 44xx, ASR1000, CSR 1000V,
WLC (2508, 8500, 7500, 55xx, 5760, 3850/5760 (AP based), IOS AP
ASA-CX

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
DNS-Authoritative Source (DNS-AS)
What is DNS-AS?

Application visibility end-to-end in the network


Light-weight application detection process
A scalable means of identifying encrypted & cloud applications
An efficient means to distribute application metadata
No client software requirement
Simplified end-to-end policy enforcement

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
DNS Lookup
DNS+Lookup:
TXT Record Request:
mail.timco.com
mail.timco.com
DNS-AS Operation TXT Record:
DNS A-Record:
172.16.0.7
mail.timco.com is 172.16.0.7
mail.timco.com
App ID = 378
1) Client requests a DNS Lookup App Class: BULK-DATA
Business Relevance: YES
2) Access Switch examines the DNS request
DNS
Server App
3) Internal DNS Server returns a DNS response (A-Record) Internal Server
Network
4) Access Switch requests application metadata information by
generating its own DNS query
5) Internal DNS Server returns application metadata
(A-Record + TXT Record)
6) Access Switch maintains a Binding Table of application metadata

IP Address PTR App-ID App-Class Business-


Relevance
172.16.0.7 mail.timco.com 378 Bulk Data YES
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
DNS Lookup:
mail.timco.com
DNS-AS Operation

1) Client requests a DNS Lookup

DNS
Server App
Internal Server
Network

2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
DNS Lookup:
mail.timco.com
DNS-AS Operation

1) Client requests a DNS Lookup


2) Access Switch examines the DNS request
DNS
Server App
Internal Server
Network

2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
DNS Lookup:
mail.timco.com
DNS-AS Operation
DNS A-Record:
mail.timco.com is 172.16.0.7

1) Client requests a DNS Lookup


2) Access Switch examines the DNS request
DNS
Server App
3) Internal DNS Server returns a DNS response (A-Record) Internal Server
Network

2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
DNS Lookup
DNS+Lookup:
TXT Record Request:
mail.timco.com
mail.timco.com
DNS-AS Operation
DNS A-Record:
mail.timco.com is 172.16.0.7

1) Client requests a DNS Lookup


2) Access Switch examines the DNS request
DNS
Server App
3) Internal DNS Server returns a DNS response (A-Record) Internal Server
Network
4) Access Switch requests application metadata information by
generating its own DNS query

2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
DNS Lookup
DNS+Lookup:
TXT Record Request:
mail.timco.com
mail.timco.com
DNS-AS Operation TXT Record:
DNS A-Record:
172.16.0.7
mail.timco.com is 172.16.0.7
mail.timco.com
App ID = 378
1) Client requests a DNS Lookup App Class: BULK-DATA
Business Relevance: YES
2) Access Switch examines the DNS request
DNS
Server App
3) Internal DNS Server returns a DNS response (A-Record) Internal Server
Network
4) Access Switch requests application metadata information by
generating its own DNS query
5) Internal DNS Server returns application metadata
(A-Record + TXT Record)

2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
DNS Lookup
DNS+Lookup:
TXT Record Request:
mail.timco.com
mail.timco.com
DNS-AS Operation TXT Record:
DNS A-Record:
172.16.0.7
mail.timco.com is 172.16.0.7
mail.timco.com
App ID = 378
1) Client requests a DNS Lookup App Class: BULK-DATA
Business Relevance: YES
2) Access Switch examines the DNS request
DNS
Server App
3) Internal DNS Server returns a DNS response (A-Record) Internal Server
Network
4) Access Switch requests application metadata information by
generating its own DNS query
5) Internal DNS Server returns application metadata
(A-Record + TXT Record)
6) Access Switch maintains a Binding Table of application metadata

IP Address PTR App-ID App-Class Business-


Relevance
172.16.0.7 mail.timco.com 378 Bulk Data YES
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Campus Ingress QoS Models
No Trust (Untrusted)
Trust DSCP
Trust CoS
Trust Device / Conditional Trust

(if required and supported)


Ingress Queuing Policies
Marking Policies (Optional) Policing Policies

VVLAN Yes
VoIP Classifier Mark EF VoIP Policer (<128 kbps) No
Drop
Yes
Signaling Classifier Mark CS3 Signaling Policer (<32 kbps) No
Drop

Yes
Multimedia Conferencing Classifier
Mark AF41 MM-Conf Policer (<5 Mbps) No
Drop
DVLAN Yes
Signaling Classifier Mark CS3 Signaling Policer (<32 kbps) No
Drop
Yes
Transactional Data Classifier Mark AF21 Trans-Data Policer (<10 Mbps) No
Remark to CS1
Yes
Bulk Data Classifier Mark AF11 Bulk Data Policer (<10 Mbps) No
Remark to CS1
Yes
Scavenger Classifier Mark CS1 Scavenger Policer (<10 Mbps) No
Drop
Yes
Best Effort (Class-Default) Mark DF Best Effort Policer (<10 Mbps) No
Remark to CS1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Catalyst Hardware Queuing
1P3Q1T Example

1 Priority Queue

1P BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Catalyst Hardware Queuing
1P3Q1T Example

1 Priority Queue

3 Non-Priority
Queues

1P3Q BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Catalyst Hardware Queuing
1P3Q1T Example
Each queue has 1 Drop Threshold
1 Priority Queue
(the tail of the queue)

3 Non-Priority
Queues

1P3Q1T
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Catalyst Hardware Queuing
1P3Q1T Example

Interrupt
Resume
Scheduling

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Weighted Tail Drop (WTD) Operation
3T WTD Example
Tail Front
of of
Queue Queue
Direction
of
Packet
Flow

Red Minimum WTD Threshold 1:


Begin tail dropping red packets

Yellow Minimum WTD Threshold 2:


Begin tail dropping yellow packets

Tail of Queue is WTD Threshold 3


BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Weighted Random Early Detect (WRED) Operation
4T WTD Example
Tail Front
of of
Queue Queue
Direction
of
Packet
Flow
AF13 Minimum WRED Threshold:
Begin randomly dropping AF13 Packets

AF12 Minimum WRED Threshold:


Begin randomly dropping AF12 Packets

AF11 Minimum WRED Threshold:


Begin randomly dropping AF11 Packets

Maximum WRED Thresholds for AF11, AF12 and AF13 are set to the tail of the queue in this example
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
EtherChannel QoS
EtherChannels are comprised of logical (Port-Channel) interfaces and physical
(port-member) interfaces
Ingress QoS policies are usually applied to the logical interfaces (but not always)
Egress QoS policies (such as queuing) are always applied to the physical port-
member interfaces
Platform QoS Policies Applied to the QoS Policies Applied to the
(Logical) Port-Channel (Physical) Port-Member
Interface Interfaces
Catalyst 2960-X Ingress & Egress
Catalyst 3650/3850 Ingress & Egress
Catalyst 4500 Ingress Egress
Catalyst 6500 Ingress Egress
Cisco Nexus 7000/7700 Ingress & Egress

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Campus QoS Design Best Practices
Always perform QoS in hardware rather than software when a choice exists
Classify and mark applications as close to their sources as technically and
administratively feasible
Police unwanted traffic flows as close to their sources as possible
Enable queuing policies at every node where the potential for congestion exists

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Campus Port QoS Roles
Untrusted Endpoint:
Port Set to Untrusted State
(or Explicit Policy to Mark to DSCP 0)
[Optional Ingress Marking and/or Policing]
[Ingress and] Egress Queuing

Trusted Port
Trust DSCP
Conditionally-Trusted Endpoint
(Default on all non-MLS QoS platforms)
Conditional-Trust with Trust-CoS or DSCP
[Ingress and] Egress Queuing
[Optional Ingress Marking and/or Policing]
[Ingress and] Egress Queuing BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Campus QoS DesignAt-A-Glance

https://cisco.box.com/s/55ckd6hbpjj8b1q2ok67mxyc73mldnwp
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Agenda
Campus QoS Design Considerations and Best Practices
Cisco Catalyst 2960 QoS Design
Cisco Catalyst 3650/3850 QoS Design
Cisco Catalyst 4500 QoS Design
Cisco Catalyst 6500/6800 QoS Design
Cisco Nexus 7000/7700 QoS Design
Campus WLAN QoS Design Considerations and Best Practices
Cisco IOS XE WLC AVC/QoS Design
Cisco AireOS WLC AVC/QoS Design

What are we doing to make this simpler?


Summary and References
Cisco Catalyst 2960-X
QoS Design
Catalyst 2960-X
QoS Roles in the Campus Access

No Trust +
Ingress Queuing +
Egress Queuing

Trust DSCP +
Ingress Queuing +
Egress Queuing

Conditional Trust +
Ingress Queuing +
C2960-X Egress Queuing
Access
Switch Classification/Marking +
[Optional Policing] +
Distribution Ingress Queuing +
Switches Egress Queuing

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Catalyst 2960-X Note: Catalyst 2960-X is QoS compatible with
QoS Design Steps the Catalyst 3560 & 3750, with the following
exceptions:
1. Enable QoS The Catalyst 3560 & 3750 support ingress
queuing policies, but the 2960-X does not.
2. Configure Ingress QoS Model(s): Similarly, the Catalyst 3560 & 3750 support
Trust Models VLAN-based QoS policies, but the 2960-X
Conditional Trust Model does not.
Service Policy Models
Note: Catalyst 2960-X must be running a LAN
3. Configure Egress Queuing Base image to support the following QoS
features
Policy maps
Policing & marking
Mapping tables
Weighted Tail Drop (WTD)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Catalyst 2960-X
Enabling QoS and Trust Models
Enabling QoS:
mls qos Shaded commands are global

Trust-CoS Model Example:


mls qos map cos-dscp 0 8 16 24 32 46 48 56 Key commands/parameters in RED
mls qos trust cos Highlighted commands are interface specific

Trust-DSCP Model Example:


mls qos trust dscp Note: CoS 5 which is explicitly mapped to DSCP 46

Conditional-Trust Model Example:


mls qos trust device cisco-phone [or]
mls qos trust device cts Note: Only one type of device may be configured at a time
[or]
mls qos trust device ip-camera [or]
mls qos trust device media-player

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Catalyst 2960-X
Conditional Trust Model Example

Conditional Trust Policy to a Cisco IP Phone:


mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos trust device cisco-phone
mls qos trust cos Note: All CoS-to-DSCP values are left at default
(DSCP = CoS * 8)

Except for CoS 5 which is explicitly mapped to DSCP 46


(Expedite Forwarding/EF, per RFC 3246 & 4594).
CoS must be
matched as Cisco IP
Phones only remark
at Layer 2

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Catalyst 2960-X
Marking Policy Model Example
class-map match-all VOIP policy-map MARKING-POLICY
match access-group name VOIP class VOIP
class-map match-all MULTIMEDIA-CONFERENCING set dscp ef
match access-group name MULTIMEDIA-CONFERENCING class MULTIMEDIA-CONFERENCING
class-map match-all SIGNALING set dscp af41
match access-group name SIGNALING class SIGNALING
class-map match-all TRANSACTIONAL-DATA set dscp cs3
match access-group name TRANSACTIONAL-DATA class TRANSACTIONAL-DATA
class-map match-all BULK-DATA set dscp af21
match access-group name BULK-DATA class BULK-DATA
class-map match-all SCAVENGER set dscp af11
match access-group name SCAVENGER class SCAVENGER
set dscp cs1
class class-default
set dscp default
service-policy input MARKING-POLICY

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Note: Remarking is performed by configuring a
policed-DSCP map with the global configuration
command mls qos map policed-dscp, which
Catalyst 2960-X specifies which DSCP values are subject to
remarking if out-of-profile and what value these
should be remarked as.
Marking & Policing Policy Example
In this example exceeding:
Best Effort (DSCP 0)
mls qos map policed-dscp 0 10 18 to 8 Bulk (AF11 / DSCP 10)
Transactional Data (AF21 / DSCP 18)
[class-maps omitted for brevity] are remarked to Scavenger (CS1 / DSCP 8).
policy-map MARKING&POLICING
class VVLAN-VOIP [continued]
set dscp ef class BULK-DATA
police 128k 8000 exceed-action drop set dscp af11
class VVLAN-SIGNALING police 10m 8000 exceed-action policed-dscp-transmit
set dscp cs3 class SCAVENGER
police 32k 8000 exceed-action drop set dscp cs1
class MULTIMEDIA-CONFERENCING police 10m 8000 exceed-action drop
set dscp af41 class DEFAULT
police 5m 8000 exceed-action drop set dscp default
class SIGNALING police 10m 8000 exceed-action policed-dscp-transmit
set dscp cs3 service-policy input MARKING&POLICING
police 32k 8000 exceed-action drop
class TRANSACTIONAL-DATA
set dscp af21
police 10m 8000 exceed-action policed-dscp-transmit

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Catalyst 2960-X
1P3Q3T Egress Queuing Model
Application DSCP 1P3Q3T

Network Control (CS7) AF1 Q4T2


Queue 4
CS1 (5%) Q4T1
Internetwork Control CS6

VoIP EF Default Queue


DF
Broadcast Video CS5 Queue 3 (35%)

Multimedia Conferencing AF4 CS7 Q2T3

Realtime Interactive CS4 CS6

Multimedia Streaming AF3 CS3 Q2T2


Queue 2
Signaling CS3 AF4 (30%) Q2T1
Transactional Data AF2 AF3

Network Management CS2 AF2


CS2
Bulk Data AF1
EF
Scavenger CS1 Q1
CS5
Best Effort DF Priority Queue
CS4
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Catalyst 2960-X
Note: The Catalyst 2960-X can also be
1P3Q3T Egress Queuing Model ConfigPart 1 of 2 configured to use an 8-queue model; however
this model is NOT supported in a stack, nor is
it supported if AutoQoS is enabled.

! This section configures egress buffers and thresholds


mls qos queue-set output 1 buffers 15 30 35 20 Allocates buffers to Q1, Q2, Q3 and Q4
(respectively)
mls qos queue-set output 1 threshold 1 100 100 100 100
mls qos queue-set output 1 threshold 2 80 90 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 100 100 400 Each queue has 4 thresholds:
WTD Threshold 1
! This section configures egress CoS-to-Queue mappings WTD Threshold 2
mls qos srr-queue output cos-map queue 1 threshold 3 4 5 Reserved Thresholdbuffers that may NOT
mls qos srr-queue output cos-map queue 2 threshold 1 2 be shared with adjacent port-queues
Maximum Thresholdmaximum amount of
mls qos srr-queue output cos-map queue 2 threshold 2 3 buffers may be borrowed from common buffer
mls qos srr-queue output cos-map queue 2 threshold 3 6 7 pools (if available)
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
If the packet enters the switch on a port that is set
to trust cos then these CoS-to-Queue mappings
will be used to determine how the packet is
queued on egress

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Catalyst 2960-X
1P3Q3T Egress Queuing Model ConfigPart 2 of 2 If the packet enters the switch on a port
that is set to trust dscp then these
! This section configures egress DSCP-to-Queue mappings DSCP-to-Queue mappings will be used to
determine how the packet is queued on
mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46 egress
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22
mls qos srr-queue output dscp-map queue 2 threshold 1 26 28 30 34 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

! This section configures interface egress queuing parameters


queue-set 1
srr-queue bandwidth share 1 30 35 5
priority-queue out

Enables the PQ Allocates bandwidth to each queue by means of a WRR weight.


Q1 weight is ignored, as its operating as a PQ

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Catalyst 2960-X
EtherChannel QoS Design

All QoS policies are configured on the physical port-member interfaces only

Platform QoS Policies Applied to the QoS Policies Applied to the


(Logical) Port-Channel Interface (Physical) Port-Member Interfaces
Catalyst 2960/3560/3750 Classification & Marking (Ingress)
and Queuing (Egress)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Catalyst 2960-X QoS Design At-A-Glance

https://cisco.box.com/s/piu1vbsrg1vrnavemvqqlvwq9xqji64x
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Catalyst 3650/3750 QoS Design At-A-Glance

https://cisco.box.com/s/zh9b5k1sqh91pp96rb27vwiotlu8ypdf
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Agenda
Campus QoS Design Considerations and Best Practices
Cisco Catalyst 2960-X QoS Design
Cisco Catalyst 3650/3850 QoS Design
Cisco Catalyst 4500 QoS Design
Cisco Catalyst 6500/6800 QoS Design
Cisco Nexus 7000/7700 QoS Design
Campus WLAN QoS Design Considerations and Best Practices
Cisco IOS XE WLC AVC/QoS Design
Cisco AireOS WLC AVC/QoS Design

What are we doing to make this simpler?


Summary and References
Cisco Catalyst 3650/3850
QoS Design
Catalyst 3650/3850
QoS Roles in the Campus Access
No Trust +
Egress Queuing

Trust DSCP +
C3650/3850 Egress Queuing
Access
Switch Conditional Trust +
Egress Queuing

Classification/Marking +
[Optional Policing] +
Egress Queuing

Wireless Per-Port / Per-SSID / Per-Client Policies:


[Optional: Classification/ Marking]
[Optional: Policing]
Distribution 2P2Q+AFD Egress Queuing
Switches

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Catalyst 3650/3850
QoS Design Steps
1. Configure Ingress QoS Model(s):
Trust DSCP Model*
Conditional Trust Models (wired ports only)
Service Policy Models (wired or wireless ports)
2. Configure Egress Queuing
Wired Queuing Models: 8Q3T or 1P7Q3T or 2P6Q3T
Wireless Queuing Model: 2P2Q+AFD

*Note: Catalyst 3650/3850 IOS MQC trusts all wired ports by default
Prior to IOS XE 3.3, wireless ports were set to an untrusted state by default.
However, this default setting can be globally disabled with the following command:
no qos wireless-default-untrust
Beginning with IOS XE 3.3, wireless ports are also trusted by default

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Catalyst 3650/3850
Conditional Trust Models
Cisco IP Phone Conditional Trust Example

Conditional-Trust Models:
interface GigabitEthernet 1/0/1
trust device cisco-phone [or]
trust device cts
[or]
trust device ip-camera
[or]
trust device media-player

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Catalyst 3650/3850
Conditional Trust Models
Cisco IP Phone Conditional Trust Example

Conditional-Trust Models:
interface GigabitEthernet 1/0/1
trust device cisco-phone [or]
trust device cts
[or]
trust device ip-camera
[or]
trust device media-player
Only one type of device can be configured for
conditional trust on an interface at a given time

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Catalyst 3650/3850
Conditional Trust Models
Conditional-Trust
Cisco IP Phone (Cisco IP Phone)
Conditional Example:
Trust Example
class-map match-any VOICE
match cos 5
Conditional-Trust Models: class-map match-any SIGNALING
interface GigabitEthernet 1/0/1 match cos 3
trust device cisco-phone [or]
trust device cts policy-map CISCO-IPPHONE
[or] class VOICE
trust device ip-camera set dscp ef
[or] class SIGNALING
trust device media-player set dscp cs3
Only one type of device can be configured for class class-default
conditional trust on an interface at a given time set dscp default
interface GigabitEthernet 1/0/1
trust device cisco-phone
service-policy input CISCO-IPPHONE

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Catalyst 3650/3850 Only match-any is supported
(i.e. match-all is not supported)
Conditional Trust Models
Conditional-Trust
Cisco IP Phone (Cisco IP Phone)
Conditional Example:
Trust Example
class-map match-any VOICE CoS
CoSmust
must be
be
match cos 5 matched
matchedasasCisco
Conditional-Trust Models: class-map match-any SIGNALING
Cisco
IP
IPPhones
Phonesonly
only
interface GigabitEthernet 1/0/1 match cos 3 remark
remarkat
atLayer
Layer22
trust device cisco-phone [or]
trust device cts policy-map CISCO-IPPHONE
[or] class VOICE
trust device ip-camera set dscp ef
[or] class SIGNALING
trust device media-player set dscp cs3
Only one type of device can be configured for class class-default
conditional trust on an interface at a given time set dscp default
interface GigabitEthernet 1/0/1
trust device cisco-phone
service-policy input CISCO-IPPHONE

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Catalyst 3650/3850
Classification Options

ACL-based classification: match access-group ACL_NAME


Syntax is identical to Catalyst 2K ACL-based classification & marking examples

NBAR2 classification (IOS XE 16.3+): match protocol APPLICATION

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Catalyst 3650/3850 IOS XE 16.3
Configuring NBAR2 QoS Policies policy-map NBAR-MARKING
class-map match-any VOICE class VOICE
match protocol cisco-phone set dscp ef
match protocol cisco-jabber-audio class BROADCAST-VIDEO
match protocol ms-lync-audio set dscp cs5
match protocol citrix-audio class REAL-TIME-INTERACTIVE
class-map match-any BROADCAST-VIDEO set dscp cs4
match protocol cisco-ip-camera class CALL-SIGNALING
class-map match-any REAL-TIME-INTERACTIVE set dscp cs3
match protocol telepresence-media class TRANSACTIONAL-DATA
class-map match-any CALL-SIGNALING set dscp af21
match protocol skinny class BULK-DATA
match protocol telepresence-control set dscp af11
class-map match-any TRANSACTIONAL-DATA class SCAVENGER
match protocol citrix set dscp cs1
match protocol sap class class-default
class-map match-any BULK-DATA set dscp default
match protocol attribute category email
match protocol attribute category file-sharing
match protocol attribute sub-category backup-systems
class-map match-any SCAVENGER
match protocol attribute category gaming
match protocol attribute application-group skype-group
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
match protocol enables NBAR2 classification
Catalyst 3650/3850 IOS XE 16.3 Note: Up to 16 match protocol statements are
supported per class-map
Configuring NBAR2 QoS Policies policy-map NBAR-MARKING
class-map match-any VOICE class VOICE
match protocol cisco-phone set dscp ef
match protocol cisco-jabber-audio class BROADCAST-VIDEO
match protocol ms-lync-audio set dscp cs5
match protocol citrix-audio class REAL-TIME-INTERACTIVE
class-map match-any BROADCAST-VIDEO set dscp cs4
match protocol cisco-ip-camera class CALL-SIGNALING
class-map match-any REAL-TIME-INTERACTIVE set dscp cs3
match protocol telepresence-media class TRANSACTIONAL-DATA
class-map match-any CALL-SIGNALING set dscp af21
match protocol skinny class BULK-DATA
match protocol telepresence-control set dscp af11
class-map match-any TRANSACTIONAL-DATA class SCAVENGER
match protocol citrix set dscp cs1
match protocol sap class class-default
class-map match-any BULK-DATA set dscp default
match protocol attribute category email
match protocol attribute category file-sharing Note:
Note: Multiple
Multiple application
application protocols protocols can can be
be
match protocol attribute sub-category backup-systems identified using attributes,
identified using attributes, including: including:
class-map match-any SCAVENGER category
category
match protocol attribute category gaming sub-category
sub-category
match protocol attribute application-group skype-group application-group
application-group More to come!
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Holy Grail QoS Configuration: NBAR2 1400+ App / 12-Class Model
class-map match-all VOICE
match protocol attribute traffic-class voip-telephony policy-map MARKING
match protocol attribute business-relevance business-relevant class VOICE
class-map match-all BROADCAST-VIDEO set dscp ef
match protocol attribute traffic-class broadcast-video class BROADCAST-VIDEO
match protocol attribute business-relevance business-relevant set dscp cs5
class-map match-all REAL-TIME-INTERACTIVE class REAL-TIME-INTERACTIVE
match protocol attribute traffic-class real-time-interactive set dscp cs4
match protocol attribute business-relevance business-relevant class MULTIMEDIA-CONFERENCING
class-map match-all MULTIMEDIA-CONFERENCING set dscp af41
match protocol attribute traffic-class multimedia-conferencing class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant set dscp af31
class-map match-all MULTIMEDIA-STREAMING
class SIGNALING
match protocol attribute traffic-class multimedia-streaming
set dscp cs3
match protocol attribute business-relevance business-relevant
class-map match-all SIGNALING
class NETWORK-CONTROL
match protocol attribute traffic-class signaling set dscp cs6
match protocol attribute business-relevance business-relevant class NETWORK-MANAGEMENT
class-map match-all NETWORK-CONTROL set dscp cs2
match protocol attribute traffic-class network-control class TRANSACTIONAL-DATA
match protocol attribute business-relevance business-relevant set dscp af21
class-map match-all NETWORK-MANAGEMENT class BULK-DATA
match protocol attribute traffic-class ops-admin-mgmt set dscp af11
match protocol attribute business-relevance business-relevant class SCAVENGER
class-map match-all TRANSACTIONAL-DATA set dscp cs1
match protocol attribute traffic-class transactional-data class class-default
match protocol attribute business-relevance business-relevant set dscp default
class-map match-all BULK-DATA
match protocol attribute traffic-class bulk-data
match protocol attribute business-relevance business-relevant Already supported on IOS/IOS XE Routers
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant Coming soon for Catalyst 3650/3850
IOS XE 16.5 (Spring 2017)
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Catalyst 3650/3850
Marking Policy Example
! This section attaches the service-policy
! to a wired interface(s)
interface range GigabitEthernet 1/0/1-48
service-policy input MARKING

! This section attaches the service-policy


! to a wireless interface(s) at the SSID level
wlan EMPLOYEE-WLAN
service-policy input MARKING

! This section attaches the service-policy


! to a wireless interface(s) at the client level
wlan EMPLOYEE-WLAN
service-policy client input MARKING

Inclusion of the client keyword applies


the service-policy at the client level

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
All markdown and/or
Catalyst 3650/3850 mapping operations
are configured
through table-maps
Marking & Policing Policy ExamplePart 1 of 2
policy-map MARKING&POLICING [continued]
class VVLAN-VOIP class TRANSACTIONAL-DATA
set dscp ef set dscp af21 table-map TABLE-MAP
police 128k police 10m map from 0 to 8
conform-action transmit conform-action transmit map from 10 to 8
exceed-action drop exceed-action TABLE-MAP map from 18 to 8
class VVLAN-SIGNALING class BULK-DATA
set dscp cs3 set dscp af11
police 32k police 10m
conform-action transmit conform-action transmit
exceed-action drop exceed-action TABLE-MAP
class MULTIMEDIA-CONFERENCING class SCAVENGER
set dscp af41 set dscp cs1 Policing to remark traffic
police 5m police 10m is done by referencing
conform-action transmit conform-action transmit the previously-configured
exceed-action drop exceed-action drop table-map
class SIGNALING class class-default
set dscp cs3 set dscp default
police 32k police 10m
conform-action transmit conform-action transmit
exceed-action drop exceed-action TABLE-MAP
Policers can may be set to either remark or drop excess traffic
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Catalyst 3650/3850
Per-Port/Per-VLAN Policy

class-map VVLAN
match vlan 110 Individual
Individual(trunked)
(trunked) VLANs
VLANs are
are
class-map DVLAN matched
matched byby the
the match
match vlan
vlan command
command
match vlan 10
policy-map VLAN-POLICERS
class VVLAN
police 192k
conform-action transmit exceed-action drop Policers are applied on a per-VLAN
Policers are applied on a Per-VLAN basis
class DVLAN basis
police 50m
conform-action transmit exceed-action drop

interface GigabitEthernet 1/0/1


service-policy input VLAN-POLICERS Per-VLAN policers are then applied on a Per-Port basis

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Catalyst Hardware Queuing PQ1

2P6Q3T Example PQ2

Interrupt
Scheduling
Interrupt
Scheduling

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Catalyst 3650/3850
2P6Q3T with Weighted Tail Drop (WTD) Wired Port Egress Queuing Model

Application DSCP 2P6Q3T BWR =


Bandwidth
Network Control (CS7) EF PQ Level 1 (10%) Remaining
Internetwork Control CS6 CS5
PQ Level 2 (20%) WTD =
CS4
VoIP EF Weighted
CS7 & CS6 Tail
Broadcast Video CS5 Q6
Drop
CS3 & CS2 (BWR 10%)
Multimedia Conferencing AF4
Q5
AF4
Realtime Interactive CS4 (BWR 10% + WTD)
Multimedia Streaming AF3 AF3 Q4
(BWR 10% + DSCP-Based WTD)
Signaling CS3
Q3
Transactional Data AF2 AF2
(BWR 10% + DSCP-Based WTD)
Network Management CS2
AF1 Q2
Bulk Data AF1
CS1 (BWR 5% + DSCP-Based WTD)
Scavenger CS1

Best Effort DF DF Q1 (BWR 25%)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Catalyst 3650/3850
2P6Q3T+WTD Wired Port Egress Queuing Config Part 1of 2
class-map match-any VOICE-PQ1 Note: On platforms with shared buffer and TCAM
match dscp ef architectures (2960/3560/3750/3650/3850/4500),
class-map match-any VIDEO-PQ2 show policy-map interface commands do not report
match dscp cs4 per-port packets or byte-counters.
match dscp cs5 This is a limitation of shared hardware architectures.
class-map match-any CONTROL-MGMT-QUEUE
match dscp cs7 cs6 cs3 cs2
class-map match-any MULTIMEDIA-CONFERENCING-QUEUE
match dscp af41 af42 af43
class-map match-any MULTIMEDIA-STREAMING-QUEUE
match dscp af31 af32 af33
class-map match-any TRANSACTIONAL-DATA-QUEUE
match dscp af21 af22 af23
class-map match-any SCAVENGER-BULK-DATA-QUEUE
match dscp cs1 af11 af12 af13

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Catalyst 3650/3850
2P6Q3T+WTD Wired Port Egress Queuing Config Part 2 of 2
policy-map 2P6Q3T [continued]
class VOICE-PQ1 class MULTIMEDIA-STREAMING-QUEUE
priority level 1 bandwidth remaining percent 10
police rate percent 10 queue-buffers ratio 10
class VIDEO-PQ2 queue-limit dscp af33 percent 80
priority level 2 queue-limit dscp af32 percent 90
police rate percent 20 queue-limit dscp af31 percent 100
class CONTROL-MGMT-QUEUE class TRANSACTIONAL-DATA-QUEUE
bandwidth remaining percent 10 bandwidth remaining percent 10
queue-buffers ratio 10 queue-buffers ratio 10
class MULTIMEDIA-CONFERENCING-QUEUE queue-limit dscp af23 percent 80
bandwidth remaining percent 10 queue-limit dscp af22 percent 90
queue-buffers ratio 10 queue-limit dscp af21 percent 100
queue-limit dscp af43 percent 80 class SCAVENGER-BULK-DATA-QUEUE
queue-limit dscp af42 percent 90 bandwidth remaining percent 5
queue-limit dscp af41 percent 100 queue-buffers ratio 10
queue-limit dscp values af13 cs1 percent 80
queue-limit dscp values af12 percent 90
queue-limit dscp values af11 percent 100
class class-default
bandwidth remaining percent 25
queue-buffers ratio 25
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Catalyst 3650/3850 If a PQ is enabled then
2P6Q3T+WTD Wired Port Egress Queuing Config Part 2 of 2 non-PQs must use
bandwidth remaining
policy-map 2P6Q3T [continued]
class VOICE-PQ1 class MULTIMEDIA-STREAMING-QUEUE
Two-levels of priority bandwidth remaining percent 10
priority level 1 Allocates
queuing are supported queue-buffers ratio 10
police rate percent 10 buffers to
class VIDEO-PQ2 queue-limit dscp af33 percent 80 non-PQs
priority level 2 queue-limit dscp af32 percent 90
police rate percent 20 queue-limit dscp af31 percent 100
class CONTROL-MGMT-QUEUE class TRANSACTIONAL-DATA-QUEUE
bandwidth remaining percent 10 bandwidth remaining percent 10
queue-buffers ratio 10 queue-buffers ratio 10
class MULTIMEDIA-CONFERENCING-QUEUE queue-limit dscp af23 percent 80 Tunes WTD
bandwidth remaining percent 10 queue-limit dscp af22 percent 90 WTD
to better
to
queue-buffers ratio 10 queue-limit dscp af21 percent 100 align to an
queue-limit dscp af43 percent 80 class SCAVENGER-BULK-DATA-QUEUE AF PHB
queue-limit dscp af42 percent 90 bandwidth remaining percent 5
queue-limit dscp af41 percent 100 queue-buffers ratio 10
queue-limit dscp values af13 cs1 percent 80
queue-limit dscp values af12 percent 90
queue-limit dscp values af11 percent 100
interface range GigabitEthernet 1/0/1-48 class class-default Needed if >3
service-policy output 2P6Q3T bandwidth remaining percent 25 DSCPs are
queue-buffers ratio 25 mapped to WTD
thresholds
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
This feature is explained in detail in BRKRST-3057 The Blood and Guts and Gore of QoS

Queue-Soft-Multiplier Function

queue-softmax-multiplier 1200 IOS: 15.2(2)E3 / IOS XE: 3.6.3E

Key Takeaways: 1000% Increase in buffering capacity of Real-Time Queues


and 400+% increase in buffering capacity of non-real-time queues
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Catalyst 3650/3850
Hierarchical QoS PoliciesQueuing within Shaped Rate Example

policy-map 50MBPS-SHAPER
class class-default Defines the sub-line rate (CIR)
shape average 50000000
service-policy 2P6Q3T Provides back-pressure to the system to
interface GigabitEthernet 1/0/1 engage the (previously-defined) queuing
service-policy output 50MBPS-SHAPER policy, so that packets are properly
prioritized within the sub-line rate

Only the Hierarchical Shaping policy is


attached to the interface(s)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Catalyst 3650/3850
EtherChannel QoS Design
All QoS policies are configured on the physical port-member interfaces only

Platform QoS Policies Applied to the QoS Policies Applied to the


(Logical) Port-Channel Interface (Physical) Port-Member Interfaces
Catalyst 3850 / 3650 Classification & Marking (Ingress)
and Queuing (Egress)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Catalyst 3650/3850 QoS DesignAt-A-Glance

https://cisco.box.com/s/59zvfbxza76iptay6u620bn1w9unm7ak
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
NBAR QoS Attributes AAG

https://cisco.box.com/s/3jxd2439e1rhu6zjh9q4d0uxcpf734n9
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Agenda
Campus QoS Design Considerations and Best Practices
Cisco Catalyst 2960-X QoS Design
Cisco Catalyst 3650/3850 QoS Design
Cisco Catalyst 4500 QoS Design
Cisco Catalyst 6500/6800 QoS Design
Cisco Nexus 7000/7700 QoS Design
Campus WLAN QoS Design Considerations and Best Practices
Cisco IOS XE WLC AVC/QoS Design
Cisco AireOS WLC AVC/QoS Design

What are we doing to make this simpler?


Summary and References
Cisco Catalyst 4500
QoS Design
Catalyst 4500
QoS Roles in the Campus Distribution

Trust DSCP +
Egress Queuing

Core Switches

Access
Switches Catalyst 4500
Distribution
Switches

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Catalyst 4500
QoS Design Steps
1. Configure Ingress QoS Model(s):
DSCP-Trust Model*
Conditional Trust Model
Service Policy Models
2. Configure Egress Queuing

*Note: Catalyst 4500 uses IOS MQC, which trusts by default;


therefore no explicit policy is required for DSCP trust

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Catalyst 4500
Conditional Trust Example
class-map match-all VOICE
match cos 5 Catalyst 4500 supports both match-all (logical AND)
class-map match-all SIGNALING and match-any (logical OR) operators
match cos 3

policy-map CISCO-IPPHONE
class VOICE
set dscp ef
class SIGNALING
set dscp cs3
class class-default
set dscp default

interface GigabitEthernet 3/1


qos trust device cisco-phone
service-policy input CISCO-IPPHONE

Conditional trust command (trust device) must be


prefaced by qos on the Catalyst 4500

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Catalyst 4500
Classification Options

ACL-based classification: match access-group ACL_NAME


Syntax is identical to Catalyst 2K ACL-based classification & marking examples

DNS-AS classification (IOS 15.2(5)E / IOS XE 3.9.0E) match protocol attribute

Note: The Catalyst 4500 does NOT support NBAR2

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
IOS 15.2(5)E
Catalyst 4500 IOS XE 3.9.0E
DNS-AS Classification & Marking Policy Example (Part 1 of 2)
! Enables DNS-AS
avc dns-as client enable
!
avc dns-as client trusted-domains
domain ^.*f1.*$
Identifies domains from which metadata may be
domain ^.*cisco.*$ received and trusted for policy-purposes
domain *.toocoolforyou.net
domain *.sontowski.de
domain *.pension-solutions.de
domain *.bav-spezialist.de
domain *.sontowski-immobilien.de Configures basic DNS lookup-info
domain *.pegasus-cp.de
domain *.via-vorsorge.de
domain *.blackberry.net
domain *.eu.blackberry.net
domain *.evorsorge.de ip domain round-robin
domain *.dns-as.org ip domain-list toocoolforyou.net
domain *.nbar2web.org ip domain-lookup source-interface Loopback0
domain *.f1-consult.com ip domain-name toocoolforyou.net
domain *.f1-consult.de ip name-server 192.168.167.244
domain *.f1-online.net ip name-server 192.168.168.244
domain *.f1v4.net
domain *.f1v6.net

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Catalyst 4500 DNS-AS Classification & Marking Example (Part 2 of 2) IOS 15.2(5)E
class-map match-all VOICE Same Holy Grail classification policy as on
match protocol attribute traffic-class voip-telephony other router/switch platforms IOS XE 3.9.0E
match protocol attribute business-relevance business-relevant
class-map match-all BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video
policy-map MARKING
match protocol attribute business-relevance business-relevant
class VOICE
class-map match-all REAL-TIME-INTERACTIVE
set dscp ef
match protocol attribute traffic-class real-time-interactive
class BROADCAST-VIDEO
match protocol attribute business-relevance business-relevant
set dscp cs5
class-map match-all MULTIMEDIA-CONFERENCING
class REAL-TIME-INTERACTIVE
match protocol attribute traffic-class multimedia-conferencing
set dscp cs4
match protocol attribute business-relevance business-relevant
class MULTIMEDIA-CONFERENCING
class-map match-all MULTIMEDIA-STREAMING
set dscp af41
match protocol attribute traffic-class multimedia-streaming
class MULTIMEDIA-STREAMING
match protocol attribute business-relevance business-relevant
set dscp af31
class-map match-all SIGNALING
class SIGNALING
match protocol attribute traffic-class signaling
set dscp cs3
match protocol attribute business-relevance business-relevant
class NETWORK-CONTROL
class-map match-all NETWORK-CONTROL
set dscp cs6
match protocol attribute traffic-class network-control
class NETWORK-MANAGEMENT
match protocol attribute business-relevance business-relevant
set dscp cs2
class-map match-all NETWORK-MANAGEMENT
class TRANSACTIONAL-DATA
match protocol attribute traffic-class ops-admin-mgmt
set dscp af21
match protocol attribute business-relevance business-relevant
class BULK-DATA
class-map match-all TRANSACTIONAL-DATA
set dscp af11
match protocol attribute traffic-class transactional-data
class SCAVENGER
match protocol attribute business-relevance business-relevant
set dscp cs1
class-map match-all BULK-DATA
class class-default
match protocol attribute traffic-class bulk-data
set dscp default
match protocol attribute business-relevance business-relevant
class-map match-all SCAVENGER
match protocol attribute business-relevance business-irrelevant 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Catalyst 4500
Marking & Policing Policy Example
policy-map MARKING&POLICING class BULK-DATA
class VOIP police 10m bc 8000
police 128k bc 8000 conform-action set-dscp-transmit af11
conform-action set-dscp-transmit ef exceed-action set-dscp-transmit af12
exceed-action drop class SCAVENGER
class SIGNALING police 10m bc 8000
police 32k bc 8000 conform-action set-dscp-transmit cs1
conform-action set-dscp-transmit cs3 exceed-action drop
exceed-action drop class class-default
class MULTIMEDIA-CONFERENCING police 10m bc 8000
police 5m bc 8000 conform-action set-dscp-transmit default
conform-action set-dscp-transmit af41 exceed-action set-dscp-transmit cs1
exceed-action set-dscp-transmit af42
class TRANSACTIONAL-DATA interface GigabitEthernet 3/1
police 10m bc 8000 service-policy input MARKING&POLICING
conform-action set-dscp-transmit af21
exceed-action set-dscp-transmit af22
Marking/remarking is configured as part of the policing action
(i.e. no table-map or markdown-map is referenced)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Catalyst 4500
Per-Port/Per-VLAN QoS Policy Example
interface range GigabitEthernet 2/1-48
qos trust device cisco-phone
vlan 10 Per-Port/Per-VLAN policies can be applied to
service-policy input DVLAN-POLICERS a specific VLAN on a trunked interface via an
vlan 110 interface-VLAN
via an interface-VLAN
configuration
configuration
mode mode
service-policy input VVLAN-POLICERS

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Catalyst 4500
1P7Q1T+Dynamic Buffer Limiting (DBL) Egress Queuing Model
Application DSCP 1P7Q1T (+DBL)

Network Control (CS7) EF


Internetwork Control CS6 CS5 PQ
CS4
VoIP EF
CS7 & CS6 Q7
Broadcast Video CS5
CS3 & CS2 (BWR 10%)
Multimedia Conferencing AF4
Q6
AF4
Realtime Interactive CS4 (BWR 10%)
Multimedia Streaming AF3 AF3 Q5
(BWR 10%)
Signaling CS3
Q4
Transactional Data AF2 AF2
(BWR 10%)
Network Management CS2
Q3 BWR =
AF1
Bulk Data AF1 (BWR 4%) Bandwidth
Remaining
Scavenger CS1 CS1 Q2 (BWR 1%)

Best Effort DF DF Q1 (25%)


2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Catalyst 4500 If PQ is enabled then
bandwidth remaining
1P7Q1T+DBL Egress Queuing Config must be used

class-map match-all PRIORITY-QUEUE Enables the PQ policy-map 1P7Q1T


match dscp cs4 cs5 ef class PRIORITY-QUEUE
class-map match-all CONTROL-MGMT-QUEUE priority
match dscp cs7 cs6 cs3 cs2 class CONTROL-MGMT-QUEUE
class-map match-all MULTIMEDIA-CONFERENCING-QUEUE bandwidth remaining percent 10
match dscp af41 af42 af43 class MULTIMEDIA-CONFERENCING-QUEUE
class-map match-all MULTIMEDIA-STREAMING-QUEUE bandwidth remaining percent 10
match dscp af31 af32 af33 class MULTIMEDIA-STREAMING-QUEUE
class-map match-all TRANSACTIONAL-DATA-QUEUE bandwidth remaining percent 10
match dscp af21 af22 af23 class TRANSACTIONAL-DATA-QUEUE
class-map match-all BULK-DATA-QUEUE bandwidth remaining percent 10
match dscp af11 af12 af13 dbl
class-map match-all SCAVENGER-QUEUE class BULK-DATA-QUEUE
match dscp cs1 bandwidth remaining percent 4
dbl
class SCAVENGER-QUEUE
DBL can be enabled on a per-class basis, but
DBL can be enabled on a per-class basis, bandwidth remaining percent 1
should not be enabled on the PQ or Control
but should not be enabled on the PQ or Control traffic queues class class-default
traffic queues.
bandwidth remaining percent 25
Enabling DBL on UDP-based queues and/or Scavenger queue dbl
Enabling DBL on UDP-based queues and/or
is optional
Scavenger queue is optional service-policy output 1P7Q1T
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Catalyst 4500
EtherChannel QoS Design
Classification & Marking (Ingress) QoS policies are configured on the logical Port-
Channel interface
Typically these are simply to enable DSCP trust (which requires no explicit
configuration)
Queuing (Egress) QoS policies are configured on the physical port-member
interfaces

Platform QoS Policies Applied to the QoS Policies Applied to the (Physical)
(Logical) Port-Channel Interface Port-Member Interfaces
Catalyst 4500 Classification & Marking Queuing (Egress)
(Ingress)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Catalyst 4500 Campus QoS Design At-A-Glance

https://cisco.box.com/s/o59teb64t4zxwdrfadz1kngv4eorucwe
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
DNS-AS At-A-Glance

https://cisco.box.com/s/bhkegry3mwuugqxnktusq327daegvwpt
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Agenda
Campus QoS Design Considerations and Best Practices
Cisco Catalyst 2960-X QoS Design
Cisco Catalyst 3650/3850 QoS Design
Cisco Catalyst 4500 QoS Design
Cisco Catalyst 6500/6800 QoS Design
Cisco Nexus 7000/7700 QoS Design
Campus WLAN QoS Design Considerations and Best Practices
Cisco IOS XE WLC AVC/QoS Design
Cisco AireOS WLC AVC/QoS Design

What are we doing to make this simpler?


Summary and References
Cisco Catalyst 6500 & 6800
QoS Design
Cisco Catalyst 6500/6800
QoS Roles in the Campus Core

Catalyst 6500/6800
Core Switches

Trust DSCP
+ Ingress Queuing
+ Egress Queuing

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Cisco Catalyst 6500/6800
QoS Design Steps

1. Configure Ingress Queuing


2. Configure Egress Queuing

Catalyst 6500 IOS C3PL trusts by default;


therefore no explicit policy is required for DSCP trust

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
All Catalyst 6500-Sup2T
Cisco Catalyst 6500/6800 Queuing Models are detailed
in the Appendix
2P6Q4T (Ingress & Egress Queuing ModelsDSCP-to-Queue
Application-Class DSCP 2P6Q4T
Ingress and Egress
queuing models
Network Control (CS7) Voice-PQ1 varies by line
EF (Priority Level 1) card/module.
Internetwork Control CS6

VoIP EF CS5 Video-PQ2


CS4 (Priority Level 2) Refer to the
Broadcast Video CS5 6500/6800 QoS
CS6 & CS7 Control/Mgmt Queue
Multimedia Conferencing AF4
Configuration Guide
CS2 & CS3 (5% BWR)
or data sheets to
Realtime Interactive CS4 Multimedia-Conferencing Queue ensure that you use
AF4 (20% BWR + DSCP-WRED) the proper queuing
Multimedia Streaming AF3 AF4
module for a given
Signaling CS3 AF3 Multimedia-Streaming Queue line card.
(20% BWR + DSCP-WRED)
Transactional Data AF2
AF2 Transactional Data Queue
Network Management CS2 (10% BWR + DSCP-WRED)

Bulk Data AF1 AF1 Bulk Data Queue


Scavenger CS1 CS1 (5% BWR + DSCP-WRED)

Default Queue
Best Effort DF DF
(WRED)

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/qos_policy_based_queueing.html
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Unless specified otherwise, the
default C3PL class-map and
Cisco Catalyst 6500/68002P6Q4T Model policy-map type is qos
(classification, marking, policing)
Part 1 of 3Common Ingress & Egress Queuing Class-Maps
class-map type lan-queuing match-all VOICE-PQ1 Class-maps and policy-maps
match dscp ef used for ingress and/or egress
class-map type lan-queuing match-all VIDEO-PQ2 queuing policies must be explicitly
match dscp cs4 cs5 configured as type lan-queuing
class-map type lan-queuing match-all CONTROL-MGMT-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all MULTIMEDIA-CONFERENCING-QUEUE
match dscp af41 af42 af43
class-map type lan-queuing match-all MULTIMEDIA-STREAMING-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all TRANSACTIONAL-DATA-QUEUE
match dscp af21 af22 af23
class-map type lan-queuing match-all SCAVENGER-BULK-DATA-QUEUE
match dscp cs1 af11 af12 af13

Note: A C3PL interface may support up to 4 QoS policies:


service-policy type qos input
service-policy type qos output
service-policy type lan-queuing input
service-policy type lan-queuing output
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Cisco Catalyst 6500/68002P6Q4T Model
Part 2 of 32P6Q4T Queuing Policy-Map
Policy-map must be defined as type lan-queuing

policy-map type lan-queuing 2P6Q4T


class VOICE-PQ1
priority level 1 Enables egress Priority Queue 1 (highest level of service)
class VIDEO-PQ2
priority level 2 Enables egress Priority Queue 2 (can only be interrupted by PQ1)
class CONTROL-MGMT-QUEUE
bandwidth remaining percent 5 bandwidth remaining is required
class MULTIMEDIA-CONFERENCING-QUEUE (as PQ is enabled)
bandwidth remaining percent 20
random-detect dscp af41 percent 80 100
random-detect dscp af42 percent 70 100
random-detect dscp af43 percent 60 100 Tunes WRED to better align
class MULTIMEDIA-STREAMING-QUEUE to the AF PHB
bandwidth remaining percent 20
random-detect dscp af31 percent 80 100
random-detect dscp af32 percent 70 100
random-detect dscp af33 percent 60 100

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Cisco Catalyst 6500/68002P6Q4T Model
Part 3 of 32P6Q4T Queuing Policy-Map (continued)
[continued]
class TRANSACTIONAL-DATA-QUEUE
bandwidth remaining percent 10
random-detect dscp-based
random-detect dscp af21 percent 80 100
random-detect dscp af22 percent 70 100
random-detect dscp af23 percent 60 100
class BULK-DATA-QUEUE
bandwidth remaining percent 5
random-detect dscp-based
random-detect dscp af11 percent 80 100
random-detect dscp af12 percent 70 100
random-detect dscp cs1 percent 50 100
class class-default
random-detect dscp-based
random-detect dscp default percent 80 100
service-policy type lan-queuing input 2P6Q4T
service-policy type lan-queuing output 2P6Q4T

type lan-queuing must also be


specified in the service-policy statement
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Cisco Catalyst 6500/6800
EtherChannel QoS Design
Classification & Marking (Ingress) QoS policies are configured on the logical
Port-Channel interface
No ingress policies typically needed for C6500/6800 EtherChannels
(as all ports trust DSCP & CoS by default)
Queuing (Ingress & Egress) QoS policies are configured on the physical port-
member interfaces

Platform QoS Policies Applied to the QoS Policies Applied to the


(Logical) Port-Channel Interface (Physical) Port-Member Interfaces
Catalyst 6500/6800 Classification & Marking Queuing (Ingress & Egress)
(Ingress)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Cisco Catalyst 6500-Sup2T QoS Design At-A-Glance

https://cisco.box.com/s/wg249lub38h7eemp8tj9d9s5srctuztw
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Cisco Catalyst 6500-Sup720 QoS Design At-A-Glance

https://cisco.box.com/s/b0kb6w0rymxk3ylh9bemlwnf7awt0b0i
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Agenda
Campus QoS Design Considerations and Best Practices
Cisco Catalyst 2960-X QoS Design
Cisco Catalyst 3650/3850 QoS Design
Cisco Catalyst 4500 QoS Design
Cisco Catalyst 6500/6800 QoS Design
Cisco Nexus 7000/7700 QoS Design
Campus WLAN QoS Design Considerations and Best Practices
Cisco IOS XE WLC AVC/QoS Design
Cisco AireOS WLC AVC/QoS Design

What are we doing to make this simpler?


Summary and References
Cisco Nexus 7000/7700
QoS Design
Cisco Nexus 7000/7700
QoS Roles in the Campus Core

Cisco Nexus 7000/7700


Campus Core Switches

Trust DSCP
+ Ingress Queuing
+ Egress Queuing

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Cisco Nexus 7000/7700
QoS Design Steps

1. Configure Ingress Queuing


2. Configure Egress Queuing

NX-OS trusts by default;


therefore no explicit policy is required for DSCP trust

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Cisco Nexus 7700 (F-Series)
4Q1T Ingress Queuing (CoS-to-Queue) Model
Application DSCP CoS 4Q1T
Network Control (CS7) CoS 7
CoS 7 8e-4q4q-in-q1
Internetwork Control CS6 CoS 6 Bandwidth 30%
CoS 6
VoIP EF CoS 5 Queue-Limit 10%
CoS 5
Broadcast Video CS5
Multimedia Conferencing AF4 8e-4q4q-in-q-default
CoS 4 Bandwidth 25%
Realtime Interactive CS4 CoS 0
Queue-Limit 30%
Multimedia Streaming AF3
CoS 3
Signaling CS3
CoS 4 8e-4q4q-in-q3
Transactional Data AF2
CoS 2 CoS 3 Bandwidth 40%
Network Management CS2 Queue-Limit 30%
CoS 2
Bulk Data AF1
CoS 1
Scavenger CS1 8e-4q4q-in-q4
Best Effort DF DF CoS 1 Bandwidth 5%
Queue-Limit 30%
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Cisco Nexus 7700 (F-Series)
4Q1T Ingress Queuing (DSCP-to-Queue) Model
Application DSCP 4Q1T
Network Control (CS7) CS7
CS6 8e-4q4q-in-q1
Internetwork Control CS6 EF Bandwidth 30%
VoIP EF CS5 Queue-Limit 10%
CS4
Broadcast Video CS5
Multimedia Conferencing AF4 8e-4q4q-in-q-default
Realtime Interactive CS4 DF Bandwidth 25%
Queue-Limit 30%
Multimedia Streaming AF3
Signaling CS3 AF4
AF3 8e-4q4q-in-q3
Transactional Data AF2
CS3 Bandwidth 40%
Network Management CS2 AF2 Queue-Limit 30%
Bulk Data AF1 CS2
Scavenger CS1 8e-4q4q-in-q4
AF1
Best Effort DF Bandwidth 5%
CS1
Queue-Limit 30%
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Cisco Nexus 7700 (F-Series) Similar to C3PL, NX-OS allows for
multiple types of QoS policies:
Part 1 of 2: 4Q1T-Ingress Queuing Class-Maps type qos for classification,
marking and policing
type queuing for ingress and
egress queuing
class-map type queuing match-any 8e-4q4q-in-q1
match cos 5-7
no match dscp 40-63 Undesired default DSCP-to-
match dscp 32, 40, 46, 48, 56 Ingress Queue mappings
class-map type queuing match-any 8e-4q4q-in-q3 need to be explicitly removed
match cos 2-4
match dscp 16, 18, 20, 22
match dscp 24, 26, 28, 30
match dscp 34, 36, 38 NX-OS has (non-configurable)
class-map type queuing match-any 8e-4q4q-in-q4 system-defined names for
match cos 1 queuing class-maps
match dscp 8, 10, 12, 14
class-map type queuing match-any 8e-4q4q-in-q-default
match cos 0

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Cisco Nexus 7700 (F-Series)
Part 2 of 2: 4Q1T-Ingress Queuing Policy-Map

policy-map type queuing CAMPUS-F3-4Q1T-INGRESS Used for Data Center Bridging


class type queuing 8e-4q4q-in-q1 Exchange (DCBX) to advertise
bandwidth percent 30 QoS capabilities to any DCB-peers
queue-limit percent 10
class type queuing 8e-4q4q-in-q-default Q2 is the Default Queue
bandwidth percent 25
queue-limit percent 30
class type queuing 8e-4q4q-in-q3 Allocates buffers to queues
bandwidth percent 40
queue-limit percent 30
class type queuing 8e-4q4q-in-q4
bandwidth percent 5
queue-limit percent 30
interface Ethernet 1/1-24
service-policy type queuing input CAMPUS-F3-4Q1T-INGRESS

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Cisco Nexus 7700 (F-Series)
1P3Q1T Egress Queuing (CoS-to-Queue) Model
Application DSCP CoS
1P3Q1T
Network Control (CS7) CoS 7
Internetwork Control CS6 CoS 6 CoS 7 8e-4q4q-out-pq1
VoIP CoS 6 Priority Level 1
EF
CoS 5 CoS 5 Shape Average 30%
Broadcast Video CS5
Multimedia Conferencing AF4 CoS 4
CoS 4
Realtime Interactive CS4 CoS 3 8e-4q4q-out-q2
Multimedia Streaming Bandwidth Remaining 55%
AF3
CoS 3 CoS 2
Signaling CS3
Transactional Data AF2 CoS 1 8e-4q4q-out-q3
CoS 2 Bandwidth Remaining 10%
Network Management CS2
Bulk Data AF1
CoS 1 CoS 0 4q4q-out-q-default
Scavenger CS1
Bandwidth Remaining 35%
Best Effort DF DF

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Cisco Nexus 7700 (F-Series)
Part 1 of 2: 1P3Q1T Egress Queuing Class-Maps Note: Indicates the
Priority Queue

class-map type queuing match-any 1p3q1t-8e-4q4q-out-pq1


match cos 5-7
class-map type queuing match-any 1p3q1t-8e-4q4q-out-q2
match cos 2-4
class-map type queuing match-any 1p3q1t-8e-4q4q-out-q3
match cos 1
class-map type queuing match-any 1p3q1t-8e-4q4q-out-q-default
match cos 0

Note: Modifies the default


CoS-to-Queue mappings

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
Cisco Nexus 7700 (F-Series)
Part 2 of 2: 1P3Q1T Egress Queuing Policy-Map

policy-map type queuing APIC_EM-8e-4q4q-out


class type queuing 1p3q1t-8e-4q4q-out-pq1
priority level 1
shape average percent 30
class type queuing 1p3q1t-8e-4q4q-out-q3 Note: Queue-Limits
bandwidth remaining percent 10 are not supported in
class type queuing 1p3q1t-8e-4q4q-out-q2 egress direction
bandwidth remaining percent 55
class type queuing 1p3q1t-8e-4q4q-out-q-default
bandwidth remaining percent 35
interface Ethernet 1/1-24
service-policy type queuing output CAMPUS-F3-1P3Q1T-EGRESS

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
Cisco Nexus 7700 QoS Design At-A-Glance

https://cisco.box.com/s/16ub7n5o56q0cdvuku62lfrnufdpe04a
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Agenda
Campus QoS Design Considerations and Best Practices
Cisco Catalyst 2960-X QoS Design
Cisco Catalyst 3650/3850 QoS Design
Cisco Catalyst 4500 QoS Design
Cisco Catalyst 6500/6800 QoS Design
Cisco Nexus 7000/7700 QoS Design
Campus WLAN QoS Design Considerations and Best Practices
Cisco IOS XE WLC AVC/QoS Design
Cisco AireOS WLC AVC/QoS Design

What are we doing to make this simpler?


Summary and References
Campus WLAN QoS Design
Considerations and Best Practices
The Case for Wireless QoS

QoS is like a chain


Its only as strong as its weakest link
the WLAN is one of the weakest links in
enterprise QoS designs for three primary reasons:
1) Typical downshift in speed (and throughput)
2) Shift from full-duplex to half-duplex media
3) Shift from a dedicated media to a shared media

WLAN QoS policies control both jitter and packet loss

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
The Case for Wireless QoS

QoS is like a chain


Its only as strong as its weakest link
the WLAN is one of the weakest links in
enterprise QoS designs for three primary reasons:

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
The Case for Wireless QoS

QoS is like a chain


Its only as strong as its weakest link
the WLAN is one of the weakest links in
enterprise QoS designs for three primary reasons:

1) Typical downshift in speed (and throughput)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
The Case for Wireless QoS

QoS is like a chain


Its only as strong as its weakest link
the WLAN is one of the weakest links in
enterprise QoS designs for three primary reasons:

1) Typical downshift in speed (and throughput)


2) Shift from full-duplex to half-duplex media

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 130
The Case for Wireless QoS

QoS is like a chain


Its only as strong as its weakest link
the WLAN is one of the weakest links in
enterprise QoS designs for three primary reasons:

1) Typical downshift in speed (and throughput)


2) Shift from full-duplex to half-duplex media
3) Shift from a dedicated media to a shared media

WLAN QoS policies control both jitter and packet loss

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 131
Wireless QoS-Specific Limitations
No priority servicing

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
Wireless QoS-Specific Limitations
No priority servicing
No bandwidth guarantees

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 133
Wireless QoS-Specific Limitations
No priority servicing
No bandwidth guarantees
Non-deterministic media access

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
Wireless QoS-Specific Limitations
No priority servicing LAN QoS WLAN QoS
No bandwidth guarantees
Non-deterministic media access
Only 4 levels of service

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 135
WLAN QoS Improvements Quantified
Application Original Metric Improved Metric Percentage
Improvement
Voice 15 ms max jitter 5 ms max jitter 300%
3.92 MOS 4.2 MOS
(Cellular Quality) (Toll Quality)
Video 9 fps 14 fps 55%
Visual MOS: Visual MOS:
Good Excellent
Transactional Data 14 ms latency 2 ms latency 700%

http://www.cisco.com/en/US/prod/collateral/wireless/cisco_avc_application_improvement.pdf

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 136
Know Your Tools
IEEE 802.11
User Priorities (UP)
Access Categories (AC)
Arbitration Inter-frame Spacing (AIFS)
Contention Windows (CW)
Enhanced Distributed Coordination Function (EDCF)
DSCPUP Mapping
Trust Boundaries
Policy-Enforcement Points
Application Visibility and Control (AVC)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 137
IEEE 802.11 User Priority (UP)

3 Bit Field allows for UP values 0-7

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
IEEE 802.11 UP Values and Access Categories
802.11e 802.11 WMM Cisco AireOS WLC
UP Value Access Category Designation Designation
7 AC_VO Voice Platinum
6
5 AC_VI Video Gold
4
3 AC_BE Best Effort Silver
0
2 AC_BK Background Bronze
1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
IEEE 802.11 Arbitration Inter-Frame Spacing (AIFS)
and Contention Windows (CW)
due to the nature of wireless as a shared media, a Congestion Avoidance algorithm (CSMA/CA) must be utilized
wireless senders have to wait a fixed amount of time (the AIFS)
wireless senders also have to wait a random amount of time (the Contention Window)
AIFS and Contention Window timers vary by Access Category

Access AIFS CWmin CWmax


Category (Slot Times) Access Category (Slot Times) (Slot Times)
Voice 2 Voice 3 7

Video 2 Video 7 15

Best Effort 3 Best-Effort 15 1023


Background 7 Background 15 1023

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
EDCF Operation

Round 1

Voice 2+1=3

Video 2+1=3

Best Effort 3+1=4

Background 7+1=8

Collision

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
EDCF Operation

Round 1 Round 2

Voice 2+1=3 2+3=5

2+1=3 2+7=9
Video

Best Effort 3+1=4 3+15=18

Background 7+1=8 7+15=22

Collision Voice

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
EDCF Operation

Round 1 Round 2 Round 3

Voice 2+1=3 2+3=5 2+2=4

2+1=3 2+7=9 2+1=3


Video

Best Effort 3+1=4 3+15=18 3+15=18

7+1=8 7+15=22 7+15=22


Background

Collision Voice Video

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 143
Downstream DSCP-to-UP Default Mapping

3-Bit UP 6-Bit DSCP

802.11 Frame CAPWAP Packet IP Packet

UP DSCP DSCP DSCP DSCP

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 144
Default DSCP-to-UP Mapping Table
DSCP 802.11 UP WLC QoS Profile
56-63 7 Platinum
(Voice)
48-55 6
IETF PHB for VoIP: EF 40-47 46 5 Gold
(Video)
32-39 4
24-31 3 Silver
(Best Effort)
0-7 0
16-23 2 Bronze
(Background)
8-15 1

Per RFC 4594 & 3246

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 145
Default IETF DSCP to IEEE 802.11 UP Mapping
Sub-Optimal QoS Design Example
4-Class Enterprise Model Four-Class Wireless Model
Based on IETF 4594
DSCP Based on IEEE 802.11e
UP 7 Voice
Voice EF Access
UP 6 Category

UP 5 Video
Signaling CS3 Access
UP 4 Category

UP 3 Best Effort
Transactional Data AF2 Access
UP 0 Category
Background
UP 2
Best Effort DF Access
UP 1
Category

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 146
Downstream DSCP-to-UP Mapping Model
Ratified Cisco Consensus Model (June 2015)

RFC 4594-Based Model DSCP IEEE 802.11 Model


Remark /
Network Control (CS7) Drop
Plugs potential security
if not in UP 7 Voice
vulnerabilities Internetwork Control CS6
use Access
Provides distinction
Voice + DSCP-Admit EF + 44 UP 6 Category
between elastic and Broadcast Video CS5
inelastic video classes Multimedia Conferencing AF4 UP 5 Video
Aligns RFC 4594 Realtime Interactive CS4 Access
recommendations into the
UP 4 Category
Multimedia Streaming AF3
IEEE 802.11 model
Signaling CS3
UP 3 Best Effort
Requires several custom Transactional Data AF2 Access
DSCP-to-UP mappings
OAM CS2 UP 0 Category
Bulk Data AF1

Scavenger CS1 UP 2 Background


Access
Best Effort DF UP 1 Category
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 147
Upstream UP-to-DSCP Default Mapping

802.11 Frame CAPWAP Packet IP Packet

DSCP UP DSCP DSCP DSCP

Key Point:
Radio Upstream
QoS requires the
device to set UP
markings correctly 3-Bit UP 6-Bit DSCP
First 3 Bits are copied
Last 3 Bits are zeroed-out
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 148
Upstream DSCP Trust Model

802.11 Frame CAPWAP Packet IP Packet

DSCP UP DSCP DSCP DSCP

6-Bit DSCP 6-Bit DSCP


All 6 Bits are copied
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 149
IETF Draft on
DSCPUP Mapping
Reconciles RFC 4594 with
IEEE 802.11
Summarizes our internal
consensus on DSCP-to-UP
mapping
Advocates DSCP-trust in the
upstream direction
(vs. UP-to-DSCP mapping)

https://tools.ietf.org/html/draft-szigeti-tsvwg-ieee-802-11-01

2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco WLAN QoS Design At-A-Glance

https://cisco.box.com/s/63d6fnpb9da37ga6qast2uomxwhbeqla
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 151
Agenda
Campus QoS Design Considerations and Best Practices
Cisco Catalyst 2960-X QoS Design
Cisco Catalyst 3650/3850 QoS Design
Cisco Catalyst 4500 QoS Design
Cisco Catalyst 6500/6800 QoS Design
Cisco Nexus 7000/7700 QoS Design
Campus WLAN QoS Design Considerations and Best Practices
Cisco IOS XE WLC AVC/QoS Design
Cisco AireOS WLC AVC/QoS Design

What are we doing to make this simpler?


Summary and References
Cisco IOS XE WLC
AVC/QoS Design
Cisco IOS XE WLC
QoS Roles in the Wireless LAN Centralized Deployment Model

CAPWAP Tunnel
IOS XE WLCs can be deployed
in either a Centralized or a
Converged Access Deployment CT5760 WLC

Model Trust Boundary


PEP

In either model:
Trust Boundary is at the AP Converged Access Deployment Model
PEP is at the AP CAPWAP Tunnel

Catalyst
3650/3850
Or 4500-Sup8
Trust Boundary
PEP

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 154
Cisco IOS XE WLC
AVC/QoS Design Steps
1. Enable Application Visibility
a) Create a Flow Record
b) (Optional) Create a Flow Exporter
c) Create a Flow Monitor
d) Apply the Flow Monitor to the WLAN
2. Configure a AVC Policy
3. Configure a AFD Policy
4. Configure Custom DSCPUP Table Maps + Upstream DSCP-Trust

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 155
WHAT you want to MONITOR

Cisco IOS XE WLC


WHERE you want to SEND
Enabling Application Visibility
Step 1: Create a Flow Record Step 2: (Optional) Create a Flow Exporter
flow record AVC-FLOW-RECORD flow exporter AVC-FLOW-EXPORTER Note: Lancope collects
description BASIC-AVC-FLOW-RECORD destination 10.10.10.10 Netflow on port 2055
match ipv4 protocol transport udp 2055
match ipv4 source address Note: Cisco Prime
destination 10.20.20.20
match ipv4 destination address Infrastructure collects
transport udp 9991
match transport source-port Netflow on port 9991
match transport destination-port Step 3: Create a Flow Monitor
match flow direction COMBINE
flow monitor AVC-FLOW-MONITOR (WHAT with WHERE)
match application name record AVC-FLOW-RECORD
match wireless ssid exporter AVC-FLOW-EXPORTER
collect counter bytes long
collect counter packets long
Step 4: Apply the Flow Monitor to the WLAN
collect wireless ap mac address wlan EMPLOYEE-WLAN
collect wireless client mac address ip flow monitor AVC-FLOW-MONITOR input
ip flow monitor AVC-FLOW-MONITOR output

Specifies
WHICH interface and
WHAT you want to COLLECT
2017 Cisco and/orWHICH
its affiliates. All direction
rights reserved. Cisco Public 156
Cisco IOS XE WLC
Configuring AVC-Based QoS Policies policy-map AVC-MARKING
class VOICE
class-map match-any VOICE set dscp ef
match protocol cisco-phone class BROADCAST-VIDEO
class-map match-any BROADCAST-VIDEO set dscp cs5
match protocol cisco-ip-camera class REAL-TIME-INTERACTIVE
class-map match-any REAL-TIME-INTERACTIVE set dscp cs4
match protocol telepresence-media class CALL-SIGNALING
class-map match-any CALL-SIGNALING set dscp cs3
match protocol skinny class TRANSACTIONAL-DATA
match protocol telepresence-control set dscp af21
class-map match-any TRANSACTIONAL-DATA class BULK-DATA
match protocol citrix set dscp af11
match protocol sap class SCAVENGER
class-map match-any BULK-DATA set dscp cs1
match protocol attribute category email class class-default
match protocol attribute category file-sharing set dscp default
match protocol attribute sub-category backup-systems
class-map match-any SCAVENGER
match protocol attribute category gaming
match protocol attribute application-group skype-group

2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco IOS XE WLC Match protocol enables NBAR2 classification

Configuring AVC-Based QoS Policies policy-map AVC-MARKING


class VOICE
class-map match-any VOICE set dscp ef
match protocol cisco-phone class BROADCAST-VIDEO
class-map match-any BROADCAST-VIDEO set dscp cs5
match protocol cisco-ip-camera class REAL-TIME-INTERACTIVE
class-map match-any REAL-TIME-INTERACTIVE set dscp cs4
match protocol telepresence-media class CALL-SIGNALING
class-map match-any CALL-SIGNALING set dscp cs3
match protocol skinny class TRANSACTIONAL-DATA
match protocol telepresence-control set dscp af21
class-map match-any TRANSACTIONAL-DATA class BULK-DATA
match protocol citrix set dscp af11
match protocol sap class SCAVENGER
class-map match-any BULK-DATA set dscp cs1
match protocol attribute category email class class-default
match protocol attribute category file-sharing set dscp default
match protocol attribute sub-category backup-systems
class-map match-any SCAVENGER Note:
Note: Multiple
Multiple application
application protocols protocols can can be
be
match protocol attribute category gaming identified using attributes,
identified using attributes, including: including:
match protocol attribute application-group skype-group category
category
sub-category
sub-category
application-group
application-group More to come!
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
IOS XE Approximate Fair Drop (AFD)
Strict
Voice Queue Priority

Video Queue

Client VQ SSID VQ Radio VQ Weighted


Scheduling
Min or Max BW
Allocation Data Queue
Default Shaper Radio Agg
Default Shaper

AFD BLOCK

Multicast Queue

Wireless Port Egress Queuing 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 159
IOS XE Approximate Fair Drop (AFD)
Strict
Voice Queue Priority

Video Queue

Client VQ SSID VQ Radio VQ Weighted


Scheduling
Min or Max BW
Allocation Data Queue
Default Shaper Radio Agg
Default Shaper

AFD BLOCK

Multicast Queue

Wireless Port Egress Queuing 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 160
IOS XE Approximate Fair Drop (AFD)
Strict
Voice Queue Priority

Video Queue

Client VQ SSID VQ Radio VQ Weighted


Scheduling
Min or Max BW
Allocation Data Queue
Default Shaper Radio Agg
Default Shaper

AFD BLOCK

Multicast Queue

Wireless Port Egress Queuing 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 161
IOS XE Approximate Fair Drop (AFD)
Strict
Voice Queue Priority

Video Queue

Client VQ SSID VQ Radio VQ Weighted


Scheduling
Min or Max BW
Allocation Data Queue
Default Shaper Radio Agg
Default Shaper

AFD BLOCK

Multicast Queue

Wireless Port Egress Queuing 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 162
IOS XE WLC AFD
2P2Q+Approximate Fair Drop (AFD) Wireless Port Egress Queuing Model
Application Classes DSCP 2P2Q with AFD

EF Q0
Voice EF CS6 Priority Level 1
CS3 (Limited to 10% of BW)
Q1
Interactive Video AF4 AF4 Priority Level 2
(Limited to 20% of BW)
Network Control CS6

Signaling CS3 AF1

AF2 Q2
Bulk Data AF1
Unicast-
Non-Realtime Queue
CS1
(63% BWR)
Transactional Data AF2
DF

Scavenger CS1
Q3
Multicast Non-Realtime Queue
Best Effort DF (7% BWR)
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 163
IOS XE WLC AFD
2P2Q+AFD Wireless Port Egress Queuing Config
class-map match-any REALTIME-1
match dscp ef
match dscp cs6
match dscp cs3
class-map match-any REALTIME-2
match dscp af41
match dscp af42
match dscp af43

policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 7
class REALTIME-1
priority level 1
police rate percent 10 conform-action transmit exceed-action drop
class REALTIME-2
priority level 2
police rate percent 20 conform-action transmit exceed-action drop
class class-default
bandwidth remaining ratio 63
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 164
IOS XE WLC AFD
2P2Q+AFD Wireless Port Egress Queuing Config
class-map match-any REALTIME-1
match dscp ef
match dscp cs6
Note: This policy is applied automatically to all wireless ports.
match dscp cs3
Therefore, no explicit service-policy command is required
class-map match-any REALTIME-2
to attach the policy to a wireless interface(s).
match dscp af41
match dscp af42
match dscp af43

policy-map port_child_policy
class non-client-nrt-class System-defined (but configurable) queuing policy
bandwidth remaining ratio 7
class REALTIME-1
priority level 1 System defined queue for multicast wireless traffic
police rate percent 10 conform-action transmit exceed-action drop
class REALTIME-2
priority level 2 Two-levels
Two-levelsofof priority
priorityqueuing
queuingare
are supported
supported
police rate percent 20 conform-action transmit exceed-action drop
class class-default
bandwidth remaining ratio 63
Default unicast queue (non-priority queue)
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 165
IOS-XE WLC QoS Design
Step 4) Configure Custom Table Maps Part 1 of 2
Table Map DSCP_TO_DSCP DSCP-to-DSCP is used for upstream from wireless,
from 8 to 8 to verify that only standard DSCP values are forwarded to the LAN
from 10 to 10
from 12 to 12
from 14 to 14
from 16 to 16
from 18 to 18
from 20 to 20
from 22 to 22
from 24 to 24
from 26 to 26
from 28 to 28 policy-map TRUST-SSID-IN
from 30 to 30 class class-default
from 32 to 32 set dscp dscp table DSCP_TO_DSCP
from 34 to 34
from 36 to 36 This policy trusts RFC 4594 DSCPs received from the client
from 38 to 38 and bleaches (zeroes-out) all other non-standard DSCP values
from 40 to 40
from 44 to 44
from 46 to 46
default ignore

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 166
IOS-XE WLC QoS Design
Step 4) Configure Custom Table Maps Part 2 of 2
Table Map DSCP_TO_UP policy-map QUEUING-SSID-CHILD DSCP_TO_UP Mapping
from 8 to 1 class VOICE-PQ1
aligns IETF (RFC 4594)
from 10 to 2 priority level 1
police cir 6000000 bc 187500
with IEEE (802.11) for
from 12 to 2
from 14 to 2 conform-action transmit downstream flows.
from 16 to 0 exceed-action drop
from 18 to 3 admit cac wmm-tspec
from 20 to 3 rate 1500 (kbps)
from 22 to 3 wlan-up 6
from 24 to 4 class VIDEO-PQ2
from 26 to 4 priority level 2
from 28 to 4 police cir 6000000 bc 187500
from 30 to 4 conform-action transmit
from 32 to 5 exceed-action drop
from 34 to 4
from 36 to 4 policy-map QUEUING-SSID Standard DSCPs are
from 38 to 4 class class-default preserved (via table-map
from 40 to 5 set dscp dscp table DSCP_TO_DSCP from previous slide)
from 44 to 6 set wlan user-priority dscp table DSCP_TO_UP
from 46 to 6 bandwidth remaining ratio 100 UP markings are derived
default 0 service-policy APIC_EM-QUEUING-SSID-CHILD from DSCP_TO_UP Map

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 167
Cisco IOS XE QoS Design At-A-Glance

https://cisco.box.com/s/t8ts51s0wqk2lyqtx0f3ans5dc3m4bai
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 168
Agenda
Campus QoS Design Considerations and Best Practices
Cisco Catalyst 2960-X QoS Design
Cisco Catalyst 3650/3850 QoS Design
Cisco Catalyst 4500 QoS Design
Cisco Catalyst 6500/6800 QoS Design
Cisco Nexus 7000/7700 QoS Design
Campus WLAN QoS Design Considerations and Best Practices
Cisco IOS XE WLC AVC/QoS Design
Cisco AireOS WLC AVC/QoS Design

What are we doing to make this simpler?


Summary and References
Cisco AireOS WLC
AVC/QoS Design
Cisco AireOS WLC
QoS Roles in the Wireless LAN

Customizable DSCPUP Mappings (introduced in AireOS 8.1MR)


modify the QoS Roles of the AP and WLC:
Trust Boundary moves to the AP

Centralized Deployment Model

CAPWAP Tunnel

AireOS WLC

Trust Boundary
PEP

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 171
Cisco AireOS WLC
QoS Roles in the Wireless LAN

Customizable DSCPUP Mappings (introduced in AireOS 8.1MR)


modify the QoS Roles of the AP and WLC:
Trust Boundary moves to the AP
PEP remains at the WLC

Centralized Deployment Model

CAPWAP Tunnel

AireOS WLC

Trust Boundary
PEP
With AireOS 8.1MR+ the
trust-boundary can be
extended to the AP BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Cisco AireOS WLC
QoS Design Steps
1. Select and Tune the WLAN QoS Profile
2. Configure an AVC Profile
3. Apply the QoS and AVC Profile to the WLAN and Enable Application Visibility
4. Modify default DSCP-to-UP mappings and enable Upstream DSCP-Trust

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 173
AireOS WLC
Tuning QoS Profiles
QoS Profiles are applied to both upstream
& downstream flows on egress
The WLAN QoS Profile defines:
WLAN Maximum Priority
It recommended to set the Maximum
Priority to voice on multiservice WLANs
Unicast and Multicast Default Priority
Typically these values are
recommended to be set to best effort

QoS Profiles override/control


AVC Profiles

The WLAN Maximum Priority is a DSCP and UP Marking Ceiling


If you want to preserve voice markings, then you *MUST* set
this to voice 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 174
AireOS WLC
Creating AVC Profiles
AVC Profiles are applied to both
upstream and downstream flows
on WLC ingress
an AVC Profile can contain a
maximum of 32 application rules
AVC profiles can be overridden
by QoS Profiles
So be sure to align these!

2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 175
AireOS WLC
Attaching QoS and AVC Profiles and Enabling AVC
Select the desired QoS and AVC Profiles to apply to the WLAN
Check the box to enable Application Visibility

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 176
AireOS QoS Policy Deployment
Step 4) Configure Downstream DSCP-to-UP Mapping and
Enable Upstream DSCP-TrustConfiguration (Part 1 of 2)
Step 1: Disable the Current QoS Map
(Cisco WLC) > config qos qosmap disable

Step 2: Configure the UP-to-DSCP Maps


(Cisco WLC) > config qos qosmap up-to-dscp-map 0 0 0 7
(Cisco WLC) > config qos qosmap up-to-dscp-map 1 8 8 15
(Cisco WLC) > config qos qosmap up-to-dscp-map 2 16 16 23
(Cisco WLC) > config qos qosmap up-to-dscp-map 3 24 24 31
(Cisco WLC) > config qos qosmap up-to-dscp-map 4 32 32 39
(Cisco WLC) > config qos qosmap up-to-dscp-map 5 34 40 47
(Cisco WLC) > config qos qosmap up-to-dscp-map 6 46 48 62
(Cisco WLC) > config qos qosmap up-to-dscp-map 7 63 63 63

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 177
AireOS QoS Policy Deployment
Step 4) Configure Downstream DSCP-to-UP Mapping and
Enable Upstream DSCP-TrustConfiguration (Part 2 of 3)
Step 3: Configure DSCP-to-UP Mapping Exceptions
(Cisco Controller) > config qos qosmap dscp-to-up-exception 56 0
(Cisco Controller) > config qos qosmap dscp-to-up-exception 48 0
(Cisco Controller) > config qos qosmap dscp-to-up-exception 46 6
(Cisco Controller) > config qos qosmap dscp-to-up-exception 44 6
(Cisco Controller) > config qos qosmap dscp-to-up-exception 40 5
(Cisco Controller) > config qos qosmap dscp-to-up-exception 38 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 36 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 34 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 32 5
(Cisco Controller) > config qos qosmap dscp-to-up-exception 30 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 28 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 26 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 24 4
(Cisco Controller) > config qos qosmap dscp-to-up-exception 22 3
(Cisco Controller) > config qos qosmap dscp-to-up-exception 20 3
(Cisco Controller) > config qos qosmap dscp-to-up-exception 18 3
(Cisco Controller) > config qos qosmap dscp-to-up-exception 16 0
(Cisco Controller) > config qos qosmap dscp-to-up-exception 14 2
(Cisco Controller) > config qos qosmap dscp-to-up-exception 12 2
(Cisco Controller) > config qos qosmap dscp-to-up-exception 10 2
(Cisco Controller) > config qos qosmap dscp-to-up-exception 8 12017 Cisco and/or its affiliates. All rights reserved. Cisco Public 178
AireOS QoS Policy Deployment
Step 4) Configure Downstream DSCP-to-UP Mapping and
Enable Upstream DSCP-TrustConfiguration (Part 3 of 3)
Step 4: Enable DSCP-Trust, the New Qos Maps and the 802.11 Networks
(Cisco Controller) > config qos qosmap trust-dscp-upstream enable
(Cisco Controller) > config qos qosmap enable

Enables Upstream DSCP-Trust

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 179
Cisco AirOS QoS Design At-A-Glance

https://cisco.box.com/s/ahkkshs67ogq446j9z1sail2n6e2gn3a
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 180
Cisco AirOS QoS Mapping At-A-Glance

https://cisco.box.com/s/x5kd241zxi71bx49x7pu5kwck598xsyx
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 181
Agenda
Campus QoS Design Considerations and Best Practices
Cisco Catalyst 2960-X QoS Design
Cisco Catalyst 3650/3850 QoS Design
Cisco Catalyst 4500 QoS Design
Cisco Catalyst 6500/6800 QoS Design
Cisco Nexus 7000/7700 QoS Design
Campus WLAN QoS Design Considerations and Best Practices
Cisco AireOS WLC AVC/QoS Design
Cisco IOS XE WLC AVC/QoS Design

What are we doing to make this simpler?


Summary and References
What are we doing to make this
simpler?
The Why / How / What of Enterprise Networking
Cisco
Enterprise
Vision

Why
Transform our customers businesses
through powerful yet simple networks.
How What
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 184
AutoQoS SRND4 At-A-Glance

https://cisco.box.com/s/2lhrs4u05vq665t113olfnyznomhgmhm
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 185
WebUI

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 186
WebUI

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Apple / Cisco Fastlane for iOS

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 188
EasyQoS Solution
Applications can interact with APIC-EM via Northbound
APIs, informing the network of application-specific and
dynamic QoS requirements

Network Operators express high-level


business-intent to APIC-EM EasyQoS

EM
Southbound APIs translate
business-intent to platform-
specific configurations

Wireless AP ASR/ISRs Wireless AP


Trust Boundary MQC Trust Boundary
PEP Catalyst 4500 Nexus 7700 PEP
4Q (WMM) 1P7Q1T F3: 1P7Q1T 4Q (WMM)

Catalyst 3650 Catalyst 6500 WLC Catalyst 2960-X


Trust Boundary 1P3Q4T PEP Trust Boundary
PEP 1P7Q4T PEP
2P6Q3T 2P6Q4T 1P3Q3T
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 189
Deploy End-to-End DSCP-Based Queuing Policies
EasyQoS seamlessly interconnects all types of
hardware and software queuing models to achieve
consistent and compatible end-to-end treatments
aligned with the expressed business-intent
EM

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 190
ip access-list extended APIC_EM-MM_STREAM-ACL
remark citrix - Citrix
permit tcp any any eq 1494
permit udp any any eq 1494
permit tcp any any eq 2598
permit udp any any eq 2598
remark citrix-static - Citrix-Static
permit tcp any any eq 1604
Your Choice
permit udp any any eq 1604
permit tcp any any range 2512 2513
permit udp any any range 2512 2513
remark pcoip - PCoIP
permit tcp any any eq 4172
permit udp any any eq 4172
permit tcp any any eq 5172
permit udp any any eq 5172
remark timbuktu - Timbuktu
permit tcp any any eq 407
permit udp any any eq 407
remark xwindows - XWindows
permit tcp any any range 6000 6003
remark vnc - VNC
permit tcp any any eq 5800
permit udp any any eq 5800
permit tcp any any range 5900 5901
permit udp any any range 5900 5901
exit
ip access-list extended APIC_EM-SIGNALING-ACL
remark h323 - H.323
permit tcp any any eq 1300
permit udp any any eq 1300
permit tcp any any range 1718 1720
permit udp any any range 1718 1720
permit tcp any any eq 11720
permit udp any any eq 11720
remark mgcp - Media Gateway Control Protocol
permit tcp any any range 2427 2428
permit udp any any eq 2427
permit tcp any any eq 2727
permit udp any any eq 2727
remark rtsp - Real Time Streaming Protocol
permit tcp any any eq 554 BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 191
Agenda
Campus QoS Design Considerations and Best Practices
Cisco Catalyst 2960-X QoS Design
Cisco Catalyst 3650/3850 QoS Design
Cisco Catalyst 4500 QoS Design
Cisco Catalyst 6500/6800 QoS Design
Cisco Nexus 7000/7700 QoS Design
Campus WLAN QoS Design Considerations and Best Practices
Cisco AireOS WLC AVC/QoS Design
Cisco IOS XE WLC AVC/QoS Design

What are we doing to make this simpler?


Summary and References
Summary & References
Key Takeaways
Start by defining your QoS Strategy
Campus QoS is needed primarily to control packet drops
WLAN QoS is needed to control both jitter and packet drops
Know your QoS toolset, as this varies platform-to-platform
Cisco provides many At-A-Glance guides to get you up and running quickly
Cisco also provides Cisco Validated Design guides for more detail
Cisco is continuing to focus on simplifying QoS solutions

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 194
Campus QoS Design 4.0In-Depth
Comprehensive Design Chapters
Enterprise Quality of Service Design 4.0
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_S
RND_40/QoSIntro_40.html
Campus QoS Design 4.0
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_S
RND_40/QoSCampus_40.html
WLAN QoS Design (BYOD CVD)
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/
Unified_Access/BYOD_Design_Guide/BYOD_AVC.html

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 195
Recommended Reading
End-to-End QoS (v2)
Release Date: Jan 2014
Page Count: 1040
Comprehensive QoS design
guidance for PINs and platforms:
Campus Catalyst 3750/4500/6500
WLAN WLC 5508 / Catalyst 3850 NGWC
Data Center Nexus 1000V/2000/5500/7000
WAN & Branch Cisco ASR 1000 / ISR G2
MPLS VPN Cisco ASR 9000 / CRS-3
IPSec VPNs Cisco ISR G2
ISBN: 1-58714-369-0
http://www.amazon.com/End---End-QoS-Network-Design/dp/1587143690/

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 196
Recommended Reading
End-to-End QoS (v2)
Amazon.com
ReleaseOverall
Date:Rating:
Jan 2014
The best ever book on QoS on the market. Bravo to the author.
Page Count: 1040
AWESOME RESUME OF QoS TECHNOLOGIES
Comprehensive QoS design
I strongly recommend this book to anyone working with Cisco infrastructure.
guidance for PINs and platforms:
This book
is an all-encompassing
Campus Catalystpresentation
3750/4500/6500
and tutorial on Cisco Quality of
Service (QoS)
WLAN WLC 5508 / Catalyst 3850 NGWC
QoS is intimidating; however, this
Data Center Nexusbook 1000V/2000/5500/7000
is a tremendous resource that will ease
your anxiety.
WAN & Branch Cisco ASR 1000 / ISR G2
This book is kept in my cubicle and is already filled with highlights, notes in the
margin, andMPLS VPN Cisco
many dog-eared pages. ASR 9000 / CRS-3
IPSec VPNs Cisco ISR G2
QOS is often misunderstood, and he explains it very well. The explanations are
thorough to help understand each case
ISBN: 1-58714-369-0
http://www.amazon.com/End---End-QoS-Network-Design/dp/1587143690/

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 197
Participate in the My Favorite Speaker Contest
Promote Your Favorite Speaker and You Could Be a Winner
Promote your favorite speaker through Twitter and you could win $200 of Cisco
Press products (@CiscoPress)
Send a tweet and include
Your favorite speakers Twitter handle @tim_szigeti
Two hashtags: #CLUS #MyFavoriteSpeaker
You can submit an entry for more than one of your favorite speakers
Dont forget to follow @CiscoLive and @CiscoPress
View the official rules at http://bit.ly/CLUSwin

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 198
Complete Your Online Session Evaluation
Please complete your Online
Session Evaluations after each
session
Complete 4 Session Evaluations &
the Overall Conference Evaluation
(available from Thursday) to receive
your Cisco Live T-shirt
All surveys can be completed via
the Cisco Live Mobile App or the
Dont forget: Cisco Live sessions will be available
Communication Stations for viewing on-demand after the event at
CiscoLive.com/Online

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 199
Continue Your Education
Demos in the Cisco campus
Walk-in Self-Paced Labs
Table Topics
Meet the Engineer 1:1 meetings
Related sessions

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 200
Thank You
Appendix
Catalyst 6500 Queuing Models
Catalyst 65xx-E / 6807-XL with Sup2T
Ingress & Egress Queueing Models
Ingress Queue Structures
1Q8T CoS to Queue Mapping CoS-based Tail-Drop
2Q4T CoS to Queue Mapping CoS-based Tail-Drop
2Q8T CoS to Queue Mapping CoS-based Tail-Drop
8Q4T DSCP to Queue Mapping DSCP-based WRED
8Q8T CoS to Queue Mapping CoS-based WRED
1P7Q2T DSCP to Queue Mapping DSCP-based WRED

Ingress & Egress Queue Structures


2P6Q4T DSCP to Queue Mapping DSCP-based WRED

Egress Queue Structures


1P3Q8T CoS to Queue Mapping Cos-based WRED
1P3Q4T CoS to Queue Mapping CoS-based WRED
1P7Q4T DSCP to Queue Mapping DSCP-based WRED*
1P7Q8T CoS to Queue Mapping CoS-based WRED
* 1P7Q4T can be implementing as an alternate ingress queueing structure to 2P6Q4T on some linecards, but we have chosen to
implement the 2P6Q4T instead with Easy-Qos, as it is a superior queueing structure and consistent with the Catalyst 3650/3850.

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 203
1Q8T Ingress Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
1Q8T Ingress Queueing Linecards

WS-X6704-10GE with CFC


WS-X6724-SFP with CFC
WS-X6748-SFP and WS-X6748-GE-TX with CFC

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 205
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1Q8T Ingress Queuing ModelsCoS-to-Queue Mapping with COS-based Tail-Drop
Application-Class DSCP CoS 1Q8T
Q1T8100%
Network Control (CS7) CoS 7
CoS 7
Internetwork Control CS6 CoS 6
Q1T795%
VoIP EF CoS 6
CoS 5
Broadcast Video CS5
Q1T690%
CoS 5
Multimedia Conferencing AF4
CoS 4
Q1T585%
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3 Q1T480%
Signaling CS3 CoS 3
Transactional Data AF2
CoS 2 Q1T375% All noted thresholds are
Network Management CS2 CoS 2 tail-drop thresholds

Bulk Data AF1 Q1T270%


CoS 1 CoS 0
Scavenger CS1
Q1T165%
Best Effort DF CoS 0 CoS 1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 206
Cisco Catalyst 65xx-E/6807-XL1Q8T Ingress Model

policy-map type lan-queuing APIC_EM-QUEUING-1Q8T-IN


class class-default Un-configured CoS values default to
queue-limit cos 7 percent 100 threshold 8 which is 100%. May not
queue-limit cos 6 percent 95
need to configure the CoS 7 value, as
queue-limit cos 5 percent 90
this should default to 100%.
queue-limit cos 4 percent 85
queue-limit cos 3 percent 80
However, it is shown here for
queue-limit cos 2 percent 75 completeness.
queue-limit cos 0 percent 70 Recommend to explicitly configure it.
queue-limit cos 1 percent 65

Interface GigabitEthernet1/1
service-policy type lan-queuing input APIC_EM-QUEUING-1Q8T-IN

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 207
2Q4T Ingress Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
2Q4T Ingress Queueing Linecards

VS-S2T-10G and VS-S2T-10G-XL with Gigabit Ethernet ports enabled


Applies to all ports on the Supervisor 2T

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 209
Cisco Catalyst 65xx-E/6807-XL with Sup2T
2Q4T Ingress Queuing ModelsCoS-to-Queue Mapping
Application-Class DSCP CoS 2Q4T

Network Control (CS7) CoS 7 Q2 40% BW


CoS 7
Internetwork Control CS6 CoS 6

VoIP EF CoS 6
CoS 5
Broadcast Video CS5
CoS 5
Multimedia Conferencing AF4
CoS 4
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3
Signaling CS3 CoS 3 Q1 60% BW
Transactional Data AF2
CoS 2
Network Management CS2 CoS 2

Bulk Data AF1


CoS 1 CoS 0
Scavenger CS1

Best Effort DF CoS 0 CoS 1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 210
Cisco Catalyst 65xx-E/6807-XL with Sup2T
2Q4T Ingress Queuing ModelsCoS-to-Queue Mapping with CoS-based Tail-Drop
Application-Class DSCP CoS 2Q4T
Q2T4100%
Network Control (CS7) CoS 7
CoS 7
Internetwork Control CS6 CoS 6
Q2T395%
VoIP EF CoS 6
CoS 5
Broadcast Video CS5 Q2T290%
CoS 5
Multimedia Conferencing AF4
CoS 4 Q2 40% BW
Q2T185%
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3 Q1T4100%
Signaling CS3 CoS 3 Q1 60% BW
Transactional Data AF2
CoS 2 Q1T395%
Network Management CS2 CoS 2 All noted thresholds are
tail-drop thresholds
Q1T290%
Bulk Data AF1
CoS 1 Cos 0
Scavenger CS1
Q1T185%
Best Effort DF CoS 0 CoS1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 211
Cisco Catalyst 65xx-E/6807-XL2Q4T Ingress Model
class-map type lan-queuing match-all APIC_EM-Q2-2Q4T-QUEUE
match cos 7 6 5 4

policy-map type lan-queuing APIC_EM-QUEUING-2Q4T-IN Un-configured CoS values


class APIC_EM-Q2-2Q4T-QUEUE default to threshold 8 which is
100%. May not need to
bandwidth percent 40 configure the CoS 7 or CoS 3
queue-limit cos 7 percent 100 values, as this should default to
queue-limit cos 6 percent 95 100%, but is shown here for
queue-limit cos 5 percent 90 completeness.
queue-limit cos 4 percent 85 Recommend explicitly
class class-default configuring thresholds however.
queue-limit cos 3 percent 100
queue-limit cos 2 percent 95
queue-limit cos 0 percent 90
queue-limit cos 1 percent 85

interface GigabitEthernet1/3/1
service-policy type lan-queuing input APIC_EM-QUEUING-2Q4T-IN
interface TenGigabitEthernet1/3/4
service-policy type lan-queuing input APIC_EM-QUEUING-2Q4T-IN

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 212
2Q8T Ingress Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
2Q8T Ingress Queueing Linecards
WS-X6724-SFP with DFC4/DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)
WS-X6748-SFP and WS-X6748-GE-TX with DFC4/DFC4XL upgrade (WS-F6k-DFC4-
A, WS-F6k-DFC4-AXL)
WS-X6824-SFP-2T and WS-X6824-SFP-2TXL
WS-X6848-SFP-2T, WS-X6848-SFP-2TXL, WS-X6848-TX-2T and WS-X6848-TX-
2TXL

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 214
Cisco Catalyst 65xx-E/6807-XL with Sup2T
2Q8T Ingress Queuing ModelsCoS-to-Queue Mapping
Application-Class DSCP CoS 2Q8T

Network Control (CS7) CoS 7 Q2 40% BW


CoS 7
Internetwork Control CS6 CoS 6

VoIP EF CoS 6
CoS 5
Broadcast Video CS5
CoS 5
Multimedia Conferencing AF4
CoS 4
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3
Signaling CS3 CoS 3 Q1 60% BW
Transactional Data AF2
CoS 2
Network Management CS2 CoS 2

Bulk Data AF1


CoS 1 CoS 0
Scavenger CS1

Best Effort DF CoS 0 CoS 1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 215
Cisco Catalyst 65xx-E/6807-XL with Sup2T
2Q8T Ingress Queuing ModelsCoS-to-Queue Mapping with CoS-based Tail-Drop
Application-Class DSCP CoS 2Q8T
Q2T4100%
Network Control (CS7) CoS 7
CoS 7
Internetwork Control CS6 CoS 6
Q2T395%
VoIP EF CoS 6
CoS 5
Broadcast Video CS5 Q2T290%
CoS 5
Multimedia Conferencing AF4
CoS 4 Q2 40% BW
Q2T185%
Realtime Interactive CS4
CoS 4
Multimedia Streaming AF3
CoS 3 Q1T4100%
Signaling CS3 CoS 3 Q1 60% BW
Transactional Data AF2
CoS 2 Q1T395%
Network Management CS2 CoS 2
All noted thresholds are
Q1T290% tail-drop thresholds
Bulk Data AF1
CoS 1 Cos 0
Scavenger CS1
Q1T185%
Best Effort DF CoS 0 CoS1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 216
Cisco Catalyst 65xx-E/6807-XL2Q8T Ingress Model
class-map type lan-queuing match-all APIC_EM-Q2-2Q8T-QUEUE
match cos 7 6 5 4

policy-map type lan-queuing APIC_EM-QUEUING-2Q8T-IN


class APIC_EM-Q2-2Q8T-QUEUE
bandwidth percent 40 Un-configured CoS values
queue-limit cos 7 percent 100 default to threshold 8 which is
queue-limit cos 6 percent 95 100%. May not need to
queue-limit cos 5 percent 90 configure the CoS 7 or CoS 3
queue-limit cos 4 percent 85 values, as this should default to
class class-default 100%.
queue-limit cos 3 percent 100
queue-limit cos 2 percent 95 Recommend explicitly configuring
queue-limit cos 0 percent 90 thresholds
queue-limit cos 1 percent 85

interface GigabitEthernet1/3/2
service-policy type lan-queuing input APIC_EM-QUEUING-2Q8T-IN

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 217
8Q4T Ingress Queueing
DSCP to Queue Mapping
DSCP-based WRED
8Q4T Ingress Queueing Linecards

VS-S2T-10G, VS-S2T-10G-XL with Gigabit Ethernet ports disabled*


WS-X6908-10G-2T, WS-X6908-10G-2TXL
WS-X6816-10T-2T, WS-X6816-10T-2TXL, WS-X6816-10G-2T, WS-X6816-
10G-2TXL in performance mode
WS-X6716-10G-3C, WS-X6716-10G-3CXL, WS-X6716-10T-3C, WS-X6716-
10T-3CXL with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-E, WS-F6k-
DFC4-EXL) in performance mode)

* Potentially similar behavior with the Sup2T ports as seen in slides #25 & #26

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 219
How to Disable or Display the State of GigabitEthernet
Interfaces on the Sup2T
o23-6500-1(config)#platform qos 10g-only Global command disables GigabitEthernet interfaces on the
Sup2T.

o23-6500-1#show platform qos module 3


QoS is enabled globally
Port QoS is enabled globally
QoS serial policing mode enabled globally
Global command to show whether the
Distributed Policing is Disabled GigabitEthernet interfaces on the Sup2T
Secondary PUPs are enabled are enabled or disabled
QoS Trust state is DSCP on the following interface:
EO0/2 Gi1/1 Gi1/2 Gi1/3 Gi1/4 Gi1/5 Gi1/6 Gi1/7 Gi1/8 Gi1/9
Gi1/10 Gi1/11 Gi1/12 Gi1/13 Gi1/14 Gi1/15 Gi1/16 Gi1/17 Gi1/18 Gi1/19
Gi1/20 Gi1/21 Gi1/22 Gi1/23 Gi1/24 Gi1/25 Gi1/26 Gi1/27 Gi1/28 Gi1/29
Gi1/30 Gi1/31 Gi1/32 Gi1/33 Gi1/34 Gi1/35 Gi1/36 Gi1/37 Gi1/38 Gi1/39
Gi1/40 Gi1/41 Gi1/42 Gi1/43 Gi1/44 Gi1/45 Gi1/46 Gi1/47 Gi1/48 Te2/1
Te2/2 Te2/3 Te2/4 Te2/5 Te2/6 Te2/7 Te2/8 Gi3/1 Gi3/2 Gi3/3
Te3/4 Te3/5 Te5/1 Te5/2 Te5/3 Te5/4 Te5/5 Te5/6 Te5/7 Te5/8
Te5/9 Te5/10 Te5/11 Te5/12 Te5/13 Te5/14 Te5/15 Te5/16 Te6/1 Te6/2
Te6/3 Te6/4 CPP CPP.1 Vl1 GigabitEthernet interfaces on the
QoS 10g-only mode supported: Yes [Current mode: Off] Sup2T are currently enabled
Global Policy-map: ingress[]

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 220
How to Enable or Display Performance Mode on Linecards
Global command enables
performance mode on a port
o23-6500-1(config)#no hw-module slot 5 oversubscription port-group 4 group of a linecard

o23-6500-1#show hw-module slot 5


oversubscription
port-group oversubscription-mode
1 enabled
2 enabled
3 enabled
4 disabled
Global command to show whether the
oversubscription is enabled or disabled
(performance mode) per port group of a
linecard

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 221
Cisco Catalyst 65xx-E/6807-XL with Sup2T
8Q4T Ingress Queuing ModelsDSCP-to-Queue Mapping
8Q4T
Application-Class DSCP
EF Realtime Queue
Network Control (CS7) CS5 (10% BW)
CS4
Internetwork Control CS6
CS7
VoIP EF
CS6 Control Queue
Broadcast Video CS5 CS3 (10% BW)
CS2
Multimedia Conferencing AF4
AF4
Realtime Interactive CS4 Multimedia-Conferencing Queue
(20% BW + DSCP-WRED)
Multimedia Streaming AF3
AF3 Multimedia-Streaming Queue
Signaling CS3 (20% BW + DSCP-WRED)

Transactional Data AF2 AF2 Transactional Data Queue


(10% BW + DSCP-WRED)
Network Management CS2
AF1 Bulk Data Queue
Bulk Data AF1 (4% BW + DSCP-WRED)

Scavenger CS1 CS1 Scavenger Queue (1% BW)

Best Effort DF Default Queue


DF
(25% BW + DSCP-WRED)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 222
Cisco Catalyst 65xx-E/6807-XL with Sup2T
8Q4T
8Q4T Ingress Queuing Models
EF
DSCP-to-Queue with DSCP-WRED CS5
Realtime Queue All noted thresholds are
(10% BW) Min WRED thresholds
Application-Class DSCP CS4

Network Control (CS7) CS7 All max WRED thresholds


CS6 Control-Plane Queue Are set to 100%
Internetwork Control CS6 CS3 (10% BW)
CS2
VoIP EF
AF41 Q6T380%
Broadcast Video CS5 Multimedia-Conferencing Queue
AF42 Q6T270% (20% BW + DSCP-WRED)
Multimedia Conferencing AF4 AF43
Q6T160%
Realtime Interactive CS4
Q5T380% Multimedia-Streaming Queue
AF31
Multimedia Streaming AF3 AF32 (20% BW + DSCP-WRED)
Q5T270%
AF33
Signaling CS3 Q5T160%

Transactional Data AF2 AF21 Q4T380%


AF22 Q4T270% Transactional Data Queue
(10% BW + DSCP-WRED)
Network Management CS2 AF23 Q4T160%

Bulk Data AF1 AF11 Q3T380%


AF12 Q3T270% Bulk Data Queue
Scavenger CS1 (4% BW + DSCP-WRED)
AF13 Q3T160%

Best Effort DF
CS1 Scavenger Queue (1% BW)

DF Default Queue
(25% BW + DSCP-WRED)
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 223
Cisco Catalyst 65xx-E/6807-XL 8Q4T Ingress Model
class-map type lan-queuing match-all APIC_EM-REALTIME-8Q4T-QUEUE
match dscp cs4 cs5 ef
class-map type lan-queuing match-all APIC_EM-CONTROL-8Q4T-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all APIC_EM-MM_CONF-8Q4T-QUEUE
match dscp af41 af42 af43
class-map type lan-queuing match-all APIC_EM-MM_STREAM-8Q4T-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-8Q4T-QUEUE
match dscp af21 af22 af23
class-map type lan-queuing match-all APIC_EM-BULK_DATA-8Q4T-QUEUE
match dscp af11 af12 af13
class-map type lan-queuing match-all APIC_EM-SCAVENGER-8Q4T-QUEUE
match dscp cs1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 224
Cisco Catalyst 65xx-E/6807-XL 8Q4T Ingress Model
policy-map type lan-queuing APIC_EM-QUEUEING-8Q4T-IN
class APIC_EM-REALTIME-8Q4T-QUEUE
bandwidth percent 10
class APIC_EM-CONTROL-8Q4T-QUEUE
bandwidth percent 10
class APIC_EM-MM_CONF-8Q4T-QUEUE
bandwidth percent 20
random-detect dscp-based
random-detect dscp af41 percent 80 100
random-detect dscp af42 percent 70 100
random-detect dscp af43 percent 60 100
class APIC_EM-MM_STREAM-8Q4T-QUEUE
bandwidth percent 20
random-detect dscp-based
random-detect dscp af31 percent 80 100
random-detect dscp af32 percent 70 100
random-detect dscp af33 percent 60 100

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 225
Cisco Catalyst 65xx-E/6807-XL 8Q4T Ingress Model
[continued]
class APIC_EM-TRANS_DATA-8Q4T-QUEUE
bandwidth percent 10
random-detect dscp-based
random-detect dscp af21 percent 80 100
random-detect dscp af22 percent 70 100
random-detect dscp af23 percent 60 100
class APIC_EM-BULK_DATA-8Q4T-QUEUE
bandwidth percent 4
random-detect dscp-based
random-detect dscp af11 percent 80 100
random-detect dscp af12 percent 70 100
random-detect dscp af13 percent 60 100
class APIC_EM-SCAVENGER-8Q4T-QUEUE
bandwidth percent 1
class class-default
random-detect dscp-based
random-detect dscp default percent 80 100

interface TenGigabitEthernet1/3/4
service-policy type lan-queuing input APIC_EM-QUEUEING-8Q4T-IN

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 226
8Q8T Ingress Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
8Q8T Ingress Queueing Linecards
WS-X6704-10GE supported with a DFC4/DFC4XL upgrade
(WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)
o23-6500-1#show module
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL10478SWP
2 8 DCEF2T 8 port 10GE WS-X6908-10G SAL172682AK
3 5 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G SAL1702WNR0
5 16 CEF720 16 port 10GE WS-X6716-10GE SAL1228WYB7
6 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL15013XBH

Mod Sub-Module Model Serial Hw Status


---- --------------------------- ------------------ ----------- ------- -------
1 Centralized Forwarding Card WS-F6700-CFC SAD074308C9 1.1 Ok
2 Distributed Forwarding Card WS-F6K-DFC4-E SAL17152T2R 1.2 Ok
3 Policy Feature Card 4 VS-F6K-PFC4 SAL1638N3R3 1.2 Ok
3 CPU Daughterboard VS-F6K-MSFC5 SAL1702WNG1 1.5 Ok
5 Distributed Forwarding Card WS-F6K-DFC4-E SAL1541SQHX 1.1 Ok
6 Centralized Forwarding Card WS-F6700-CFC SAL1518CRZ3 4.1 PwrDown

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 228
Cisco Catalyst 65xx-E/6807-XL with Sup2T
8Q8T Ingress Queuing ModelsCoS-to-Queue Mapping with COS-based WRED
8Q8T
Application-Class DSCP CoS

Network Control (CS7) CoS 7 Q8-VoIP-Broadcast Queue


CoS 5 (10% BW )
Internetwork Control CS6 CoS 6
CoS 7 Q7-Network Control Queue
VoIP EF (5% BW)
CoS 5
Broadcast Video CS5
Q6-Internetwork Control Queue
Multimedia Conferencing AF4 CoS 6 (5% BW)
CoS 4
Realtime Interactive CS4 Q5-Multimedia-Realtime Queue
CoS 4 (20% BW)
Multimedia Streaming AF3
CoS 3
Signaling CS3 Q4-Streaming-Signaling Queue
CoS 3 (20% BW)
Transactional Data AF2
CoS 2 Q3-Transactional-Management Queue
Network Management CS2 CoS 2 (10% BW)

Bulk Data AF1


CoS 1 Q2-Bulk-Scavenger Queue
Scavenger CS1 CoS 1 (5% BW)

Best Effort DF CoS 0 Q1-Default Queue


CoS 0 (25% BW)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 229
Cisco Catalyst 65xx-E/6807-XL 8Q8T Ingress Model
class-map type lan-queuing match-all APIC_EM-Q8-8Q8T-QUEUE
match cos 7
Class-map type lan-queuing match-all APIC_EM-Q7-8Q8T-QUEUE
match cos 6
class-map type lan-queuing match-all APIC_EM-Q6-8Q8T-QUEUE
match cos 5
class-map type lan-queuing match-all APIC_EM-Q5-8Q8T-QUEUE
match cos 4
class-map type lan-queuing match-all APIC_EM-Q4-8Q8T-QUEUE
match cos 3
class-map type lan-queuing match-all APIC_EM-Q3-8Q8T-QUEUE
match cos 2
class-map type lan-queuing match-all APIC_EM-Q2-8Q8T-QUEUE
match cos 1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 230
Cisco Catalyst 65xx-E/6807-XL 8Q8T Ingress Model
policy-map type lan-queuing APIC_EM-QUEUEING-8Q8T-IN
class APIC_EM-Q8-8Q8T-QUEUE
bandwidth percent 10
class APIC_EM-Q7-8Q8T-QUEUE
bandwidth percent 5
class APIC_EM-Q6-8Q8T-QUEUE
bandwidth percent 5
class APIC_EM-Q5-8Q8T-QUEUE
bandwidth percent 20
class APIC_EM-Q4-8Q8T-QUEUE
bandwidth percent 20
class APIC_EM-Q3-8Q8T-QUEUE
bandwidth percent 10
class APIC_EM-Q2-8Q8T-QUEUE
bandwidth percent 5
class class-default

interface TenGigabitEthernet1/3/4
service-policy type lan-queuing input APIC_EM-QUEUEING-8Q8T-IN

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 231
1P7Q2T Ingress Queueing
DSCP to Queue Mapping
DSCP-based WRED
1P7Q2T Ingress Queueing Linecards

WS-X6716-10G-3C, WS-X6716-10G-3CXL, WS-X6716-10T-3C, WS-X6716-


10T-3CXL with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-E, WS-F6k-
DFC4-EXL) in oversubscription mode
WS-X6816-10T-2T, WS-X6816-10T-2TXL, WS-X6816-10G-2T, WS-X6816-
10G-2TXL in oversubscription mode

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 233
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P7Q2T Ingress Queuing ModelsDSCP-to-Queue
Mapping 1P7Q2T

Application-Class DSCP EF
Realtime Queue
CS5 (Priority)
Network Control (CS7)
CS4
Internetwork Control CS6
CS7
VoIP EF CS6 Control Plane Queue
CS3 (10% BWR)
Broadcast Video CS5 CS2
Multimedia Conferencing AF4
AF4
Realtime Interactive CS4 Multimedia-Conferencing Queue
(20% BWR + DSCP-WRED)
Multimedia Streaming AF3
AF3 Multimedia-Streaming Queue
(15% BWR + DSCP-WRED)
Signaling CS3

Transactional Data AF2 AF2 Transactional Data Queue


(15% BWR + DSCP-WRED)
Network Management CS2
AF1 Bulk Data Queue
Bulk Data AF1 (9% BWR + DSCP-WRED)

Scavenger CS1 Scavenger Queue (1% BW)


CS1
Best Effort DF Default Queue
DF (30% BWR + DSCP-WRED)
BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 234
Cisco Catalyst 65xx-E/6807-XL with Sup2T 1P7Q2T
1P7Q2T Ingress Queuing ModelsDSCP-
EF
to-Queue Mapping (DSCP-WRED) CS5
Realtime Queue All noted thresholds are
(Priority) Min WRED thresholds
Application-Class DSCP CS4
All max WRED thresholds
Network Control (CS7) CS7 Are set to 100%
CS6 Control Plane Queue
Internetwork Control CS6 CS3 (10% BWR)
CS2
VoIP EF
AF41 Q6T280%
Broadcast Video CS5 Multimedia-Conferencing Queue
AF42 (20% BWR + DSCP-WRED)
Multimedia Conferencing AF4 AF43 Q6T170%

Realtime Interactive CS4


Q5T280% Multimedia-Streaming Queue
AF31
Multimedia Streaming AF3 AF32 (15% BWR + DSCP-WRED)
AF33 Q5T170%
Signaling CS3

Transactional Data AF2 AF21 Q4T280%


AF22 Transactional Data Queue
Q4T170% (15% BWR + DSCP-WRED)
Network Management CS2 AF23

Bulk Data AF1 AF11 Q3T280%


AF12 Bulk Data Queue
Scavenger CS1 Q3T170% (9% BWR + DSCP-WRED)
AF13
Best Effort DF
CS1 Scavenger Queue (1% BW)

DF Default Queue
(30% BWR + DSCP-WRED)
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 235
Cisco Catalyst 65xx-E/6807-XL - 1P7Q2T Ingress Model
class-map type lan-queuing match-all APIC_EM-REALTIME-1P7Q2T-QUEUE
match dscp cs4 cs5 ef
class-map type lan-queuing match-all APIC_EM-CONTROL-1P7Q2T-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all APIC_EM-MM_CONF-1P7Q2T-QUEUE
match dscp af41 af42 af43
class-map type lan-queuing match-all APIC_EM-MM_STREAM-1P7Q2T-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-1P7Q2T-QUEU
match dscp af21 af22 af23
class-map type lan-queuing match-all APIC_EM-BULK_DATA-1P7Q2T-QUEUE
match dscp af11 af12 af13
class-map type lan-queuing match-all APIC_EM-SCAVENGER-1P7Q2T-QUEUE
match dscp cs1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 236
Cisco Catalyst 65xx-E/6807-XL 1P7Q2T Ingress Model

policy-map type lan-queuing APIC_EM-QUEUEING-1P7Q2T-IN


class APIC_EM-REALTIME-1P7Q2T-QUEUE
priority
class APIC_EM-CONTROL-1P7Q2T-QUEUE
bandwidth remaining percent 10
class APIC_EM-MM_CONF-1P7Q2T-QUEUE
bandwidth remaining percent 20
class APIC_EM-MM_STREAM-1P7Q2T-QUEUE
bandwidth remaining percent 15

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 237
Cisco Catalyst 65xx-E/6807-XL - 1P7Q2T Ingress Model
[continued]
class APIC_EM-TRANS_DATA-1P7Q2T-QUEU
bandwidth remaining percent 15
class APIC_EM-BULK_DATA-1P7Q2T-QUEUE
bandwidth remaining percent 9
class APIC_EM-SCAVENGER-1P7Q2T-QUEUE
bandwidth remaining percent 1
class class-default

interface TenGigabitEthernet1/3/4
service-policy type lan-queuing input APIC_EM-QUEUEING-1P7Q2T-IN

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 238
2P6Q4T Ingress & Egress
Queueing
DSCP to Queue Mapping
DSCP-based WRED
2P6Q4T Ingress Queueing Linecards

WS-X6904-40G-2T and WS-X6904-40G-2TXL


C6800-8P10G, C6800-8P10G-XL
C6800-16P10G, C6800-16P10G-XL
C6800-32P10G, C6800-32P10G-XL

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 240
Cisco Catalyst 65xx-E/6807-XL with Sup2T
2P6Q4T (Ingress & Egress Queuing ModelsDSCP-to-Queue)
Application-Class DSCP 2P6Q4T
Network Control (CS7) Voice-PQ1
EF (Priority Level 1)
Internetwork Control CS6
CS4
VoIP EF CS5 Video-PQ2
(Priority Level 2)
Broadcast Video CS5 AF4

Multimedia Conferencing AF4 CS7 & CS6 Control Plane Queue


CS3 & CS2 (10% BWR)
Realtime Interactive CS4

Multimedia Streaming AF3 Multimedia-Streaming Queue


AF3 (20% BWR + DSCP-WRED)
Signaling CS3
Transactional Data Queue
Transactional Data AF2 AF2 (20% BWR + DSCP-WRED)

Network Management CS2 Bulk Data Queue


AF1 (14% BWR + DSCP-WRED)
Bulk Data AF1
Scavenger Queue
CS1 (1% BWR + DSCP-WRED)
Scavenger CS1
DF Default Queue
Best Effort DF (35% BWR + WRED)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 241
Cisco Catalyst 65xx-E/6807-XL with Sup2T
2P6Q4T (Ingress & Egress Queuing Models
2P6Q4T
DSCP-to-Queue with DSCP WRED
Voice-PQ1
EF (Priority Level 1)
Application-Class DSCP
CS4
Network Control (CS7) Video-PQ2
CS5
(Priority Level 2)
Internetwork Control CS6 AF4
VoIP EF
CS7 & CS6 Control Plane Queue
Broadcast Video CS5 CS3 & CS2 (10% BWR)

Multimedia Conferencing AF4 Q4T380%


AF31 Multimedia-Streaming Queue
Realtime Interactive CS4 AF32 Q4T270% (20% BWR + DSCP-WRED)
AF33 Q4T160%
Multimedia Streaming AF3
AF21 Q3T380% Transactional Data Queue
Signaling CS3 AF22 Q3T270% (20% BWR + DSCP-WRED)

Transactional Data AF2 AF23 Q3T160%

Q2T380%
Network Management CS2 AF11
Bulk Data Queue
AF12 Q2T270%
(14% BWR + DSCP-WRED)
Bulk Data AF1 AF13
CS1 Q2T160%

Scavenger CS1 Scavenger Queue


CS1 (1% BWR )
Best Effort DF Default Queue
DF
(35% BWR + WRED)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 242
Cisco Catalyst 65xx-E/6807-XL2P6Q4T Model
Part 1 of 3Common Ingress & Egress Queuing Class-Maps
class-map type lan-queuing match-all APIC_EM-VOICE-2P6Q4T-PQ1
match dscp ef
class-map type lan-queuing match-all APIC_EM-VIDEO-2P6Q4T-PQ2
match dscp cs4 cs5 af41 af42 af43
class-map type lan-queuing match-all APIC_EM-CONTROL-2P6Q4T-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all APIC_EM-MM_STREAM-2P6Q4T-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-2P6Q4T-QUEUE
match dscp af21 af22 af23
class-map type lan-queuing match-all APIC_EM-BULK_DATA-2P6Q4T-QUEUE
match dscp af11 af12 af13
class-map type lan-queuing match-all APIC_EM-SCAVENGER-2P6Q4T-QUEUE
match dscp cs1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Cisco Catalyst 65xx-E/6807-XL2P6Q4T Model
Part 2 of 32P6Q4T Queuing Policy-Map
policy-map type lan-queuing APIC_EM-QUEUING-2P6Q4T
class APIC_EM-VOICE-2P6Q4T-PQ1
priority level 1
class APIC_EM-VIDEO-2P6Q4T-PQ2
priority level 2
class APIC_EM-CONTROL-2P6Q4T-QUEUE
bandwidth remaining percent 10
class APIC_EM-MM_STREAM-2P6Q4T-QUEUE
bandwidth remaining percent 20
random-detect dscp-based
random-detect dscp af31 percent 80 100
random-detect dscp af32 percent 70 100
random-detect dscp af33 percent 60 100
class APIC_EM-TRANS_DATA-2P6Q4T-QUEUE
bandwidth remaining percent 20
random-detect dscp-based
random-detect dscp af21 percent 80 100
random-detect dscp af22 percent 70 100
random-detect dscp af23 percent 60 100

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 244
Cisco Catalyst 65xx-E/6807-XL2P6Q4T Model
Part 3 of 32P6Q4T Queuing Policy-Map (continued)

[continued]
class APIC_EM-BULK_DATA-2P6Q4T-QUEUE
bandwidth remaining percent 14
random-detect dscp-based
random-detect dscp af11 percent 80 100
random-detect dscp af12 percent 70 100
random-detect dscp af13 percent 60 100
class APIC_EM-SCAVENGER-2P6Q4T-QUEUE
bandwidth remaining percent 1
class class-default
random-detect dscp-based
random-detect dscp default percent 80 100

interface TenGigabitEthernet1/1/13
service-policy type lan-queuing input APIC_EM-QUEUEING-2P6Q4T
service-policy type lan-queuing output APIC_EM-QUEUEING-2P6Q4T

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 245
1P3Q8T Egress Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
1P3Q8T Egress Queueing Linecards
WS-X6724-SFP, WS-X6748-SFP and WS-X6748-GE-TX with CFC
WS-X6724-SFP, WS-X6748-SFP, and WS-X6748-GE-TX with a DFC4 or
DFC4XL upgrade (WS-F6k-DFC4-A, WS-F6k-DFC4-AXL)
WS-X6824-SFP-2T and WS-X6824-SFP-2TXL
WS-X6848-SFP-2T, WS-X6848-SFP-2TXL, WS-X6848-TX-2T and WS-
X6848-TX-2TXL

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 247
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P3Q8T Egress Queuing ModelsCoS-to-Queue Mapping
1P3Q8T
Application-Class DSCP CoS

Network Control (CS7) CoS 7 CoS 5


Realtime Queue
Internetwork Control CS6 CoS 6 (Priority)
CoS 4
VoIP EF
CoS 5
Broadcast Video CS5 CoS 7 Control Plane Queue
CoS 6 (10% BWR)
Multimedia Conferencing AF4
CoS 4
Realtime Interactive CS4
CoS 3
Multimedia Streaming AF3
CoS 3 Transactional Data Queue
Signaling CS3 CoS 2 (45% BWR + COS-WRED)
Transactional Data AF2
CoS 2
Network Management CS2

Bulk Data AF1 CoS 0


CoS 1
Scavenger CS1 Default Queue
(45% BWR + COS WRED)
Best Effort DF CoS 0 CoS 1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 248
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P3Q8T Egress Queuing ModelsCoS-to-Queue Mapping with CoS-WRED
1P3Q8T
Application-Class DSCP CoS

Network Control (CS7) CoS 7 CoS 5


Realtime Queue
Internetwork Control CS6 CoS 6 (Priority)
CoS 4
VoIP EF
CoS 5
Broadcast Video CS5 CoS 7 Control Plane Queue
CoS 6 (10% BWR)
Multimedia Conferencing AF4
CoS 4
Realtime Interactive CS4
CoS 3 Q2T280%
Multimedia Streaming AF3
CoS 3 Transactional Data Queue
Signaling CS3 CoS 2 (45% BWR + COS-WRED)
Transactional Data AF2 Q2T170%
CoS 2 All noted thresholds are
Network Management CS2 Min WRED thresholds
Q2T280%
Bulk Data AF1 CoS 0
CoS 1 All max WRED thresholds
Scavenger CS1 Default Queue
Are set to 100%
(45% BWR + COS WRED)
Best Effort DF CoS 0 CoS 1
Q2T170%

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 249
Cisco Catalyst 65xx-E/6807-XL1P3Q8T Egress Model

class-map type lan-queuing match-all APIC_EM-REALTIME-1P3Q8T-QUEUE


match cos 4 5
class-map type lan-queuing match-all APIC_EM-CONTROL-1P3Q8T-QUEUE
match cos 6 7
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-1P3Q8T-QUEUE
match cos 2 3

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 250
Cisco Catalyst 65xx-E/6807-XL 1P3Q8T Egress Model

policy-map type lan-queuing APIC_EM-QUEUING-1P3Q8T-OUT


class APIC_EM-REALTIME-1P3Q8T-QUEUE
priority
class APIC_EM-CONTROL-1P3Q8T-QUEUE
bandwidth remaining percent 5
class APIC_EM-TRANS_DATA-1P3Q8T-QUEUE
bandwidth remaining percent 45
random-detect cos-based
random-detect cos 3 percent 80 100
random-detect cos 2 percent 70 100
class class-default
random-detect cos-based
random-detect cos 0 percent 80 100
random-detect cos 1 percent 70 100

interface GigabitEthernet1/3/2
service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q8T-OUT

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 251
1P3Q4T Egress Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
1P3Q4T Egress Queueing Linecards

VS-S2T-10G and VS-S2T-10G-XL with Gigabit Ethernet ports enabled

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 253
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P3Q4T Egress Queuing ModelsCoS-to-Queue Mapping
1P3Q4T
Application-Class DSCP CoS

Network Control (CS7) CoS 7 CoS 5


Realtime Queue
Internetwork Control CS6 CoS 6 (Priority)
CoS 4
VoIP EF
CoS 5
Broadcast Video CS5 CoS 7 Control Plane Queue
CoS 6 (10% BWR)
Multimedia Conferencing AF4
CoS 4
Realtime Interactive CS4
CoS 3
Multimedia Streaming AF3
CoS 3 Transactional Data Queue
Signaling CS3 CoS 2 (45% BWR + COS-WRED)
Transactional Data AF2
CoS 2
Network Management CS2

Bulk Data AF1 CoS 0


CoS 1
Scavenger CS1 Default Queue
(45% BWR + COS WRED)
Best Effort DF CoS 0 CoS 1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 254
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P3Q4T Egress Queuing ModelsCoS-to-Queue Mapping with CoS WRED
1P3Q4T
Application-Class DSCP CoS

Network Control (CS7) CoS 7 CoS 5


Realtime Queue
Internetwork Control CS6 CoS 6 (Priority)
CoS 4
VoIP EF
CoS 5
Broadcast Video CS5 CoS 7 Control Plane Queue
CoS 6 (10% BWR)
Multimedia Conferencing AF4
CoS 4
Realtime Interactive CS4
CoS 3 Q2T280%
Multimedia Streaming AF3
CoS 3 Transactional Data Queue
Signaling CS3 CoS 2 (45% BWR + COS-WRED)
Transactional Data AF2 Q2T170%
CoS 2 All noted thresholds are
Network Management CS2 Min WRED thresholds
Q2T280%
Bulk Data AF1 CoS 0
CoS 1 All max WRED thresholds
Scavenger CS1 Default Queue
Are set to 100%
(45% BWR + COS WRED)
Best Effort DF CoS 0 CoS 1
Q2T170%

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 255
Cisco Catalyst 65xx-E/6807-XL 1P3Q4T Egress Model

class-map type lan-queuing match-all APIC_EM-REALTIME-1P3Q4T-QUEUE


match cos 4 5
class-map type lan-queuing match-all APIC_EM-CONTROL-1P3Q4T-QUEUE
match cos 6 7
class-map type lan-queuing match-all APIC_EM-TRANS_DATA-1P3Q4T-QUEUE
match cos 2 3

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 256
Cisco Catalyst 65xx-E/6807-XL 1P3Q4T Egress Model

policy-map type lan-queuing APIC_EM-QUEUING-1P3Q4T-OUT


class APIC_EM-REALTIME-1P3Q4T-QUEUE
priority
class APIC_EM-CONTROL-1P3Q4T-QUEUE
bandwidth remaining percent 5
class APIC_EM-TRANS_DATA-1P3Q4T-QUEUE
bandwidth remaining percent 45
random-detect cos-based
random-detect cos 3 percent 80 100
random-detect cos 2 percent 70 100
class class-default
random-detect cos-based
random-detect cos 0 percent 80 100
random-detect cos 1 percent 70 100

interface GigabitEthernet1/3/1
service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q4T-OUT
interface TenGigabitEthernet1/3/4
service-policy type lan-queuing output APIC_EM-QUEUING-1P3Q4T-OUT

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 257
1P7Q4T Egress Queueing
DSCP to Queue Mapping
DSCP-based WRED
1P7Q4T Egress Queueing Linecards

WS-X6716-10G-3C, WS-X6716-10G-3CXL, WS-X6716-10T-3C, WS-X6716-


10T-3CXL with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-E, WS-F6k-
DFC4-EXL) in performance or oversubscription mode
WS-X6816-10T-2T, WS-X6816-10T-2TXL, WS-X6816-10G-2T, WS-X6816-
10G-2TXL in performance or oversubscription mode
WS-X6908-10G-2T and WS-X6908-10G-2TXL

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 259
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P7Q4T Egress Queuing ModelsDSCP-to-Queue Mapping
1P7Q4T

Application-Class DSCP EF
Realtime Queue
CS5 (Priority)
Network Control (CS7)
CS4
Internetwork Control CS6
CS7
VoIP EF CS6 Control Plane Queue
CS3 (10% BWR)
Broadcast Video CS5 CS2
Multimedia Conferencing AF4
AF4
Realtime Interactive CS4 Multimedia-Conferencing Queue
(20% BWR + DSCP-WRED)
Multimedia Streaming AF3
AF3 Multimedia-Streaming Queue
(15% BWR + DSCP-WRED)
Signaling CS3

Transactional Data AF2 AF2 Transactional Data Queue


(15% BWR + DSCP-WRED)
Network Management CS2
AF1 Bulk Data Queue
Bulk Data AF1 (9% BWR + DSCP-WRED)

Scavenger CS1 Scavenger Queue (1% BW)


CS1
Best Effort DF Default Queue
DF (30% BWR + DSCP-WRED)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 260
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P7Q4T
1P7Q4T Egress Queuing Models
EF
DSCP-to-Queue with DSCP-WRED CS5 Realtime Queue
(Priority) All noted thresholds are
Application-Class DSCP CS4
Min WRED thresholds

Network Control (CS7) CS7 All max WRED thresholds


CS6 Control Queue Are set to 100%
Internetwork Control CS6 CS3 (10% BWR)
CS2
VoIP EF

Broadcast Video CS5 AF41 Q6T380%


Multimedia-Conferencing Queue
AF42 Q6T270% (20% BWR + DSCP-WRED)
Multimedia Conferencing AF4 AF43 Q6T160%

Realtime Interactive CS4


AF31 Q5T380% Multimedia-Streaming Queue
Multimedia Streaming AF3 AF32 Q5T270% (15% BWR + DSCP-WRED)
AF33 Q5T160%
Signaling CS3

Transactional Data AF2 AF21 Q4T380%


AF22 Q4T270% Transactional Data Queue
(15% BWR + DSCP-WRED)
Network Management CS2 AF23 Q4T160%

Bulk Data AF1 AF11 Q3T380%


AF12 Q3T270% Bulk Data Queue
Scavenger CS1 (9% BWR + DSCP-WRED)
AF13 Q3T160%

Best Effort DF
CS1 Scavenger Queue (1% BWR)

DF Default Queue
(30% BWR + DSCP-WRED)
2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 261
Cisco Catalyst 65xx-E/6807-XL 1P7Q4T Egress Model

class-map type lan-queuing match-all APIC_EM-REALTIME-1P7Q4T-QUEUE


match dscp cs4 cs5 ef
class-map type lan-queuing match-all APIC_EM-CONTROL-1P7Q4T-QUEUE
match dscp cs2 cs3 cs6 cs7
class-map type lan-queuing match-all APIC_EM-MM_CONF-1P7Q4T-QUEUE
match dscp af41 af42 af43
class-map type lan-queuing match-all APIC_EM-MM_STREAM-1P7Q4T-QUEUE
match dscp af31 af32 af33
class-map type lan-queuing match-all APIC_EM_TRANS_DATA-1P7Q4T-QUEUE
match dscp af21 af22 af23
class-map type lan-queuing match-all APIC_EM_BULK_DATA-1P7Q4T-QUEUE
match dscp af11 af12 af13
class-map type lan-queuing match-all APIC_EM_SCAVENGER-1P7Q4T-QUEUE
match dscp cs1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 262
Cisco Catalyst 65xx-E/6807-XL 1P7Q4T Egress Model
policy-map type lan-queuing APIC_EM-QUEUING-1P7Q4T-OUT
class APIC_EM-REALTIME-1P7Q4T-QUEUE
priority
class APIC_EM-CONTROL-1P7Q4T-QUEUE
bandwidth remaining percent 10
class APIC_EM-MM_CONF-1P7Q4T-QUEUE
bandwidth remaining percent 20
random-detect dscp-based
random-detect dscp af41 percent 80 100
random-detect dscp af42 percent 70 100
random-detect dscp af42 percent 60 100
class APIC_EM-MM_STREAM-1P7Q4T-QUEUE
bandwidth remaining percent 15
random-detect dscp-based
random-detect dscp af31 percent 80 100
random-detect dscp af32 percent 70 100
random-detect dscp af33 percent 60 100

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Cisco Catalyst 65xx-E/6807-XL 1P7Q4T Egress Model
[continued]
class APIC_EM_TRANS_DATA-1P7Q4T-QUEUE
bandwidth remaining percent 15
random-detect dscp-based
random-detect dscp af21 percent 80 100
random-detect dscp af22 percent 70 100
random-detect dscp af23 percent 60 100
class APIC_EM_BULK_DATA-1P7Q4T-QUEUE
bandwidth remaining percent 9
random-detect dscp-based
random-detect dscp af11 percent 80 100
random-detect dscp af12 percent 70 100
random-detect dscp af13 percent 60 100
class APIC_EM_SCAVENGER-1P7Q4T-QUEUE
bandwidth remaining percent 1
class class-default
random-detect dscp-based
random-detect dscp default percent 80 100

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
Cisco Catalyst 65xx-E/6807-XL 1P7Q4T Egress Model

interface TenGigabitEthernet1/3/4
service-policy type lan-queuing output APIC_EM-QUEUING-1P7Q4T-OUT

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 265
1P7Q8T Egress Queueing
CoS to Queue Mapping
CoS-based Tail-Drop
1P7Q8T Egress Queueing Linecards

WS-X6704-10GE with CFC


WS-X6704-10GE with a DFC4 or DFC4XL upgrade (WS-F6k-DFC4-A, WS-
F6k-DFC4-AXL)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 267
Cisco Catalyst 65xx-E/6807-XL with Sup2T
1P7Q8T Egress Queuing ModelsCoS-to-Queue Mapping with COS-based WRED
1P7Q8T
Application-Class DSCP CoS

Network Control (CS7) CoS 7 Q8-VoIP-Broadcast Queue


CoS 5 (Priority)
Internetwork Control CS6 CoS 6

VoIP EF CoS 7 Q7 - Network Control Queue


(5% BWR)
CoS 5
Broadcast Video CS5
Q6 - Internetwork Control Queue
Multimedia Conferencing AF4 CoS 6 (5% BWR)
CoS 4
Realtime Interactive CS4 Q5 - Multimedia-Realtime Queue
(20% BWR)
Multimedia Streaming AF3 CoS 4
CoS 3
Signaling CS3 Q4 - Streaming-Signaling Queue
(20% BWR)
CoS 3
Transactional Data AF2
CoS 2 Q3-Transactional-Management Queue
Network Management CS2 CoS 2 (10% BWR)

Bulk Data AF1


CoS 1 Q2 - Bulk-Scavenger Queue
Scavenger CS1 CoS 1 (10% BWR)

Best Effort DF CoS 0 Default Queue


CoS 0 (30% BWR)

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 268
Cisco Catalyst 65xx-E/6807-XL 1P7Q8T Egress Model

class-map type lan-queuing match-all APIC_EM-Q8-1P7Q8T-QUEUE


match cos 7
class-map type lan-queuing match-all APIC_EM-Q7-1P7Q8T-QUEUE
match cos 6
class-map type lan-queuing match-all APIC_EM-Q6-1P7Q8T-QUEUE
match cos 5
class-map type lan-queuing match-all APIC_EM-Q5-1P7Q8T-QUEUE
match cos 4
class-map type lan-queuing match-all APIC_EM-Q4-1P7Q8T-QUEUE
match cos 3
class-map type lan-queuing match-all APIC_EM-Q3-1P7Q8T-QUEUE
match cos 2
class-map type lan-queuing match-all APIC_EM-Q2-1P7Q8T-QUEUE
match cos 1

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 269
Cisco Catalyst 65xx-E/6807-XL 1P7Q8T Egress Model

policy-map type lan-queuing APIC_EM-QUEUING-1P7Q8T-OUT


class APIC_EM-Q8-1P7Q8T-QUEUE
priority
class APIC_EM-Q7-1P7Q8T-QUEUE
bandwidth remaining percent 5
class APIC_EM-Q6-1P7Q8T-QUEUE
bandwidth remaining percent 5
class APIC_EM-Q5-1P7Q8T-QUEUE
bandwidth remaining percent 20
class APIC_EM-Q4-1P7Q8T-QUEUE
bandwidth remaining percent 20
class APIC_EM-Q3-1P7Q8T-QUEUE
bandwidth remaining percent 10
class APIC_EM-Q2-1P7Q8T-QUEUE
bandwidth remaining percent 10
class class-default

interface TenGigabitEthernet1/3/4
service-policy type lan-queuing output APIC_EM-QUEUING-1P7Q8T-OUT

BRKCRS-2501 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 270
Q&A
Thank You