Introduction To QoS

Introduction to QoS CCIE & CCSI: Yasser Ramzy Auda
What is QoS?
As we know , data travel cross networks as small pieces we call it frames and inside it we have
packets and inside packets we have segmentsetc.
Normally we might need some packets send faster than others or divide our link bandwidth
according to traffic type of protocol ..etc. and to do so we will need to classify our packets ,
marking it to give it different priorities and decide how packets will be handle in interface
queues. .this what QoS talking about. To understand it we need first to understand any
network ordinary issues.
Network Quality Issues
1-Congestion
This happened to interface when received amount of data flow bigger than what it can handle ,
this could happen for following reasons :
End to end delay
Variation in delay (Jitter)
Packet loss
Delay : period taken by packets when go out of sender interface till reach receiver interface .
Jitter : flow of stream packets arrived to receiver in wrong time order , this is would be bad if
stream packets was VOIP for instance .
Packet Loss: Packets dropped when link in congested state .
Congestion Points:
Aggregation Point :Router connecting to too many networks in one interface and doing
aggregation for them in another interface .
Speed mismatch :Data go through Router where it enter it with fastethernet and exit
from Ethernet interface .
LAN to WAN: same like speed mismatch , router connected to LAN with high speed but
on another side he connect to WAN (WAN is always slow links ).
1
2-Slowest Link Rule
Lets say we had the following topology:
Maximum Available Bandwidth = Bandwidth of the slowest Link = 64 Kb
To Solve This Issue we can do one of two things:
1-add more Bandwidth but this not cost wise and maybe you would face limitations in
technologies used in infrastructure will not allow to add more Bandwidth .
2- Use QoS technics such as

Classify Traffic in QoS classes and assign them priorities according to how importance
they are .
Use Marking for Packets
Use Queuing mechanisms such as : FIFO , WFQ , CBWFQ , LLQ
Remember for optimal quality for Voice Traffic we use RTP header Compression + LLQ
For Interactive data Traffic we use TCP header Compression + CBWFQ
(Later we will talk about these queuing algorithms)
Delay Types
1-Processing Delay (related to device): period will be taken by Device such as router or layer3
switch to move packets from Input Interface to Output Interface.
This time or period depend on many factors like

CPU Speed Utilization
IP Switching Mode
Route Architecture
Configured Features on I/O interfaces
2-Queuing Delay (related to device): period will be taken by packets waiting or staying in Device
output queue.
This Time This time or period depend on many factors like

Number of other packets also waiting in this queue
Size of other packets also waiting in this queue
Bandwidth of the interface where queue will use to let packets go In or Out
Queuing mechanisms configured on this interface
3-Serializetion Delay (related to media): period will be taken to put the frames in physical
media to go out
2
4-Propagation Delay (related to media): period will be taken by packets inside physical link
(medium) during travel from end to end.
Methods to prevent Delay

If we assume that Router or L3 switch is powerful enough then Serialization Delay can be
prevented using Queuing.
This will depend on :
Number: average length of the queue
Size: average length of the packet queue
Bandwidth: link bandwidth
Methods to accelerating Delay sensitive packets

Increase Kink bandwidth
Prioritize delay sensitive packets using CBWFQ,WFQ,LLQ
Reprioritize Packets by asking ISP to do so when two sites connected through ISP
Compress payload
Header compression
Impact of Packet Loss
Because of heavy congestion, pictures could be not clear, hearing sound in slow motion , video
is not sync with audio etc.
When Interface Output Queue is full, any other packets coming to stay in this queue will not find
place on it and will be dropped .this called Tail Drop .
Routers could drop packets in following situations:

Input Queue Drop reason: CPU is busy and cannot process another packets
Ignore reason: buffer space is full
Overrun reason: CPU is busy & buffer is full
Frame errors reason: CRC errors
Methods to Prevent Packet Loss ( Drop sensitive App Packets )

Increase Link Capacity
Use LLQ which provide guarantee enough Bandwidth , also will provide Prioritized
Forwarding for drop sensitive packets
Use WRED which provide dropping for lower Priority Packets before congestion happens
So Again what is QoS ?

QoS is the network ability to provide better service for users & applications and to provide
methods to prevents jitter , delay and packet loss for time sensitive applications & Mission
critical applications .
3
Steps to create QoS

1-study types of your network traffic and their requirements
2-determine QoS requirements for each type
3-each group will be put in class
4-each class will be put in policy to match its QoS requirements
Lets talk in details a little bit about each step

In step one We identify traffic & its requirements by find QoS problems and measure traffic in
network during congested , many tools can help us to do so such as PRTG paessler.com which is
traffic generator used to study and analyze traffic and determine what type is regularly used.
Also in this step we choose Business model & goals and list of business needs
Finally in this step we define the required service level and the different types of traffic such as
which types of traffic can wait before sending and what types of traffic require immediate
sending .
In step two & three we can have table like this

Requirements of Traffic Types Traffic Class Notes
Low Latency VOICE Higher priority
Guaranteed Delivery Mission Critical Business App
Guaranteed Delivery Transactional Database & interactive App
NO Guaranteed Delivery Best Effort Email
Less Than Best effort Scavenger P2P App
4
In step four we create QoS policy where we will need one thing form the following :
Setting Minimum Bandwidth Guarantee
Setting Maximum Bandwidth Limit
Assign priorities to each class
Using other QoS tools like the queening mechanisms
Using traffic class table above we can gives priority standards where 5 most priority & 1 less
priority
VOICE 5 Min BW of 1 Mbps LLQ

Mission Critical 4 Min BW of 1 Mbps CBWFQ
Transactional 3 Min BW of 1 Mbps CBWFQ
Best Effort 2 Min BW of 500 Kbps CBWFQ
Scavenger 1 Min BW of 100 Kbps WRED
QoS Models
Best Effort no QoS is applied to packets
IntServ provide very high QoS to IP packets, packets delivery is guaranteed, but had
limit scalability of network
DiffServ provide greatest scalability , network devices will recognize traffic classes
and provide deferent levels of QoS to different traffic class
IntServ Integrated services

Use RSVP as signaling protocol , useful for real time applications and multimedia
conferences
an provide QoS to flow belong to specific user , such as application on PC require
reserve bandwidth for itself from the router and this router will notify other routers
(using RSVP) to do the same .
RSVP
Is IP protocol use ip protocol id = 46 and TCP or UDP port# 3455 , its not routing
protocol but work in conjunction with them , it foucs in two traffic types : rate& delay
sensitive traffic .
Used in QoS engineering and its one of the ways to provide CAC for voice traffic in VOIP
networks , CAC call admission control : used to reserve numbers of VOIP calls
,(normally single call need 64Kbps ) example 2 calls = 64*2 = 128 Kbps .cisco CUCM call
managers used RSVP to provide CAC service .
When pc or user application ask to reserve specific Bandwidth and incase resources are
available , RSVP will accept the reservation and download traffic classifier to assign temp
QoS class to this traffic flow in QoS forwarding path ( traffic classifier tell QoS
5
forwarding path how to classify specific flow packets and how to handle with it when
sending it).
RSVP can used by applications to send signal for QoS requirement to the Router , also
we can use queuing mechanisms with it to provide QoS service Level.
Example:
Guaranteed-rate : to allow application to reserve bandwidth match his requirements using
LLQ+RSVP
Controlled-load : to allow application to get high throughout and low delay using WRED+RSVP
What is RED & WRED?

Its congestion avoidance tools NOT queuing Algorithms
RED is legacy , normally it remove a packet from queue to free space for another queue coming
to stay in the queue
WRED same as RED but will not randomly remove any packet to free space but will remove
packet according to how importance its .
What is Policing & Shaping?

IntServ requires several functions on routers and switches along the path:
Admission control , classification , policing , shaping , queuing , scheduling .
Policing: drop or mark packet when reach specific Limit , mark here mean give it higher priority
than others
Shaping: queue packets when reach specific Limit , lets say a packet reach queue but it was full
then it can wait in buffer for some time till a one of packets space in the queue become empty .
DiffServ
Designed to solve the limitations of best effort and IntServ models , its very similar to Soft QoS
concept
Soft QoS: where QoS mechanisms used without signaling , since properties that we used to
determine Bandwidth & Delay is managed individually by each router . This matter called PHB
Per Hop Behavior
And its the opposite of Hard QoS (IntServ).
6
So Simply,
IntServ had one protocol only RSVP
DiffServ had everything else :

classification
marking
congestion management (queuing mechanisms )
congestion avoidance
shaping & policing
link efficiency
QoS commands
We can use any one of the following ways to configure QoS:
MQC
SDM / CCP
QPM
Auto QoS
Modular QoS CLI (MQC) Steps:

Class-map What to Match
Policy-map What to do with what you Matched
Service-policy Where to apply the policy-map
Class-map match-any Yasser

Or Match-all mean AND
Class-map Yasser < match-all will be used by default Match-any mean OR
Match protocol HTTP < mean start using NBAR feature to classify traffic (http in this example)
We can match many different things such as access-group 101 or mac-address etc
Show class-map
Policy-map Ramzy
Class Yasser
Priority 256 < give traffic classified in class map Yasser guaranteed bandwidth 256kbps
Or
Bandwidth 1000 < give traffic classified in class map Yasser WFQ guaranteed bandwidth
1000kbps
NOTE : anything else will follow class-default
Int s0/0
Service-policy OUT/IN Ramzy (apply policy map RAMZY inbound or outbound)
Show policy-map
7
Classification & Marking

These are two different operations
Classification: inspect packets to know what traffic type it carry ( inspect what is inside the box)
Marking: write information in the packet to make it easy for other network devices to identify it
and know what type of packets its .
Marking is not responsible for tell how to treat or deal with the packets , it just mark the packet .
Marking can be done through Layer 2 or Layer 3
Marking unlike Classification will not utilize a lot of CPU resources
Marking using Layer 2 can be implemented through one of the following in L2 Headers:
COS Ethernet
EXP MPLS
DE Frame Relay
Marking using Layer 3 can be implemented using 1 Byte called TOS in IP header with one of two
ways:
IP Precedence
DSCP
Layer 2 Marking:
DE bit in frame relay header to control CIR speed , 1=yes 0=no
EXP In MPLS similar to COS
COS (Class of service) in Ethernet header is 3 bits from 000 to 111 ( from 0 to 7 in decimal)
Remember in VLAN-ID COS will be in PRI field
COS Bit Use to mark which Traffic Type

7 Reserved (not used)
6 Routing ( not used)
5 Voice
4 Stream Video
3 Call signaling
2 Transactional
1 Bulk Data
0 Best Effort
Notice call signaling is just the ones make phone ringing or watch quality of it so it take less
priority while Voice Call (5) is more importance since its the packet carry the actual all audio .
Layer 3 Marking :
We use 8 bits in IP header called TOS (Type Of Service) and marking using these 8 bits can be
done by
IP Precedence or DSCP
Since L2 Header always Re written by devices through the path , so L3 header marking is more
better to carry L3 marking from router to router
8
IP Precedence:
Its 8 bits but we only use the first 3 bits from the left xxx b bbb
With same table we used with COS
DSCP (differentiated services code point)

More useable and computable with IP Precedence, we use here all the 8 bits
000 000 00
000 Pre-Hop-Behavior PHB provide Major classification same as IP Prece

00 Provide Minor classification for Drop Probability
0 Never used
00 used for flow control to tell device to slow down
Cisco Recommended no more than eleven class of traffic
PHB can be 3 things:

Expected Forwarding EF 000 value will = 5
Assured Forwarding AF 000 value will = 1,2,3,4 and equal to IP Prece levels from 1
to 4
Best Effort 000 value will = 0
Remember 6,7 are reserved .
Drop Probability:
00 not used
01 Low
10 Medium
11 High < mean the highest probability to drop this packet if need it
Example : AF4 = 1001 1000 , AF4=1001 0000 which packet had higher Priority to be dropped ?
Answer is 1001 1000 since 11 mean high
Example : what 000 000 mean in DSCP ? it will mean Best Effort Level
9
PHB H M L
AF1 11 10 01
AF2 11 10 01
AF3 11 10 01
AF4 11 10 01
Remember this exception:

EF 101 110 00 This Mean Best of the Best , we do not want any drop happen to This
Packet
101 = 5 11= High But here rule not applied and H will mean NO DROP , abnormal exception but
we must to remember .
Example: AF43 & AF31 which packet will have higher probability to be dropped?
Answer is AF43
Here is why: AF43 3 mean here 11 , AF31 1 mean here 01
Example:
Class-map match-any Yasser
Match cos 1 2 3
Match dscp 1 2 af11
Policy-map Ramzy
Class Yasser
Set dscp af41 OR set precedence 5 < means mark packet in class Yasser with this af41 or ip
prece 5
Int s0/0
Service-policy out Ramzy
10
Extended ping can be used to generate traffic with specific ip prece since we can set
precedence(TOS) value.
Ip Precedence TOS 0 000 Routine

0
Ip Precedence TOS 32 001 Priority
1
Ip Precedence TOS 64 010 Immediate
2
Ip Precedence TOS 96 011 Flash
3
Ip Precedence TOS 128 100 Flash-Override
4
Ip Precedence TOS 160 101 Critical
5
Ip Precedence TOS 192 110 Internetwork Control
6
Ip Precedence TOS 224 111 Network Control
7
Example:
R1#ping
Protocol [ip]:
Target IP address: 10.1.1.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.1.1
Type of service [0]: 32
11
Network Based Application Recognition (NBAR)
Its the classification engine in IOS can recognize big number of applications including web based
& client/server applications which gives dynamic TCP/UDP port numbers . after recognize
applications we can gives special QoS service for it.
Applications now days need high performance and network must give the right service to
mission critical applications and provide enough bandwidth to let it work in the required
performance.
In case new applications come out , NBAR can recognize it since cisco provide PDLM (Protocol
Description Language Module ) files contain rules NBAR will use to recognize these new
applications without the need to change IOS image or even reload the router
With NBAR we can classify HTTP traffic with URL , HOST or even MIME Type
NBAR supported by CBWFQ , Policing , DSCP , WRED
After traffic classified by NBAR we can :

Class-based marking (using set command)
Class-based weighted Fair Queuing ( using bandwidth or queue-limit commands)
Low Latency queuing (use priority command)
Traffic policing ( use police command )
Traffic shaping (use shape command)
NBAR use CEF in forwarding process

NBAR not support IPX traffic
To use NBAR we just type Match protocol
Protocol Discovery feature in NBAR allow to see applications currently running in our network
along with Packets / Bytes count and Bit rates for these applications
Int f0/0
Ip nbar protocol-discovery
(configure NBAR to discover traffic for all protocols known to NBAR on interface f0/0 , need cef
enabled , not require service policy enabled )
Sh ip nabr protocol-discovery
(display statistics for all interfaces which this feature enabled on)
PDLM (Protocol Description Language Module ) files extended the list of protocols which
NBAR can handle and recognize
List of PDLM files available : http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm
PDLM file version could be Native (come embedded with IOS ) or Nonnative (we download from
cisco )
12
You must notice PDLM version & NBAR software Version in IOS before download
show ip nbar version
To add PDLM file after download from cisco:

Ip nbar pdlm flash://citrix.pdlm
Displays the PDLM in use by NBAR.

show ip nbar pdlm
Note: sometimes we use different ports for our protocols than the standards ones , lets say we
use port 4000 for DNS instead of 53 , to tell NBAR about that (up to 16 additional port numbers)
Ip nbar port-map dns tcp 4000
Show ip nbar port-map
Note: lets assume software company made application called yasserapp just for your network
and use specific port 8900 using udp and the 6th byte on it has the value dd45, to let NBAR
recognize it :
Ip nbar custom yasserapp udp 8900 6 hex dd45
As you can see with such ability we can even recognize the malicious applications as well.
Important
Remember that some QoS commands could be different
between from IOS 12 and IOS15
If one of the commands in this document is not working
for you, kindly check the following link for replacement
command.
http://www.cisco.com/c/en/us/td/docs/ios/qos/configuration/guide/15_0s/qos_15_0s_book/le
gacy_qos_cli_deprecation.html
13
Queuing Algorithms
Inside router we have software queues where packets can wait before enter the interface to go
out of it through single hardware queue ( use FIFO Queuing Algorithm).
Software queue can changed , managed according to QoS Queuing Algorithms we use.
Routers determine the length of the hardware queue based on the configured bandwidth of the
interface
This length can be adjusted using :

tx-ring-limit
Reduce the size of hardware queue has two benefits :

Reduce the max amount of time that packets wait in the FIFO queue before being
transmitted
It accelerate the use of QoS in cisco IOS software
Congestion could happen on sub interfaces and (logical) software interfaces such as dialers ,
tunnels ..etc ,since they do not have their own transmit queue.
The tx-ring state (full, not-full) is an indication of hardware interface congestion

The terms (TxQ) and (tx-ring) both describe the hardware queue and are interchangeable .
show controllers serail 0/0
14
Queuing Algorithms
Cisco IOS Software includes the following queuing tools:
First-in, first-out (FIFO) queuing
Priority queuing (PQ)
Custom queuing (CQ)
Flow-based weighted fair queuing (WFQ)
Class-based weighted fair queuing (CBWFQ)
Low-latency queuing (LLQ)
FIFO Frist in Frist out , by default the only Queuing Algorithms Used with HW queue but we can
create it to SW queue as well. NO delay guarantee NO Bandwidth guarantee.
PQ (Strict Priority) where we will have 4 queues
Packet in PQ can be classified according to:

Protocol type , Incoming Interface , Packet Size , Fragments and ACL.
PQ will send packets out from queue 1 till it become empty then go to do the same for queue 2 ,
and so on till queue 4. Delay guarantee But for 1 queue only NO Bandwidth guarantee.
CQ Custom Queue
We have two types in this algorithm Round Robin RR , Weighted Round Robin WRR
NO delay guarantee But Bandwidth guarantee can be done by determine number of bytes send
through queue.
Round Robin RR
Packets will go out from each queue in equal manner , which mean one packet goes out from
queue 1 then one packet goes out from queue 2 and so on till queue 4 , then start again from
queue 1 .
15
Weighted Round Robin WRR

Like RR but we will give weight for each queue , Four packet goes out from queue 1 then Two
packet goes out from queue 2 then one packet from queue 3 and so on till queue 4 , then start
again from queue 1 .
WFQ Flow-Based weighted fair queue

It create 8 queue fro system packets , 1000 queue for RSVP , 256 dynamic queue , from
16 to 4096 queues per flow (conversations)
It gives priority to speakers with small data amounts than speakers with large data
amounts
Its introduced to solve issues with FIFO & PQ
Not support encryption or tunneling
Its the Default for serial interfaces , it is supported only on links less than or equal to
2Mb
NO delay guarantee NO Bandwidth guarantee.
WFQ command :
Fair-queue
Int s0/0
No fair-queue
Or
Fair-queue 100 16 0
100 = CDT is number of max packets can be in single queue before we start drop
( default is 64 , power of 2 with range from 16 to 4096 )
CDT mean will start drop packets after 100 packets from the most aggressive flow
16 = number of dynamic queue used for best effort conversations

( default is 256 , power of 2 till 4096 with range from 16 to 4096)
0 = number of RSVP reservations ,

(default is 0 , from 0 to 1000) , not preferred to use to save resources .
WFQ run with two modes of dropping:

Early dropping when reach CDT
Aggressive dropping when reach to hold-queue limit
Hold-queue limit
Is max time to keep the max number of packets stored (default is 1) preferred to be lower
number as much as we can since wfq consumes a lot of buffers
Int s0/0
Hold-queue 1 out
16
CBWFQ Class-Based weighted fair queue

Up to 256 queue per class map such as creating class-map to give http 30% of bw and
another class-map to give ftp 40% etc.
It is not preferred for VOIP Traffic
NO delay guarantee But provide Bandwidth guarantee.
Weights internally calculated from Bandwidth or its Percentage and assigned to traffic
classes
Available Bandwidth is calculated according to following formula:
BW available = BW * Maxreservable SUM(all fixed Guarantees)
BW is configured using the interface Bandwidth command

Maxreservable is by default 75% of interface Bandwidth and we can use with CBWFQ & LLQ ,
to specify amount of bandwidth to be allocated , we can change this percentage using max-
reserved-bandwidth command
SUM(all fixed Guarantees) using CBWFQ , CB-LLQ , IP RTP prioritization
CBWFQ commands :
Bandwidth
Bandwidth percent
Bandwidth remaining percent
Queue-limit < set max number of packets that this queue can hold (default is 64)
Fair-queue < number of dynamic queues , can be configured in class-default as well.
To understand more CBWFQ lets take the following example:
We want http , https , ftp BW at least 20% , x-win app 10% , sql server 25% , any other traffic
types will take the rest of BW.
Class-map match-any web

Match protocol http
Match protocol https
Match protocol frp
Class-map xwin
Match protocol x window
Class-map sql
Match protocol sqlserver
Policy-map Ramzy
Class web
Bandwidth percent 20
Bandwidth remaining 76 < mean 76% of the remaining 80%
Class-map xwin
Class-map sql
17
Class class-default < mean anything else

Fair-queue
Int s0/0
Service-policy out Ramzy
Note: if existing available traffic is used only with http , http will utilize more than 20% since we
did not have policing yet . Will talk about it later
LLQ Low Latency Queuing

Simply its CBWFQ but we add Priority Queue to CBWFQ for real-time traffic such as VOIP
, thats is why It is preferred for VOIP .
So we will have 1 PQ with higher priority and remaining queues will be CBWFQ with
lower priority .
Provide Delay guarantee to PQ queue , Provide Bandwidth guarantee.
Can work in any media types including serial & Ethernet etc.
It provide Priority metering when congestion occurs , performed on per-packet basis
Classes are policed and rate-limit individually
Commands used :
Priority bandwidth
Priority percent
LLQ Rule:
PQ= max 33% of BW of Sum of all guarantees
Sum of all guarantees = max 75% (including PQ)
Remaining 25% left free for signals & management traffic
Same example we used in cbwfq lets add we want the FRIST 10% of our BW for VOIP
Class-map voip
Match protocol rtp audio
Policy-map Ramzy
Class voip
Priority percent 1 < which means create police for voip traffic to be always have the highest
priority to use the first 10% of BW
18
Congestion Avoidance Tools
Lets talk first about some issues
Tail Drop Issue : not able to know the different importances of packets
TCP Synchronization issue
TCP Starvation issue
All these issues will lead to congestion

Solution is using RED or WRED
RED Random Early Detection

It will randomly drop packets from TCP flow , (Sacrifice some for sake of many ) not supported
by Cisco
WRED Weighted Random Early Detection
It will use WRED profiles
8 profiles IP Prece
64 profiles DSCP
Will classify traffic and assign one profile for each traffic type classified then gives each
profile a priority
Min from 0 to 20 no drop

MPD from 20 to 80 random drop depend on percentage will happen (one packet will be
dropped from each 512 packets )
Max from 80 to 100 any additional packets above 512 will be dropped
19
WRED Commands
Random-detect dscp-based ( enabled DSCP-based WRED can be configured in policy-map &
applied under interfaces with random detect group or service-policy )
Default service-profile is used
Remember WRED random-detect & WFQ queue-limit are mutually exclusive for class policy
Random-detect dscp af21 23 40 10
Af21 is dscp value

23 is min threshold
40 is max threshold
10 is MPD
Example:
Enable CBWFQ to prioritize traffic according to the following :
-Class mission-critical is marked using dscp AF2 and should get 30% of interface bandwidth
-Class bulk is marked using dscp AF1 and should get 20% of interface bandwidth
-All other traffic should be per-flow fair-queued
-use differentiated WRED to prevent congestion in all three classes
class-map mission-critical
match ip dscp AF21 AF22 AF23 cs2
class-map bulk
match ip dscp AF11 AF12 AF13 cs1
policy-map POLICY1
class mission-critical
bandwidth percent 30
random-detect dscp-based
random-detect dscp af21 32 40 10 < each random-detect dscp will create profile for specified AF
random-detect dscp af22 28 40 10
random-detect dscp cs2 24 40 10
class bulk
random-detect dscp cs1 22 26 10
class class-default
fair-queue
20
Auto QoS
Its CLI wizard tool to create QoS without the need to know all details about QoS technology and
the mechanisms used with QoS.
It contains 2 phases:
(In routers & switches)

VOIP with one command we can define the requirements of voip can
(In routers only)
ENTERPRISE work in two stages
discovery traffic types and generate policy , load NBAR
implement generated policy
Auto QoS Cannot be configured if QoS policy (service policy) is attached to the interface
CEF must be enabled
Classifies interface as low speed (less than or equal 768 Kbps ) or high speed (greater
than or equal 768 Kbps )
Policing & Shaping
Both are traffic conditioning Mechanisms deals with Traffic rate
Policing used to Drop or Remark Packet if exceeding traffic happened

Policing is useful in many cases such as ISP customer link speed is 2mb but we want as ISP to
limit it to 1 mb , limiting P2P traffic to our customers ( Bandwidth engineering)
Shaping used to Queue Packet if exceeding traffic happened

Shaping is useful in many cases such as sending to customer to slow down since you are not
allowed to send traffic with higher speed than what we agreed with
In both we have a technic used called Token Bucket

Its mathematic method used by routers and switches to measure traffic flow rate ,
This method had two components: Token and Bucket
Token is the right to send specific number of bits ( we put this info inside Bucket )
Bucket will include many Tokens
Each packet will take a Token from the Bucket
If Bucket become empty ( no more tokens on it)

Then packets need tokens will be Dropped ( Policing) or Queued ( Shaping)
Policing use single Token Bucket
For Shaping we can have another Token Bucket
21
==============================================================================
22
Policing can be applied in Incoming or Outgoing Traffic

Shaping can be applied ONLY in Outgoing Traffic (shaping is useful with Frame Relay but FR
removed now from CCIE blueprint)
Conditions can be used:

conform
exceeded
violate
Actions can be used:

Drop
Set
Transmit
Policing & Shaping Terminology:
TC= BC/CIR
TC time measurement by milliseconds

( TC will be specified by SP in his agreement with customer)
BC committed Burst is measurement by bits for the total amount of traffic can be send through
TC
CIR Committed Information Rate is the customer link speed that SP allow
TC=BC/Shaping rate
BE Excess Burst Size is the most number of bits in BC that can be send after a stopping period
Shaping Rate is amount if bits per seconds we will do shape for it
Single Token / Single Rate command
Police bps burst-normal/burst-max
bps is speed rate allowed (from 8000 to 200 million) (rememebr 1000 is 10kbps)
brust-normal (from 1000 to 51200000 default is 1500)
Brust-max is Excess Burst size
23
conform-action exceed-action action violate-action action
Conform-action what we will do with packet if its not exceed or equal to the rate we
specified
Exceed-action what we will do if we exceeded the allowed rate
Violate-action what we will do with packets violate the normal burst or max burst
Actions can be specified in conform or exceed or violate:

Drop
Transmit
Set (remark & transmit)
Example for set action:

Set-prec-transmit 5 5 <is new ip prece value will remark packet
set-qos-transmit 10 < is new group will remark packet
set-dscp-transmit af22 <is new dscp value will remark packet
Dual Token command

When we use commands violate-action and exceed-action thats mean we have two token
buckets in use
It will police CIR or PIR
police cir bc pir be

conform-action exceed-action violate-action
cir number from 8000 to 20 million

bc amount of bc used in first token
pir amount of pir used in second token
be amount of be in bytes
24
Shaping queues excess traffic rather than drop it
25
Shaping can be configured per interface traffic shaping or class-based traffic shaping
Per interface shaping
int s0/0
traffic-shape- rate 250000 4000 8000 4096
250000 number of bits allowed per second(Bit-rate)

4000 number of sustained bit can be send in specific time period (Burst Size)
8000 max number of bits can exceed Burst size
4096 buffer limit in bps from 0 to 4096
Class-based shaping
shape average/peak 128000 6000 3000
128000 cir in bps

6000 bc in bits
3000 be in bits
Link efficiency
Improve Link efficiency and make use of the most bandwidth on it.
Two ways to do that:

Compression
Link fragmentation interleaving LFI (useful in wan to prevent delay , jitter )
Link fragmentation interleaving LFI

in serialization delay we can see one 1500 packet is going out the hardware queue and there is
VOIP 64 packet behind it is waiting, solution is divide (fragmentation) this 1500 packet to small
packets and put the VOIP 64 packet right behind the first small packet fragmented so it can
leave quickly, the worst thing is we need to re write the headers so better to use it with slow
links = or less than 768kbps
If link bandwidth is more than that, then using LFI will be consider as anti-link efficiency
Why 768kbps?
10-15 ms is the max time to put VOIP packet in cable
If speed = or less than 768 and we put 1500 data packet it will take more than 15 ms
PPP Multilink lets us bundle multiple physical interfaces into a single logical interface.
We can use this to load balance
When we use PPP multilink we can bundle the two serial links into one logical layer 3 interface
and well do load balancing on layer 2. PPP multilink will break the outgoing packets into smaller
pieces, puts a sequence number on them and sends them out the serial interfaces.
Another feature of PPP multilink is fragmentation.
This could be useful when you are sending VoIP between the two routers.
26
Multilink PPP offers fragmenting the data packets and interleaving the voice packets between
the data fragments.
This way a large data packet will not delay a voice packet for too long.
ppp multilink fragment delay command lets us configure the maximum delay.
ppp multilink interleave command lets us enable interleaving
Compression
This simply means Compress data so not take much size ,BUT remember compression will cause
delay.
We can compress payload (not common used) or headers

Header compression compresses header only (work well when packets tend to be small)
Payload compression compresses header and user data
We can do this using

stacker utilize CPU
predictor utilize RAM
Microsoft Point-to-Point Compression (MPPC) good with Microsoft clients
All these types supported by ppp multilink
Header compress, we can be done using :

TCP compression
RTP compression useful with VOIP 40 bytes represent ( TCP , IP , RTP header) can be 4
bytes or 2 bytes ( by removing header checksum) , only sequence , acknowledgment
and windowing information in TCP will be changed.
policy-map MYMAP
class MYCLASS
compression header ip rtp/tcp
sh ip rtp header-compression
in case of ppp we can use

ppp multilink fregemnt-delay
ppp multilink interleave
27
QoS Hierarchical Queuing Framework (HQF)
The QoS Hierarchical Queuing Framework (HQF) feature enables you to manage quality of
service (QoS) at three different levels:
The physical interface level
The logical interface level
The class level
for QoS queuing and shaping mechanisms by using the modular QoS command-line interface
(MQC) to provide a granular and flexible overall QoS architecture.
Restrictions for QoS Hierarchical Queuing Framework

Service policies with queuing features cannot simultaneously coexist on child and parent
interfaces, such as tunnel and physical interfaces or sub interface and physical
interfaces.
If a queuing policy is applied on a tunnel interface, and if a queuing policy needs to be

applied on the physical interface on which the tunnel is built, the pmap on tunnel needs
to be removed before the pmap on the physical interface can be attached.
Queuing based QoS policies are not supported on LAG (port-channel) interfaces.
HQF is a logical engine used to support QoS features.

The HQF hierarchy is a tree structure that is built using policy maps.
When data passes through an interface using HQF, the data is classified so that it traverses the
branches of the tree. Data arrives at the top of the tree and is classified on one of the leaves.
Data then traverses down the hierarchy (tree) until it is transmitted out the interface at the root
(trunk).
28
For example, the following configuration builds the hierarchy shown in the figure 1
below:
policy-map class
class c1
bandwidth 14
class c2
bandwidth 18
policy-map map1
class class-default
shape average 64000
service-policy class
policy-map map2
class class-default
shape average 96000
map-class frame-relay fr1
service-policy output map1
map-class frame fr2
service-policy output map2
interface serial4/1
encapsulation frame-relay
frame-relay interface-dlci 16
class fr1
frame-relay interface-dlci 17
class fr2
Figure1. HQF Tree Structure (Hierarchical Policy with Queuing Features at Every Level)
You can apply class-based queuing to any traffic class in the parent or child level of a hierarchical
policy and obtain service levels for different sessions or subscribers.
29
Labs
IntSrv-RSVP Lab
Configure RSVP from R1 loop0 to R2 loop0

This reservation should be restricted to 400 kbps but no single reservation may exceed 180
kbps
R1
int loop0
ip add 1.1.1.1 255.255.255.0
ip rsvp bandwidth 400 180
int f0/0
ip add 10.1.12.1 255.255.255.0
R2
int loop0
ip add 2.2.2.2 255.255.255.0
int f0/0
ip add 10.1.12.2 255.255.255.0
400 means reserve 400kbps for all RSVP sessions

180 means specifies single reservation may NOT exceed 180 kbps
(Default 75% of bandwidth for single reservation is reserved)
30
Verification:
R1
R1(config)#ip rsvp sender-host 10.1.12.2 10.1.12.1 tcp 0 0 10 5
10.1.12.2 Receiver
10.1.12.1 Sender
tcp can be udp or ip also
0 destination port
0 source port
10 specifies 10kbps for session bandwidth
5 max of burst in kilo Bytes per second
R1(config)#do Show ip rsvp sender

To From Pro DPort Sport Prev Hop I/F BPS
10.1.12.2 10.1.12.1 TCP 0 0 none none 10K
In R2 lets configure to send reservation message

R2(config)#ip rsvp reservation-host 10.1.12.2 10.1.12.1 tcp 0 0 FF RATE 10 5
Command Purpose
Router# show ip rsvp interface [type number] Displays RSVP-related interface information.
Router# show ip rsvp installed [type number] Displays RSVP-related filters and bandwidth
information.
Router# show ip rsvp neighbor [type number] Displays current RSVP neighbors.
Router# show ip rsvp sender [type number] Displays RSVP sender information.
Router# show ip rsvp request [type number] Displays RSVP request information.
Router# show ip rsvp reservation [type Displays RSVP receiver information.
number]
31
Diffsrv Congestion Management labs
CQ Custom Queue Lab
Task 1
In R1
-all traffic generated from loop 0 should assigned to queue 1
-all IP traffic from R1 loop0 to R2 loop0 should be assigned to Queue 2
-all telnet traffic should be assigned to Queue 3
-all HTTP traffic should be assigned should be assigned to Queue 4
-TFTP should be assigned to Queue 5
-the rest of traffic should assigned Queue 6
Config t
queue-list 1 protocol ip 2 list 100
queue-list 1 interface lo0 1
queue-list 1 protocol ip 3 tcp 23
queue-list 1 protocol ip 4 tcp 80
queue-list 1 protocol ip 6 udp 69
queue-list 1 default 5
access-list 100 permit host 10.1.1.1 host 10.1.2.2
int f0/0
custom-queue-list 1
Unlike priority Queue PQ statements,

in CQ most general one must be in the bottom and the
most specific one must be in the top
show queueing-custom
32
Task 2
Lets consider that total bandwidth was 15000 Bytes
Configure R1 such that bandwidth is allocated as follow:
queue 1,2,6 should receive 10% of Bandwidth
queue 3,5 should receive 20% of Bandwidth
queue 4 should receive 30% of Bandwidth
config t
queue-list 1 queue 1 byte-count 1500
The default byte count is 1500 bytes.

Note: since 1500 bytes is the default for all queues, queue 1,2,6 will not
show in show queuing-custom output
1500 + 1500 +1500 +3000+3000 +4500 = 15000 Bytes
To find Bandwidth percentage:
1500/15000 = 0.1*100=10%
3000/15000=0.2*100= 20%
4500/15000=0.3*100= 30%
Byte-count means the average number of bytes the system allows to be delivered from a given
queue during a particular cycle.
We can use keyword limit instead of byte-count
Limit means maximum number of packets allowed in each of the custom queues
33
PQ priority Queue Lab

Same CQ topology
In R1
-all traffic generated from loop0 interface should be assigned to High Queue
-all IP traffic from R1 loop0 to R2 loop0 should be assigned to Low Queue
-all HTTP traffic should be assigned should be assigned to Medium Queue
-TFTP should be assigned to Normal Queue
-the rest of traffic should assigned Low Queue
Note: High Queue = Highest Priority and so on

Access-list 100 permit ip 10.1.1.1 0.0.0.0 10.1.2.2 0.0.0.0
priority-list 1 protocol ip low list 100

priority-list 1 interface loop0 high
priority-list 1 protocol ip medium tcp 80
priority-list 1 protocol ip normal udp 69
priority-list 1 default low
int f0/0
priority-group 1
sh queueing priority
Default Priority Queue Packet Limits
A value of 0 for any of the four arguments means that the queue can be of unlimited size for
that particular queue.
Lets say we want to change the queues sizes based on the following :
High = 80
Medium = 60
Normal = 40
Low = 20
priority-list 1 queue-limit 80 60 40 20
34
WFQ Lab
In R1 s0/0 the congestive discard threshold value should be set to 128 and Only 512 dynamic
queues should be created , max number of packets that WFQ can hold for all queues is 1200
R1#sh int s0/0 | i Queueing strategy|Output queue|Conversations

Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
R1#sh queueing fair

Current fair queue configuration:
Interface Discard Dynamic Reserved Link Priority

threshold queues queues queues queues
Serial0/0 64 256 0 8 1
Serial0/1 64 256 0 8 1
R1
int s0/0
fair-queue 128 512
hold-queue 1200 out
R1#sh int s0/0 | i Queueing strategy|Output queue|Conversations

Queueing strategy: weighted fair
Output queue: 0/1200/128/0 (size/max total/threshold/drops)
Conversations 0/1/512 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
35
CBWFQ Lab
Same CQ topology
Remember
CBWFQ extend the WFQ functionality to support user-defined classes
CBWFQ reserves multiple FIFO queues in the WFQ system.
The default queue limit is 64 , after that packets will be tail dropped.
WRED can be used with CBWFQ to prevent congestion.
CBWFQ guarauntess bandwidth according to weights assigned to different
classes in MQC.
Weights defined based on bandwidth , bandwidth percent and bandiwdth
remaining percent keywords.
By default only 75% of bandwidth can be defined .
Task 1
Configure R1 so when congestion happen, the specified amount of bandwidth is allocated to the
following protocols in f0/0:
TFTP traffic should have minimum of 2 Mbps

HTTP traffic should have minimum of 5 Mbps
FTP traffic should have minimum of 3 Mbps
Any outbound traffic calls to URL www.cbtme.com should have a minimum of 6 Mbps
R1
Config t
ip cef
class-map TFTP
match protocol tftp
class-map URL
match protocol http host www.cbtme.com
class-map HTTP
match protocol http
class-map FTP
match protocol ftp
policy-map TST
class TFTP
bandwidth 2000
class URL
bandwidth 6000
class HTTP
bandwidth 5000
class FTP
bandwidth 3000
36
int f0/0
serivce-policy out TST
show policy-map interface f0/0
Task 2
Configure max queue size for the calls made to www.cbtme.com to 128 packets
policy-map TST
class URL
queue-limit 128
sh policy-map interface f0/0 | i Max Threshold

Bandwidth 2000 (kbps)Max Threshold 64 (packets)
Task 3
configure remaining traffic to use fair-queue

set dynamic queues for remaining traffic to 1024
policy-map TST
class class-default
fair-queue 1024
sh policy-map interface f0/0 | i Flow Based |Maximum Number of Hashed Queues
Flow Based Fair Queueing

Maximum Number of Hashed Queues 1024
37
Task 4
lets repeat this lab with following tasks
Configure R1 for
TFTP up to 25% of available Bandwidth
HTTP up to 35% of available Bandwidth
FTP up to 20% of available Bandwidth
class-map TFTP
match protocol tftp
class-map HTTP
match protocol http
class-map FTP
match protocol ftp
policy-map TST
class TFTP
class HTTP
class FTP
int f0/0
service-policy out TST
If you use bandwidth then you cannot use bandwidth percent in same
policy map
Notice 25+35+20 = 80% while be default 75% of bandwidth is what we can play with
So ftp need 20% while remaining is 15%
To change this behavior
int f0/0
max-reserved-bandwidth 85
38
Convert CQ to CBWFQ:
Convert the following CQ list to CBWFQ for int f0/0
queue-list 1 protocol ip 1 tcp www

queue-list 1 protocol ip 2 tcp telnet
queue-list 1 protocol ip 3 tcp smtp
queue-list 1 default 4

Answer:
Calculate the total configured Byte-count used by the Custom Queue:
3000+4500+4500+3000= 15000
Calculate the percentage of the bandwidth assigned to each protocol based on the total Byte-
count:
www=3000/15000 * 100 = 20% of Bandwidth
telnet=4500/15000 * 100 = 30% of Bandwidth
smtp=4500/15000 * 100 = 30% of Bandwidth
rest of traffic=3000/15000 * 100 = 20% of Bandwidth
As we can see total is 100% so we need to modify max reserved bandwidth on the interface
int f0/0
class-map WWW
match protocol http
class-map TELNET
match protocol telnet
class-map SMTP
match protocol smtp
policy-map TST
class WWW
class TELNET
class SMTP
class class-default
int f0/0
39
LLQ Lab
Same CQ topology
LLQ brings strict priority queuing to CBWFQ , this allows time delay sensitive
traffic such as voice to be queued and sent first before any other packets.
Unlike its legacy counterpart PQ , it ONLY use single queue and its NOT subject
to starvation.
tftp 15% of Bandwidth

http 25% of Bandwidth
ftp 20% of Bandwidth
Traffic with IP Prece of 5 should be allocated 25% of Bandwidth, this traffic type should ensure
with expedited forwarding , traffic exceeding this threshold must be dropped.
ip cef
class-map TFTP
match protocol tftp
class-map HTTP
match protocol http
class-map FTP
match protocol ftp
class-map PERC5
match ip precedence 5
policy-map TST
class TFTP
class HTTP
class FTP
class PERC5
priority percent 25
int f0/0
Notice with LLQ we use priority & priority-percent commands
Priority command is like bandwidth command in CBWFQ

Priority percent command is like bandwidth percent command in CBWFQ
show policy-map interface f0/0
40
This table lists the functional differences between the Bandwidth and Priority commands:
41
Congestion avoidance labs

WRED Lab
Configure R1:
class-map Priority with ip precedence 4 , Bandwidth Guaranteed 35%
class-map Bulk with ip precedence 2 & 3 , Bandwidth Guaranteed 25%
class-map Best-effort with ip precedence 0 & 1 , Bandwidth Guaranteed 20%
WRED drop probability each class-map is as per default for the

Precedence value/s
R1
class-map Best-effort
match ip precedence 0 1
class-map Bulk
match ip precedence 2 3
class-map Priority
match ip precedence 4
policy-map TST
class Best-effort
random-detect
random-detect precedence 0 20 40 10
class Bulk
random-detect
class Priority
random-detect
int f0/0
max-rserved-bandwidth 80
42
By default WRED is precedence based and uses 8 default WRED profiles , one for each
IP Prec value.
If we change it to be DSCP based it will use up to 64 profiles
to change per interface :
int f0/0
Lets configure WRED if its dscp based
class-map Priority with dscp AF21 , Bandwidth Guaranteed 35%

class-map Bulk with dscp AF22 , Bandwidth Guaranteed 25%
class-map Best-effort with dscp AF23 , Bandwidth Guaranteed 20%
WRED drop probability for each class-map is as the following :
class-map Priority
Enable ENC
class-map Bulk
Min Threshold= 30
Max Threshold= 40
MPD= 1 out of 18
Min Threshold= 26
Max Threshold= 40
MPD= 1 out of 10
R1
match ip dscp af23
class-map Bulk
match ip dscp af22
class-map Priority
match ip dscp af21
policy-map TST
class Best-effort
43
class Bulk
class Priority
random-detect dscp ecn
int f0/0
max-rserved-bandwidth 80
What is ECN?
its extension to WRED , it marks packets instead of dropping them when the average
queue length exceeds a configured threshold value/
Routers and hosts could use this marking as signal that the network is congested and
slow down sending packets
44
Policing & Shaping

Class based policing lab
Task 1
Configure R1 f0/0 with the following policy:
HTTP , FTP , ICMP traffic should be rate limited to 10 Mbps outbound
Telnet , SMTP should be limited to 8 Mbps
Traffic exceeding these thresholds should be dropped and traffic conforming to these
threshold shoudl be transmitted
Do not use access-list ( That is why will use NBAR in the following answer )
R1
class-map match-any qos1 (remember if match-any not configured , match-all is default)
match protocol http
match protocol ftp
match protocol icmp
class-map match-any qos2

match protocol smtp
policy-map tst
class qos1
police 1000000 conform-action transmit exceed-action drop
notice when configure rate-limit the normal-burst & maximum burst must be
configured , when use police command we do not need to and system will use CIR/32
or 1500 bytes whichever one is higher as the normal burst.
class qos2
int f0/0
service-policy out tst
show policy-map int f0/0
45
Task 2
Configure R2 f0/0 for :
Outgoing telnet traffic should be limited to 10Mbps , this traffic should be configured
with min amount of normal burst
Outgoing tftp traffic should be limited to 8Mbps with 40000 bps of normal burst
Both telnet and tftp traffic exceeding this policy shoudl be dropped and if they conform
they should be transmitted
Do not use ACL
class-map telnet
class-map tftp
match protocol tftp
policy-map tst
class telnet
police 1000000 1000 conform-action transmit exceed-action drop
class tftp
police 8000000 5000 conform-action transmit exceed-action drop
int f0/0
If you type show policy-map interface f0/0

You will find in the last lines , Class-map class-default this entry automatically created , its
the catch-all condition which mean any traffic you did not specified will follow this class
46
Task 3
R1 has two servers connected to f0/1
Server1 mac add 0000.1111.1111
Server2 mac add 0000.2222.2222
Traffic with source mac-address of server1 must be policed 1mb

Traffic with source mac-address of server2 must be policed 2mb
Traffic of these servers should only be transmitted out of f0/1 if they conform the policy
We cannot use match source-address mac since it applied to inbound only , instead
we will use mac address access-list
R1
access-list 700 permit 0000.1111.1111
access-list 701 permit 0000.2222.2222
class-map server1
match access-group 700
class-map server2
policy-map tst
class server1
class server2
int f0/1
47
Task 4
Ensure http , ftp , icmp traffic on R3 f0/0 is policed 10 Mbps in weekdays from 11:00 am to 3:00
am , traffic transmit only if conform the policy
R3
time-rane weekdays
periodic weekdays 11:00 to 15:00
access-list 100 permit tcp any any eq www time-range weekdays

access-list 100 permit icmp any any time-range weekdays
access-list 100 permit tcp any any eq 20 time-range weekdays

access-list 100 permit tcp any any eq 21 time-range weekdays
class-map qos
policy-map tst
class qos
police 1000000 conform-action trans exceed-act drop
int f0/0
48
Task 5
http traffic up to 1 mb should be sent as is

http traffic exceeding 1mbps up to 2mbps should be marked with ip prece 4 and
transmitted
http traffic exceeding 2mbps should be dropped
class-map HTTP
match protocol http
policy-map tst
class HTTP
police cir 10000000 pir 20000000 conform-action transmit exceeded-action set-prece-trans 4
violate-action drop
int f0/0
Task 6
Users in vlan 22 connect to web server 10.1.12.100 ensure that this traffic is policed to 30
percent of the bandwidth of f0/1 interface
access-list 100 permit tcp 10.1.22.0 host 10.1.12.100 eq 80
class-map www
policy-map tst
class www
police cir percent 30
int f0/1
Task 7
Configure R2 to
Traffic up to 10mb should be sent as is
Traffic exceeding 10mbps up to 20 mbps should be marked with ip prec 4and
transmitted
Traffic exceeding 20 mbps should always be dropped
policy-map tst
class class-default
police cir percent 10 pir percent 20 conform-action trans exceed-action set-perc-trans 4
violation-act drop
int f0/0
49
Class based shaping lab
Traffic from R1 to R2 should be shaped to 16000bps , Tc should be 4 seconds
tc=bc/cir
bc= tc * cir = 4*16000
task did not ask for Be so it will be 0
policy-map tst
class class-default
shape average 16000 64000 0
int f0/0
Show policy-map interface
50
Control plane policing lab
R1 f0/0 10.1.1.1/24 loop 1.1.1.1/8

R2 f0/0 10.1.1.2/24
VTY connections & RIPv2 is enabled on both routers
Task 1
R2 must be configured with policing for icmp echo request messages to rate limit it up to 50kbps
using control plane policy
access-l ist 120 permit icmp any any echo
class-map icmp
policy-map tst
class icmp
polcie 50000 conform transmit exceed drop
control-plane
service-policy in tst
show policy-map control-plane
ping 10.1.1.2 size 1500
51
Task 2
R2 should allow telnet connections only to ip 1.1.1.1
access-list 130 permit tcp any host 10.1.1.1 eq telnet
class-map telnet
policy-map tst
class telnet
drop
control-plane
servivce-policy out tst
from r2
telnet 10.1.1.1
telnet 1.1.1.1
Task 3
In R2 enable control plane logging feature for all dropped packets:
class-map type logging match-any test

match packets dropped
policy-map type logging tst

class test
log
control-plane
service-policy type logging in tst
from r1
ping 10.1.1.2 size 1500
show control-plane features
52
Configuring NBAR to filter URL , Host and MIME Lab
First we will need to create few files in R3 to deal with it later as its website files
Create website files
R3#tclsh
R3(tcl)#puts [open "flash:yt.jpg" w+] {kokowawa }
R3#tclsh
R3(tcl)#puts [open "flash:index.html" w+] {kokowawa }
R3(tcl)#exit
R3#sh flash:
R3
ip host www.youtube.com 80.80.80.80
ip http server
no ip http secure-server
ip http path flash:
ip dns server
sh ip http server status
R2
ip name-server 10.23.23.3
ip domain-lookup
R1
ip name-server 10.23.23.3
ip domain-lookup
53
Lets say we need to implement the following :

Block Any host with Google keyword like http://mail.google.com ,
http://www.google.com.ae
Block Any URL contains any file type with .jpeg or .jpg or .html like
Block All image MIME type
Drop any http call to server 200.200.200.2/24
Block host named R3.CBTME.COM
R2
class-map match-any cbtme
match protocol http host *google*
match protocol http url "*.jpeg|*.jpg|*.html"
match protocol http host R3.CBTME.com*
match protocol http mime image*
!
!
policy-map auda
class cbtme
drop
interface FastEthernet0/0
service-policy input auda
To verify:
R1#copy http://80.80.80.80/yt.jpg null:
%Error opening http://80.80.80.80/yt.jpg (I/O error)
R3#sh ip http server history
HTTP server history:

local-ipaddress:port remote-ipaddress:port in-bytes out-bytes end-time
80.80.80.80:80 10.12.12.1:29610 3 122 00:58:56 03/01 (before)

80.80.80.80:80 10.12.12.1:15108 0 0 01:02:26 03/01 (after)
54
Explanation
NBAR common used [Match] commands
match protocol traffic from specific protocol ( this enable NBAR)
match access-group traffic match this acl
match destination-address mac traffic destined to this mac address
match source-address mac traffic sourced with this mac address
match input-interface traffic come from this interface
match ip prece ipv4 traffic with specific ip prec value
match prece ipv6 traffic with specific ip prec value
MATCH PROTOCOL HTTP HOST
match protocol http host *youtube*
! This would match anything in youtube.com like http://www.youtube.com or

http://video.youtube.com
!
match protocol http host *google*
! This would match anything with google in the host like http://mail.google.com or
http://www.google.com.au
!
match protocol http host google*
! This would match http://google.com but not http://video.google.com
Lets set up R2 to filter based on a host.
class-map cbtme
match protocol http host 80.80.80.80
clear counters f0/0
55
MATCH PROTOCOL HTTP URL

We can match strings AFTER the host portion of a URL using the match protocol http url
command. It also takes a regular expression as an argument. For example:
match protocol http url *video*

! This would match http://www.cisco.com/video/index.php or
http://www.google.com/stuff/video.html
!
match protocol http url video*
! This would match http://www.cisco.com/video but not
http://www.cisco.com/stuff/video.html
! because stuff precedes the video portion of the url and in the expression above we have said
! it has to start with the string video
!
match protocol http url *.jpeg|*.jpg|*.gif
! This would match any .jpeg or .jpg or .gif extention in the url
Lets set up R2 to match based on a URL.
class-map cbtme
match protocol http url *.jpg
clear counters f0/0
MATCH POROTOL HTTP MIME

We can also use the match protocol http mime to match internet mime types. The mime type
has to be the same mime type that the web server responds with. For a list of valid mime types
check out: http://www.sfsu.edu/training/mimetype.htm. Lets look at an example:
match protocol http mime image/jpeg

! This would match jpeg,jpg,jpe,jfif,pjpeg, and pjp types
!
match protocol http mime image/jpg
! This would not match anything as it is not a proper mime type. Get a list of the mime types
! here: http://www.sfsu.edu/training/mimetype.htm
!
match protocol http mime image*
! This would match all image mime types
!
match protocol http mime application/x-shockwave-flash
! This would not only match swf flash movies, but all of flash.
Lets set up R2 to filter the image/jpeg mime type:
R2(config)#class-map MATCH-HTTP
R2(config-cmap)#no match protocol http url *.jpg
R2(config-cmap)#match protocol http mime image/jpeg
56
Challenge:
Explain what each command will do if we apply this class-map on egress interface ?
class-map match-any cbtme

match protocol http host *youtube.com*|*video.google.com*
match protocol http mime video/flv|video/x-flv|video/mp4|video/x-m4v|audio/mp4a-latm
match protocol http mime video/3gpp|video/quicktime
match protocol http url *.flv|*.mp4|*.m4v|*.m4a|*.3gp|*.mov
match protocol http mime application/x-shockwave-flash
match protocol http url *.swf
Resources:
http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm
http://packetlife.net/blog/2008/jul/30/policing-versus-shaping/
https://networklessons.com/quality-of-service/qos-traffic-shaping-explained/
https://networklessons.com/quality-of-service/qos-traffic-policing-explained/
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos/config_library/15-mt/qos-15-mt-
library.html
https://packetpushers.net/how-does-qos-work/
http://lostintransit.se/category/qos/
http://packetlife.net/blog/category/quality-service/
Free Cisco Video Training for CBWFQ, LLQ

http://www.cisco.com/c/dam/en_us/training-events/le31/le46/cln/qlm/CCNP/ont/CBWFQ-
and-LLQ_2/player.html
Commercial book:
http://www.ciscopress.com/store/end-to-end-qos-network-design-quality-of-service-for-
9780133116106
Commercial videos:
http://www.ciscopress.com/store/end-to-end-quality-of-service-network-design-livelessons-
9781587144127
Good Luck
CCIE & CCSI: Yasser Auda
https://www.facebook.com/YasserRamzyAuda
https://learningnetwork.cisco.com/people/yasserramzy
https://www.youtube.com/user/yasserramzyauda
57

Introduction To QoS

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Introduction To QoS

Uploaded by

Copyright:

Available Formats

Introduction to QoS CCIE & CCSI: Yasser Ramzy Auda

Network Quality Issues

2-Slowest Link Rule

Lets say we had the following topology:

Maximum Available Bandwidth = Bandwidth of the slowest Link = 64 Kb

To Solve This Issue we can do one of two things:

2- Use QoS technics such as

This time or period depend on many factors like

This Time This time or period depend on many factors like

Methods to prevent Delay

Methods to accelerating Delay sensitive packets

Impact of Packet Loss

Routers could drop packets in following situations:

Methods to Prevent Packet Loss ( Drop sensitive App Packets )

So Again what is QoS ?

Steps to create QoS

Lets talk in details a little bit about each step

In step two & three we can have table like this

VOICE 5 Min BW of 1 Mbps LLQ

Best Effort no QoS is applied to packets

IntServ Integrated services

What is RED & WRED?

What is Policing & Shaping?

DiffServ had everything else :

Modular QoS CLI (MQC) Steps:

Class-map match-any Yasser

Classification & Marking

COS Bit Use to mark which Traffic Type

DSCP (differentiated services code point)

000 Pre-Hop-Behavior PHB provide Major classification same as IP Prece

Cisco Recommended no more than eleven class of traffic

PHB can be 3 things:

Remember 6,7 are reserved .

Remember this exception:

Ip Precedence TOS 0 000 Routine

Network Based Application Recognition (NBAR)

After traffic classified by NBAR we can :

NBAR use CEF in forwarding process

List of PDLM files available : http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm

To add PDLM file after download from cisco:

Displays the PDLM in use by NBAR.

Show ip nbar port-map

This length can be adjusted using :

Reduce the size of hardware queue has two benefits :

The tx-ring state (full, not-full) is an indication of hardware interface congestion

show controllers serail 0/0

First-in, first-out (FIFO) queuing

Priority queuing (PQ)

Custom queuing (CQ)

Flow-based weighted fair queuing (WFQ)

Class-based weighted fair queuing (CBWFQ)

Low-latency queuing (LLQ)

PQ (Strict Priority) where we will have 4 queues

Packet in PQ can be classified according to:

Weighted Round Robin WRR

WFQ Flow-Based weighted fair queue

16 = number of dynamic queue used for best effort conversations

0 = number of RSVP reservations ,

WFQ run with two modes of dropping:

CBWFQ Class-Based weighted fair queue

Available Bandwidth is calculated according to following formula:

BW available = BW * Maxreservable SUM(all fixed Guarantees)

BW is configured using the interface Bandwidth command