Tài liệu Infrastructure Quality of Service pptx

www.cisco.com econ_0386_09_010.pptKeep All Graphics Inside This Box Objectives Upon completion of this module, you will be able to perform the following tasks: • Describe the purpose of

Trang 1

Infrastructure Quality of Service Infrastructure Quality of Service

Trang 2

Keep All Graphics Inside This Box

Objectives

Upon completion of this module, you will be able to perform the following tasks:

• Describe the purpose of classification and marking

• Explain IP Precedence and Diff-Serv

• Describe Quality of Service policy using Modular QoS Command Line Interface (CLI)

(NBAR)

Trang 3

Objectives

• Describe forms of packet, frame, or cell marking

• Describe the purpose and benefits of Resource Reservation Protocol (RSVP) and Common Open Policy Service (COPS)

products

• Identify the functions of each product

Trang 4

Quality of Service Classification and Marking

Trang 5

Objectives

Upon completion of this module section, you will

be able to perform the following tasks:

• Describe the purpose of classification and marking

• Explain IP Precedence and Diff-Serv

(NBAR)

• Describe forms of packet, frame, or cell marking

The purpose of the lesson is to quickly survey the new Classification and Marking

features in Cisco IOS 12.1, and to describe the problems they solve

Trang 6

Enterprise QoS

30 Kbps

300 Kbps

• Remote site has a 350 Kbps CIR FR link

• Bursty applications contending for bandwidth reduce collective throughput Customer needs better throughput

These are charts from Ganymede Chariot used in a lab based on FIFO (no

queuing) TCP traffic was going all over the chart With nothing controlling the

traffic, throughput is horrible and completely unpredictable!

With Traffic Shaping, Frame Relay DE bit setting, Class-Based Weighted Fair

Queuing (CBWFQ), and Weighted Random Early Detection (WRED) enabled, the network is much more well behaved

We’ll discuss CBWFQ and WRED in the Queuing module

In this section we’ll look at techniques for Classification and Marking These are

the beginning of solving the example customer’s problem

Classification and Marking do not in themselves solve the customer problem They

do however allow us to apply queuing and shaping techniques, both in the edge

router doing the classification and marking, and in the downstream routers in the

network

Classification and Marking will be further defined in the following slides

Trang 7

Internet

Classification and marking of packets at the edge of the network makes the packets accessible to QoS handling within the network

Network Management

Classifying and Marking

In order for QoS methods to be used within the network, traffic must be classified

into higher and lower priorities Each classification must then be marked so the

network knows which QoS methods to apply This process is comple ted at the

ingress points to the network Queuing and shaping methods can then be applied

throughout the network

The Classification and Marking work is usually done at the edge of the network

where speeds are lower This is because it can be more CPU and memory intense

In general, at the edge we can use relatively complex access lists, flows, and other

techniques to recognize traffic In the network core, where speeds are higher, we

keep things simpler, by using marked packets (simpler lookups) and Classes of

Service (several major categories of traffics rather than per-application or per-flow handling)

Trang 8

Classification What Is it?

Classification is

• The QoS feature component that recognizes and distinguishes among different packet streams

• The most fundamental QoS building block

Without classification, all packets will be treated the same

Classification entails using a traffic descriptor to categorize a packet within a

specific group to define that packet and make it accessible for QoS handling on the network Using packet classification, you can partition network traffic into

multiple priority levels or classes of service When traffic descriptors are used to

classify traffic, the source agrees to adhere to the contracted terms and the network promises a quality of service Traffic policers, such as Committed Access Rate's

(CARs) rate- limiting feature, and traffic shapers, such as Frame Relay Traffic

Shaping (FRTS) and Generic Traffic Shaping (GTS), use a packet's traffic

descriptor—that is, its classification—to ensure adherence to the contract

Packet classification is pivotal to policy techniques that select packets traversing a

network element or a particular interface for different types of QoS service For

example, you can use classification to mark certain packets for IP Precedence and

you can identify others as belonging to a Resource Reservation Protocol (RSVP)

flow

Methods of classification were once limited to use of the contents of the packet

header Today's methods of marking a packet with its classification allow you to

Trang 9

Marking What is it?

Packets entering the network may have been marked previously If this marking is

from a trusted source, then classification may be based on the previous mark If the marking is not from a trusted source, then classification may be used to determine

what the new marking should be

Marking can occur at Layer 2 or Layer 3, however many QoS features are based on the IP Precedence bit or DSCP settings There are methods of marking that will

map Layer 2 Class of Service (CoS) bits to Layer 3 IP Precedence or DSCP

settings

A QoS-group is internal to a router It allows us to virtually mark packets as they

come into a router, then use that virtual marking for outbound policy The biggest

advantage to virtual marking is that it does not alter the traffic passing through the

router

Trang 10

Topics

Modular CLI for QoS

Classification Marking

Trang 11

What Is Modular QoS CLI

(MQC)?

What Is Modular QoS CLI

(MQC)?

Modular QoS CLI (MQC):

• Is how you configure QoS policy

• Separates the definition of classes from the application of QoS mechanisms

MQC is template-based:

• Reduces configuration

• Configure policy, not “raw” per-interface commands

Modular QoS CLI (MQC) is available across all main Cisco IOS-based platforms,

initially with Cisco IOS Release 12.0(5)T MQC is a new feature, a new, more

advanced way of configuring QoS

In the next few slides we will look briefly at MQC

Trang 12

Modular QoS CLI

• Input, output, applied at interface

The MQC allows users to specify a traffic class independently of QoS policies

The class-map command is used to define a traffic class A traffic class contains three major

elements: a name, a series of match commands, and an instruction on how to evaluate these

match commands The traffic class is named in the class-map command line; for instance, if you enter the class-map don command while configuring the traffic class in the command-

line interface, the traffic class would be named don

The policy-map command is used to associate a traffic class, which was defined by the

class-map command, with one or more QoS policies The result of this association is called

a service policy A service policy contains three elements: a name, a traffic class (specified

with the class command), and the QoS policies The purpose of the service policy is to

associate a traffic class with one or more QoS policies The name of a service policy is

specified in the policy-map command-line interface (for example, issuing the policy-map

gary command would create a service policy named gary).

The service-policy command is used to attach the service policy, as specified with the

policy-map command, to an interface Because the elements of the service policy can be

applied to packets entering and leaving the interface, users are required to specify whether

Trang 13

Trang 14

Classification through Modular QoS CLI

match input-interface match source-address

match protocol (NBAR)

match mpls experimental match any

match not …

Using MQC, various match criteria may be used to define a class of service This is

classification

• class-map match-all class-name: specifies a logical AND operator for all matching

statements under this traffic class When neither match-all nor match-any is

specified, the default is match-all

• class-map match-any class-name: specifies a logical OR operator for all matching

statements under this traffic class

• match input-interface interface-name: specifies the name of the input interface used

as a match criterion against which packets are checked to determine if they belong to the class

• match source-address mac address: specifies the name of the source MAC address

used as a match criterion against which packets are checked to determine if they

belong to the class

• match destination-address mac address: specifies the name of the destination MAC

address used as a match criterion against which packets are checked to determine if they belong to the class

• match access-group access-list-number: specifies the numbered access list against

Trang 15

Hidden slide for notes Do not delete.

Classification through Modular QoS CLI

Using MQC, various match criteria may be used to define a class of service This is

classification (continued)

• match qos-group number: specifies the number of the QoS group index used as a

match criterion against which packets are checked to determine if they belong to the class

• match protocol protocol: specifies the name of the protocol used as a match criterion

against which packets are checked to determine if they belong to the class

• match class-map class-name: specifies the name of a traffic class to be used as a

matching criterion (for nesting traffic class [nested class maps] within one another)

• match any : specifies that all packets will be matched

• match not match-criteria: specifies a match criterion value that prevents packets

from being classified as members of a specified traffic class All other values of that particular match criterion belong to the class

Trang 16

Network Based Application Recognition (NBAR)

Mark Citrix sub-applications as GOLD service and police FTP Guarantee bandwidth for Citrix!

• NBAR classifies network traffic using application information

• Enables downstream actions based on QoS policies through random early detection, class- based queuing, and policing

• New applications easily supported by loading Packet Description Language Modules

Available now on

7100 and 7200 routers

2600, 3600 and 7500 support in 2nd half of CY2000 Link Utilization

NBAR can determine the mix of traffic on the network and isolate the problem In the case shown

in the slide, too much point-cast traffic is overloading the link

NBAR Capabilities:

A new IP packet classifier capable of classifying…

• Those Layer 4 to Layer 7 protocols which dynamically assign TCP/UDP ports

• HTTP (Web) traffic by URL or MIME (Multipurpose Internet Mail Extension) type using regular expressions (*, ?, [ ])

• “Sub-port” criteria such as transaction types

NBAR classification is used by QoS features:

Trang 17

FTP Exchange HTTP (URL and MIME) Netshow Realaudio r-commands Oracle SQL*NET SunRPC TFTP StreamWorks VDOLive

Static Protocols

EGP GRE ICMP IPINIP IPSec EIGRP BGP CU-SeeMe DHCP/BOOTP DNS

Finger Gopher HTTP HTTPS IMAP

IRC Kerberos L2TP LDAP

M S-PPTP

M S-SQLServer NetBIOS NFS NNTP Notes NTP PCAnywhere POP3 RIP RSVP SFTP

SHTTP SIRC SLDAP SNNTP SMTP SNMP SOCKS SPOP3 SSH STELNET Syslog Telnet

X Windows

The real win with NBAR is simpler configuration coupled with stateful recognition

of flows The simpler configuration means you don’t have to do a protocol analysercapture to figure out ports and so on Stateful recognition means smarter deeper

packet recognition

NBAR can classify application traffic by looking beyond the TCP/UDP port

numbers of a packet This is sub-port classification NBAR looks into the

TCP/UDP payload itself and classifies packets on content within the payload such

as transaction identifier, message type, or other similar data

Classification of HTTP by URL or MIME type is an example of subport

classification NBAR classifies HTTP traffic by text within the URL using regular

expression matching NBAR uses the UNIX filename specification as the basis for the URL specification format The NBAR engine then converts the specification

format into a regular expression

NBAR recognizes HTTP GET packet(s) containing the URL and classifies all

Trang 18

Packet Description Language

NBAR addresses IP QoS classification requirements by classifying

application-level protocols so that QoS policies can be applied to the classified traffic NBAR

addresses the ongoing need to extend the classification engine for the many

existing and emerging application protocols by providing an extensible Packet

Description Language (PDL) NBAR can determine which protocols and

applications are currently running on a network so that an appropriate QoS policy

can be created based upon the current traffic mix and applicatio n requirements

An external PDLM can be loaded at run time to extend the NBAR list of

recognized protocols PDLMs can also be used to enhance an existing protocol

recognition capability PDLMs allow NBAR to recognize new protocols without

requiring a new Cisco IOS image or a router reload

New PDLMs will only be released by Cisco and can be loaded from flash memory

To extend or enhance the list of protocols recognized by NBAR through a

Cisco-provided PDLM, use the ip nbar pdlm configuration command Use the no form

of this command to unload a PDLM if it was previously loaded

Trang 19

NBAR Protocol Discovery

Discovers what traffic is running on the networkProvides per-interface, per-protocol,bidirectional statistics:

Packet and byte counts Bit rates

How much bandwidth should I guarantee to my mission-critical applications?

Are there any non mission-critical applications I should police?

So that QoS policies can be developed and applied, NBAR includes a Protocol

Discovery feature that provides an easy way to discover application protocols

transiting an interface The Protocol Discovery feature discovers any protocol

traffic supported by NBAR Protocol Discovery may be applied to interfaces and

can be used to monitor both input and output traffic Protocol Discovery maintains the following per-protocol statistics for enabled interfaces: total number of input

and output packets and bytes, and input and output bit rates

Preliminary performance data: T3 with an average number of flows resulted in

18 % CPU load, some sensitivity to the number of flows The comment from a

TME in class was that this is probably not something you do in a Service Provider

core

Trang 20

Trang 21

The discussion of marking starts with IP Precedence and Diff-Serv (DSCP), then

goes briefly into related Layer 2 features We will finish with VPN tunnel-related

preservation of markings already on packets

Trang 22

Version Length

ID offset TTL Proto FCS IP-SA IP-DA Data

Data Packet

Traffic Differentiation Mechanisms

IP Precedence and 802.1p

Traffic Differentiation Mechanisms

IP Precedence and 802.1p

• Layer 2 mechanisms are not assured end-to-end

• Layer 3 mechanisms provide end-to-end classification

Layer 2 marking sets bits or alters the header of the frame This is for possible use

by LAN switches and other Layer 2 devices The frame in the slide shows a Layer

2 802.1Q (and 802.1P) header, with extra space to hold a tag with priority

information embedded in it

The slide also shows the Layer 3 IP header, with 3 IP Precedence bits in the Type

of Service (ToS) field The newer Diff-Serv specification (DSCP) uses instead 6

of the ToS bits, plus the other two bits for flow control

Although Layer 3 mechanisms provide end-to-end classification, they are not

recognized by switches, hence the need for additional Layer 2 mechanisms to

provide continuous quality of service into the LAN segments

The Layer 2 mechanisms only provide for drop priority if queues begin reaching

predefined thresholds The Layer 2 CoS bits can, however, be mapped to Layer 3

DSCP or IP Precedence values at the first Layer 3 device the packet hits in the

network

Trang 23

(ToS) field, and the IP Precedence bits provide this capability Because the

majority of applications today are IP-based, why not leverage IP for end-to-end

QoS policy signaling?

IP Precedence takes advantage of in-band signaling The ToS field can be used to

bind business policies into network behavior

IP Precedence utilizes the three precedence bits in the IP header ToS field to

specify class of service for each packet You can partition traffic in up to six

classes of service using IP Precedence (two others are reserved for internal

network use) The queuing technologies throughout the network can then use this

signal to provide the appropriate expedited handling

IP Precedence enables service classes to be established using existing network

queuing mechanisms with no changes to existing applications and with no

Trang 24

DSCP is the field identifying what treatment the packet should receive

The Internet Engineering Task Force (IETF) defines the six most significant bits of the 1-byte ToS field as the Differentiated Services Code Point, DSCP The priority represented by a particular DSCP value is configurable DSCP values range from 0

to 63

The slide shows the breakout of the DSCP field Six bits are used for the

Differentiated Service Code Point, and 2 bits are currently unused

Layer 3 IP packets can carry either an IP Precedence value or a DSCP value MQC

supports the use of either value in set and match commands The recommended

settings of the DSCP field are backwards-compatible with IP precedence (see the

following material)

RFC2474, Definition of the Differentiated Services Field (DS Field) in the IPv4

and IPv6 Headers, Dec 98

http://www.ietf.org/rfc/rfc2474.txt

Trang 25

Cisco’s Diff-Serv Implementation

Until recently…

• ToS = Pre-Diff-Serv implementation (IP Precedence), not compliant with DS-byte encoding (RFC2474)

• Compliant with:

–Diff-Serv Architecture (RFC 2475)

–Default forwarding, class selectors, assured forwarding, expedited forwarding

• Now compliant if use DSCP

Data

IP Precedence Type of Service (ToS)

Diff-Serv Code Point (DSCP)

Data, Voice, Video

Until recently, Cisco IOS software only really supported IP Precedence, because it represented a pre-Diff-Serv implementation This followed the general Diff-Serv

architecture (RFC 2475) in terms of behavior, but the actual Diff-Serv byte

encoding was really a special use, namely using the 3-bit Precedence bit encoding

and not really using all 6 Diff-Serv bits

http://cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120xe/120xe5/mqc/mcli.htm

Trang 26

Diff-Serv Traffic Conditioner

Classifier: selects a pkt in a traffic stream based on the content of some portion of the pkt header

Meter: checks compliance to traffic parameters (e g Token Bucket) and passes result to marker and shaper/dropper to trigger particular action for in/out-of- profile packets

Marker: Writes/rewrites DSCP Shaper: delay some pkts for them to be compliant with the profile

Trang 27

DiffServ Behaviors

Expedited Forwarding (EF) PHB, low loss, low latency and jitter, assured bandwidth, end-end service

Assured Forwarding (AF) PHB, four classes

the drop preference within the class

Default PHB, best-effort behavior (ideally some some minimum resources allocated)

Backwards compatible with precedence

A per-hop behavior (PHB) is a description of the externally observable forwarding behavior of a DS node applied to a the set of packets with the same DSCP The

PHB may be defined in terms of their resources priority relative to others PHBs or

the observable traffic characteristics (delay, loss, …)

PHBs are defined in term of behavior characteristics, the standard does NOT

mandate particular implementation mechanisms !

Trang 28

Gateway Protocol (BGP) (QPPB)

The techniques listed in the slide all allow us to alter IP Precedence bits They will

each be discussed in more detail in the following slides

By default, the Cisco IOS software leaves the IP Precedence value untouched,

preserving the precedence value set in the header, allowing all internal network

devices to provide service based on the IP Precedence setting This policy follows the standard approach stipulating that network traffic should be sorted into various types

of service at the basic perimeter of the network and that those types of service should

be implemented in the core of the network Routers in the core of the network can

then use the precedence bits, for example, to determine the order of transmission, the likelihood of packet drop, and so on

However, because traffic coming into your network can have precedence set by

outside devices, we recommend you reset the precedence for all traffic entering your network By controlling IP Precedence settings, you prohibit users that have already set the IP Precedence from acquiring better service for their traffic simply by setting

a high precedence for all of their packets The other option (with Multi-Protocol

Label Switching (MPLS)) is tunneling the customer precedence information,

preserving but ignoring it while in the Service Provider network

Trang 29

Marking and Virtual Private Networks (VPNs)

There are also Layer 2 mechanisms for marking frames with QoS information We will look at them in turn, briefly

Trang 30

What Is ATM CLP?

Cell Loss Priority (CLP) is a bit in the ATM header of a cell:

• CLP Setting 0—higher priority

• CLP Setting 1—discarded first

Major Restrictions:

• Only available on the PA-A3 port adapter

• CEF or dCEF switching is required

Terminology:

• CEF—Cisco Express Forwarding

• dCEF—Distributed CEF

Additional restrictions:

• Policy map with set atm-clp attaches as an output policy only.

• Policy maps must be attached either to the main interface OR to the subinterface

Trang 31

Frame Relay DE Bits

Frame Relay (FR) Discard Eligible (DE) is

a bit in the header of a frame:

• DE setting 0 = higher priority

• DE setting 1 = eligible for discard first during congestion

You can specify which Frame Relay packets have low priority or low time

sensitivity and will be the first to be dropped when a Frame Relay switch is

congested The mechanism that allows a Frame Relay switch to identify such

packets is the discard eligible (DE) bit

This feature requires that the Frame Relay network be able to interpret the DE bit

Some networks take no action when the DE bit is set Other networks use the DE

bit to determine which packets to discard The most desirable interpretation is to

use the DE bit to determine which packets should be dropped first and also which

packets have lower time sensitivity The general advice here is “Know your Frame Relay Service Provider.”

To enable Frame Relay DE on a router, use the following commands:

• frame-relay de-list de-list (etc.): defines a list to mark the DE

bit in packets using various characteristics

Trang 32

Coloring MPLS Frames

Two methods are possible

• Using the EXP bits in the MPLS header and mapping DSCP to EXP

– convenient for Frame-based Interface

• Mapping a label per-CoS per-forward error correction (FEC)

– convenient for ATM-based interface

There are two ways to color or mark MPLS frames, as indicated in the slide

Trang 33

Using the MPLS EXP Bits

Copy of Precedence into EXP Mapping of DSCP into EXP

IPv4 Packet MPLS Hdr

Non-MPLS Domain

MPLS Domain

0 1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

MPLS can also transport Diff-Serv information In the MPLS label header, there is

a field reserved for CoS information, the EXP bits, shown in the slide Multiple

tags can also be used by the MPLS network to preserve customer Diff-Serv bits

across the provider network

For more information on how Diff-Serv interoperates with MPLS, see the

following URL:

http://search.ietf.org/internet-drafts/draft-ietf-mpls-diff-ext -06.txt

Trang 34

0 1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+ -+- +-+- +-+ -+-+ -+- +-+- +-+- +-+ -+-+ -+- +-+- +-+ -+-+ -+- +-+- +-+ -+-+

+-+-+ -+- +-+- +-+ -+-+ -+- +-+- +-+- +-+ -+-+ -+- +-+- +-+ -+-+ -+- +-+- +-+ -+-+

| Label | EXP |S| TTL |

Label-Inferred CoS

DSCP to Label mapping

The other (original) approach is to use the MPLS label to imply the CoS That is,

each CoS uses different labels for each destination or edge device

Trang 35

Incoming IP packets with prec=4

to be sent with EXP=3

class-map outputc

match qos-group 4 policy-map outputp

class outputc set mpls exp 3 Outgoing interface> service policy output outputp

class-map inputc

match ip prec 4 policy-map inputp

class inputc set qos-group 4 Incoming interface> service- policy input inputp

The example configuration shows how IP Precedence (or DSCP) can be mapped to

a qos group at the input interface On the output interface, the qos group can be

mapped back to an MPLS EXP value (which would be a number in an actual

configuration)

Recall that qos group is an internal marking that preserves IP Precedence or DSCP bits

Terminology:

• LDP—Label Distribution Protocol (see the MPLS module)

• LSR—Label Switch Router (MPLS participant)

Trang 36

What Are 802.1P and ISL?

QoS for a Layer 2 Ethernet switched world!

On trunk ports only

trunks

CoS values range from zero for low-priority to seven for high-priority They can

only be applied on trunks (because only there is an encapsulatio n available with

space for the bits)

Inter-Switch Link (ISL) frame headers have a 1-byte User field that carries the CoS value in the three least significant bits

IEEE 802.1P and 802.1Q frame headers have a 2-byte Tag Control Information

field that carries the CoS value in the three most significant bits, which are called

the User Priority bits

Other frame types cannot carry CoS values

In general, Layer 2 switches can examine, use, or alter MAC laye r markings, not IP precedence or DSCP settings, since those are Layer 3 Layer 2 markings are

applied on egress trunk ports

Trang 37

3 bits used for CoS

Trunk encapsulations only!

Queuing behavior in switches is very model-sensitive The following describes behavior in the 6000 series switches

QoS uses receive queue drop thresholds to schedule network traffic entering the switch through a trusted port This is called Ingress Port Scheduling Each port on the switch has a single receive queue buffer for incoming traffic

QoS does not implement scheduling on untrusted ports, because the CoS values may not be valid If a port is untrusted and its receive queue buffer overflows, the switch drops overflow frames without regard to CoS values

If a port is trusted, QoS implements four receive drop thresholds in the receive queue to schedule incoming traffic according to CoS values:

• Using receive queue drop threshold 1, the switch drops incoming frames with CoS 0 or 1 when the receive queue buffer is 50 percent or more full

• Using receive queue drop threshold 2, the switch drops incoming frames with CoS 2 or 3 when the receive queue buffer is 60 percent or more full

Trang 38

How 802.1p QoS Functions

• Edge QoS based on 802.1P CoS:

– Mark 802.1P priority bits on untagged packets

on per port basis

– Devices with trunking-capable NIC cards can

do their own marking

bits correctly?

• Upstream Layer 3 device performs TOS mapping to map 802.1P to IP Precedence or DSCP

More notes from the Catalyst 6000 series:

QoS uses transmit queue drop thresholds to schedule transmission of network

traffic from the switch This is called Egress Port Scheduling

QoS configures each port with a low priority transmit queue and a high priority

transmit queue The default QoS configuration allocates 80 percent of the total

transmit queue bandwidth to the low priority queue and 20 percent to the high

priority queue Each transmit queue has two drop thresholds that function as

follows:

• Frames with CoS 0, 1, 2, or 3 go to the low priority transmit queue (queue 1):

– Using transmit queue 1 drop threshold 1, the switch drops frames with CoS

0 or 1 when the low priority transmit queue buffer is 40 percent full

– Using transmit queue 1 drop threshold 2, the switch drops frames with CoS

2 or 3 when the low priority transmit queue buffer is 100 percent full

Trang 39

VPNs create a special situation fraught with potential problems for marking Cisco IOS now provides mechanisms that resolve the potential issues To take advantage

of these mechanisms, you will need to put in one of the configuration command

shown in the next few slides

Trang 40

Challenge

L2 encap IP header

Tunnel header IP header

L2 encap

IP header Tunnel header

InputInterface

TunnelEncapsulation

OutputInterface

QoS classification happens hereRouter

QoS Pre-Classification for

VPN Tunnels

• Tunnel headers have same IP source/destination addresses

• WFQ sees only one flow

• Cannot classify packets beyond Layer 3 header

• GRE, L2F/L2TP, IPSec tunnels

Prior to QoS pre-classification for tunnels, at generic route encapsulation-based

tunnel endpoints, the ToS bits (including precedence bits) were not copied to the

tunnel or GRE IP header that encapsulates the inner packet Instead, those bits

were set to zero This was not a problem unless the intermediate routers between

two tunnel endpoints honored ToS or precedence bits, in which case those settings were ignored

Tiêu đề	Infrastructure Quality of Service
Trường học	Cisco Systems Inc.
Chuyên ngành	Network Infrastructure
Thể loại	Báo cáo
Năm xuất bản	2000

Định dạng
Số trang	96
Dung lượng	2,74 MB