7-Application Experience and QoS PDF

Application Experience and
QoS
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application Recognition
Cloud Data Deep Packet Inspection Engine
Center
App 1
App 2
App 3,000
vEdge Router
MPLS INET
Data
3G/4G Center
Primary Use Cases:
- Application visibility
Small Office - Application Firewall
Home Office - Traffic prioritization
Campus
- Transport selection
Branch
Bidirectional Forwarding Detection (BFD)
• Path liveliness and quality measurement
vEdge
detection protocol
- Up/Down, loss/latency/jitter, IPSec tunnel
MTU
• Runs between all vEdge and vEdge Cloud
routers in the topology
- Inside IPSec tunnels
vEdge vEdge - Automatically invoked after each IPSec tunnel
establishment
- Cannot be disabled
• Uses hello (up/down) interval, poll (app-aware)

interval and multiplier for detection
- Fully customizable per-vEdge, per-color
vEdge vEdge
BFD – Tunnel Down
Multiplier = 7
BFD Probe
Hello Interval (ms)
• Each vEdge router generates BFD packet every • Hello interval and multiplier determine how
“hello” interval for path liveless detection many BFD packets need to be lost to declare
IPSec tunnel down
• BFD packets are generated for each transport
individually. Timers can be adjustment for quicker • Multiplier = 7 by default
detection.
BFD - Transport SLA Monitoring
App-Route Multiplier (6)
Poll Interval Poll Interval Poll Interval (ms)
vEdge Router
Hello Interval (ms) BFD Probe
• Each vEdge router generates BFD packet • Poll interval determines the average path
every “hello” interval for path quality quality measurement (loss, latency, jitter)
• BFD packets are generated for each transport • App-route multiplier determines the average
individually. Timers can be adjustment for path quality measurement across the poll
quicker detection. intervals
Critical Applications SLA
Application Aware Routing
 By default, without any local or centralized vManage
data policies, App Aware Routing Policy
- Cisco SDWAN performs flow-based load App A path must have
sharing across all transports available between
the vEdge routers latency <150ms and loss <2%
 With Policies:
- Enforce SLA compliant path for applications of
vSmart Controllers
interest
- Other applications will follow active/active
behavior across all paths
Internet
vEdge vEdge
Path 2 MPLS
App A
4G LTE
Path1: 10ms, 0% loss
Path2: 200ms, 3% loss IPSec Tunnel
Path3: 140ms, 1% loss
Control Plane
Optimal Network Utilization for App Traffic
Path MTU Discovery
 Automatic and proactive Network Path  Automatic MSS adjust for TCP traffic
MTU Discovery leveraging BFD protocol - Can also be manually configured
 Support for Host Path MTU Discovery  IP ICMP Unreachable (type 3, code 4)
Transport1
vEdge Transport2 vEdge
Network Path IPSec Tunnel

MTU Discovery
Host Path
MTU Discovery
Example
App Policy applied with DSCP EF
preferred path MPLS, rest is default
Simulation with DSCP 0(default)
App Policy applied with DSCP EF

preferred path MPLS
Simulation with DSCP 46 (EF)
QoS
vEdge Router Device QoS Overview
Data Policy
vManage Classification of application traffic into QoS
forwarding classes (queues)
Ingress Interface Egress Interface

QoS forwarding QoS
classes Scheduler
FC Q
In FC Q Out
FC Q
Policing Map into FCs Policing Shaping Bandwidth %

Buffer %
Scheduling Priority
Rewrite inner DSCP Map into Rewrite outer DSCP Drop
Egress Queue
Queueing
• Classification
- Flow match on 6-tuple (ACL, Data Policy)
vEdge - Application match on DPI (Data Policy)
Q0 • Per-Egress Interface Queuing
Egress Interface
Ingress Interface
Q1 - Q0 is LLQ
Q2 - vEdge control traffic (DTLS/TLS, BFD, routing
protocols) goes into Q0
o Not subjected to LLQ policer
Q7
• Scheduling for Q1-Q7 is WRR*
- Bandwidth percent determines queue weight
- Unused Q0 bandwidth is distributed between other
Classification Queuing queues
• Queue drop is RED** or tail-drop

- Linear drop probability, i.e. X% queue depth results
* Weighted Round-Robin in X% drop probability
** Random Early Discard
Shaping
Rate
Tokens • Shaping effective on egress physical
Token Bucket interfaces
- Not supported on sub-interfaces
• Forward traffic that conforms to
Egress Interface
Ingress Interface
configured shape rate

- There are tokens in the bucket
• Queue traffic that exceeds configured

shape rate
- There are no tokens in the bucket
- Weighted Round-Robin
Shaping Queuing
Policing
• Ingress and Egress Policing
Rate
Tokens
- Interface/Sub-Interface based
Token Bucket - DPI or 6 tuple matching using
centralized or localized data policy
• Forward traffic that conforms to

configured policer rate
Egress Interface
Ingress Interface
- There are tokens in the bucket
• Drop traffic that exceeds configured

policer rate
• Configurable Burst Rate

Classification Policing Queuing - Token bucket depth
Policing with Packet Loss Priority
Rate
Tokens
Token Bucket
• Set PLP=High value for traffic that

exceeds configured policer rate
- Default is PLP=Low
TLOC A
• Data policy can match on PLP high
Policing value and set different local TLOC
- Decision is taken on per-packet level
• Non-conforming traffic spills over to

a different circuit
TLOC B
Marking and Re-marking
Default Behavior • Comply with service providers

provisioned classes of service
• Ingress Classification
- DPI or 6 tuple matching using centralized
or localized data policy
Egress Interface
Ingress Interface • Ingress interface marks/re-marks inner
DSCP bits
DSCP
DSCP
DSCP
• Inner DSCP bits are copied to the outer

DSCP bits
Modify with
• Egress interface re-write rules remark
ACL/Data Policy
Modify with outer DSCP bits
re-write rules
Behavior Changes with QoS Data Policy
When you want to modify the default packet forwarding flow, you design and provision QoS policy
Forwarding Classes and Scheduler
Map Forwarding Class to Output queues
• You can classify incoming traffic by

Voice Q0 associating each packet with a
Q1 forwarding class.
Critical-data Q2 • Forwarding classes group data packets
Best Effort Q3
for transmission to their destination.
Q4
Q5
• Based on the forwarding class, you
Q6 assign packets to output queues.
Q7 • The vEdge routers service the output
queues according to the associated
policy forwarding, scheduling, and rewriting
class-map
class best-effort queue 3 policies you configure.
class critical-data queue 2
class voice queue 0
QoS Scheduler
Configure Scheduler – Bandwidth allocation
• You can configure a QoS map for

Q0 20%
each output queue to specify the
bandwidth, delay buffer size, and
packet loss priority (PLP) of output
Q2 30% queues.
• The Viptela software supports eight
queues, which are numbered 0 to 7.
Q4 40% Queue 0 is reserved, and is used for
both control traffic and low-latency
queuing (LLQ) traffic.
Apply the Queue Map to an Egress Interface
QoS
Scheduler
Out
Q
Q
Q
Shaping Bandwidth %
Buffer %
WARNING: Scheduling Priority
QoS shaping rates might be Drop
inaccurate for rates less than 2
Mbps. [VIP-3860]
Apply the Queue Map to an Egress Interface
QoS
Scheduler
Out
Q
Q
Q
Shaping
Bandwidth %
Buffer %
Scheduling Priority WARNING:
Drop QoS shaping rates might be
inaccurate for rates less than 2
Mbps. [VIP-3860]
Configuration
• Ingress
• Use a localized policy with ACL
• Or use a Global Data Policy
• Match application, group or prefix etc
• Action: set DSCP and select Forwarding Class
• Egress
• class-map
• qos-scheduler
• Apply on egress interface
Configure Class-Map and Scheduler (1/2)
Step1: Configure forwarding classes and mapping to output queues Step2: Configure the QoS scheduler forwarding classes
policy
policy qos-scheduler be-scheduler
class-map class best-effort
class best-effort queue 3 bandwidth-percent 20
buffer-percent 20
class bulk-data queue 2 scheduling wrr
class critical-data queue 1 drops red-drop
class voice queue 0 !
qos-scheduler bulk-scheduler
class bulk-data
bandwidth-percent 20
buffer-percent 20
scheduling wrr
drops red-drop
!
qos-scheduler critical-scheduler
class critical-data
buffer-percent 40
scheduling wrr
drops red-drop
!
qos-scheduler voice-scheduler
class voice
buffer-percent 20
scheduling llq
drops tail-drop
Configure Class-Map and Scheduler (2/2)
Step 3: Define QoS Map by grouping QoS Schedulers.
policy
qos-map MyQoSMap
qos-scheduler be-scheduler
qos-scheduler bulk-scheduler
qos-scheduler critical-scheduler
qos-scheduler voice-scheduler
Step 4: Apply the QoS map to the egress interface
interface ge0/1
shaping-rate 5000
qos-map MyQoSMap
Classify Traffic into Classes
Step1. Define an Access List to Classify Data Packets into Step2. Apply the Access List to an Interface
appropriate Forwarding Classes
policy vpn 10
access-list MyACL
sequence 10
interface ge0/0
match access-list MyACL in
dscp 46
! !
action accept
class voice
!
!
sequence 20
match
source-ip 10.1.1.0/24
destination-ip 192.168.10.0/24
!
action accept
class bulk-data
set
dscp 32
!
!
!
sequence 30
match
destination-ip 192.168.20.0/24 Or use Global Data Policy and assign traffic
to Forwarding Class
!
action accept
class critical-data
set
dscp 22
!
!
!
sequence 40
action accept
class best-effort
set
dscp 0
!
!
!
default-action drop
Rewrite Rule
• This example shows how to configure the rewrite rule to
overwrite the DSCP field of the outer IP header.
policy
rewrite-rule transport • Here the rewrite rule "transport" overwrites the DSCP value
class af1 low dscp 3 for forwarding classes based on the drop profile.
class af1 high dscp 4
class af2 low dscp 5 • Since all classes are configured with RED drop, they can
class af2 high dscp 6 have one of two profiles: high drop or low drop.
class af3 low dscp 7
class af3 high dscp 8 • The rewrite rule is applied only on the egress interface, so
class be low dscp 1 on the way out, packets classified as "af1" and a Packet
class be high dscp 2 Loss Priority (PLP) level of low are marked with a DSCP
! value of 3 in the IP header field, while "af1" packets with a
! PLP level of high are marked with 4. Similarly, "af2" packets
with a PLP level of low are marked with a DSCP value of 5,
while "af2" packets with a PLP level of high are marked with
6, and so on.
Classification using Global Data Policy
TCP Optimization
TCP Optimization
Optimized
TCP Connections TCP Connections TCP Connections
SD-WAN
Fabric
Users vEdge vEdge Application
Router High Latency / Lossy Path Router Servers
• High latency or/and lossy path between • Optimized TCP connections use selective
users and applications, i.e. geo-distances acknowledgements to prevent unnecessary
retransmissions of received segments
• vEdge routers terminate TCP sessions and
provide local acknowledgements • Hosts using older TCP/IP stacks will see the
- Hosts don’t have to wait for end-to-end TCP most benefit
ACKs and pause TCP transmission
Optimal MTU with Host PMTUD
IP MTU 1500 Bytes SD-WAN
Service Side Transport Side Fabric
Host vEdge Transport(s)

Network
Automatic Tunnel MTU

Discovery using BFD
DF=1 Fragmentation
Host
Packet
1500B Needed
Adjust IP MTU
Inner Outer
Packet DF=1 No (DF=1) DF=1 No
< 1500B Fragmentation Fragmentation
Packet Fragmentation
IP MTU 1500 Bytes SD-WAN
Service Side Transport Side Fabric
Host vEdge Transport(s)

Network
Automatic Tunnel MTU

Discovery using BFD
Inner Outer
Host
Packet DF=0 Fragmentation (DF=0) DF=1
1500B Needed
Fragment
 vEdge routers perform fragmentation then encapsulation

 Reassembly is done by the server
Optimal MTU with TCP MSS Adjust
MTU
MTU <1500 Bytes MTU
1500 Bytes 1500 Bytes
IPSec
Host vEdge vEdge Application
Router SD-WAN Fabric Router Servers
Signaled MSS Signaled MSS
1460B MSS Adjust 1320B Send MSS
to 1320B 1320B
Signaled MSS Signaled MSS
Send MSS 1320B MSS Adjust 1460B
1320B to 1320B
 Send TCP MSS is min (local link IP MTU - 40B*, signaled MSS value)
- Signaled in SYN packets
 Can manually set TCP MSS value on vEdge router
- Per-interface

7-Application Experience and QoS PDF

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

7-Application Experience and QoS PDF

Încărcat de

Drepturi de autor:

Formate disponibile

Application Experience and

• Uses hello (up/down) interval, poll (app-aware)

Hello Interval (ms)

Poll Interval Poll Interval Poll Interval (ms)

Hello Interval (ms) BFD Probe

vEdge Transport2 vEdge

Network Path IPSec Tunnel

App Policy applied with DSCP EF

Ingress Interface Egress Interface

Policing Map into FCs Policing Shaping Bandwidth %

Q0 • Per-Egress Interface Queuing

• Queue drop is RED** or tail-drop

• Forward traffic that conforms to

configured shape rate

• Queue traffic that exceeds configured

• Forward traffic that conforms to

- There are tokens in the bucket

• Drop traffic that exceeds configured

• Configurable Burst Rate

• Set PLP=High value for traffic that

• Non-conforming traffic spills over to

Default Behavior • Comply with service providers

• Inner DSCP bits are copied to the outer

• You can classify incoming traffic by

Configure Scheduler – Bandwidth allocation

• You can configure a QoS map for

Step 3: Define QoS Map by grouping QoS Schedulers.

Step 4: Apply the QoS map to the egress interface

Host vEdge Transport(s)

Automatic Tunnel MTU

Host vEdge Transport(s)

Automatic Tunnel MTU

Packet DF=0 Fragmentation (DF=0) DF=1

 vEdge routers perform fragmentation then encapsulation

S-ar putea să vă placă și