IWAN AVC/QoS Design Kelly Fleshner, Communications Architect CCIE #1852 20 years BRKRST-2043
Housekeeping Who am I? (kfleshne@cisco.com) Intermediate Class This is not an Introduction to IWAN session This is not an IWAN Design session (Some design aspects will be discussed) This session is about how to configure AVC/QoS with your Cisco Intelligent WAN Session Abstract: The most expensive bandwidth in the enterprise is in the WAN; as such, it should be fully optimized to deliver maximum ROI. This session focuses on how to deliver such optimization by deploying Application Visibility and Control (AVC) and Quality of Service (QoS) over the Intelligent WAN (IWAN). Cisco s QoS paradigm will be reviewed and applied to the IWAN, along with best practice QoS design recommendations. Practical and detailed design configurations will be presented for hierarchical QoS policies for subline rate Ethernet handoffs, MPLS VPN Class-of-Service mapping and DMVPN per-tunnel QoS. Additionally, new AVC/QoS technologies, such as NBAR2 QoS attributes will be introduced and applied to the IWAN. Cisco Prime Infrastructure templates for deploying and managing the IWAN will be reviewed, as will Cisco s SD-WAN solution, the APIC-EM IWAN application, to show how the IWAN QoS and PfR can be centrally controlled. BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda Cisco s Approach to AVC/QoS Ingress LAN AVC/QoS Design Egress WAN AVC/QoS Design SD-WAN QoS (APIC-EM IWAN App) Summary and References
The Why of AVC/QoS AVC & QoS Transform your business through powerful yet simple networks that are customized and optimized to meet your needs Why BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Cisco s Approach to AVC/QoS 6
Where to start? Strategic vs Tactical VS BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Levels of QoS Policy Abstraction Strategic vs. Tactical Strategic QoS Policy (WHY you want QoS) reflects business intent is not constrained by any technical or administrative limitation is end-to-end Tactical QoS Policy (HOW you are going to do it / WHAT you configure) adapts the strategic business intent to the maximum of platform s capabilities is limited by various tactical constraints, including: Media constraints (e.g. the WLAN has only 4 levels of service [access categories]) Platform constraints (e.g. a Catalyst 3750 has only 4 hardware queues) Interface constraints (e.g. a T1 WAN link has limited bandwidth) Role constraints (e.g. a CE may need to map into a reduced set of SP Classes-of-Service) BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Strategic QoS Design Part 1 of 4: Always Start with Defining the Business Goals of QoS Guaranteeing voice quality meets enterprise standards Ensuring a high Quality of Experience for video applications Improving user productivity by minimizing network response times Managing business applications that are bandwidth hogs Identifying and de-prioritizing non-business applications Improving network availability by protecting the control planes Hardening the network infrastructure to deal with abnormal events BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Strategic QoS Design Part 2 of 4: Assign Business-Relevance to Applications Relevant These applications directly supports business objectives Applications should be classified and marked according to RFC 4594-based rules Default These applications may/may not support business objectives E.g. HTTP/HTTPS Alternatively, administrator may not know the application (or how its being used in the org) Applications in this class should be marked DF and provisioned with a default best-effort service (RFC 2474) Irrelevant These applications are known and do not directly support any business objectives; this class includes all personal/consumer applications Applications in this class should be marked CS1 and provisioned with a less-than-best-effort service, per (RFC 3662) BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Strategic QoS Design Part 3a of 4: Assign Control Plane to traffic-classes Control Plane? Yes Network Control? Yes Network Control No No Signaling? Yes Signaling Is the protocol a Network Control protocol? This includes all network routing and control-plane protocols E.g. BGP, OSPF, EIGRP, HSRP, IKE, etc. Is the protocol a Signaling protocol? OAM? This includes all call signaling / bandwidth reservation protocols E.g. SIP, Skinny, H.323, RSVP etc. No Yes OAM Is the protocol an Operations / Administration / Management protocol? This includes all network management protocols (e.g. SNMP, Telnet, SSH, Syslog, NetFlow, etc.) BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Strategic QoS Design Part 3b of 4: Assign Voice applications / sub-components to voice traffic-class Voice? Yes Voice No Is the application voice? Audio-only media (e.g. G.711, G.729 etc.) Note: This class may be used for the audio-component of multimedia applications, such as Cisco Jabber and/or Microsoft Lync; however, this option should ONLY be considered if this causes no conflict with your overall Call Admission Control strategy and voice-queue provisioning BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Strategic QoS Design Part 3c of 4: Assign Video applications / sub-components to traffic-classes Video? Yes Unidirectional? Yes Elastic? Yes Multimedia-Streaming No No (Bidirectional) No (Inelastic) Broadcast Video Elastic? Yes Multimedia-Conferencing If the application is video? If yes: determine if the application is unidirectional or bidirectional? Then determine if the application is elastic (i.e. adaptive to congestion/drops) or inelastic? No (Inelastic) Realtime-Interactive BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Strategic QoS Design Part 3d of 4: Assigning Data applications to traffic-classes Data? Yes Foreground? Yes Transactional Data No Best Effort No (Background) Bulk Data Is the application Data? Then determine: Is the application foreground or background? Foreground applications will directly impact user-productivity with network delays Background applications will not (as these are typically machine-to-machine flows) However, these apps can be very bandwidth intensive (if unrestrained) If it is not known if a data app is foreground, then assume it is background Otherwise the application/protocol remains in the default class (Best Effort) BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Strategic QoS Design Part 3e of 4: Apply RFC 4594-based Marking / Queuing / Dropping Treatments Application Class Per-Hop Behavior Queuing & Dropping Application Examples VoIP Telephony EF Priority Queue (PQ) Cisco IP Phones (G.711, G.729) Broadcast Video CS5 (Optional) PQ Cisco IP Video Surveillance / Cisco Enterprise TV Real-Time Interactive CS4 (Optional) PQ Cisco TelePresence Multimedia Conferencing AF4 BW Queue + DSCP WRED Cisco Jabber, Cisco WebEx Relevant Multimedia Streaming AF3 BW Queue + DSCP WRED Cisco Digital Media System (VoDs) Network Control CS6 BW Queue EIGRP, OSPF, BGP, HSRP, IKE Signaling CS3 BW Queue SCCP, SIP, H.323 Ops / Admin / Mgmt (OAM) CS2 BW Queue SNMP, SSH, Syslog Transactional Data AF2 BW Queue + DSCP WRED ERP Apps, CRM Apps, Database Apps Default Bulk Data AF1 BW Queue + DSCP WRED E-mail, FTP, Backup Apps, Content Distribution Best Effort DF Default Queue + RED Default Class Scavenger CS1 BW Queue (Deferential) YouTube, Netflix, itunes, BitTorrent, Xbox Live Irrelevant BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Strategic QoS Design Part 4 of 4: Assign bandwidth allocation targets DEFAULT 22% VOICE 10% SCAVENGER 1% INTERACTIVE- VIDEO 27% Example: Map 12-classes to 8-queues for IWAN CRITICAL-DATA 22% CALL- SIG 4% NET- CTRL 5% STREAMING- VIDEO 9% 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Strategic QoS Design: At-A-Glance Reference http://tinyurl.com/hw4sbj6 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
IWAN-Specific QoS Design Considerations 18
What is IWAN from a QoS Perspective? Replacing expensive MPLS service with business class internet Performance Routing (PfR) to load balance / provide resiliency / best path Dynamic Multipoint VPN (DMVPN) overlay on MPLS and Internet Up to 2,000 remote sites per hub router in a single domain MPLS will have Service Provider QoS, but with Internet we assume none BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Hybrid Model MPLS and Internet Hub MC Hub BR Hub BR MPLS INET T1 Branch T1 Branch T3 Branch 10 Mbps Branch T3 Branch BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Hub Site QoS Scheduling Requirements Bandwidth Sharing Between Tunnels Shape for Service Rate Shape for Remote Site Last Mile 1.5 Mbps 1.5 Mbps T1 Branch T1 Branch Hub BR GE 80 Mbps Service Rate Per Site Bandwidth Sharing Within Tunnel 45 Mbps 10 Mbps 45 Mbps T3 Branch T3 Branch 10 Mbps Branch BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Hub Site QoS Scheduling Hierarchy We Have Today Per-SA QoS Site1 T1 Per-SA QoS Site2 T3 Per-SA QoS Site N 10 Mbps Police 150K Police 4.5M Police 1M priority data class-default priority data class-default priority data class-default P1 P1 P1 Child Policy on Tunnel Bandwidth sharing within tunnel Parent Policy on Tunnel Bandwidth Sharing between tunnels Shape for remote site last mile To Physical Class Default Policy on Physical Shape for Service Rate on Physical interface BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Aggregate Priority Load Priority Queue with Conditional Policer (Implicit Policer) Behavior with No Congestion Behavior with Congestion Offered Load 30 Mbps 30 Mbps 90 Mbps No Congestion No Policing Police 20M Police 20M 30 Mbps 20 Mbps Congestion Feedback Congestion Feedback priority data class-default priority data class-default P1 P1 Expected Throughput Per Class 30 Mbps policy-map CONDITIONAL-POLICER class PRIORITY priority 200000 20 Mbps 80 Mbps 100 Mbps Interface 100 Mbps Interface BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Aggregate Priority Load Priority Queue with Always On Policer (Explicit Policer) Behavior with No Congestion Behavior with Congestion Offered Load 30 Mbps 30 Mbps 90 Mbps Always On Policer 20 Mbps Police 20M 20 Mbps Police 20M priority data class-default priority data class-default P1 P1 Expected Throughput Per Class 20 Mbps 100 Mbps Interface policy-map ALWAYS-ON-POLICER class PRIORITY priority level 1 police cir 200000 20 Mbps 100 Mbps Interface 80 Mbps BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Aggregate Priority Load Priority Propagation / Passing Lanes Police 150K Police 4.5M Police 1M priority data class-default priority data class-default priority data class-default P1 P1 P1 WAN Aggregation Node To Physical BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Aggregate Priority Load IWAN Details IWAN supports 2,000 remote sites in a single domain Consider an average 2 Mbps access rate for remote sites Aggregate: 4 Gbps On a GE connected Hub BR, we are already 4:1 oversubscribed If service-rate is less than GE (likely say 500 Mbps) the oversubscription increases to 8:1 An Aggregate Priority Load greater than Service Rate will starve non-priority (including network control) Voice at 10% Potential aggregate voice = 400 Mbps (10% of 4 Gbps sum of shapers) Always On Policer for Voice means we stay under the service rate Conditional Policer means individual sites could send more and over run the service rate Realtime Interactive Another 27% of Priority queue (30% *.90) Potential Aggregate Priority Load 37% of 4 Gbps = 1.48 Gbps (Greater than access rate) If these are Cisco Adaptive Video codecs that Like to grow => your risk is greater BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Aggregate Priority Load IWAN Conclusion For Voice, use an Always On policer, rather than a Conditional policer class VOICE priority level 1 police cir percent 10 For Video, use a Bandwidth Remaining Percent queue with DSCP-based WRED, rather than a level 2 Priority queue class INTERACTIVE-VIDEO bandwidth remaining percent 30 random-detect dscp-based Always On Policer Police 10% BWR 30% Class-Based WFQ DSCP-based WRED voice data video class-default P1 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Latency for Low Speed Sites Police 150K priority data class-default P1 64 Packets Bandwidth remaining percent means each queue gets a queue limit as if it had full bandwidth of parent (means high speed links will buffer 0.5 sec of data) Queue-Limit = (Intf Speed *.05) / 8 / 1500 Anything less than 15M service rate gets 64 packets Aggregate T1: ~1.5 Sec of buffering IMIX (12 queues * 64 packets * 8 bits * 350 bytes / 1.5M) IWAN Conclusion: Use appropriate number of queues for the 12 classes on the WAN depending on the service rate Traffic Type / Percentage Service Rate Drain 64-350 Byte Packets Drain 64-1500 Byte Packets Transactional Data / 10% 150K 1.2 secs 5 secs Bulk Data / 4% 60K 3 secs 13 secs Network Control / 2% 30K 6 secs 26 secs Example: 4 queues for service rate < 5 Mbps 8 queues for service rate => 5 Mbps and < 100 Mbps 12 queues for service rate => 100 Mpbs BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
IPSec Anti-Replay Packets In Crypto Engine (Adds Sequence Number) Decryption side keeps a sliding history of packets received (default is 64 packets) Provides anti-replay protection against an attacker duplicating encrypted packets Increasing the anti-replay window size has no impact on throughput or security The impact on memory is insignificant because only an extra 128 bytes per incoming IPsec SA is needed 23 22 21 Enqueue 25 Police Dropped By Policer 26 23 27 28 24 22 21 priority data class-default P1 Queue Tail Drop IWAN Conclusion: Use the maximum replay window-size of 1024 for each supported platform crypto ipsec security-association replay window-size 1024 23 27 21 Packets Out 22 26 24 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Ingress LAN AVC/QoS Design 30
NBAR2 Overview Cisco Network Based Application Recognition (NBAR) can identify ~1400 applications/protocols via deep-packet inspection (DPI) To assist in policy-definition and in browsing, the extensive application library is grouped by various attributes, such as categories and sub-categories Category Sub-category Application-group P2P-technology? Encrypted? Tunneled? First level grouping of applications with similar functionalities Second level grouping of applications with similar functionalities Grouping of applications based on brand or application suite Indicates application is peer-to-peer Indicates application is encrypted Indicates application uses tunneling technique BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
New NBAR2 Attribute: Traffic-Class Name voip-telephony broadcast-video real-time-interactive multimedia-conferencing multimedia-streaming network-control signaling ops-admin-mgmt transactional-data bulk-data Description VoIP telephony (bearer-only) traffic Broadcast TV, live events, video surveillance High-definition interactive video applications Desktop software multimedia collaboration applications Video-on-Demand (VoD) streaming video Network control plane traffic Signaling traffic that supports IP voice and video telephony Network operations, administration, and management traffic Interactive data applications Non-interactive data applications Introduced in IOS XE 3.16S and IOS 15.5(3)M BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
New NBAR2 Attribute: Business-Relevance Name business-relevant default business-irrelevant Description Business critical applications Related business applications Non business applications Introduced in IOS XE 3.16S and IOS 15.5(3)M BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
New NBAR2 QoS Attributes Business Relevance Attribute and Traffic-Class Attribute show ip nbar protocol-attribute skype encrypted tunnel category sub-category application-group p2p-technology traffic-class business-relevance encrypted-yes tunnel-no consumer-messaging consumer-multimedia-messaging skype-group p2p-tech-yes Multimedia-conferencing business-irrelevant BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Changing Business-Relevancy Step 1: Create an Attribute-Map with the Desired Setting ip nbar attribute-map ATTRIBUTE_MAP-RELEVANT attribute business-relevance business-relevant Step 2: Associate the Application with the Desired Attribute-Map ip nbar attribute-set skype ATTRIBUTE_MAP-RELEVANT BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Changing Application Business-Relevance Protocol Pack 14+ (All Options) Scenario 1: Making an Application Business-Relevant ip nbar attribute-map ATTIBUTE_MAP-RELEVANT attribute business-relevance business-relevant ip nbar attribute-set application-name ATTIBUTE_MAP-RELEVANT Scenario 2: Making an Application Best-Effort/Default ip nbar attribute-map ATTRIBUTE_MAP-DEFAULT attribute business-relevance default ip nbar attribute-set application-name ATTRIBUTE_MAP-DEFAULT Scenario 3: Making an Application Business-Irrelevant ip nbar attribute-map ATTRBUTE_MAP-SCAVENGER attribute business-relevance business-irrelevant ip nbar attribute-set application-name ATTRBUTE_MAP-SCAVENGER BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
LAN Edge AVC/QoS Config for 1400+ Applications class-map match-all VOICE NBAR match protocol attribute traffic-class voip-telephony match protocol attribute business-relevance business-relevant class-map match-all BROADCAST_VIDEO NBAR match protocol attribute traffic-class broadcast-video match protocol attribute business-relevance business-relevant class-map match-all REAL_TIME_INTERACTIVE-NBAR match protocol attribute traffic-class real-time-interactive match protocol attribute business-relevance business-relevant class-map match-all MULTIMEDIA_CONFERENCING-NBAR match protocol attribute traffic-class multimedia-conferencing match protocol attribute business-relevance business-relevant class-map match-all MULTIMEDIA_STREAMING-NBAR match protocol attribute traffic-class multimedia-streaming match protocol attribute business-relevance business-relevant class-map match-all SIGNALING-NBAR match protocol attribute traffic-class signaling match protocol attribute business-relevance business-relevant class-map match-all NETWORK_CONTROL-NBAR match protocol attribute traffic-class network-control match protocol attribute business-relevance business-relevant class-map match-all NETWORK_MANAGEMENT-NBAR match protocol attribute traffic-class ops-admin-mgmt match protocol attribute business-relevance business-relevant class-map match-all TRANSACTIONAL_DATA-NBAR match protocol attribute traffic-class transactional-data match protocol attribute business-relevance business-relevant class-map match-all BULK_DATA-NBAR match protocol attribute traffic-class bulk-data match protocol attribute business-relevance business-relevant class-map match-all SCAVENGER-NBAR match protocol attribute business-relevance business-irrelevant BRKRST-2043 policy-map MARKING class VOICE-NBAR set dscp ef class BROADCAST_VIDEO-NBAR set dscp cs5 class REAL_TIME_INTERACTIVE-NBAR set dscp cs4 class MULTIMEDIA_CONFERENCING-NBAR set dscp af41 class MULTIMEDIA_STREAMING-NBAR set dscp af31 class SIGNALING-NBAR set dscp cs3 class NETWORK_CONTROL-NBAR set dscp cs6 class NETWORK_MANAGEMENT-NBAR set dscp cs2 class TRANSACTIONAL_DATA-NBAR set dscp af21 class BULK_DATA-NBAR set dscp af11 class SCAVENGER-NBAR set dscp cs1 class class-default set dscp default 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
NBAR QoS Attributes: At-A-Glance Reference http://tinyurl.com/hw4sbj6 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Egress WAN AVC/QoS Design 39
QoS Mapping Example: Combining 12 Classes into an 8-Class Model Application DSCP 8-Class Model Internetwork Control CS6 VoIP EF Broadcast Video CS5 VOICE PQ-10% NET-CTRL 5% BWR Multimedia Conferencing Real-Time Interactive Multimedia Streaming Signaling Transactional Data Network Management (OAM) Bulk Data Scavenger Best Effort AF41 CS4 AF31 CS3 AF21 CS2 AF11 CS1 DF INTERACTIVE-VIDEO 30% BWR STREAMING-VIDEO 10% BWR CALL-SIGNALING 4% BWR CRITICAL-DATA 25% BWR SCAVENGER 1% BWR DEFAULT 25% BWR PQ = Priority Queue BWR = Bandwidth Remaining Note: Bandwidth Remaining Percentages must equal 100% BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
8-Class QoS Model Child Policy IWAN 8-Class Class-Maps class-map match-any VOICE match dscp ef class-map match-any INTERACTIVE-VIDEO match dscp cs4 af41 af42 af43 class-map match-any STREAMING-VIDEO match dscp cs5 af31 af32 af33 class-map match-any NET-CTRL match dscp cs6 class-map match-any CALL-SIGNALING match dscp cs3 class-map match-any CRITICAL-DATA match dscp cs2 af11 af12 af13 af21 af22 af23 class-map match-any SCAVENGER match dscp cs1 IWAN 8-Class Policy-Map policy-map WAN class INTERACTIVE-VIDEO bandwidth remaining percent 30 random-detect dscp-based class STREAMING-VIDEO bandwidth remaining percent 10 random-detect dscp-based class NET-CTRL bandwidth remaining percent 5 class CALL-SIGNALING bandwidth remaining percent 4 class CRITICAL-DATA bandwidth remaining percent 25 random-detect dscp-based class SCAVENGER bandwidth remaining percent 1 class VOICE priority level 1 police cir percent 10 class class-default bandwidth remaining percent 25 random-detect BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Traffic Shaping Line Rate Service Rate Without Traffic Shaping With Traffic Shaping Traffic Shaping Limits the Transmit Rate to a Value Lower Than Line Rate Policers typically drop traffic Shapers delay excess traffic, smooth bursts and prevent unnecessary drops Very common with Ethernet WAN, as well as Non-Broadcast Multiple- Access (NBMA) network topologies such as Frame-Relay and ATM BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Line Rate Different from Service Rate Parent Policy policy-map WAN class INTERACTIVE-VIDEO bandwidth remaining percent 30 random-detect dscp-based class STREAMING-VIDEO bandwidth remaining percent 10 random-detect dscp-based class CALL-SIGNALING bandwidth remaining percent 4 class NET-CTRL bandwidth remaining percent 5 class CRITICAL-DATA bandwidth remaining percent 25 random-detect dscp-based class SCAVENGER bandwidth remaining percent 1 class VOICE priority level 1 police cir percent 10 class class-default bandwidth remaining percent 25 random-detect policy-map POLICY-TRANSPORT-1 class class-default shape average 10 Mbps service-policy WAN A shaper will guarantee that traffic will not exceed the contracted rate A nested queuing policy will force queuing to engage at the contracted sub-line-rate to prioritize packets prior to shaping Always On Policer Police 1M priority data class-default P1 interface GigabitEthernet0/0 bandwidth 10000 service-policy output POLICY-TRANSPORT-1 Min: 0 Max: 10M Excess: 10 GigE Interface with service rate of 10 Mbps BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
DMVPN Per Tunnel QoS Per-Site Shaping to Avoid Overruns 50 Mbps CE CE 100 Mbps CE 50 Mbps CE CE 20 Mbps CE Shape only (100 Mbps) 100 Mbps in to DMVPN cloud can easily overrun the lower speed committed rates at spoke sites 10 Mbps CE 20 Mbps CE 10 Mbps CE CE BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
DMVPN Hub Per Tunnel QoS Implementing Per-Site Traffic Shaping policy-map RS-GROUP-50MBPS-POLICY class class-default shape average 50 Mbps bandwidth remaining ratio 50 service-policy WAN policy-map service-policy RS-GROUP-20MBPS-POLICY WAN class class-default shape average 20 Mbps bandwidth remaining ratio 20 service-policy WAN policy-map RS-GROUP-10MBPS-POLICY class class-default shape average 10 Mbps bandwidth remaining ratio 10 service-policy WAN Separate parent shaper policies for each remote-site bandwidth policy-map TRANSPORT-1-SHAPE-ONLY class class-default shape average 100 Mbps! interface GigabitEthernet0/0/3 bandwidth 100000 service-policy output TRANSPORT-1-SHAPE-ONLY Signal from the spoke to the hub to use the correct policy for each remote site Bandwidth remaining ratio provides proportional sharing between tunnels interface Tunnel10 bandwidth 100000 nhrp map group RS-GROUP-10MBPS service-policy output RS-GROUP-10MBPS-POLICY nhrp map group RS-GROUP-20MBPS service-policy output RS-GROUP-20MBPS-POLICY nhrp map group RS-GROUP-50MBPS service-policy output RS-GROUP-50MBPS-POLICY 10 Mbps spoke 20 Mbps spoke 50 Mbps spoke List all available policies as map groups on hub tunnel interface Add a class-default shape-only policy on the hub physical interface for the service rate BRKRST-2043 Remote Site Tunnel Configurations interface GigabitEthernet0/0 bandwidth 100000 service-policy output POLICY-TRANSPORT-1! interface Tunnel10 bandwidth 10000 nhrp group RS-GROUP-10MBPS tunnel source GigabitEthernet0/0 tunnel vrf IWAN-TRANSPORT-1 interface GigabitEthernet0/0 bandwidth 20000 service-policy output POLICY-TRANSPORT-1! interface Tunnel10 bandwidth 20000 nhrp group RS-GROUP-20MBPS tunnel source GigabitEthernet0/0 tunnel vrf IWAN-TRANSPORT-1 interface GigabitEthernet0/0 bandwidth 50000 service-policy output POLICY-TRANSPORT-1! interface Tunnel10 bandwidth 50000 nhrp group RS-GROUP-50MBPS tunnel source GigabitEthernet0/0 tunnel vrf IWAN-TRANSPORT-1 Per-Tunnel shapers 50 Mbps 50 Mbps 20 Mbps 20 Mbps 10 Mbps 10 Mbps BRR=50 BRR=50 BRR=20 BRR=20 BRR=10 BRR=10 Service rate shaper Shape (100 Mbps) 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Bandwidth Remaining Ratio Bandwidth Remaining Ratio (BRR) provides proportional sharing to child shapers during times of congestion. If you over-subscribe your hub BR outbound bandwidth with per-tunnel policies that exceed the service rate, the BRR commands on each child policy means they will get their fair share of the remaining bandwidth as compared to the other branch sites. If all the per-tunnel BW amounts are 5 Mbps or greater, we use a BRR value of BW / 1 Mbps. (i.e. 10 Mbps is BRR of 10, 50 Mbps is BRR of 50, etc.) If any of the per-tunnel BW values are less than 5 Mbps, we use a BRR value of BW / 100 Kbps. (i.e. 3 Mbps is BRR of 30, 1.5 Mbps is BRR of 15, etc.) Per-Tunnel shapers 50 Mbps 50 Mbps BRR=50 BRR=50 Service rate shaper If the total bandwidth exceeds 100 Mbps, each of the per-tunnel shapers will get their fair share based on their BRR values. 20 Mbps 20 Mbps 10 Mbps 10 Mbps BRR=20 BRR=20 BRR=10 BRR=10 Shape (100 Mbps) Example: 50 Mbps site gets 50 / 160 or 31.25% 20 Mbps site gets 20 / 160 or 12.5% 10 Mbps site gets 10 / 160 or 6.25% BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Enterprise to SP Mapping 47
Enterprise to SP Mapping The 12-class view is preserved across the enterprise even though we treat it differently at the egress of the router and send it to different channels within the SP network The twelve classes remain intact on the inner header and the outer tunnel header is remarked as the traffic leaves the tunnel interface The remarked outer header is discarded after arriving at the tunnel interface on the receiving router, thus leaving the inner header marking unchanged BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Enterprise to SP Mapping Set dscp outbound on physical (Branch) class-map match-all MULTIMEDIA_CONFERENCING-NBAR match protocol attribute traffic-class multimedia-conferencing match protocol attribute business-relevance business-relevant policy-map traffic-marking class MULTIMEDIA_CONFERENCING-NBAR set dscp af41 interface GigabitEthernet0/0/0 service-policy input traffic-marking class-map INTERACTIVE-VIDEO match dscp af41 policy-map egress-queuing class INTERACTIVE-VIDEO set dscp af31 interface GigabitEthernet0/0/1 service-policy output egress-queuing GRE Tunnel Tun10 172.16.0.1 Tun10 172.16.0.2 Term-A SP Network Term-B 10.1.0.1 Gig0/0/0 10.1.0.2 10.2.0.1 10.2.0.2 Gig0/0/1 192.168.0.1 192.168.0.2 10.3.0.2 10.3.0.1 Video Flow from Term-A To Term-B Packet View 3 L2 Dest L2 Src Packet View 1 L2 Dest L2 Dest L2 Src Packet View 2 Type L2 Src Packet View 4 L2 Dest Type Type Src IP: 172.16.0.1 Dst IP: 172.16.0.2 DSCP: af31 L2 Src GRE IP Header Type User IP Header Src IP: 10.1.0.1 Dst IP: 10.3.0.1 DSCP: 0 User IP Header Src IP: 10.1.0.1 Dst IP: 10.3.0.1 DSCP: af41 User IP Header Src IP: 10.1.0.1 Dst IP: 10.3.0.1 DSCP: af41 User IP Header Src IP: 10.1.0.1 Dst IP: 10.3.0.1 DSCP: af41 User Data User Data User Data DSCP copied Inner-to-Outer *BUT* we over-write Outer after the copy User Data BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Enterprise to SP Mapping Set dscp tunnel outbound on tunnel (Hub) Term-A Video Flow from Term-A To Term-B class-map match-all MULTIMEDIA_CONFERENCING-NBAR match protocol attribute traffic-class multimedia-conferencing match protocol attribute business-relevance business-relevant policy-map traffic-marking class MULTIMEDIA_CONFERENCING-NBAR set dscp af41 interface GigabitEthernet0/0/0 service-policy input traffic-marking class-map INTERACTIVE-VIDEO match dscp af41 policy-map egress-queuing class INTERACTIVE-VIDEO set dscp tunnel af31 interface Tunnel10 service-policy output egress-queuing GRE Tunnel Tun10 172.16.0.1 Tun10 172.16.0.2 SP Network 10.1.0.1 Gig0/0/0 10.1.0.2 10.2.0.1 10.2.0.2 Gig0/0/1 192.168.0.1 192.168.0.2 10.3.0.2 Packet View 3 L2 Dest L2 Src Packet View 1 L2 Dest L2 Src Packet View 2 L2 Dest Type L2 Src Type Type GRE IP Header Src IP: 172.16.0.1 Dst IP: 172.16.0.2 DSCP: af31 User IP Header Src IP: 10.1.0.1 Dst IP: 10.3.0.1 DSCP: 0 User IP Header Src IP: 10.1.0.1 Dst IP: 10.3.0.1 DSCP: af41 User IP Header Src IP: 10.1.0.1 Dst IP: 10.3.0.1 DSCP: af41 User Data User Data User Data Set dscp tunnel means don t copy but instead remember and mark this value once tunnel header is imposed Packet View 4 L2 Dest L2 Src Type User IP Header User Data Term-B 10.3.0.1 Src IP: 10.1.0.1 Dst IP: 10.3.0.1 DSCP: af41 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Enterprise to SP Mapping Example: 4-Class SP Model Application Internetwork Control VoIP DSCP CS6 EF CS6 Sent Unchanged EF 4-Class Model SP-VOICE Broadcast Video CS5 AF31 Multimedia Conferencing Real-Time Interactive AF41 AF31 CS4 AF31 AF31 SP-CLASS1DATA (UDP) Multimedia Streaming AF31 Signaling CS3 AF21 Transactional Data Network Management AF21 CS2 AF21 AF21 SP-CLASS2DATA (TCP) Bulk Data AF11 AF21 Scavenger CS1 DF SP-DEFAULT Best Effort DF BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
4-Class SP QoS Model Configuration Tunnel Interface IWAN Hub BR policy-map WAN class INTERACTIVE-VIDEO bandwidth remaining percent 30 random-detect dscp-based set dscp tunnel af31 class STREAMING-VIDEO bandwidth remaining percent 10 random-detect dscp-based set dscp tunnel af31 class NET-CTRL-MGMT bandwidth remaining percent 5 set dscp tunnel cs6 class CALL-SIGNALING bandwidth remaining percent 4 set dscp tunnel af21 class CRITICAL-DATA bandwidth remaining percent 25 random-detect dscp-based set dscp tunnel af21 class SCAVENGER bandwidth remaining percent 1 set dscp tunnel default class VOICE priority level 1 police cir percent 10 set dscp tunnel ef class class-default bandwidth remaining percent 25 random-detect set dscp tunnel default Hub Router: policy-map RS-GROUP-10MBPS-POLICY class class-default shape average 10 Mbps bandwidth remaining ratio 10 service-policy WAN interface Tunnel10 bandwidth <service-rate> nhrp map group RS-GROUP-10MBPS service-policy output RS-GROUP-10MBPS-POLICY Branch Router: interface GigabitEthernet0/0 bandwidth 10000 service-policy output POLICY-TRANSPORT-1! interface Tunnel10 bandwidth 10000 nhrp group RS-GROUP-10MBPS tunnel source GigabitEthernet0/0 tunnel vrf IWAN-TRANSPORT-1 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
4-Class SP QoS Model Configuration Physical Interface IWAN Branch policy-map WAN class INTERACTIVE-VIDEO bandwidth remaining percent 30 random-detect dscp-based set dscp af31 class STREAMING-VIDEO bandwidth remaining percent 10 random-detect dscp-based set dscp af31 class NET-CTRL-MGMT bandwidth remaining percent 5 set dscp cs6 class CALL-SIGNALING bandwidth remaining percent 4 set dscp af21 class CRITICAL-DATA bandwidth remaining percent 25 random-detect dscp-based set dscp af21 class SCAVENGER bandwidth remaining percent 1 set dscp default class VOICE priority level 1 police cir percent 10 set dscp ef class class-default bandwidth remaining percent 25 random-detect set dscp default Branch Router: policy-map POLICY-TRANSPORT-1 class class-default shape average 10 Mbps service-policy WAN interface GigabitEthernet0/0 bandwidth 10000 service-policy output POLICY-TRANSPORT-1 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Enterprise to SP Mapping Example: 5-Class SP Model Reference Application Internetwork Control VoIP DSCP CS6 EF CS6 Sent Unchanged EF 5-Class Model SP-VOICE Broadcast Video CS5 AF31 Multimedia Conferencing Real-Time Interactive AF41 AF31 CS4 AF31 AF31 SP-CLASS1DATA (UDP) Multimedia Streaming AF31 Signaling CS3 AF21 Transactional Data Network Management AF21 CS2 AF21 AF21 SP-CLASS2DATA (TCP) Bulk Data Scavenger Best Effort AF11 AF21 CS1 AF11 DF AF11 DF SP-CLASS3DATA SP-DEFAULT * * - Specified by ISP BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
5-Class QoS Model Configuration Physical Interface IWAN Branch policy-map WAN class INTERACTIVE-VIDEO bandwidth remaining percent 30 random-detect dscp-based set dscp af31 class STREAMING-VIDEO bandwidth remaining percent 10 random-detect dscp-based set dscp af31 class NET-CTRL-MGMT bandwidth remaining percent 5 set dscp cs6 class CALL-SIGNALING bandwidth remaining percent 4 set dscp af21 class CRITICAL-DATA bandwidth remaining percent 25 random-detect dscp-based set dscp af21 class SCAVENGER bandwidth remaining percent 1 set dscp AF11 class VOICE priority level 1 police cir percent 10 set dscp tunnel ef class class-default bandwidth remaining percent 25 random-detect set dscp default Branch Router: policy-map POLICY-TRANSPORT-1 class class-default shape average 10 Mbps service-policy WAN Reference interface GigabitEthernet0/0 bandwidth 10000 service-policy output POLICY-TRANSPORT-1 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Enterprise to SP Mapping Example: 6-Class SP Model Reference Application Internetwork Control VoIP DSCP CS6 EF CS6 Sent Unchanged EF 6-Class Model SP-VOICE Broadcast Video Multimedia Conferencing CS5 AF1 AF41 AF41 SP-VIDEO Real-Time Interactive Multimedia Streaming Signaling CS4 AF41 AF31 CS3 AF21 AF31 SP-CLASS1DATA (UDP) Transactional Data Network Management Bulk Data Scavenger Best Effort AF21 CS2 AF21 AF11 AF21 CS1 AF11 DF AF21 AF11 DF SP-CLASS2DATA (TCP) SP-CLASS3DATA SP-DEFAULT * * - Specified by ISP BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
6-Class QoS Model Configuration Physical Interface IWAN Branch policy-map WAN class INTERACTIVE-VIDEO bandwidth remaining percent 30 random-detect dscp-based set dscp af41 class STREAMING-VIDEO bandwidth remaining percent 10 random-detect dscp-based set dscp af31 class NET-CTRL-MGMT bandwidth remaining percent 5 set dscp cs6 class CALL-SIGNALING bandwidth remaining percent 4 set dscp af21 class CRITICAL-DATA bandwidth remaining percent 25 random-detect dscp-based set dscp af21 class SCAVENGER bandwidth remaining percent 1 set dscp af11 class VOICE priority level 1 police cir percent 10 set dscp ef class class-default bandwidth remaining percent 25 random-detect set dscp default Branch Router: policy-map POLICY-TRANSPORT-1 class class-default shape average 10 Mbps service-policy WAN interface GigabitEthernet0/0 bandwidth 10000 service-policy output POLICY-TRANSPORT-1 Reference BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Enterprise to SP Mapping: Summary Application Class Internetwork Control Per-Hop Behavior Queuing & Dropping 12-Class 8-Class For IWAN Router 6-Class For Tunnel 5-class For Tunnel 4-Class For Tunnel CS6 BR Queue Net-Ctrl NET-CTRL CS6 CS6 CS6 VoIP Telephony EF Priority Queue (PQ) Voice VOICE EF EF EF Relevant Multimedia Conferencing Real-Time Interactive AF4 CS4 BR Queue + DSCP WRED BR Queue + DSCP WRED Broadcast Video CS5 BR Queue + DSCP WRED Multimedia Streaming AF3 BR Queue + DSCP WRED Interactive-Video INTERACTIVE-VIDEO AF41 AF31 AF31 Real-Time INTERACTIVE-VIDEO AF41 AF31 AF31 Broadcast-Video STREAMING-VIDEO AF31 AF31 AF31 Streaming-Video STREAMING-VIDEO AF31 AF31 AF31 Signaling CS3 BR Queue Call-Signaling CALL-SIGNALING AF21 AF21 AF21 Ops / Admin / Mgmt CS2 BR Queue + DSCP WRED Net-Mgmt CRITICAL-DATA AF21 AF21 AF21 Default Transactional Data AF2 BR Queue + DSCP WRED Bulk Data AF1 BR Queue + DSCP WRED Transactional- Data CRITICAL-DATA AF21 AF21 AF21 Bulk-Data CRITICAL-DATA AF21 AF21 AF21 Best Effort DF BR Queue + RED Default DEFAULT Default Default Default Scavenger CS1 Min BR Queue Scavenger SCAVENGER AF11 AF11 Default Irrelevant BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
IWAN QoS Design: At-A-Glance Reference http://tinyurl.com/hw4sbj6 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
SD-WAN QoS APIC-EM IWAN App 60
APIC-EM IWAN App Demo
APIC-EM IWAN App Click to administer application policies BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
IWAN-App QoS Config Classification and Marking Policy Business-Relevant Class-Map (List of Categories that are Business-Relevant) class-map match-any prm-biz-relevant-cats match protocol attribute category business-and-productivity-tools match protocol attribute category voice-and-video match protocol attribute category backup-and-storage match protocol attribute category software-updates match protocol attribute category file-sharing match protocol attribute category email match protocol attribute category database match protocol attribute category browsing Implements Categoryto-Business-Relevance mapping Vs. Application-to- Business-Relevance mapping Parent Class-Maps to Combine Category-Based BR with Traffic-Classes class-map match-all prm-nbar-12-cls#broadcast-video match protocol attribute traffic-class broadcast-video match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#bulk-data match protocol attribute traffic-class bulk-data match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#interactive-video match protocol attribute traffic-class real-time-interactive match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#network-control match protocol attribute traffic-class network-control match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#multimedia-conferencing match protocol attribute traffic-class multimedia-conferencing match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#voice match protocol attribute traffic-class voip-telephony match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#signaling match protocol attribute traffic-class signaling match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#network-management match protocol attribute traffic-class ops-admin-mgmt match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#transactional-data match protocol attribute traffic-class transactional-data match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#multimedia-streaming match protocol attribute traffic-class multimedia-streaming match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#scavenger match class-map prm-biz-irrelevant-cats BRKRST-2043 Business-Irrelevant Class-Map (List of Categories that are Business-Irrelevant) class-map match-any prm-biz-irrelevant-cats match protocol attribute category consumer-file-sharing match protocol attribute category consumer-messaging match protocol attribute category consumer-internet match protocol attribute category consumer-streaming match protocol attribute category gaming match protocol attribute category social-networking match protocol attribute category instant-messaging RFC 4594-Based Marking Policy-Map policy-map prm-nbar-12-cls class prm-nbar-12-cls#voice set dscp ef class prm-nbar-12-cls#broadcast-video set dscp cs5 class prm-nbar-12-cls#interactive-video set dscp cs4 class prm-nbar-12-cls#multimedia-conferencing set dscp af41 class prm-nbar-12-cls#multimedia-streaming set dscp af31 class prm-nbar-12-cls#signaling set dscp cs3 class prm-nbar-12-cls#network-control set dscp cs6 class prm-nbar-12-cls#network-management set dscp cs2 class prm-nbar-12-cls#transactional-data set dscp af21 class prm-nbar-12-cls#bulk-data set dscp af11 class prm-nbar-12-cls#scavenger set dscp cs1 class class-default set dscp default 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
IWAN-App QoS Config Ingress Marking and Egress Queuing in Branch Ingress Marking on LAN interface GigabitEthernet0/0/0.10 description Data encapsulation dot1q 10 ip address 10.5.10.3 255.255.255.0 ip helper-address 10.4.49.10 ip pim sparse-mode standby version 2 standby 1 ip 10.5.10.1 standby 1 priority 105 standby 1 authentication md5 key-string c1sco123 performance monitor context IWAN-Context service-policy input prm-nbar-12-cls Marking Policy Map on Previous Page Child Policy: 8-class WAN queuing and 6-class SP policy-map prm-dscp#iwan-8-id0 class prm-iwan8#voice priority level 1 police cir percent 10 set dscp ef class prm-iwan8#streaming-video bandwidth remaining percent 10 set dscp af31 random-detect dscp-based class prm-iwan8#call-signaling bandwidth remaining percent 4 set dscp cs3 class prm-iwan8#net-ctrl-mgmt bandwidth remaining percent 5 set dscp cs6 class prm-iwan8#interactive-video bandwidth remaining percent 30 set dscp af41 random-detect dscp-based class prm-iwan8#critical-data bandwidth remaining percent 25 set dscp af21 random-detect dscp-based class prm-iwan8#scavenger bandwidth remaining percent 1 set dscp cs1 class class-default bandwidth remaining percent 25 set dscp default random-detect dscp-based Parent Policy: Shape for Service Rate policy-map prm-dscp#iwan-8-id0#shape#30.0 class class-default shape average 30000000 service-policy prm-dscp#iwan-8-id0 Egress Queuing on Physical Interface interface GigabitEthernet0/0/2 bandwidth 30000 ip vrf forwarding IWAN-TRANSPORT-1 ip address 10.5.5.102 255.255.255.252 media-type rj45 negotiation auto no cdp enable service-policy output prm-dscp#iwan-8-id0#shape#30.0 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Summary and References 65
Key Takeaways IWAN Considerations Design Issues Aggregate Priority Load Latency for Low Speed IPSec Anti-Replay IWAN 2.1 CVD Ingress LAN Marking NBAR2 QoS Attributes Traffic-Class Business-Relevance Coming in IWAN 2.1.1 CVD Egress WAN Queuing QoS and App Control WAN Queuing Sub-Line Rate Interfaces DMVPN Per Tunnel QoS Enterprise to SP Mapping IWAN 2.1 CVD Or just click on the Easy button with the APIC-EM IWAN App! BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Cisco Design Guides for Intelligent WAN IWAN Technology Design Guide IWAN DIA and Guest Wireless Design Guide IWAN WAAS and Akamai Design Guide http://www.cisco.com/go/cvd/wan Design Overview Technology Type Design Models WAN Design IWAN / WAN All Overview Technical Design Guide Profile Type Design Models IWAN Technology IWAN Config Files Base IWAN DIA and Guest Advanced ISR 4K IWAN WAAS and Akamai Advanced ISR 4K ASR 1K CSR 1K (Hub MC) ISR 4K ISR G2 Hybrid Dual Internet Single Router Dual Router Transit Site Hub BR Scaling Remote Site Direct Internet Access Remote Site Guest Wireless WAAS Akamai Connect IWAN 2.1 CVD Feb 2016 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Recommended Reading Coming Soon BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Other IWAN Related Sessions TECCRS-2004 Implementing the Intelligent WAN BRKCRS-2000 Intelligent WAN Architecture BRKRST-2043 IWAN AVC/QoS Design BRKRST-2362 IWAN Implementing Performance Routing (PfRv3) BRKRST-2514 Cisco Intelligent WAN (IWAN) & Application Optimization BRKRST-3413 IWAN Serviceability: Deploying, Monitoring, and Operating BRKCRS-2007 Migrating Your Existing WAN to Cisco s IWAN BRKCRS-1244 SP Virtual Managed Services (VMS) for Intelligent WAN (IWAN) BRKNMS-1040 IWAN and AVC Management with Cisco Prime Infrastructure BRKSDN-2099 IWAN Management via APIC-EM (SDN Controller) BRKARC-3004 APIC-EM: Controller Workflow and Use Cases BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Please join us for the Service Provider Innovation Talk featuring: Yvette Kanouff Senior Vice President and General Manager, SP Business Joe Cozzolino Senior Vice President, Cisco Services Thursday, July 14 th, 2016 11:30 am - 12:30pm, In the Oceanside A room What to expect from this innovation talk Insights on market trends and forecasts Preview of key technologies and capabilities Innovative demonstrations of the latest and greatest products Better understanding of how Cisco can help you succeed Register to attend the session live now or watch the broadcast on cisco.com
Thank you
Reference Slides 75
R&S Related Cisco Education Offerings Course Description Cisco Certification CCIE R&S Advanced Workshops (CIERS-1 & CIERS-2) plus Self Assessments, Workbooks & Labs Implementing Cisco IP Routing v2.0 Implementing Cisco IP Switched Networks V2.0 Troubleshooting and Maintaining Cisco IP Networks v2.0 Interconnecting Cisco Networking Devices: Part 2 (or combined) Interconnecting Cisco Networking Devices: Part 1 Expert level trainings including: instructor led workshops, self assessments, practice labs and CCIE Lab Builder to prepare candidates for the CCIE R&S practical exam. Professional level instructor led trainings to prepare candidates for the CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in self study elearning formats with Cisco Learning Labs. Configure, implement and troubleshoot local and wide-area IPv4 and IPv6 networks. Also available in self study elearning format with Cisco Learning Lab. Installation, configuration, and basic support of a branch network. Also available in self study elearning format with Cisco Learning Lab. CCIE Routing & Switching CCNP Routing & Switching CCNA Routing & Switching CCENT Routing & Switching For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
QOS Tools Classification and Marking 77
QoS Tools Review: Classification & Marking Classification vs. Marking Classification: An action that organizes packets into different traffic types, to which different policies can then be applied Classification of packets can happen without marking Marking: Writes a value into the packet header Establishes a trust boundary at the network edge Can be used in other locations in the network and is not always used solely for purposes of classification BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
QoS Tools Review: Classification & Marking Tools Classification and Marking Options for the WAN Classification can be done on: Layer 1 criteria such as ingress physical interface Layer 2 criteria such as IEEE 802.1Q/p CoS Layer 3 criteria such as IP DSCP Layer 4 criteria such as TCP/UDP port(s) Layer 7 criteria such as NBAR application signatures Marking can be done on: Layer 2 fields such as IEEE 802.1Q/p CoS Layer 2.5 fields such as MPLS EXP Layer 3 fields such as IP DSCP Internal fields such as QoS Group BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
QoS Tools Review: Classification & Marking Tools Layer 7 Classification: Network Based Application Recognition (NBAR/NBAR2) IP Packet TCP/UDP Segment Data Payload ToS Protocol IP SA IP DA Src Port Dst Port Deep Packet Inspection Identifies ~1400 applications and protocols Application payload deep packet inspection Supports application media-sub-component classification class-map CISCO-JABBER-VOICE match protocol cisco-jabber-audio class-map CISCO-JABBER-VIDEO match protocol cisco-jabber-video class-map CISCO-JABBER-MESSAGING match protocol cisco-jabber-im class-map CISCO-JABBER-SIGNALING match protocol cisco-jabber-control BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
QoS Tools Review: Classification & Marking Tools Layer 2 Marking: IEEE 802.1Q/p CoS Pream SFD DA SA Type 802.1Q 4 Bytes PT Data FCS Three Bits Used for CoS (802.1p Class of Service) PRI CFI VLAN ID Ethernet Frame IEEE 802.1Q-2005 802.1p User Priority field also called Class of Service (CoS) Different types of traffic are assigned different CoS values CoS 6 and 7 are reserved for network use class-map VOICE match cos 5 policy-map MARKING class INTERACTIVE-VIDEO set cos 4 CoS Acronym Traffic characteristics 0 BE Best Effort 1 BK Background 2 EE Excellent Effort 3 CA Critical Applications 4 VI Video, < 100 ms latency 5 VO Voice, < 10 ms latency 6 IC Internetwork Control 7 NC Network Control BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
QoS Tools Review: Classification & Marking Tools Layer 3 Marking: IP Type of Service (ToS) Byte Version/ Header_Len ToS Byte Length ID Offset TTL Protocol FCS IP SA IP DA Data IPv4 Packet 7 6 5 4 3 2 1 0 IP Precedence Unused DiffServ Code Point (DSCP) IP ECN IP Precedence (relegated): Three most significant bits of ToS byte are called IP Precedence (IPP) other bits unused Differentiated Services: Six most significant bits of ToS byte are called DiffServ Code Point (DSCP) remaining two bits used for Explicit Congestion Notification (ECN) DSCP and ECN are also used in IPv6 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
QoS Tools Review: Classification & Marking Tools Layer 3 Marking: DSCP Per-Hop Behaviors (PHBs) Per-Hop Behaviors (PHB) Diff-Serv Code Points IP Header ToS Byte Expedited Forwarding RFC 3246 EF 46 101110 AFxy x x x y y 0 Class DSCP Drop Precedence Assured Forwarding RFC 2597 Class 1 Class 2 Class 3 Class 4 Low Drop Pref AF11 AF21 AF31 AF41 Med Drop Pref AF12 AF22 AF32 AF42 High Drop Pref AF13 AF23 AF33 AF43 10 12 14 001010 001100 001110 18 20 22 010010 010100 010110 26 28 30 011010 011100 011110 34 36 38 100010 100100 100110 class-map VOICE match dscp ef Default Forwarding (Best Effort) RFC 2474 DF CS0 0 000000 policy-map MARKING class INTERACTIVE-VIDEO set dscp af41 Class Selector (Matches IP Precedence) RFC 2474 CS1 CS2 CS3 CS4 CS5 CS6 8 001000 32 100000 56 CS7 111000 16 010000 40 101000 24 011000 48 110000 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
QoS Tools Policing and Shaping 84
QoS Tools Review: Policing & Shaping Tools Policers vs. Shapers Policers: Perform checks for traffic violations against a configured rate and take immediate prescribed actions (such as remarking or dropping) Policers do not delay traffic Policers may be applied to the data plane or the control plane Shapers: Smooth out traffic flows so that it never exceeds the configured rate If the offered traffic momentarily spikes above the contracted rate, the excess traffic is buffered and delayed until the offered traffic once again dips below the defined rate Shapers usually are employed to meet a Service Level Agreement (SLA) BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
QoS Tools Review: Policing & Shaping Tools RFC 2697 Single-Rate Three-Color Marker CIR Overflow CBS EBS B<Tc No B<Te No Packet of Size B Yes Yes Conform Exceed Violate CIR = Committed Information Rate CBS = Committed Burst Size EBS = Excess Burst Size Tc = Token Committed (CBS) Te = Token Excess (EBS) Action Action Action Bc = Burst Committed (CBS) Be = Burst Excess (EBS) BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
QoS Tools Review: Policing & Shaping Tools RFC 2697 Single-Rate Three-Color Marker CIR Overflow CBS EBS B<Tc No B<Te No CIR = Committed Information Rate CBS = Committed Burst Size EBS = Excess Burst Size Tc = Token Committed (CBS) Te = Token Excess (EBS) Bc = Burst Committed (CBS) Be = Burst Excess (EBS) Packet of Size B Yes policy-map Yes RFC2697-POLICER Conform class Exceed CLASS-1 Violate Action police cir 500000 bc 10000 be 10000 conform-action set-dscp-transmit af11 exceed-action set-dscp-transmit af12 Action Action violate-action set-dscp-transmit af13 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
QoS Tools Review: Policing & Shaping Tools RFC 2698 Two-Rate Three-Color Marker PIR CIR PBS CBS B>Tp No B>Tc No PIR = Peak Information Rate PBS = Peak Burst Size Packet of Size B Yes Violate Yes Exceed Conform CIR = Committed Information Rate CBS = Committed Burst Size Tp = Token Peak (PBS) Tc = Token Committed (CBS) Action Action Action Bc = Burst Committed (CBS) Be = Burst Excess (PBS) BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
QoS Tools Review: Policing & Shaping Tools RFC 2698 Two-Rate Three-Color Marker PIR CIR PBS CBS B>Tp No B>Tc No PIR = Peak Information Rate PBS = Peak Burst Size CIR = Committed Information Rate CBS = Committed Burst Size Tp = Token Peak (PBS) Tc = Token Committed (CBS) Bc = Burst Committed (CBS) Be = Burst Excess (PBS) Packet of Size B Yes Violate Action Yes Exceed policy-map RFC2698-POLICER class CLASS-2 Conform police cir 500000 bc 10000 pir 100000 be 10000 conform-action set-dscp-transmit af11 exceed-action set-dscp-transmit af12 Action Action violate-action set-dscp-transmit af13 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
QoS Tools Review: Policing & Shaping Tools Priority Queue with Conditional Policer Behavior with No Congestion Behavior with Congestion Offered Load 30 Mbps 30 Mbps 90 Mbps No Congestion No Policing Police 20M Police 20M 30 Mbps 20 Mbps Congestion Feedback Congestion Feedback priority data class-default priority data class-default P1 P1 Expected Throughput Per Class 30 Mbps policy-map CONDITIONAL-POLICER class PRIORITY priority 200000 20 Mbps 80 Mbps 100 Mbps Interface 100 Mbps Interface BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Aggregate Priority Load Priority Queue with Always On Policer (Explicit Policer) Behavior with No Congestion Behavior with Congestion Offered Load 30 Mbps 30 Mbps 90 Mbps Always On Policer 20 Mbps Police 20M 20 Mbps Police 20M priority data class-default priority data class-default P1 P1 Expected Throughput Per Class 20 Mbps 100 Mbps Interface policy-map ALWAYS-ON-POLICER class PRIORITY priority level 1 police cir 200000 20 Mbps 100 Mbps Interface 80 Mbps BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
QoS Tools Review: Policing & Shaping Tools Shaping Effect on Traffic Patterns Line Rate Service Rate Without Traffic Shaping With Traffic Shaping Traffic Shaping Limits the Transmit Rate to a Value Lower Than Line Rate Policers typically drop traffic Shapers delay excess traffic, smooth bursts and prevent unnecessary drops policy-map CLASS-BASED-SHAPER class class-default shape average 10 Mbps service-policy WAN BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
QoS Tools Queuing and Dropping 93
QoS Tools Review: Queuing & Dropping Tools Tx-Ring IOS Interface Buffers interface Serial2/0 tx-ring-limit 4 Packets In Tx-Ring Packets Out If the Tx-Ring is filled to capacity, then the IOS software knows that the interface is congested and it should activate any LLQ/CBWFQ policies that have been applied to the interface BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
QoS Tools Review: Queuing & Dropping Tools (Flow-Based) Fair-Queuing Packets In Fair-Queuing Sorter/Pre-Sorter policy-map FQ class class-default fair-queue Packets Out A flow is defined by five matching tuples: Source Address + Source Port Destination Address + Destination Port Layer 4 Protocol (TCP or UDP) BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
QoS Tools Review: Queuing & Dropping Tools CBWFQ Packets In FQ FQ FQ IOS Interface Buffers Network Control CBWFQ Call Signaling CBWFQ OAM CBWFQ Multimedia Conferencing CBWFQ Multimedia Streaming CBWFQ Transactional Data CBWFQ CBWFQ Scheduler policy-map WAN class NETWORK-CONTROL bandwidth remaining percent 5 class CALL-SIGNALING bandwidth remaining percent 4 class STREAMING-VIDEO bandwidth remaining percent 10 fair-queue random-detect dscp-based class MM-CONFERENCING bandwidth remaining percent 30 fair-queue random-detect dscp-based Tx-Ring Packets Out FQ FQ FQ Pre-Sorters Bulk Data CBWFQ Best Effort / Default CBWFQ Scavenger CBWFQ BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
QoS Tools Review: Queuing & Dropping Tools LLQ: Single-LLQ Operation and Configuration IOS Interface Buffers 10% Strict VOICE Policer LLQ policy-map WAN class VOICE priority level 1 police cir percent 10 Packets In CBWFQ Scheduler Tx-Ring Packets Out FQ Pre-Sorters CBWFQs BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
QoS Tools Review: Queuing & Dropping Tools LLQ: Multi-LLQ Operation and Configuration 1 Mbps VOICE Policer 4 Mbps Bscst-Video Policer 5 Mbps RT-Interactive Policer LLQ policy-map MULTI-LLQ class VOICE priority 1000 class BROADCAST-VIDEO priority 4000 class REALTIME-INTERACTIVE priority 5000 Packets In CBWFQ Scheduler Tx-Ring Packets Out CBWFQs BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
QoS Tools Review: Queuing & Dropping Tools The Need for Congestion Avoidance 100% BW All TCP flows synchronize in waves TCP synchronization wastes available bandwidth Bandwidth Utilization Time Tail Drop Three Traffic Flows Start at Different Times Another Traffic Flow Starts at This Point BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Fair- Queuing Pre-Sorter QoS Tools Review: Queuing & Dropping Tools DSCP-Based WRED Tail of Queue Bulk Data CBWFQ policy-map BULK-WRED class BULK bandwidth remaining percent 10 random-detect dscp-based Front of Queue Direction of Packet Flow AF13 Minimum WRED Threshold: Begin randomly dropping AF13 packets AF12 Minimum WRED Threshold: Begin randomly dropping AF12 packets AF11 Minimum WRED Threshold: Begin randomly dropping AF11 packets Maximum WRED Thresholds for AF11, AF12 and AF13 are set to the tail of the queue in this example BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
PfR and QoS Interaction 101
IWAN Layers AVC PfR QoS Intelligent Path Selection Overlay Routing Protocol (BGP, EIGRP) Overlay routing over tunnels Transport Independent Design (DMVPN) Transport Overlay MPLS Routing Internet Routing ZBFW CWS Infrastructure Routing BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
PfRv3 How it Works ISR G2 ASR1K MC Traffic Classes Learning Active TCs MC Performance Measurements MC TC Path BR BR BR BR BR BR Define your Traffic Policy Learn the Traffic Measurement Path Enforcement Define path optimization policies on the Hub MC load balancing, path preference, application metrics DSCP Based Policies Application Based Policies Traffic flowing through the Border Routers (BRs) that match a policy are learned Traffic Classes Unified Performance Monitor Report the measured TC performance metrics to the Master Controller for policy compliance Unified Performance Monitor Master Controller directs BR path changes to keep traffic within policy Route Enforcement module in feature path BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
IWAN Design PfR Policy domain IWAN vrf default master hub load-balance class VOICE sequence 10 match dscp ef policy voice path-preference MPLS fallback INET class INTERACTIVE_VIDEO sequence 20 match dscp cs4 policy real-time-video match dscp af41 policy real-time-video match dscp af42 policy real-time-video match dscp af43 policy real-time-video path-preference MPLS fallback INET class LOW_LATENCY_DATA sequence 30 match dscp cs2 policy low-latency-data match dscp cs3 policy low-latency-data match dscp af21 policy low-latency-data match dscp af22 policy low-latency-data match dscp af23 policy low-latency-data path-preference MPLS fallback INET class BULK_DATA sequence 40 match dscp af11 policy bulk-data match dscp af12 policy bulk-data match dscp af13 policy bulk-data path-preference MPLS fallback INET class SCAVENGER sequence 50 match dscp cs1 policy scavenger path-preference INET fallback MPLS class DEFAULT sequence 60 match dscp default policy best-effort path-preference INET fallback MPLS Create the PfR classes with matching policy names and DSCP values to simplify the configuration Define the path preference for traffic Load balance non-priority traffic IWAN Master Controller BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
PfR Built-in Policy Templates Pre-defined Template Threshold Definition Voice priority 1 one-way-delay threshold 150 threshold 150 (msec) priority 2 packet-loss-rate threshold 1 (%) priority 2 byte-loss-rate threshold 1 (%) priority 3 jitter 30 (msec) Real-time-video priority 1 packet-loss-rate threshold 1 (%) priority 1 byte-loss-rate threshold 1 (%) Low-latencydata priority 2 one-way-delay threshold 150 (msec) priority 3 jitter 20 (msec) priority 1 one-way-delay threshold 100 (msec) priority 2 byte-loss-rate threshold 5 (%) priority 2 packet-loss-rate threshold 5 (%) Pre-defined Template Bulk-data Best-effort Scavenger Threshold Definition priority 1 one-way-delay threshold 300 (msec) priority 2 byte-loss-rate threshold 5 (%) priority 2 packet-loss-rate threshold 5 (%) priority 1 one-way-delay threshold 500 (msec) priority 2 byte-loss-rate threshold 10 (%) priority 2 packet-loss-rate threshold 10 (%) priority 1 one-way-delay threshold 500 (msec) priority 2 byte-loss-rate threshold 50 (%) priority 2 packet-loss-rate threshold 50 (%) BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
PfR Manages Traffic Class Prefix DSCP AppID Dest Site Next- Hop 10.1.11.0/24 EF N/A Site 11? 10.1.11.0/24 AF41 N/A Site 11? 10.1.11.0/24 AF31 N/A Site 11? 10.1.11.0/24 0 N/A Site 11? 10.1.10.0/24 EF N/A Site 10? 10.1.10.0/24 AF41 N/A Site 10? 10.1.10.0/24 AF31 N/A Site 10? 10.1.10.0/24 0 N/A Site 10? MC1 IWAN POP Traffic with EF, AF41, AF31 and 0 BR1 BR2 MPLS INET Traffic Class Destination Prefix DSCP Value Application (N/A when DSCP policies used) R10 R11 R12 R13 10.1.10.0/24 10.1.11.0/24 10.1.12.0/24 10.1.13.0/24 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
SDWAN QoS APIC-EM IWAN App 107
APIC-EM IWAN App Click to administer application policies BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
IWAN App Categorize Applications Categorize applications Add custom applications BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
IWAN App Categorize Applications Drag and drop each application (one ore more) from one business class to the other BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
IWAN App Define Application Policy Drag and Drop a business category among: business critical scavenger default Application priority policy setting in IWAN app Path preference: Set primary and action on threshold crossing, which can be a second path or drop traffic Drag and drop business buckets BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
IWAN-App QoS Config Classification and Marking Policy Business-Relevant Class-Map (List of Categories that are Business-Relevant) class-map match-any prm-biz-relevant-cats match protocol attribute category business-and-productivity-tools match protocol attribute category voice-and-video match protocol attribute category backup-and-storage match protocol attribute category software-updates match protocol attribute category file-sharing match protocol attribute category email match protocol attribute category database match protocol attribute category browsing Implements Categoryto-Business-Relevance mapping Vs. Application-to- Business-Relevance mapping Parent Class-Maps to Combine Category-Based BR with Traffic-Classes class-map match-all prm-nbar-12-cls#broadcast-video match protocol attribute traffic-class broadcast-video match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#bulk-data match protocol attribute traffic-class bulk-data match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#interactive-video match protocol attribute traffic-class real-time-interactive match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#network-control match protocol attribute traffic-class network-control match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#multimedia-conferencing match protocol attribute traffic-class multimedia-conferencing match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#voice match protocol attribute traffic-class voip-telephony match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#signaling match protocol attribute traffic-class signaling match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#network-management match protocol attribute traffic-class ops-admin-mgmt match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#transactional-data match protocol attribute traffic-class transactional-data match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#multimedia-streaming match protocol attribute traffic-class multimedia-streaming match class-map prm-biz-relevant-cats class-map match-all prm-nbar-12-cls#scavenger match class-map prm-biz-irrelevant-cats BRKRST-2043 Business-Irrelevant Class-Map (List of Categories that are Business-Irrelevant) class-map match-any prm-biz-irrelevant-cats match protocol attribute category consumer-file-sharing match protocol attribute category consumer-messaging match protocol attribute category consumer-internet match protocol attribute category consumer-streaming match protocol attribute category gaming match protocol attribute category social-networking match protocol attribute category instant-messaging RFC 4594-Based Marking Policy-Map policy-map prm-nbar-12-cls class prm-nbar-12-cls#voice set dscp ef class prm-nbar-12-cls#broadcast-video set dscp cs5 class prm-nbar-12-cls#interactive-video set dscp cs4 class prm-nbar-12-cls#multimedia-conferencing set dscp af41 class prm-nbar-12-cls#multimedia-streaming set dscp af31 class prm-nbar-12-cls#signaling set dscp cs3 class prm-nbar-12-cls#network-control set dscp cs6 class prm-nbar-12-cls#network-management set dscp cs2 class prm-nbar-12-cls#transactional-data set dscp af21 class prm-nbar-12-cls#bulk-data set dscp af11 class prm-nbar-12-cls#scavenger set dscp cs1 class class-default 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
IWAN-App QoS Config Ingress Marking and Egress Queuing in Branch Ingress Marking on LAN interface GigabitEthernet0/0/0.10 description Data encapsulation dot1q 10 ip address 10.5.10.3 255.255.255.0 ip helper-address 10.4.49.10 ip pim sparse-mode standby version 2 standby 1 ip 10.5.10.1 standby 1 priority 105 standby 1 authentication md5 key-string c1sco123 performance monitor context IWAN-Context service-policy input prm-nbar-12-cls Marking Policy Map on Previous Page Child Policy: 8-class WAN queuing and 6-class SP policy-map prm-dscp#iwan-8-id0 class prm-iwan8#voice priority level 1 police cir percent 10 set dscp ef class prm-iwan8#streaming-video bandwidth remaining percent 10 set dscp af31 random-detect dscp-based class prm-iwan8#call-signaling bandwidth remaining percent 4 set dscp cs3 class prm-iwan8#net-ctrl-mgmt bandwidth remaining percent 5 set dscp cs6 class prm-iwan8#interactive-video bandwidth remaining percent 30 set dscp af41 random-detect dscp-based class prm-iwan8#critical-data bandwidth remaining percent 25 set dscp af21 random-detect dscp-based class prm-iwan8#scavenger bandwidth remaining percent 1 set dscp cs1 class class-default bandwidth remaining percent 25 set dscp default random-detect dscp-based Parent Policy: Shape for Service Rate policy-map prm-dscp#iwan-8-id0#shape#300.0 class class-default shape average 300000000 service-policy prm-dscp#iwan-8-id0 Egress Queuing on Physical Interface interface GigabitEthernet0/0/2 bandwidth 300000 ip vrf forwarding IWAN-TRANSPORT-1 ip address 10.5.5.102 255.255.255.252 media-type rj45 negotiation auto no cdp enable service-policy output prm-dscp#iwan-8-id0#shape#300.0 BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Adaptive QoS 114
Adaptive QoS with DMVPN How To Compute Available BW & Adjust Shapers Monitoring at the Receiver Short Term: Monitor loss per tunnel OR Rx-rate per tunnel (aggregate tunnel monitoring) Long term: Monitor loss per policy/class on a tunnel Monitoring & Feedback is a recurring/periodic process Feed-back loss per tunnel to the sender (any transport of choice) Processing at the Sender Receive feedback from receiver Read relevant tunnel s Tx-rate at the sender Evaluate loss based on difference between Rx-rate and Tx-rate Once loss is known at the sender (through explicit feed-back of loss or via <Rx-rate, Tx-rate> calculation), map it to QoS policy/class Adjust shape rate to dynamically adjust to the current Internet BW if required Static Bandwidth Management - Not adapting shapers in fluctuating BW environments can make the shapers irrelevant and admins would lose control of which applications are getting dropped! BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Adaptive QoS How To Compute Available BW & Adjust Shapers DMVPN Spoke Site Egress shaper = 5 Mbps (offered) Shaper towards this spoke = 6 Mbps (offered) DMVPN Hub Site 5 Mbps Internet based WAN 6 Mbps BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Adaptive QoS How To Compute Available BW & Adjust Shapers Egress shaper = 3 Mbps available) Shaper towards this spoke = 4 Mbps (available) DMVPN Spoke Site DMVPN Hub Site Available BW check: Tunnel Rx Loss, Rx/Tx compute Compute Available BW - function of the router Internet based WAN Available downstream BW = 4 Mbps Available upstream BW = 3 Mbps Algorithm to compute available upstream and downstream BW Benefits: Accurate view of available BW in non SLA environments Adapting business critical applications to what is available on link No more indiscriminate drops - tighter control of business policies for IWAN BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Adaptive QoS For DMVPN How Does It Work? Adapt shaping rate at the Sender based on the available bandwidth between specific Sender and Receiver (two end-points of a DMVPN tunnel) Configure MQC Policy with Adaptive Shaping Attach service-policy to nhrp-group in Egress Create State for Periodic Collection of Stats on a Relevant Target Transport Monitoring Enablement Message DMVPN Tunnel Sender Transport Received Rate 1) Calculate Available Bandwidth in the Cloud 2) Adapt Egress Shaper to New Calculated Rate Receiver BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
High Level Algorithm to Compute Available BW Use a Training Period to estimate Transmit and Receive Counter Clock Shift (roughly) After Compensating for the Clock Shift, use transmit and receive count values difference to determine whether losses have occurred Transmitter shapes the traffic to a configured percentage of bottleneck link bandwidth once drops are detected If no drop is detected for a period of time, the shaper will increase its rate BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Algorithm To Compute Available BW DRAC (Dynamic Rate Control) Shaped Rate Sent pkt Received pkt Dropped Source Transmit Intelligent, determine shaper rate based on transmit and receive count difference Sink Receive Passive, feedback receive counter values every 10sec BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Adaptive QoS for DMVPN Configuration (Hub) HUB interface Tunnel1 ip address 192.168.1.1 255.255.255.0 no ip redirects ip nhrp authentication GetDm0 ip nhrp group 1 ip nhrp map multicast dynamic ip nhrp map group 1 service-policy output qos ip nhrp network-id 1 ip tcp adjust-mss 1360 load-interval 30 cdp enable tunnel source Loopback1 tunnel mode gre multipoint tunnel key 10001 tunnel protection ipsec profile P1 policy-map qos class class-default shape adaptive upper-bound 6000000 lower-bound 2000000 service-policy child policy-map child class prec5 priority percent 20 class class-default bandwidth percent 80 Adaptive Shaper on Parent Class - Not allowed to configuring in Child Class Policy on DMVPN Tunnel - Assigned per NHRP spoke - consistent with Per Tunnel QoS Hub->Spoke, Spoke-Hub - Adaptive shapers supported on hub->spoke & spoke->hub - spoke->spoke in roadmap shape adaptive upper-bound <<bps> percent <value>> [lower-bound <<bps> percent <value>>] upper-bound lower-bound : Mandatory (max ceiling for shaper) & Initial Value : Optional (0 if not specified) BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Adaptive QoS for DMVPN Configuration (Spoke) Spoke interface Tunnel1 ip address 192.168.1.2 255.255.255.0 no ip redirects ip nhrp authentication GetDm0 ip nhrp group 1 ip nhrp map 192.168.1.1 11.1.1.1 ip nhrp map multicast 11.1.1.1 ip nhrp map group 1 service-policy output qos ip nhrp network-id 1 ip nhrp nhs 192.168.1.1 ip nhrp server-only ip nhrp hold-time 360 ip tcp adjust-mss 1360 load-interval 30 cdp enable tunnel source Loopback1 tunnel mode gre multipoint tunnel key 10001 tunnel protection ipsec profile P1 Policy on DMVPN Tunnel - Assigned per NHRP spoke - consistent with Per Tunnel QoS Hub->Spoke, Spoke-Hub - Adaptive shapers supported on hub->spoke & spoke->hub - spoke->spoke in roadmap policy-map qos class class-default shape adaptive upper-bound 6000000 lower-bound 2000000 service-policy child policy-map child class class-default bandwidth percent 80 service-policy grand_child policy-map grand_child class class-default Adaptive Shaper on Parent Class - Not allowed to configuring in Child Class shape adaptive upper-bound <<bps> percent <value>> [lower-bound <<bps> percent <value>>] upper-bound lower-bound : Mandatory (max ceiling for shaper) & Initial Value : Optional (0 if not specified) BRKRST-2043 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 122