Documente Academic
Documente Profesional
Documente Cultură
QoS
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Application Recognition
Cloud Data Deep Packet Inspection Engine
Center
App 1
App 2
App 3,000
vEdge Router
MPLS INET
Data
3G/4G Center
Primary Use Cases:
- Application visibility
Small Office - Application Firewall
Home Office - Traffic prioritization
Campus
- Transport selection
Branch
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Bidirectional Forwarding Detection (BFD)
• Path liveliness and quality measurement
vEdge
detection protocol
- Up/Down, loss/latency/jitter, IPSec tunnel
MTU
• Runs between all vEdge and vEdge Cloud
routers in the topology
- Inside IPSec tunnels
vEdge vEdge - Automatically invoked after each IPSec tunnel
establishment
- Cannot be disabled
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
BFD – Tunnel Down
Multiplier = 7
BFD Probe
• Each vEdge router generates BFD packet every • Hello interval and multiplier determine how
“hello” interval for path liveless detection many BFD packets need to be lost to declare
IPSec tunnel down
• BFD packets are generated for each transport
individually. Timers can be adjustment for quicker • Multiplier = 7 by default
detection.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
BFD - Transport SLA Monitoring
App-Route Multiplier (6)
vEdge Router
• Each vEdge router generates BFD packet • Poll interval determines the average path
every “hello” interval for path quality quality measurement (loss, latency, jitter)
• BFD packets are generated for each transport • App-route multiplier determines the average
individually. Timers can be adjustment for path quality measurement across the poll
quicker detection. intervals
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Critical Applications SLA
Application Aware Routing
By default, without any local or centralized vManage
data policies, App Aware Routing Policy
- Cisco SDWAN performs flow-based load App A path must have
sharing across all transports available between
the vEdge routers latency <150ms and loss <2%
With Policies:
- Enforce SLA compliant path for applications of
vSmart Controllers
interest
- Other applications will follow active/active
behavior across all paths
Internet
vEdge vEdge
Path 2 MPLS
App A
4G LTE
Path1: 10ms, 0% loss
Path2: 200ms, 3% loss IPSec Tunnel
Path3: 140ms, 1% loss
Control Plane
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Optimal Network Utilization for App Traffic
Path MTU Discovery
Automatic and proactive Network Path Automatic MSS adjust for TCP traffic
MTU Discovery leveraging BFD protocol - Can also be manually configured
Support for Host Path MTU Discovery IP ICMP Unreachable (type 3, code 4)
Transport1
Host Path
MTU Discovery
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Example
App Policy applied with DSCP EF
preferred path MPLS, rest is default
Simulation with DSCP 0(default)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
QoS
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
vEdge Router Device QoS Overview
Data Policy
vManage Classification of application traffic into QoS
forwarding classes (queues)
Egress Interface
Ingress Interface
Q1 - Q0 is LLQ
Q2 - vEdge control traffic (DTLS/TLS, BFD, routing
protocols) goes into Q0
o Not subjected to LLQ policer
Q7
• Scheduling for Q1-Q7 is WRR*
- Bandwidth percent determines queue weight
- Unused Q0 bandwidth is distributed between other
Classification Queuing queues
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Shaping
Rate
Tokens • Shaping effective on egress physical
Token Bucket interfaces
- Not supported on sub-interfaces
Egress Interface
Ingress Interface
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Policing
• Ingress and Egress Policing
Rate
Tokens
- Interface/Sub-Interface based
Token Bucket - DPI or 6 tuple matching using
centralized or localized data policy
Egress Interface
Ingress Interface
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Policing with Packet Loss Priority
Rate
Tokens
Token Bucket
TLOC B
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Marking and Re-marking
DSCP
Modify with
• Egress interface re-write rules remark
ACL/Data Policy
Modify with outer DSCP bits
re-write rules
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Behavior Changes with QoS Data Policy
When you want to modify the default packet forwarding flow, you design and provision QoS policy
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Forwarding Classes and Scheduler
Map Forwarding Class to Output queues
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
QoS Scheduler
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Apply the Queue Map to an Egress Interface
QoS
Scheduler
Out
Q
Q
Q
Shaping Bandwidth %
Buffer %
WARNING: Scheduling Priority
QoS shaping rates might be Drop
inaccurate for rates less than 2
Mbps. [VIP-3860]
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Apply the Queue Map to an Egress Interface
QoS
Scheduler
Out
Q
Q
Q
Shaping
Bandwidth %
Buffer %
Scheduling Priority WARNING:
Drop QoS shaping rates might be
inaccurate for rates less than 2
Mbps. [VIP-3860]
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Configuration
• Ingress
• Use a localized policy with ACL
• Or use a Global Data Policy
• Match application, group or prefix etc
• Action: set DSCP and select Forwarding Class
• Egress
• class-map
• qos-scheduler
• Apply on egress interface
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Configure Class-Map and Scheduler (1/2)
Step1: Configure forwarding classes and mapping to output queues Step2: Configure the QoS scheduler forwarding classes
policy
policy qos-scheduler be-scheduler
class-map class best-effort
class best-effort queue 3 bandwidth-percent 20
buffer-percent 20
class bulk-data queue 2 scheduling wrr
class critical-data queue 1 drops red-drop
class voice queue 0 !
qos-scheduler bulk-scheduler
class bulk-data
bandwidth-percent 20
buffer-percent 20
scheduling wrr
drops red-drop
!
qos-scheduler critical-scheduler
class critical-data
bandwidth-percent 40
buffer-percent 40
scheduling wrr
drops red-drop
!
qos-scheduler voice-scheduler
class voice
bandwidth-percent 20
buffer-percent 20
scheduling llq
drops tail-drop
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Configure Class-Map and Scheduler (2/2)
policy
qos-map MyQoSMap
qos-scheduler be-scheduler
qos-scheduler bulk-scheduler
qos-scheduler critical-scheduler
qos-scheduler voice-scheduler
interface ge0/1
shaping-rate 5000
qos-map MyQoSMap
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Classify Traffic into Classes
Step1. Define an Access List to Classify Data Packets into Step2. Apply the Access List to an Interface
appropriate Forwarding Classes
policy vpn 10
access-list MyACL
sequence 10
interface ge0/0
match access-list MyACL in
dscp 46
! !
action accept
class voice
!
!
sequence 20
match
source-ip 10.1.1.0/24
destination-ip 192.168.10.0/24
!
action accept
class bulk-data
set
dscp 32
!
!
!
sequence 30
match
destination-ip 192.168.20.0/24 Or use Global Data Policy and assign traffic
to Forwarding Class
!
action accept
class critical-data
set
dscp 22
!
!
!
sequence 40
action accept
class best-effort
set
dscp 0
!
!
!
default-action drop
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Rewrite Rule
• This example shows how to configure the rewrite rule to
overwrite the DSCP field of the outer IP header.
policy
rewrite-rule transport • Here the rewrite rule "transport" overwrites the DSCP value
class af1 low dscp 3 for forwarding classes based on the drop profile.
class af1 high dscp 4
class af2 low dscp 5 • Since all classes are configured with RED drop, they can
class af2 high dscp 6 have one of two profiles: high drop or low drop.
class af3 low dscp 7
class af3 high dscp 8 • The rewrite rule is applied only on the egress interface, so
class be low dscp 1 on the way out, packets classified as "af1" and a Packet
class be high dscp 2 Loss Priority (PLP) level of low are marked with a DSCP
! value of 3 in the IP header field, while "af1" packets with a
! PLP level of high are marked with 4. Similarly, "af2" packets
with a PLP level of low are marked with a DSCP value of 5,
while "af2" packets with a PLP level of high are marked with
6, and so on.
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Classification using Global Data Policy
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
TCP Optimization
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
TCP Optimization
Optimized
TCP Connections TCP Connections TCP Connections
SD-WAN
Fabric
Users vEdge vEdge Application
Router High Latency / Lossy Path Router Servers
• High latency or/and lossy path between • Optimized TCP connections use selective
users and applications, i.e. geo-distances acknowledgements to prevent unnecessary
retransmissions of received segments
• vEdge routers terminate TCP sessions and
provide local acknowledgements • Hosts using older TCP/IP stacks will see the
- Hosts don’t have to wait for end-to-end TCP most benefit
ACKs and pause TCP transmission
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Optimal MTU with Host PMTUD
IP MTU 1500 Bytes SD-WAN
Service Side Transport Side Fabric
DF=1 Fragmentation
Host
Packet
1500B Needed
Adjust IP MTU
Inner Outer
Packet DF=1 No (DF=1) DF=1 No
< 1500B Fragmentation Fragmentation
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Packet Fragmentation
IP MTU 1500 Bytes SD-WAN
Service Side Transport Side Fabric
Inner Outer
Host
1500B Needed
Fragment
IPSec
Host vEdge vEdge Application
Router SD-WAN Fabric Router Servers
Signaled MSS Signaled MSS
1460B MSS Adjust 1320B Send MSS
to 1320B 1320B
Signaled MSS Signaled MSS
Send MSS 1320B MSS Adjust 1460B
1320B to 1320B
Send TCP MSS is min (local link IP MTU - 40B*, signaled MSS value)
- Signaled in SYN packets
Can manually set TCP MSS value on vEdge router
- Per-interface
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential